{ "Event": { "published": true, "date": "2023-10-30", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-10-30", "timestamp": 1698710581, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "07f3a783-8e66-4c3e-9f0e-f7eae139dedf", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b783680e-76f5-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698650821, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650821, "uuid": "b7ca2ac0-4840-4d7d-867d-57dcec5c6631", "comment": "Malware payload (Stealc)", "value": "38ba30b7f152c109ecb551ed5a0fb153", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650821, "uuid": "b1a2f79b-7702-4aba-acc0-224510c5eb30", "comment": "Malware payload (Stealc)", "value": "00cf9b15ca612c789112daa8e71374dfbae845c7181ed7b2617fe6f81a52cb50", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650821, "uuid": "f44ce170-e246-4e7d-8953-9edb4c015edf", "comment": "Malware payload (Stealc)", "value": "a37c375d54e68d20b57be03a4668dc43088b4ad3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650821, "uuid": "fce2d274-5133-4c7a-9e7d-e6838d12e5dd", "comment": "Malware payload (Stealc)", "value": "92d99439879ee45807f14416bc603fc5b6b47c80c674f9240255779c5a58415cc5263eab0f527740200365b5ad2d4af9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650821, "uuid": "274274b6-99b6-4bf0-848d-4688b54b455a", "value": "T1E0E49D52A2B1823BD07E3A3C981B56BD98687D41F7A8E4CAEFD05D4C5E35F8134A1393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650821, "uuid": "063df435-fbe3-4e7a-83e2-f47d7cb345b7", "value": "63dcf426cf592d540da4a68f9741991e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650821, "uuid": "fb33b346-dc15-48cb-a7c6-6ff6213abf4c", "value": "12288:JHQ4R78rGcukgmWRjAeQ9qtoCldl4Dol9:1HhZcw95j6CloDg9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698650821, "uuid": "52a7071b-5a41-4bd7-bbd3-dc5d9703c644", "value": 657784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698650821, "uuid": "feba3db8-062d-4773-a04f-ef0214389509", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650821, "uuid": "c2825641-dfa7-44a1-a169-b9cfddf38063", "value": "38ba30b7f152c109ecb551ed5a0fb153.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef109111-7768-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698700306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700306, "uuid": "4e9a8cd8-b97d-47be-872b-291552304d4e", "comment": "Malware payload (RecordBreaker)", "value": "71f8754c671dd9eddcecb2e114a8b7e0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700306, "uuid": "b6c34591-de60-45d5-85bc-27e7e43faa37", "comment": "Malware payload (RecordBreaker)", "value": "0210249ad4e28abb5351c235129b06f5da7d2719cb3a7c8f47087d4f38de5877", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700306, "uuid": "26975252-a689-4922-960c-80ab75c9d21b", "comment": "Malware payload (RecordBreaker)", "value": "dd759954657e7147a49b8f79ba141bffda8afecd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700306, "uuid": "2d408a22-13b2-4722-ad59-f8ce00af7b09", "comment": "Malware payload (RecordBreaker)", "value": "ea8e1b1f1fde79a56e36fbc6e445c4b3774bc6293c49d408a1f1e009bc01face01fe06ac924876cd141f16fd93d57cce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698700306, "uuid": "33f8cfb8-840b-4b43-9e03-4a12c34ed234", "value": "T1D0752312EFD880A2C8B61F7004F65A831A39BDD60A318F3F335559DF5C62644F9A1B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698700306, "uuid": "a4f80287-108f-4e49-9466-b7d4ce29b601", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698700306, "uuid": "ba248f67-0602-4aad-b0c1-bc22a15ad69c", "value": "49152:lGzFxxRo8RBOxNySZP5SBMNdkDb+RM1ryr:AzFxxRZRbS9gBnxi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698700306, "uuid": "e081e1a3-7503-4406-a737-2e9fd7fbfc3e", "value": 1611776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698700306, "uuid": "9e68dfdb-389f-4568-876c-86bd533a0ef1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698700306, "uuid": "97b1938c-0f49-49ec-8cb8-4de3fe2c34ac", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06675b8c-772c-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698674146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674146, "uuid": "817cc6d7-c0cd-4d14-bae2-207ad6076de7", "comment": "Malware payload (Formbook)", "value": "98821f131b73ca19e80a2f17109b4606", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674146, "uuid": "cede3b7d-e889-48f8-8800-c3b4e7ac28b8", "comment": "Malware payload (Formbook)", "value": "0270016f451f9ba630f2ea4e2ea006fb89356627835b560bb2f4551a735ba0e1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674146, "uuid": "5e637ca4-211c-4aef-8e3f-0d6c1064a43f", "comment": "Malware payload (Formbook)", "value": "a7b04459fc11b8a3a609712f60e7300bbf0bdd45", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674146, "uuid": "080f5726-8597-4335-88aa-84a88e06372b", "comment": "Malware payload (Formbook)", "value": "458ae9ce4ab377169b67e3f8b9cc778b5a8a2f337030f7df8cc5b8b5c3ce4b42fbde608efb7eb012f19edd399cc6936e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674146, "uuid": "83aea5cc-198a-415f-899f-4d208eaefb52", "value": "T1E284237371F2CEE7EA0A0670997B53E9E3799A0520612B0F87628D577C1055B0E1A3EF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674146, "uuid": "505228b0-b15c-4fca-a667-1d2a37355c48", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674146, "uuid": "45922df7-2299-4bc6-9de4-a61bddf90abf", "value": "6144:F8LxBs0sRKq4PZkJDTaDUapR5akIvMnGEV9TXIeRY4s7Wl8eVsPVOQC3hdD+Q2hR:/VMq4P6JDTepvaTaGEVFXI2Y4yWl8eqD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674146, "uuid": "40239bbc-e061-4a3c-b5bc-f78e096027c9", "value": 391301, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674146, "uuid": "f442efbb-d922-4e16-b606-820705c0eb13", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674146, "uuid": "9b9894fb-6ed3-48d0-9aec-daf1f7c641d2", "value": "PI_790126-10-30-2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a85e7601-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698645212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645212, "uuid": "056cb022-b104-4e5e-a475-b9c295b42696", "comment": "Malware payload (AgentTesla)", "value": "3d952aee901ca674a37daa8a9d68c1d5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645212, "uuid": "15a0ddc7-3ce6-41eb-ae60-474a36b984bb", "comment": "Malware payload (AgentTesla)", "value": "0326c4ad07721087e1233d322222f2b787e19f9e795cf6c46d36f6e69d482826", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645212, "uuid": "21f99ae4-1978-4f91-bf29-0b07502e6125", "comment": "Malware payload (AgentTesla)", "value": "a958702fca4e33bb10125df83acc425a61037fb7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645212, "uuid": "bd0c8361-f6c7-46cb-ae83-a0bc8c3d20e2", "comment": "Malware payload (AgentTesla)", "value": "6616aed4e089c5d6223a64b7cd8a696f3250908179e80f55be1b7aa2b1f8a2fcacb93421f5705f9b805369ff70b91198", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645212, "uuid": "c0b6104d-4379-4899-a26b-2abc1e81c664", "value": "T142154A3C48BD1637C174EFE19B998426B2E0A57B3255AD3859E318DA4212B06FDC393F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645212, "uuid": "0bc6cc15-25a7-4d17-8850-0d18995176d4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645212, "uuid": "1180a70f-b80d-4af6-9a0e-f39a25df2542", "value": "12288:QzsG5XckGtY9abjrUDeW+doIjR9SRf1s69J16jJEjoTwDFyC:Q4iGagjIDqvjRr416ji9v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645212, "uuid": "d4427779-d00e-4efb-9dd1-b8eeb3f41c89", "value": 901120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645212, "uuid": "257d58da-5e94-4db0-9c30-9bdf3341613c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645212, "uuid": "e7c8701d-af01-4f0c-9d24-8a72769ccefd", "value": "SecuriteInfo.com.Win32.TrojanX-gen.32455.7995", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90b60cf4-76e2-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698642595, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642595, "uuid": "d405437b-8807-46d2-8a2c-73a9a84b4788", "comment": "Malware payload (RedLineStealer)", "value": "fb99d7d61c90faf6fa950de735f8547a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642595, "uuid": "cfab93e5-5169-45ab-a477-109367a8950d", "comment": "Malware payload (RedLineStealer)", "value": "043915a74a30300283e96ceb7a80b756afa6838419bde5589282c0594d36afd5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642595, "uuid": "5b9e5aea-b848-4811-aa95-41f7fdedf1f6", "comment": "Malware payload (RedLineStealer)", "value": "a2547234fa56ce78c40a350db5d8c42c2831f52b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642595, "uuid": "70af5e13-4c5b-4fbc-93b4-b3563f5bc50c", "comment": "Malware payload (RedLineStealer)", "value": "865bf3f2d42fd84d91b5ec3023b0131e3b41015d9f36ed98dd03ca883515a6b55e3f0d62ab6096668e9a0c1fd90c21e3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642595, "uuid": "5028d9dc-d2ca-4c96-8dda-995e4c6d6edc", "value": "T126752343B5D49036DEFA677098F302D30938FC929F65CA5A27CA689908326C0D7B57F6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642595, "uuid": "9a56f76b-bf00-4d27-b166-7b82891d36d2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642595, "uuid": "e342e80c-28c4-44c8-9864-8f588e925f26", "value": "24576:nybbL4a7ZGL6oOtQu4O8V+dtIGhOin1c9egwgPgLgnzECKJucsbv5KUaEtmTg+CD:y0albtQu4JV+Am1+egwgo0nzGe7adT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698642595, "uuid": "b423bc04-a561-49f0-bd98-04bd6018b247", "value": 1609728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698642595, "uuid": "725d1f20-a051-41e5-9603-b61583c74ea7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642595, "uuid": "20ce8e5f-6277-4250-905d-9c3c83311952", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ed3c599-76ff-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698654860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698654860, "uuid": "84aa148e-9ccd-4099-86cd-02f97dfb3f52", "comment": "Malware payload (Formbook)", "value": "676a8bfecb53e8b2c8300b978bc7fce3", "object_relation": "md5", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698654860, "uuid": "41962258-7844-4485-962d-fe1506cb0a4f", "comment": "Malware payload (Formbook)", "value": "04b2a4620edf4bbb317ecd373cd29fcc663514dd0c5b2115e39994ed5be91d1e", "object_relation": "sha256", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698654860, "uuid": "e5a690ab-1cda-4592-84ed-989a5e7342fa", "comment": "Malware payload (Formbook)", "value": "763b8000992683e88fe3a308d6cb058da54dd6e9", "object_relation": "sha1", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698654860, "uuid": "e8f50d70-644c-410e-9e72-1c17ad94d7f1", "comment": "Malware payload (Formbook)", "value": "bdc2d6c13bf4fcaf627380bf9dc5542cdfc8e4ac2628754b57dfc8ed6c62daf352e528042d2a5b284d3c9524763ad023", "object_relation": "sha3-384", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698654860, "uuid": "45f599fe-8be6-4428-ab0b-3bfa83da606c", "value": "T12A8423E9257A3FB7A8B777002B324C78526766E40C573C93660E9DC25C56F409E133EA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698654860, "uuid": "68e75e79-d394-46f0-9460-5adecc525d70", "value": "6144:/T9V6xCDX3GtilUYdfgA6f2ZC1Jbi6aJJVwdfkMxkdxg53QcnoOgMZx9kwMyeza/:h0xsbG8TK2A1JbiN3QkMxkdu5/3gMr9H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698654860, "uuid": "13e27ecb-3260-4729-89c1-236991921fc7", "value": 378821, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698654860, "uuid": "4b42aa2c-cba3-4b7a-8f65-72418f13ba85", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698654860, "uuid": "5889399d-86cf-40e2-8c05-3da9c1a4c9e0", "value": "PI-INV-0459384.ARJ", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f9fa919-770a-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698659800, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659800, "uuid": "5fb510e8-3460-4531-9535-b653617a6925", "comment": "Malware payload", "value": "ad6b998ccea00c98ae57ac91e49e8211", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659800, "uuid": "8a851501-4bb5-4873-ab65-34e41beee233", "comment": "Malware payload", "value": "05fa48b69f547cb492522d94f383ca5e56fdceefc32963b0e171322fdc6ad3f4", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659800, "uuid": "1abc4c38-aef4-4d64-aad8-ef5cdf5a7e21", "comment": "Malware payload", "value": "e273f84ccd75a7357d53a19bb4c8df31630c592c", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659800, "uuid": "2103a99e-8ca8-4f94-8924-01f9579eac4d", "comment": "Malware payload", "value": "92e8212b11301d19b7aa74f9d420895eda5eba2ef30fd9d8b2f8e0969720cbfd423ae56fc15f0bd6d361709a45ad0880", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659800, "uuid": "a8bbe8d6-3552-4deb-99a0-c592b5d9caec", "value": "T1472522587D8D4F6BC709823B1027688A25AEBE9C57BDA0FF43A4709F623927507A345C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659800, "uuid": "78a7d7ed-9842-4d7a-acce-304aa2adc678", "value": "12288:Aa9aX8vwACWNiaK+Ghd6Tsd4KOddLmXsl2h+oACq+XElTpw9YsslEbcUigy0fw7N:AUaX4FK+id6TMkapkpw5bcb0QG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698659800, "uuid": "20784b04-9c76-4451-b215-36a043a57325", "value": 1031680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698659800, "uuid": "ef615b78-79df-4808-9571-edda52635ad3", "value": "application/CDFV2", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659800, "uuid": "2baf6c59-bc8f-4905-a9ed-d6dccf65a848", "value": "SecuriteInfo.com.Exploit.CVE-2017-11882.123.5389.4377", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a60c284-7760-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698696701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696701, "uuid": "a6065686-22de-4323-8744-d85b234251fd", "comment": "Malware payload (Mirai)", "value": "cdd23d7930a7f80cac1ba9b41e51bcda", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696701, "uuid": "2759f670-b540-4a47-848b-b7afd802be23", "comment": "Malware payload (Mirai)", "value": "0629ee157dcf81be9ae982ae38cf8f9d7c58b1c4099b93defc57160cd90442b7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696701, "uuid": "20cba413-ea5a-4194-a5d5-f5dfaddb5ff1", "comment": "Malware payload (Mirai)", "value": "f88c9286f6746a409fa798e4e6d9a85e89ed544e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696701, "uuid": "6c696af4-7cbb-43dd-83b2-2124c4e92417", "comment": "Malware payload (Mirai)", "value": "6745d35d6cc219159e4d50962c15e55bdeac0be49a3b33081e94a650ce470b27db11dcd4c5cd3e08e4f7a087c14a4938", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696701, "uuid": "b69c5fbd-3e3c-4d99-81c3-447936ad9b9b", "value": "T1F3534B99F4029E3DF88FE9B984160E05B93023D212931B276BAEFDE37D331659D12E45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696701, "uuid": "6cb6b53f-5610-4bc3-a720-f93e35dfe372", "value": "768:me4gpsM204GEkRbj3eXmonQiuQttd3gFHy1eu48B8vB6J7EzNfXQuJpozME36L:mo3EkRbrdDiDaFy1X48B2SEzNfAuJKqL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698696701, "uuid": "3aa19ca5-81e9-425d-98bd-392ffb20b5a5", "value": 65100, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698696701, "uuid": "c6d57963-db53-46f9-a859-c6b9d8a905a0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696701, "uuid": "2a3b41bc-5e22-4a2e-81b7-4051b9bda6bb", "value": "cdd23d7930a7f80cac1ba9b41e51bcda", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebb0e806-7759-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698693858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693858, "uuid": "ee345b3f-2320-4cfc-a48d-591aed3e9c64", "comment": "Malware payload (RedLineStealer)", "value": "0237fad25780bbc896ea11d8f30f919a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693858, "uuid": "2fc5efd7-9e21-482d-9691-0626178863be", "comment": "Malware payload (RedLineStealer)", "value": "06ca9360924c1252e41d9092867eb875cbc893356dc405d134ab5b82042332b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693858, "uuid": "f9b4ca08-b4de-4f46-8044-8f61d4e48a0a", "comment": "Malware payload (RedLineStealer)", "value": "6e77363fb1770ae285feafbc3350ec68e1150a5d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693858, "uuid": "f90337de-e038-4d4c-87fc-386ce51ce893", "comment": "Malware payload (RedLineStealer)", "value": "5a27a51dc5dc54c1b275e699c412aadfa5af1e7ec14b48fe7f9bd490568837b7dcc66a79996c6540775a302a51a980f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693858, "uuid": "681c350a-30b3-4574-ba92-c23ab54d2c7b", "value": "T1BE358D39F5884121FEE610BAC2FCBF26477DD0B4073245EF46DE2AEED610AC16A71685", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693858, "uuid": "e8acfcbb-1eeb-49c1-bd93-d65422c380a7", "value": "b6874b762c445425cfcea5128380cca5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693858, "uuid": "656a5cc1-38ed-4bfe-9a18-00cf6c81da1e", "value": "24576:8a6mtwETo7a0d/55/RvZ115SAdah2buDapsm7Bpc/azUk:bTo7a0dh/v6UFpc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698693858, "uuid": "c834c65a-de5a-481a-94a9-88ceb698899b", "value": 1152000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698693858, "uuid": "cda8a00a-389d-4950-a8f7-c9e88f64ba8c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693858, "uuid": "0e85ad99-0af1-429c-a566-d6c624c737f7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffac9a5a-777c-11ee-8907-42010a9c0042", "comment": "Malware payload (CobaltStrike)", "timestamp": 1698708924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698708924, "uuid": "4b34c329-3e77-4099-b5f9-d62ac6312316", "comment": "Malware payload (CobaltStrike)", "value": "11c5ec4104fcf545261bf048ef9a45d4", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698708924, "uuid": "f7925f97-c819-41e1-92a1-7e37ae6994ee", "comment": "Malware payload (CobaltStrike)", "value": "0707ba774dc7b2f3acd97792c695e2731bcb487c2e46ca1fdf5e39e7d1f9482a", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698708924, "uuid": "71d50f0d-fda9-48e3-b9ee-80a37bcf970b", "comment": "Malware payload (CobaltStrike)", "value": "e43ec1cd71832da6d41015f22c6fbec927bd39fe", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698708924, "uuid": "1481b93b-2693-4ab2-b738-0b3bc42dd3c3", "comment": "Malware payload (CobaltStrike)", "value": "5259472a8dd88cf48e07d7b191da67faa43aec4d16da029ba6af0207129b7f2ad4dd13346a853098a4b8f56e4c2e074e", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698708924, "uuid": "d1a4bd04-15c2-4e28-9858-dd445fae959e", "value": "T1FB363304739318E5FDAB563ED4D64929E772782217A1D30B0BB803961F677E42E3EB12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698708924, "uuid": "b902d854-6c7a-4137-a447-6c55acb305cc", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698708924, "uuid": "4431974d-cd7b-4c63-a8dc-c3c0dd12facd", "value": "98304:nupSgpzoLLJ3TbwaVvrZE0I8EQxPP312CDvSkkC9ZL+5FaNzuAD:nuJ9onJ5hrZERmH34lCjqrYqA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698708924, "uuid": "df2417d7-61f8-4b39-8074-fbcaf3c3ac84", "value": 5106700, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698708924, "uuid": "65bdd387-3e33-4970-8601-ca0df43620e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698708924, "uuid": "6971d6c6-b7e5-49bd-a75b-03459874ed83", "value": "11c5ec4104fcf545261bf048ef9a45d4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ad85b82-772c-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698674153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674153, "uuid": "3e5c665f-0c94-48eb-b19b-21e71bba5813", "comment": "Malware payload", "value": "5dad2f618922362e6d537464f20a6cf1", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674153, "uuid": "746704f6-18b5-4278-ac2b-499680790dce", "comment": "Malware payload", "value": "0840076a1a19df1342d2839ebe7284676396fb1b0d7782c4bd7e4812496d4b45", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674153, "uuid": "1bf29ec5-b3f1-495d-b593-4aa9e5a1020b", "comment": "Malware payload", "value": "1987bd8e537f82fd497707aa9118652fa42b4af0", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674153, "uuid": "1595d251-41d0-46a2-9107-bbc704871d96", "comment": "Malware payload", "value": "ba3b5da0bac309a34ac71d9bdd28c2adc93d11677fc8ca0a86cc06e02db20ff6db9f3c5edcbfdf8af59f54b0521370b8", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674153, "uuid": "42f94a03-b29a-405c-9e20-8dda64ce3a1b", "value": "T1D6B339DDB643B4B515BB30A6166F7146F97285A6B80C8840D40AE8D03E3CF9A4177FEB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674153, "uuid": "a6fad383-6484-43d2-937f-17ac7164a4de", "value": "1536:7Hz/P7ORolzok2TFlGrDlg+fZfIviT5UDkp1UsRAvb/An:7HOllQDTfIaTWD0Avb/0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674153, "uuid": "c11c8726-f12f-4c91-8899-e68f09526ff5", "value": 112732, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674153, "uuid": "ad351fca-9255-44eb-a21d-05af9d5e7967", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674153, "uuid": "8a023533-4b5f-4ee9-b1b6-e246d585b2e6", "value": "Nobisro.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13c3c64a-7713-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698663431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663431, "uuid": "a513c03b-1dc9-4dd8-b287-05b17b8dc67d", "comment": "Malware payload (Mirai)", "value": "115bf38d722a895e6ecae4e7a770e007", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663431, "uuid": "530ff241-6505-4af2-80d6-6806d2009003", "comment": "Malware payload (Mirai)", "value": "096c4dc2234c58d3700cadcfc5fbbb9dacc2401caee9b4bb5b60f9a70169370d", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663431, "uuid": "f91a7c5b-6edf-4e23-81f7-285708c2513a", "comment": "Malware payload (Mirai)", "value": "7eeeb6856f8511cef8704740703dc1a3ba1f55bc", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663431, "uuid": "213bd86c-a5ae-47a4-b12b-afc1e89ef892", "comment": "Malware payload (Mirai)", "value": "f1df0b23a63673b89c37824031f74e3e58bb5d8980fdfeb340c980d179ad109c57ea4a7389357aa60e720701b4d2b4f6", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663431, "uuid": "9d3cd48c-1932-4498-810a-b48efb81f970", "value": "T1ED04971E6E228F7DF668873147F78E259B6C23D627E1D644D1ACC1106F2029E641FFA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663431, "uuid": "7ed2c71e-be4c-47dc-884e-4452625d2f7c", "value": "1536:dNOzRPvgGsT7wwQ3WodoQUdz5DJ31EdB7Zx5ryKypm/4eMGKsqZGiTrpgJHqmML3:d0PH537Zx5ryKem/cGKGQ4HsLS30j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698663431, "uuid": "f1111bb9-6c98-48cd-b8aa-ba37675c6fc0", "value": 173756, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698663431, "uuid": "14df7f16-695d-4618-b62e-3c54fcc37ec2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663431, "uuid": "bb26131e-5baa-4649-81ac-4156c890e245", "value": "cundi.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0fbfa7d-7748-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698686431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686431, "uuid": "c8989f98-bf49-4ce5-9f26-3896e9368be6", "comment": "Malware payload (RedLineStealer)", "value": "af3675ada53d7fac432d3d4d57453ae1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686431, "uuid": "518397f3-bb89-4a80-9ee0-de8823471fc3", "comment": "Malware payload (RedLineStealer)", "value": "09723d6761b12929e4b662e0ea3c1868e289fdd5e153105ca7f1a093f7aaad1c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686431, "uuid": "4d22fb41-cea0-42c7-97aa-ee33142e8282", "comment": "Malware payload (RedLineStealer)", "value": "5b19970ab05976e9b9b25a1071a704582d7cf058", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686431, "uuid": "66a95730-78d9-498b-bc82-31eef522ba2e", "comment": "Malware payload (RedLineStealer)", "value": "ad5ca879881535bda7cdfafc1ee8db082c99b8dd32bb9b1e8a24b7d45843de63ad887ac3eebe815d4f61f6a397cbf69b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686431, "uuid": "d87c039b-3740-4554-b5d5-66e020d542f3", "value": "T16144AE253A44E836E7E3097CDADA85385E28F3713B9375EF17D88B554F163E0A63024A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686431, "uuid": "b1f0a466-dd1e-4642-9478-402acde0d1b5", "value": "d350427820086a321ccf21b695161218", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686431, "uuid": "c6923e96-0d8f-426b-bbd2-a2e1ef0f9e1e", "value": "6144:958jIceemusoUrIitHdWIyy4PLOXp89Nh:38sPemufitHd9y/LOXC9L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698686431, "uuid": "a865f537-a26e-4362-85dc-bc00bff81f02", "value": 257096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698686431, "uuid": "72e5209c-c6e5-4802-b7db-9dc13f26f3b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686431, "uuid": "69fc1722-8977-46d6-a9a7-615b98408c89", "value": "af3675ada53d7fac432d3d4d57453ae1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3dd80fd-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (MysticStealer)", "timestamp": 1698645231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645231, "uuid": "2236e7bf-ff8e-48a2-98ff-14ff90689344", "comment": "Malware payload (MysticStealer)", "value": "43be4793e53c759dc12079ec86eb05ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645231, "uuid": "d9eea5bf-be22-48de-a648-6e6e7580c03e", "comment": "Malware payload (MysticStealer)", "value": "0a8ec7739ff04b928c46f8c06aafd4ab6ce4acef0b2ad6c39747d5521d7e5e77", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645231, "uuid": "f8a50659-9c11-4d8b-a207-cee31f2b3f09", "comment": "Malware payload (MysticStealer)", "value": "5b5fbe510311e10da961d8fc0560c73194a08714", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645231, "uuid": "9539eb8a-d809-4159-9eec-f5312111c0a5", "comment": "Malware payload (MysticStealer)", "value": "8663b73849522d893ee251da5e007003d5611fa28d215654a9c5660ab67137d266a7f1a6793011ac90f2778f568082a1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645231, "uuid": "6993cffc-594e-42c8-8152-c43362f1b755", "value": "T1EE359D23BA908473EDF310F642ACB676466DD5BC071406EF06D96AEFE7502C17B32686", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645231, "uuid": "2505cf6a-635c-4aec-a590-f092c2f81549", "value": "b11c9cd467b185b2c3a0a894930ee4ee", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645231, "uuid": "2c71480a-be1f-4113-9745-7933e7d0dd39", "value": "12288:mC9QWke6EA29ADR87kHCY7NNfRekbUji5kWuWSOlMdGzQigftjKK:mtveu29Ad87kHCADReQuJPx1j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645231, "uuid": "13faff71-6b35-4fed-b869-1f5cbbc7b17b", "value": 1109504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645231, "uuid": "ee2ca0ef-d83f-4c1c-b43d-e6602086760b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645231, "uuid": "476614ee-f84d-4cb4-a80e-d194bd822186", "value": "43be4793e53c759dc12079ec86eb05ae.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6953fccd-7726-11ee-8907-42010a9c0042", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1698671735, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671735, "uuid": "884fb351-512c-419b-9d62-ec3e575a68d7", "comment": "Malware payload (Adware.Neoreklami)", "value": "1706a5ea8c98ad709df9f70a1f7378d4", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671735, "uuid": "71aa8ef3-fbde-4107-ba6f-e1fbbf179421", "comment": "Malware payload (Adware.Neoreklami)", "value": "0d189e20bda138ba9618e073c7125f3df728f5733c1da73142c702b354695231", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671735, "uuid": "3938c0ec-6199-41d8-ad03-5b4e0f89c051", "comment": "Malware payload (Adware.Neoreklami)", "value": "07a3dd90e7a516e6158f560541b1dca36834e640", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671735, "uuid": "dbf1922b-e0ae-4cc0-9750-e3c07e226074", "comment": "Malware payload (Adware.Neoreklami)", "value": "c958a8bba5959d95fc328cea9639d5da75fbb1a423f1b5f919db6ac5cd982a14d10cd3e17325b265bdb76c761f9597e6", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671735, "uuid": "571e0386-0473-42ea-9bc9-bc2246b2dabd", "value": "T19C7633723CD5D57EC52A0870C8F126D294ADE92D5D28EA2323E6DB1C5FE524AC23F817", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671735, "uuid": "95e4c10a-88a4-4a6e-abcc-7bd5bc7881c9", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671735, "uuid": "0edcd034-314f-47d4-9cb7-fae3cc488534", "value": "196608:91OfdH0mDkMlyEz/X0mqXJau2FB+v9DVSEu6s/t3c08L9s:3OfdUSkMl7kJJ2FYvzSZ6+3c08LW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698671735, "uuid": "86f8ccc3-f384-43b3-80fc-f3b64d0518db", "value": 7484636, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698671735, "uuid": "e53fafc4-7eff-4bfa-a1b2-877b68ce4fbc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671735, "uuid": "b2373385-7d65-44a1-9a2a-3586843df33a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28d682b9-7727-11ee-8907-42010a9c0042", "comment": "Malware payload (CoinMiner)", "timestamp": 1698672056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672056, "uuid": "effdae42-c102-4cd0-a3ad-3581e353528a", "comment": "Malware payload (CoinMiner)", "value": "cf16cd57564e9bb334c87fbfbbf95594", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672056, "uuid": "e931a459-455e-47dd-b510-213aa78cc215", "comment": "Malware payload (CoinMiner)", "value": "0ef16bb45f1c63be6a920635827e5f873076103964c817a380d538caa9bc3976", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672056, "uuid": "3b9806e6-d348-4cd5-8b7f-bfde0e89b701", "comment": "Malware payload (CoinMiner)", "value": "6a8308585a3681f7ac2da2431c003861836eefbe", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672056, "uuid": "82edf699-ab2c-4c36-af1f-2a0214dc5f1d", "comment": "Malware payload (CoinMiner)", "value": "1660d8e595cc96091ccb2c2aab508fa353c667dd555a5e3d8a65bf25fbde3336f3d2ea695b669cc92f0cce442422eaaa", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672056, "uuid": "ba74139a-ce09-4bc4-9afb-7eb8fb2b3cbc", "value": "T1BB062A60D34195E5C297C030CD9A4FF4A5E2747B82364B0F1A84DD272DFAF61AFAD262", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672056, "uuid": "f3f96480-c4cc-41e3-bc46-5031a5edb0fd", "value": "87d0737459c3ebc7de35794db4768b2f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672056, "uuid": "5b6ce459-be88-46f0-960f-dcb3078288e1", "value": "49152:55TKQFqfaMvD5Q8Qg6pZYNvEytfjz7z5YsAXONec/1R9nSJTl0pox+udLOzSrk28:3OgC90t0J8Yw09", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698672056, "uuid": "32ff673f-3ebd-4174-b2c0-6d488a0f6a07", "value": 3815136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698672056, "uuid": "5e95d858-5309-4a53-a555-0db9ac7ea0a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672056, "uuid": "ca5ffc2f-b30e-4c5b-9256-98a4694317cb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e23966dc-76e7-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698644879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644879, "uuid": "60b681df-029c-4d3c-9565-bfdc6500e9ea", "comment": "Malware payload (RedLineStealer)", "value": "f0234fb24d441a8a8394ad5f49b561d6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644879, "uuid": "e46e04c6-92e9-4690-8a33-c8463da3e8a7", "comment": "Malware payload (RedLineStealer)", "value": "1199b2e1bc20f35500b60194c3512994921928d7d4a6c55fefc0a165b80a2f24", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644879, "uuid": "404cca20-793e-457d-ae39-c39a2a247540", "comment": "Malware payload (RedLineStealer)", "value": "ac918ea351c6e868d6695cca6f6f6398b6de17d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644879, "uuid": "6606f94f-e98a-4e6a-b3e6-d4bb9eb83fdf", "comment": "Malware payload (RedLineStealer)", "value": "556ac588fac1eab9a46c4d8e3637d46691a543a8f68031349a5089d2aed699e8712db1445ea2ef63b0e7737801ec8a48", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644879, "uuid": "8a69cac3-0684-464f-b1be-cd3a8fef9228", "value": "T11C752316A1D895BACEE41BF40CF2168B0A357CD78D39C32327C6B8EA0A75995B175333", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644879, "uuid": "803d7ce4-475a-47c6-9330-c47fedc3c25c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644879, "uuid": "bb3aeb3b-f743-424c-9bb2-99e6a25b7820", "value": "49152:gYbAXqLS6kyDYLPlvEr35XidqKq1vilFgXF:lW1AYRv8MdqHilFg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644879, "uuid": "6c4e0310-a728-4b5b-91fa-5060e13c2100", "value": 1613824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644879, "uuid": "64493de0-18d9-43e6-90fc-61cf329919b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644879, "uuid": "a0994017-8406-42a2-950f-9ecc5686264d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25def8a3-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1698644993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644993, "uuid": "6a2e3d28-938b-464d-9062-bf1fd43b386c", "comment": "Malware payload (Loki)", "value": "354634aa22434b04b4229fdfa740a012", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644993, "uuid": "61718879-5ad6-4264-9b6a-8d5596b62cda", "comment": "Malware payload (Loki)", "value": "11ebdb089f5e10d9622a83011a11f1e052488a461c7d21122164b2a6212c5b79", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644993, "uuid": "d703ca32-5be0-4313-8f2c-394f84003eb4", "comment": "Malware payload (Loki)", "value": "3cfccec72e8a40ef54a741bca64bd00241988d2d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644993, "uuid": "fad4218f-ff75-43a8-8465-2e96b98f5bae", "comment": "Malware payload (Loki)", "value": "4456f109f7487cac334844a856b85db8096fb29075d7c4c41e4f46c944ff566778c61a4ba2f7826f360a762ee2c2788e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644993, "uuid": "9d0129c2-cb59-49b0-bcdf-eeef4a0ab0cf", "value": "T1B3C4F128C3EE91C4F1B2D5FC4BE9C159A071253EE301D695C8C8FDD076EE9A2849E798", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644993, "uuid": "9fb828ee-db12-40dd-935f-2424961c67e9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644993, "uuid": "be89ed8a-ef49-4c44-b24a-10d7c8a44f3a", "value": "12288:BYxKpLGLwsPbTBwvz8FvyYjrhvRFboLoxFNuMctiXWtm7PHg7:BY8pEFPRkbYRvf5xFNUiX4g/g7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644993, "uuid": "d7d4ab90-9d55-47ce-8992-6e1bfab9bee6", "value": 551424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644993, "uuid": "dddc3bfc-160c-42d4-b9d5-0225f061275f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644993, "uuid": "1a6f1a7d-2b36-45f8-9eae-0aff25ac17e6", "value": "SHIPMENT DOCUMENTS ARRIVAL NOTICE FROM MAERSK LINE CONTAINER OVERSEAS SHIPPER .exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e65e9f90-76f8-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698652188, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652188, "uuid": "cf49608d-bb5c-479a-9524-affc139be51f", "comment": "Malware payload (Formbook)", "value": "b9dd48e6ccb07b73eec224418466bce7", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652188, "uuid": "e8964f55-9693-48d9-9874-9b013728e2fc", "comment": "Malware payload (Formbook)", "value": "13242eac2afc109b5b190257cfa47edc0b112cea0ef9034e2e678a9ce2921690", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652188, "uuid": "4b83abd0-b0a8-4073-bdc8-90c1574ed8a9", "comment": "Malware payload (Formbook)", "value": "df0238d8e61b6136b338f6c563e9872544c337f8", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652188, "uuid": "d8517288-c6b8-4026-9270-a726ab735bd4", "comment": "Malware payload (Formbook)", "value": "8bf9e312cf96e1abb5605de1a361618aa04e7ddb19b6724f249ab616fd8cab0c2b88555217950750ad751bc67ea942c2", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652188, "uuid": "c49dcb0c-ad72-4c97-8dbb-1f4755396bca", "value": "T1DC75BFF875047DE6266F576BCA96ACDC03B617639ACBA4CD8064BBC305A3375FE02805", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652188, "uuid": "88e30284-21e1-441c-ad82-fdf975523ace", "value": "24576:XhCzk7px0DwA+WkSxscbp38I87W9RMPrs9p4tftCk+JLb7DZkRxKVJV8vqc4BWnS:4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698652188, "uuid": "0dcfd028-4b45-4e6e-964a-505582884e79", "value": 1702246, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698652188, "uuid": "60076277-5e15-4eea-8243-728908cdf215", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652188, "uuid": "1ce03077-01d4-4346-939c-60d531d1e0cf", "value": "New order 98987006305#.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3d7596c-7713-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698663807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663807, "uuid": "df71b8a3-a1b1-46dd-9ff8-f556982cd92f", "comment": "Malware payload", "value": "6148d1cc4a431ded11eb683a0315dfbd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663807, "uuid": "0819ff84-b97f-4ffa-9b72-342d6f02e068", "comment": "Malware payload", "value": "13360385bf0526f3c17c1a4d87ae3d6b25ec2be732d50e70022c730593d10eae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663807, "uuid": "1563b269-873f-477a-a2ad-423ca91b5880", "comment": "Malware payload", "value": "444883bbd2edb1f42ebd51678be60d0290979d5e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663807, "uuid": "4503e84b-c775-4ab9-b3f9-36339abb57bd", "comment": "Malware payload", "value": "0b18a2c89bdb6811b3e63c2c92185cab900bba2cd61a709ccd682ba9e94b22c479a6a2e0556e299a257a879921f75298", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663807, "uuid": "d177e5e0-129e-4a77-92f2-8ac65bef5d25", "value": "T1D6F36C41B4C18072D57716320AF4CAB1AE3EF9704E766E9F67980B7F4F302C1D625A6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663807, "uuid": "71fe6620-bd4f-48da-9864-5ce6e07d9920", "value": "4962683fea14d8677b27271b978ee1d5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663807, "uuid": "e092870b-64e0-4978-acc1-c0103c31cd3a", "value": "3072:/BuZdpSS9n4F6MCbvMSJk8J/eY3HFHCROJroL7h3ofOhCugOsb6:ZuZdpbNfbvM14/ec9CFMOhxc6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698663807, "uuid": "6c7f099a-43f9-464b-a06d-8e217aa9aa17", "value": 164864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698663807, "uuid": "5428bd17-262c-4dfa-b916-b0256ff01b06", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663807, "uuid": "05d482ae-f2d8-4c5a-99c6-04168ae02df4", "value": "SecuriteInfo.com.Win32.TrojanX-gen.13797.13862", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d257515-774c-11ee-8907-42010a9c0042", "comment": "Malware payload (AsyncRAT)", "timestamp": 1698688116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688116, "uuid": "ff011143-72df-4fd3-8bc0-d78c1486c0e6", "comment": "Malware payload (AsyncRAT)", "value": "51189698b88bbc1a50016f47f67867d2", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688116, "uuid": "6f8b60e6-8912-43ab-b1fd-9cc137c7fea4", "comment": "Malware payload (AsyncRAT)", "value": "193d9025a059435d9b5601f21c002913800d8c1b2e731dd181c33408a4536e08", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688116, "uuid": "b1ec97e1-ed41-4a26-b1d6-47d5795af58d", "comment": "Malware payload (AsyncRAT)", "value": "6221e13461ff0539469e021e0ad868747062b8d2", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688116, "uuid": "5e54cc86-5e32-477c-947a-a7b62d1db763", "comment": "Malware payload (AsyncRAT)", "value": "43d3ba2c9de97469cd38cc9881bf1c25147fa9f5559be7b026eaa29c5eaffe3c2affa7f189a69640403697e2796837e1", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698688116, "uuid": "f7618c28-25d4-4bbf-8b3c-4aba311efdc5", "value": "T12242D57EC6C036A4E8F4DB4ED32DEDD88112B507AC136137351E55E0AB0AFC69EC985A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698688116, "uuid": "668a0bd0-f7e1-4b20-9303-509bf8870c15", "value": "384:KuuuuuUuuuuuJuuuuuoguuuuu4uuuuuUuuuuueuuuuuUuuuuuL:KuuuuuUuuuuuJuuuuutuuuuu4uuuuuUw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698688116, "uuid": "4c81eb93-638f-4c81-86d0-5016810e6c1f", "value": 12732, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698688116, "uuid": "4a394e1e-09a2-48ad-b072-c7255b260ee1", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698688116, "uuid": "f7cb1865-9792-4aa4-8e97-1bc6cc2978f8", "value": "CRgBGPpLRW.wsf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f360b41f-772b-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698674114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674114, "uuid": "9544921d-c58d-49e0-ac18-237273cec198", "comment": "Malware payload (GuLoader)", "value": "d89f44f9681b032b17ae78eb998af085", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674114, "uuid": "d372fb34-badc-4ac1-b289-f107ec146b6f", "comment": "Malware payload (GuLoader)", "value": "19fd620a7165b845c7259358ffd013736ccd06baadeb40405235d9cb9c515b1f", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674114, "uuid": "56953aa8-ca70-4a00-94bc-8a1b1dafb7b3", "comment": "Malware payload (GuLoader)", "value": "c733fa92b252c002d5155f8f44d8ad8bc7ae087b", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674114, "uuid": "9923c15f-ed38-40d1-8737-3e2a13b1bcad", "comment": "Malware payload (GuLoader)", "value": "500318736aaadf52fff58eea69a0129277da6e2253146af4c598eec7df6d631ff0269d07c25fbed0a177af3ad7df06c3", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674114, "uuid": "2b57380c-eadb-4110-b5cd-73cd478768a3", "value": "T153935CA1DA45510A8C5B2799DC418882D67F813B6B32203DFE9D93CEA507C5C93BF73A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674114, "uuid": "a51db771-0d07-4bfd-92cf-0d7da97db475", "value": "1536:mv0U4EmljrrCcciOBsh4RBtgc7YOaY8m/5aoI0ijRB4PNIkH0hp1zhWwDJ7nYPlr:mV4xl3rCccjBsh4bubOaY8m/5zxiByNr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674114, "uuid": "33624050-d1f8-4de4-94fc-ef5f60cb56f7", "value": 90887, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674114, "uuid": "ea0df21f-b53f-47af-bd35-6cb4b298353d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674114, "uuid": "636059b3-d991-4543-b418-40522968a6ed", "value": "new_purchase_order_catalog_design_no_TZ806_300102023_00000000023.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b90f7ad6-771c-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698667574, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667574, "uuid": "a30e1d20-4da4-47fc-afc4-9a1c51e9412c", "comment": "Malware payload", "value": "bebbeba37667453003d2372103c45bbf", "object_relation": "md5", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667574, "uuid": "197729af-6c03-4c1b-9abf-ecbf44d10589", "comment": "Malware payload", "value": "1ab42121bb45028a17a3438b65a3634adb7d673a4e1291efeabf227a4e016cfb", "object_relation": "sha256", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667574, "uuid": "02c45bec-ffcf-4884-aa52-4d2a82c5cc93", "comment": "Malware payload", "value": "34894d5ffa541ab159b69a2fe0937a5430dac545", "object_relation": "sha1", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667574, "uuid": "abfbf56c-d7ef-4727-b5f6-355205eff87a", "comment": "Malware payload", "value": "747d5f2c364ad74533c58491c4de4dfe36d39f717917c8799f6c17109f17429b100ddb6ab50b7a6c57c596d151645c96", "object_relation": "sha3-384", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667574, "uuid": "0d543d5c-93e2-483d-854b-6cdf1a6c6ed0", "value": "T140937B2173D1D031E4B3123559A98B73467FFD365B728D4BB7A4120E8A742D0AA3AF63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667574, "uuid": "6d5649ef-4d40-47d2-86f2-74f718330202", "value": "aba1f9877cd072e1dc094b93a8f3c0a7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667574, "uuid": "7fef3f26-fb27-4e2a-b351-d55478b43921", "value": "1536:2mL9NKuJbBehqzFiWdAHCuYUx+4Hrci6UVKsWjcda6/j:2q8GFiSAHCu/6qV//", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698667574, "uuid": "319618c0-c73f-4388-bb0c-d418a26ed857", "value": 97280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698667574, "uuid": "826b92ab-1b2f-4c92-9700-5f067dc32010", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667574, "uuid": "cb7bc941-ee7f-4827-a203-a7d4ffffc67b", "value": "bebbeba37667453003d2372103c45bbf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "533c916d-7751-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698690166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690166, "uuid": "0e08b665-0a94-4a73-abf8-a00e6338851b", "comment": "Malware payload (RedLineStealer)", "value": "f142bf442ea7eaea8c824528ed13954a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690166, "uuid": "6683f981-f5d9-4a9a-83b9-e72fe752100a", "comment": "Malware payload (RedLineStealer)", "value": "1d0576fc2d90c0cc07673c28a7a72e287d17740a25ef7c7df8d586dd9c07191c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690166, "uuid": "7a5aa8fe-a99c-4a7a-b8aa-0fe1f2d1ee03", "comment": "Malware payload (RedLineStealer)", "value": "97c73a5be69efe6bd2a9fdced4a17adb05ee6e49", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690166, "uuid": "bdab1915-445d-4682-89f0-c64987b4ab4f", "comment": "Malware payload (RedLineStealer)", "value": "0013e43232e848e7a558d0c5d2610716b4ed0b1ef9a4859ed6415cdaf190003b2b67fcb94a13921df7ee4196cea4e1d8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690166, "uuid": "42644563-6ad7-410b-87f1-42f9b6c5532e", "value": "T1BD06BE037A549A02C40A6A36C5D7101843F6D5C36323F70B3ADA27BA1E437EE5E9E5DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690166, "uuid": "fb379145-77a3-492c-a732-68e106c0ab77", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690166, "uuid": "ef61c175-fb51-4472-984e-98e16dac1e9b", "value": "49152:7xUe8AaUzoNeIKBBJhe1heECPjD1pvKlL0TVn:FUeJzoU3JFdjxpvKlYTV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690166, "uuid": "fe92834b-a5e7-4b9a-90c4-05c148b82c04", "value": 3744456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690166, "uuid": "28d7509c-e321-4659-9e74-e8a7dda76bc3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690166, "uuid": "2ceef663-34fa-4a07-a0da-b129a2f7e1e6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e73543d8-7732-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698677100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677100, "uuid": "298265a6-0f7d-40ec-961c-cda47840cfdd", "comment": "Malware payload", "value": "709953a39ff3d00d677feeb3f3c21de6", "object_relation": "md5", "Tag": [ { "name": "128-140-77-217", "colour": "#F4E631", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677100, "uuid": "574b453d-b080-413f-a3a3-7d1b55a83f95", "comment": "Malware payload", "value": "1da11dcd942d82b44736ef678e5c8469466c37de94f2d0b72202ef56152657be", "object_relation": "sha256", "Tag": [ { "name": "128-140-77-217", "colour": "#F4E631", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677100, "uuid": "e1a2bebd-1480-4207-9070-84dc263e3c5c", "comment": "Malware payload", "value": "6620f479a9209f3105f59d6153c2481e05ff55bb", "object_relation": "sha1", "Tag": [ { "name": "128-140-77-217", "colour": "#F4E631", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677100, "uuid": "02a7016d-1f4e-460f-894b-137400b38b52", "comment": "Malware payload", "value": "5d262d19761a2bce55f185548af6b7f8a18d967682888f5660400d6925c3cbc2c6ec80d6f776a15f6bafcae55ea11741", "object_relation": "sha3-384", "Tag": [ { "name": "128-140-77-217", "colour": "#F4E631", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677100, "uuid": "ca36a054-c607-4b8a-b6e3-6da043d7b83c", "value": "T1D8B34ADC7643B4B514BB30A6166F7146FA324996B84D8880D40AE8D03E3CF9B5177FEA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677100, "uuid": "d880374d-20d3-493f-8a10-07e30cb58286", "value": "1536:7PwVP7Ofolzok2TSWnIvi+5UDlp1Us6jvb/3Qx:7EOn/nIa+WD6jvb/3a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698677100, "uuid": "2a4e22c3-4c78-4181-9504-55e394e3b412", "value": 112941, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698677100, "uuid": "204145ee-73d2-47d4-8678-fdc812912562", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677100, "uuid": "06d03253-8515-4323-8b4e-f021ac0be383", "value": "1da11dcd942d82b44736ef678e5c8469466c37de94f2d0b72202ef56152657be.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b95053c-76d8-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698638131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698638131, "uuid": "2caf2a63-0c02-4887-bfb7-b3539e628acb", "comment": "Malware payload (RedLineStealer)", "value": "0df61b0a8c1a8a2cfba511c10667f801", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698638131, "uuid": "5b1e35fe-d24c-4de0-9ab7-38c51203a6a3", "comment": "Malware payload (RedLineStealer)", "value": "1dc964a62c7b77e655cd36a382a5eb8a6919d35449605b8eeb3f9791f1070098", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698638131, "uuid": "3c772082-ab53-42a5-93c0-51fcd7d307a1", "comment": "Malware payload (RedLineStealer)", "value": "76cbdf23319f6f049941aa642551a0c2547aac21", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698638131, "uuid": "b67db7d5-be1d-4f04-9706-8847f037554a", "comment": "Malware payload (RedLineStealer)", "value": "5f6e44d5cccefeb220c24f3cd6c9b2c9c19ce456b6128b25390249326254886665b82c30a3a1f81b18ccfc3c9c29e180", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698638131, "uuid": "713b29fd-b653-485f-8834-627da021150b", "value": "T1A0158D2138C09576EDF220B743ECBA2542EDE0B4071956DF06E85BEED7606C27F36686", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698638131, "uuid": "29e3df43-dfbc-452d-8b36-661184f6bb4f", "value": "f030c1fd78181b976a79f24c5afc47f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698638131, "uuid": "acd0c24f-1172-4b83-8af3-eb327c39bcc4", "value": "12288:ljjzw5mmNwOIbDh6z/6euu9gHgEKw4At1CVlgz4P7Kumj0qeLOGLvr:ZjzwQmNwOIbDh6zKKKfCVl3oQO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698638131, "uuid": "f5737f97-945d-4d23-88c7-2d200a9fff90", "value": 927744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698638131, "uuid": "9b99cfa1-ef71-421e-9d7d-0fb2fe36dc9a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698638131, "uuid": "0d8f467e-e306-4d5d-9fba-52cfe90ed827", "value": "0df61b0a8c1a8a2cfba511c10667f801.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae01f630-7723-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698670562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670562, "uuid": "9efc42d5-8860-4d16-a023-f3de43ff462a", "comment": "Malware payload (RedLineStealer)", "value": "5519ffb96b0c48f5965d0c15d8ece99f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670562, "uuid": "88e9d664-eb5b-4db9-9dbe-0c0ad0415342", "comment": "Malware payload (RedLineStealer)", "value": "1e09031b34a7c56b7d3dd3a9e67d095e3d6e013ad1ebed86dacd39c112397ca4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670562, "uuid": "0706ec1c-1fda-45b6-8ee9-e82ccbd56669", "comment": "Malware payload (RedLineStealer)", "value": "2def4d7771004569364ba8aeddb5e1399e25261a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670562, "uuid": "659dbc0f-37be-47d5-a2e4-7d9b711e99bd", "comment": "Malware payload (RedLineStealer)", "value": "1196799c2738c9297cd043ffda7f598f2abe2d16c8678e82e5ab365fc6a76d89daf76a04f70d73e5195ba0cc5801b861", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670562, "uuid": "1e2fc595-45c0-414d-9130-f45607927a5f", "value": "T1D36533512F6AED27C273CCB0A57EDB1071206A140F259727A70FED0ABFBE9C95A01E54", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670562, "uuid": "15c09270-fea5-4fb5-aac5-efa10b018c56", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670562, "uuid": "22f6b8c0-fce1-4417-9f80-827dbe738b78", "value": "24576:cVOr1dDq9WySGZ89EWEFkrC9YoueueYheeiEh+AzXdX5zGluQGM0KxNUz:cVEdGgI89EWc9YwvYheeLIAzXSluQBhe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698670562, "uuid": "0cf9d1f4-a173-4c9a-b931-2f2a546188a0", "value": 1482392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698670562, "uuid": "5bb4efe4-6f7a-431c-9455-109e30e9f39b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670562, "uuid": "4777ff03-d22b-47cd-bca1-70105a643204", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65dbbcea-76b7-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698624055, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624055, "uuid": "c677dcc9-fa6f-4ed0-aea1-27b53d75f66a", "comment": "Malware payload (Stealc)", "value": "f2310e58fb51f3087d5376623221c72f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624055, "uuid": "5095a440-bb7f-4b68-afd5-2a84d8c47ef0", "comment": "Malware payload (Stealc)", "value": "1ed1865896a4f3c5b4530772c5ea0adbbc3839a712b4d73c575ea6667da6fd30", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624055, "uuid": "411294a8-f95a-42c2-a683-fdfa0921a437", "comment": "Malware payload (Stealc)", "value": "897a4a50264afb69295b420fe7297385d6888e5f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624055, "uuid": "eba2722c-8039-42d8-85f5-cfb9f81e3c7d", "comment": "Malware payload (Stealc)", "value": "dd662930c541d4b78692e0ebb30aaedc5c5cff7f7f699fad35ef68739c3f88d19c54d7747516c28d8911079256bf45b6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624055, "uuid": "0753d6a8-b7b0-4b68-a02f-a9c3b2a18788", "value": "T1F2E49D12A2B1823BD07E3A3C981B56BD98697D41F7A8E4CAEFD05D4C5E35F813491393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624055, "uuid": "e9e72501-b0ba-4d05-ad4e-d2f05d9bdfb3", "value": "63dcf426cf592d540da4a68f9741991e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624055, "uuid": "fcbff58b-b8b8-40c7-9654-ed188aabe93b", "value": "12288:JHQ4R78rGcukgmWRjAeQSqtoCldl4Dol9:1HhZcw95jpCloDg9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698624055, "uuid": "cb7c3b35-180a-40bd-9b0c-383408182dea", "value": 657784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698624055, "uuid": "d4d2b57e-c54a-4612-b700-c0990f22dd99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624055, "uuid": "4f366ef6-1e51-4403-a07c-58567c4fcc0f", "value": "f2310e58fb51f3087d5376623221c72f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf0d7edd-775c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698695098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695098, "uuid": "faadc3ca-84a8-4219-bfdf-c1e6febc2661", "comment": "Malware payload (Mirai)", "value": "3d42a6acf76a59b4da61089fe8e53f02", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695098, "uuid": "b54fd41b-221b-4724-ba70-51671773dbe0", "comment": "Malware payload (Mirai)", "value": "1f9657bda59ccc9eabb1669bef5eb0dde092db2493966c027672e7253770f9bf", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695098, "uuid": "1da002b2-0c36-4c8b-8cd4-dc39e1e2a16d", "comment": "Malware payload (Mirai)", "value": "dcc28cba024b281ec65370a678b7e5bf5a2f37ae", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695098, "uuid": "e3d81872-3b39-431c-97c2-28623970d012", "comment": "Malware payload (Mirai)", "value": "e343d55262c74092c41fab6bc040d4d5b7b9cf32cf5495875acfc404968ec0c32afdf484dbaa2e0a979ff9e4e392c738", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695098, "uuid": "bb119ba9-3fee-4749-afb0-a78a29d8b881", "value": "T159D2E1BC7B0148D7CA9AA1B84DE50B263D608FB3E1436C07A568D9D7BB0986D3CB5DC1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695098, "uuid": "b567375b-28e2-4252-ba4f-70ee8d2400eb", "value": "768:E4ylAtv6pqLJM0RXaxGyUbXtheU/SG399IJgGlzDpbuR1JV:XMBqTRXa+Zhr/z3oVJu3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698695098, "uuid": "af1aad4e-e383-4811-a424-2c05c0a4a798", "value": 28884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698695098, "uuid": "0d9d8981-486b-43db-a12e-54c484a4db23", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695098, "uuid": "ac613c61-df4a-4eb2-bcec-07e213201109", "value": "sora.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfd862ed-775b-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698694670, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694670, "uuid": "c02275a0-f950-4b3a-84e6-dab5fe5b905f", "comment": "Malware payload", "value": "536ddaf375fd7ff736285348deca4933", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694670, "uuid": "ff1abf8a-67b2-40fa-8f80-6125968cc43d", "comment": "Malware payload", "value": "216af3a0b5353bc0eddb45dce11c859dce80b4ca5cf9aa15674b62a10028d06b", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694670, "uuid": "4156618f-7328-484b-9c59-b6bd13a4dc3c", "comment": "Malware payload", "value": "7449a2484b0958667c4b6efe6a9e82d8a942f6f0", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694670, "uuid": "8d6a4bfa-fffe-469e-b4da-5e5f016807b2", "comment": "Malware payload", "value": "dd37c8ee9daf1bddc23064def2e7c834fb99d4a3c429128f5f4a155e7fdd9db899f1f0b36d5acb8a393488c680709c79", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694670, "uuid": "bb78f5d8-455d-410d-8483-cddc551b5360", "value": "T13A5633C3D458EACEC053BD2AE1007A938CD3602CCA7B65FCDE1A16DF155B9E48627D86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694670, "uuid": "d9881759-8355-45ad-95d2-20919abb81f3", "value": "98304:3qo4sXgZLcV9LyV41jA4a9MOinEWvwhSEnSLQja/MmGtU4S75JYmtf+I/GQmd:3qk+Yqej19OVW4feQ5I4kNtfqd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698694670, "uuid": "7fd8f2fb-d36e-4145-ba44-7198fcff0ebc", "value": 6207798, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698694670, "uuid": "b6d74742-4462-46ac-a280-58cf7cd3f279", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694670, "uuid": "b6191016-d909-4b7f-b3fe-737a8e5afc6f", "value": "factmarzonopagadanueva.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b71468ae-775f-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698696347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696347, "uuid": "ca022917-2dd8-4b25-9ff1-79016493e0fd", "comment": "Malware payload", "value": "59cbc4e62109959642c545b7ed5f2e7d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696347, "uuid": "85e6c2e4-7c2e-44a1-bcce-da7794ffd4f0", "comment": "Malware payload", "value": "222bb549a61ca26ef7e1254da5aed34ae7076e54f50e9b393efb71601ad883ab", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696347, "uuid": "c6568513-84af-4aea-81a3-bd9f9e6c9f89", "comment": "Malware payload", "value": "2966f4839091981ce8e70be546ddada2b917efb5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696347, "uuid": "c4810713-c9bc-4260-aeea-525e6d5bdb29", "comment": "Malware payload", "value": "de678f15367d8b2fe009d8f85a9f20c7848b9e313363bdbb283f55a75ce4aa689871e34f04184d22ff503e52ee1d6da5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696347, "uuid": "a917e252-6095-4e81-a8b8-e76afde2ffab", "value": "T1DDA33947A72D0F83C4DB99B12DB72BF1876DB97112A361C0690BEE9003739B81517FA9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696347, "uuid": "7511b7da-44b3-4091-a6d3-83fd284afb24", "value": "1536:7QQfckMzQzgv9OtAC0QptczD3z+Favg2TXvEmL49VqFjtUfkjX:7xH/JFDtczD3mk7vEmU9VqFBUfkjX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698696347, "uuid": "ce107529-bf93-478b-a4d8-4bc97f88c433", "value": 99023, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698696347, "uuid": "9ab9e2bc-2f05-4233-b332-1a7b244a60d5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696347, "uuid": "bd3f723b-3f64-4d35-8a67-e2f5e2b8ef8e", "value": "59cbc4e62109959642c545b7ed5f2e7d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25bd8684-772d-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698674628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674628, "uuid": "391bfa92-962b-456e-96de-6e05d3850575", "comment": "Malware payload (Formbook)", "value": "ed2fce4f08d4b4ebbc737100e1a9f656", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674628, "uuid": "05244c16-a693-4fa0-8213-98467e9dff2a", "comment": "Malware payload (Formbook)", "value": "22da6798edf7ecbc018e132ff61dff54b38704226c0f4693e8981b112e69eafc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674628, "uuid": "8c2bbf0e-d241-42d7-b1b1-efd8d79fb42f", "comment": "Malware payload (Formbook)", "value": "428f3ab10037c2c5e18356f9b72c8d95cd0548a6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674628, "uuid": "66270ef0-a4f9-4a96-8847-b67f07e88769", "comment": "Malware payload (Formbook)", "value": "7cb989d42bcbb72b3e9f128d104ac1626bba3a7965dd4636775c05f44f6256a039d7031d8cc0b6ae170e02247602a91c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674628, "uuid": "9c20356d-3d8a-4801-98b6-0e0dd3c09299", "value": "T101D4224231AA6F01C77CE3B55AB2916463F64B298B33DB6D1DDC22CB49B3B5803A5743", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674628, "uuid": "aa458487-c44b-4ade-8309-690082031fed", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674628, "uuid": "5905ad80-3bbb-45f3-91a5-de13461df2cc", "value": "12288:G8669yqLzvwX/MaKXMo8nby+dCTikUSBnf6WeBPgVBANPXeVUoKACYxhw1V:+6X3IXhKXM1NCTlpxCBPgVyNPXehKYxy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674628, "uuid": "0adaa63a-609f-4360-8749-734fb7dd4f0f", "value": 641024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674628, "uuid": "6381cdbb-f647-4a3b-aba6-a216eadd3c3b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674628, "uuid": "29e80b69-85c1-4ff2-8e5c-8f555d48c84c", "value": "Purchase Order No.1364.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a241f162-7705-11ee-8907-42010a9c0042", "comment": "Malware payload (RevengeRAT)", "timestamp": 1698657657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698657657, "uuid": "d865b842-d17d-48b7-97e1-a651f3499d06", "comment": "Malware payload (RevengeRAT)", "value": "642aa144b825f02c551f8d3ad0248f27", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698657657, "uuid": "901c6825-7b00-4787-b570-da0b058549c8", "comment": "Malware payload (RevengeRAT)", "value": "2504d4e5968fed215f063e7849d5d10baf67898409a19a8f4fc9ebee182e0ee6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698657657, "uuid": "12961aff-3d03-4486-b706-795bb3c13a82", "comment": "Malware payload (RevengeRAT)", "value": "caf1735416fd0867a4fd29502fd014ef6e1f8407", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698657657, "uuid": "e7ca4b53-3247-4a96-b97f-d18f6cd35c85", "comment": "Malware payload (RevengeRAT)", "value": "b61d4acd5043cd4ddd1ac5911a53001a389edd624dd1878d35da232e29a76341cd6128e3a06f58a0b51cde8d9cce15b5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698657657, "uuid": "10468c7a-f045-4dc9-8fac-6d07eb5b45e6", "value": "T12665E040B7A6856AC554F3FAD0C3606C5BB19D422B2FC3592DB838ED0DE274BAD0991F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698657657, "uuid": "d22afa5f-2614-4469-9632-ead000a60dfc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698657657, "uuid": "bc479fe4-200a-4217-add5-88bd6fc59af8", "value": "24576:z/ebWnr26CNtm5FvejpK+FXHwJZs7zD5Ivc2gkPB3153UnrEd1:2Wq6CL4FvApKVwzD5IvbFArEd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698657657, "uuid": "7b375c61-62c8-495c-bb8f-9b5f67d2e8b1", "value": 1420800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698657657, "uuid": "ecaa3648-2c70-4a4a-a6c1-001324a2129d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698657657, "uuid": "eb0ca75f-f9a0-4580-a1f6-d481fbbb1a31", "value": "2504D4E5968FED215F063E7849D5D10BAF67898409A19.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0810ba9-7755-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1698692014, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692014, "uuid": "ca675db5-1020-4105-b564-3977847bbfb3", "comment": "Malware payload (Loki)", "value": "383d288ea4bf2dd4f9363d8990b1c348", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692014, "uuid": "c140f83d-6246-42da-b22f-ee44708d60f8", "comment": "Malware payload (Loki)", "value": "25f9c6802d033da45292618209f2ff7ca03c3207f1705e102e69f698584906b4", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692014, "uuid": "09d75a1f-275b-4be8-8fda-53060c525635", "comment": "Malware payload (Loki)", "value": "53e6d1699c1b525d16bd29b2763f01b8e5fbe6f1", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692014, "uuid": "19422d54-a207-4766-9e53-2a31471e48aa", "comment": "Malware payload (Loki)", "value": "07e17878c66df0519b68c33b17eecab4342ee250138050aa3f453733c47320ad02593f3f428f0c4f27a8bfa71d22ee88", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692014, "uuid": "72a54e33-6bb4-4459-819b-30809ba59dcb", "value": "T1CF15B02C0CF809124161E19EDFD8EA57B2C08CD6664C9DA687C68F995A1393BF09FD3D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692014, "uuid": "9ad23521-f0f9-4065-9d68-abb80f9d05d0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692014, "uuid": "b8e956ce-cd9b-4567-861b-ece85eb25ece", "value": "12288:VJbylGp7515CtZXEiQq5cFH5b205sFpp:VJw67515CtbFcFVRsF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698692014, "uuid": "c3f556fc-c9af-4b01-b296-4a573ec39317", "value": 933888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698692014, "uuid": "c02b0c73-0afa-43cb-9038-68168c6d3c41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692014, "uuid": "58fe460b-64d5-49a3-b6bf-fee19a122c00", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1656c9eb-7702-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698656134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656134, "uuid": "3a353dc4-2e6a-4539-afec-e65d327372cf", "comment": "Malware payload (RedLineStealer)", "value": "1fe6f1a0cac182a6c15c6e556b0f1124", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656134, "uuid": "afd4d65a-2d1f-4732-890c-33b459df844e", "comment": "Malware payload (RedLineStealer)", "value": "2670eb984ecf7589276eab0bb657f911e622c91424e9268326f99b7b32582e79", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656134, "uuid": "50d98050-2ebc-4003-8fed-6968e1920ac4", "comment": "Malware payload (RedLineStealer)", "value": "60dd4283fbd4a7c6fa93e30c573eea71ef912374", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656134, "uuid": "3ff80aea-3b64-4a46-8c49-5c141d0ed2bc", "comment": "Malware payload (RedLineStealer)", "value": "08578bdd51792ba65a5a2b533e8b53dc02713853730456f46415eccc0894a2f3a4984f6fa8a9b9ec3effd80e3573a75c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656134, "uuid": "1777b22e-c548-4ce2-8c47-ae0c4a6f076e", "value": "T166448D0174E18C72F9B2353209E8DBB95A3EF9200B6559EF67E40BBE4F702C19631B56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656134, "uuid": "19133682-2f65-4009-ad21-5a4cb7d76cce", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656134, "uuid": "ff60a1f0-0481-41e4-88e0-9d566f0c6680", "value": "3072:o8Bf50aqAMEqlOBy4YCNdmzumKxDJdNMMUuBMQ/xlId8pkhvImlteAg0FujicIJO:oDaqADkwQzudxCMUCJ/S8pkIAO2cWGn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698656134, "uuid": "c88f0542-9112-40f7-b257-17cfcacc554a", "value": 253440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698656134, "uuid": "50249313-2eac-49ab-9622-4c7ec724a7ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656134, "uuid": "da598d12-d114-4dac-9c1a-97f231e385df", "value": "1fe6f1a0cac182a6c15c6e556b0f1124.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20407622-772d-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698674619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674619, "uuid": "6ff266c4-63b3-417c-affe-dd0618db4db7", "comment": "Malware payload (Formbook)", "value": "3737598db903f0392c44b77883e66f14", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674619, "uuid": "6762f2be-b2eb-4e6f-b9bb-0258de93fa66", "comment": "Malware payload (Formbook)", "value": "26e1993ab6da585a3826ae11ea56d87a587371f0d50ea64afaea843212dbfe17", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674619, "uuid": "6191481c-efca-4406-a659-e1dff1171988", "comment": "Malware payload (Formbook)", "value": "af45b03e856789ec413f0fd423f608fbe3249857", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674619, "uuid": "e66e35ef-33e5-4bcd-a547-5245b8b8b7e7", "comment": "Malware payload (Formbook)", "value": "762c742273b2267e961f7b19b33985249efcc7d536642c26fa271d6105504d5b41b5631429022dbdb0c05c95aea94a15", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674619, "uuid": "6c98d61e-cd14-4c1d-ad16-8592621d0f88", "value": "T167D4237825828E0651BFF50F2EA0783EA3B0C068AB7703544DBE1EB74B6595582DC9B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674619, "uuid": "17795d8c-252b-4680-b5eb-e2e4f626016c", "value": "12288:kelPITUMzc4CKXMo868BUvTIriYUs/nz6WyB9gmgh18Yf8EO2Uk:kBTUMojKXMEcUvTW/N7+B9gn1aEO2f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674619, "uuid": "043353be-ae4a-4e41-92df-e8860cbbb1a6", "value": 605715, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674619, "uuid": "b7f45a6a-2c2a-46b0-8990-2483ab5ca1dc", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674619, "uuid": "056a6e73-1c90-4da9-90fd-8822679199fa", "value": "Purchase Order No.1364.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebe902ad-776f-11ee-8907-42010a9c0042", "comment": "Malware payload (NetSupport)", "timestamp": 1698703307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698703307, "uuid": "cbe34278-3952-406a-980f-93ed9dccc3b6", "comment": "Malware payload (NetSupport)", "value": "7a561203faaaa9eb5e679d7d3ef03a17", "object_relation": "md5", "Tag": [ { "name": "NetSupporRAT", "colour": "#D105EE", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698703307, "uuid": "70fd80ed-29df-4016-af73-5552f09b8a5d", "comment": "Malware payload (NetSupport)", "value": "2725bdb19861c6bd2d4156040473da04abe32c8701e6a7d0cbeeca8425127c10", "object_relation": "sha256", "Tag": [ { "name": "NetSupporRAT", "colour": "#D105EE", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698703307, "uuid": "f9bd171f-1fdc-4076-a157-4ef075fbdd7f", "comment": "Malware payload (NetSupport)", "value": "c57bcf31bb1b07ce123081266f5a1fde87c43821", "object_relation": "sha1", "Tag": [ { "name": "NetSupporRAT", "colour": "#D105EE", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698703307, "uuid": "34c88688-1576-433e-b016-0823734c81db", "comment": "Malware payload (NetSupport)", "value": "6d79b011f91db055e4cc3372f5c7e10839d4a9f830366859a60310ed0561291d50e73d7972d073b47b7e0467d9cf9e8d", "object_relation": "sha3-384", "Tag": [ { "name": "NetSupporRAT", "colour": "#D105EE", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698703307, "uuid": "33ff1da1-8a51-47e6-9770-80eb9a9393fa", "value": "T1BEF533163293FBB6C0E1F67BE0ACA8154A6D747CE4F7B47A597FA153D93A431982B000", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698703307, "uuid": "7ba21a05-cec9-4295-b5fa-188825304df4", "value": "98304:d1eFXamhRFY89YYc9jh23redpmQRiXuYESBZFR02jZbl70:beHxYoY59V0redpmQRiNfZh70", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698703307, "uuid": "55e9147a-f146-4a6e-b1f2-07e2e9d00489", "value": 3442051, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698703307, "uuid": "60a93269-345f-42a9-80e4-78c2a13f0a20", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698703307, "uuid": "fd3198fe-1772-483b-9c2f-3e896e7c4b40", "value": "b64_decoded.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b04be841-775a-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698694188, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694188, "uuid": "840cd4d3-06c5-47fb-a6ca-e3d338b9c512", "comment": "Malware payload (RedLineStealer)", "value": "056ac94ec8185d52aa655c8983bbfcb6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694188, "uuid": "2ce2a4c3-3f27-4f0c-b1ce-bbb44c9d1b89", "comment": "Malware payload (RedLineStealer)", "value": "284b6c2cbee3d88a9938cc6fda7404ae388e9db1de2b69a52d42eee9bcd0ec4c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694188, "uuid": "ae21f621-ac41-454f-9c47-f4e38a83e27f", "comment": "Malware payload (RedLineStealer)", "value": "05b94e12737d30ab61d76a118279215f472936d9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694188, "uuid": "c81b4341-cde7-4c7f-91af-a9b2cf88de61", "comment": "Malware payload (RedLineStealer)", "value": "5d747466529fe4ff6ba2fc9b8778306207375780f25b45573ba65f27d7c279f8cafedfff5b0d1dfad4979933e0751b85", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694188, "uuid": "4fef0650-5198-4ce6-9fc8-10b6b6e35e46", "value": "T140752326A6E4E473D4A827705CF621570B287CA0AE78876B7740B48E5C72ED2B137737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694188, "uuid": "da89b3b1-c83f-4305-962b-84414fdab84b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694188, "uuid": "596ff0d5-b9fe-4d61-b945-e1798163ecee", "value": "49152:fR51cJDiJk9yjJRy3f3KBnz34JP10LQFNaj:pkr9Qf63SzIp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698694188, "uuid": "97e62f90-fbc7-447f-a4b0-95240037be8d", "value": 1613824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698694188, "uuid": "8b69f0b9-a0c5-413c-a79e-7701e2fd5147", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694188, "uuid": "9348b43d-0509-482c-a7e1-75297f5cecad", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5f146df-76ee-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698647865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647865, "uuid": "164fbc42-42ce-4e3a-bfe1-db93b1d008a6", "comment": "Malware payload (AgentTesla)", "value": "c8be66a6918ce1066688aa36fab82aa0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647865, "uuid": "216ba08b-2d3e-4f95-9bee-e319cb64554d", "comment": "Malware payload (AgentTesla)", "value": "285975e50e547357f5d89a9945f31f76b928805f4ad446484b1585e3ff6b3d94", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647865, "uuid": "2e9c2818-1205-4556-ae38-a856844e975f", "comment": "Malware payload (AgentTesla)", "value": "ce4d56012a0f1db562259c36c1bc804359ee614c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647865, "uuid": "0b996722-c9f9-4f3a-9013-5a23155b9667", "comment": "Malware payload (AgentTesla)", "value": "b3f5db4742442d31f7d836990baaba854b80797abd6e039d0fda5c165d011449c5a86361148def51a3bd0428d11840be", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647865, "uuid": "0fb148dc-3ea8-41e2-9c3a-e11061d9debd", "value": "T1F6D423D67C3BAB57EDD0C318F4934E6869927E10C2AF28025A6D1B6110DE797B873D0B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647865, "uuid": "a0389ae6-340b-4ae0-960d-0ddaed47e171", "value": "12288:KCxdBz59WIWDlhMThMgOZlPoWJlXEyJMnCkbJwVpLadT89IoUwV:fxjzqIW7MThXoeWL9wCu2OgDUe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698647865, "uuid": "374a30c8-e39a-43e4-b06d-791ee7a0b6a1", "value": 647498, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698647865, "uuid": "0621db30-a41c-4e64-b98c-ecc9160d215e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647865, "uuid": "174f2773-2971-4c9d-bfaf-3d490f8bbf6d", "value": "RFQ MT-764439977.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3aeee42d-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698645028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645028, "uuid": "d23f8645-3623-457f-97e1-032d9cfdd11b", "comment": "Malware payload", "value": "eb69d372c204e485b36710122d3b71df", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645028, "uuid": "f77b8f92-3389-49fd-a379-c973811191d6", "comment": "Malware payload", "value": "2887f64bccb910b4a4505dbc81e4d70f3956b16b5c8d6c1c17d124bff148b124", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645028, "uuid": "a0a37452-c00e-4ae2-8bb6-be5cdfa0346d", "comment": "Malware payload", "value": "b40d6b1c2e7e40a1d66fc3e1e3757746a82dc7bf", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645028, "uuid": "767b32cc-661f-4acf-aa68-baf7626701c9", "comment": "Malware payload", "value": "c66bf175a81606dd0d90dd6d11876ea8b40abb8e40e1db02b6d6f634647243b0adc0a30c7ed62e6de21a2074539f9bb1", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645028, "uuid": "f1e05717-e1ca-4f38-bb13-210ebe290e79", "value": "T1DB643B9D7164743805C5516D802F1A07FE36292E286AC45CB36CF4EF9CBCE8931BABB5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645028, "uuid": "f6f21559-3568-4c12-905a-1bc3fd2b17a4", "value": "6144:p9HNLYDUhwFwvP6IoPa+JcAq+tvsWjh298:p9HNsDU5OKWjho8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645028, "uuid": "d89a24ea-2aae-4c4c-b723-c8cd64f9148a", "value": 332255, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645028, "uuid": "68e9ed69-05e1-4d41-8d7b-278bd4c8e58c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645028, "uuid": "b3671c7b-89a5-4363-8e3c-9cfefe980d42", "value": "I.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d9ffd24-7702-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698656280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656280, "uuid": "9294a1cb-561f-4bbe-9161-d15f843121ce", "comment": "Malware payload", "value": "c6e87e53aeda07520cbd72f472c32a3f", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656280, "uuid": "4b4d0748-fa47-42c2-99ac-ee13ed40c223", "comment": "Malware payload", "value": "28d339fbaf4c389d8203215de11158494b7782d6ae3f3393719db89dad1c2cef", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656280, "uuid": "f02d2f94-523d-4515-b0ba-b8e96a75125c", "comment": "Malware payload", "value": "931fcb97ca291d127793e1fbe1cc1e087aba705f", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656280, "uuid": "cd192b1e-d0ed-40ab-8459-b6cef14c7a1a", "comment": "Malware payload", "value": "3280f4c54da037ad835360e0839e5397155405f109a81054f275a80e701a0e8774781e3924fb35238f6aa1a4da062b5a", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656280, "uuid": "03e3ec13-ff27-4c50-b3d8-d05bcf147e2c", "value": "T114C2F2901393215AC762CFBC3AA9741FC4285553729A0D402D91A68FED5FB3448B9FFD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656280, "uuid": "a1211461-c16a-432d-9b57-511491633d25", "value": "384:yb2eX3zAKuiNPZRwwqdvrrduMXbCAk6Y5VvCYxy0kJXPav63r:/kAKuobq1rduMGAXSEYEYv67", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698656280, "uuid": "09714705-37fb-4a83-8942-64abb2906fde", "value": 25840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698656280, "uuid": "bf3bae41-6d85-4206-abf8-3a25c9faaa27", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656280, "uuid": "c87d1d73-2cc7-47de-a72a-effe6c29779b", "value": "SecuriteInfo.com.Linux.Mirai.6522.145.1964", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bf61e01-7737-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698678960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678960, "uuid": "9509808f-1274-4d3f-8e34-8e3cafbda508", "comment": "Malware payload (AgentTesla)", "value": "c70b43fb39231f0627e036f89d1fad19", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678960, "uuid": "b24e9abb-a685-4377-a000-22394bc0b0bc", "comment": "Malware payload (AgentTesla)", "value": "29540ce631e27a5c93ca8db2275df800424030a2977fae1f10c4035b6747877f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678960, "uuid": "7bd382da-b74d-4dab-ab30-18c0f7c4be03", "comment": "Malware payload (AgentTesla)", "value": "b2d80a53dfc4613f19cde34c2763acac4ed71a07", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678960, "uuid": "019dfaa5-1d3c-421c-8069-8eae9868ed2b", "comment": "Malware payload (AgentTesla)", "value": "0cce9c56c8bdf9266a3dd1f3b308ada1628e8d25cf4315773aac59904195b69d54c60ff2639e5297c00ff3a260f5c5aa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678960, "uuid": "8d8c14e0-9f9d-45fc-9827-d22db1bbfbcf", "value": "T1ACD4233EBA82777C75B07724B8E5A1854AB3502BEB7317CD580C28B071B990D798B6C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678960, "uuid": "8ac40251-a91c-4711-8471-e39e0074f565", "value": "12288:S3d+C4O8BzuPlxySEGDEK5XxGzbZgvXd375LmZxlKFH4tZH3GLAZUuvdr:JC4O9DaGNX8zbZgt75QxlKmtZH3EAZUY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698678960, "uuid": "8b60c926-5dcf-4fb1-9691-f4e6dbbda2af", "value": 600293, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698678960, "uuid": "3a26a7f7-0cef-47ee-a96c-63ce79957a88", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678960, "uuid": "e280bd4d-ca69-4ec2-af2b-4f23c4f06c32", "value": "RFQ MT-764439977.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "efe8b5f0-776b-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698701596, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698701596, "uuid": "6aaa3e1f-251a-43b6-9199-3d87dd5d45a4", "comment": "Malware payload", "value": "9761016fc8ae02ec9eace30cfe44d47f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698701596, "uuid": "6936c87c-9ba1-4d08-9e22-cfef463a86b4", "comment": "Malware payload", "value": "29a3a4cca6f50ce448dfe501c67feb15d8728a878602cfc7743b56eb029b4b49", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698701596, "uuid": "b75dc24b-8760-4464-b58b-176acf33f85d", "comment": "Malware payload", "value": "2eab45ab4dd1fe0cc8aed9dcef96f8e1b499436a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698701596, "uuid": "7397d5ca-5e71-4e08-9c15-a1da21e1c210", "comment": "Malware payload", "value": "11ecef8ea0e0c529822a8b436cab4c301b07c88ef531d989ddd9210d07a61756e3c057f56935d1edf79ce9b57b01c908", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698701596, "uuid": "a7b3b6e1-f59a-4ee1-9ead-3223b20439f0", "value": "T19C46E133A744A13DC3E7DAEC2905AF13FE70E9640103A672A6B0951C5B23EF9567DB12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698701596, "uuid": "9f67424e-5b78-4458-bb1d-40ad69f6d9d2", "value": "f7505c167603909b7180406402fef19e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698701596, "uuid": "fbbcc296-6a3f-4f51-be8f-289890805b3b", "value": "98304:G3aSVU4Ep5tIEjTxXYXaLXFt8siC7bYTpO9o+gAL0/V79RvrbJbntaeSaBU4rEdb:GUp8EHxXNb8JTIoUL0/jRjdbnceSwrEt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698701596, "uuid": "a373443e-fce8-4f83-b402-8690a322f517", "value": 5860664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698701596, "uuid": "48d8d6d6-53cb-4e9a-ad9d-065ee1234321", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698701596, "uuid": "feb863f5-47c9-4b67-ac44-92de8d9d6a96", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87220bf7-7721-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698669637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669637, "uuid": "6c6dcae3-a744-4c23-82a3-018e6c568579", "comment": "Malware payload (RecordBreaker)", "value": "b694159868eb3942c94fbb694d997d33", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669637, "uuid": "2eb69976-1028-4bc7-86ed-c8b62794db3e", "comment": "Malware payload (RecordBreaker)", "value": "2a36cba3281a7474903ce01a83260c3aa455d997c187db6e8685516dc6e97ce0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669637, "uuid": "344ddcbf-3c36-444f-979b-c8e1da9cc477", "comment": "Malware payload (RecordBreaker)", "value": "b9b6ff50d794e140cacb38199e6c2c9c9ab1c650", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669637, "uuid": "116a9609-c59d-48ef-9966-830ba2bb4230", "comment": "Malware payload (RecordBreaker)", "value": "6e1e44dcf8a3858e3211d197a96791c58180f1962e4fb2845f8c84188fe2c9a9d660ffca1f29dccd0728fb8915d14bf1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669637, "uuid": "5f50fed4-3f8b-4551-8938-0ab505dfc466", "value": "T1EA152306BBE89473D8E517702CF312535B327CB1ADB5939F2A96A81E18734C4963832F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669637, "uuid": "9d78bf00-4b26-44b1-8fa0-962652ce60d1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669637, "uuid": "5bb0f524-a12b-4012-899d-bea638ffe9cd", "value": "12288:QMrFy90Dldi/yD4Fyg9WEJpMdSkmtLlFoNGJKcd4Ho7rMJN6M4ac4kJo3hFKeHGD:FyIk84FFjMdSH6Gl4HChM4ac42kHadZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698669637, "uuid": "d49fe87c-8478-4fe9-bae3-7638654055c9", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698669637, "uuid": "3394b3a1-878d-43c8-830e-e9adcf208e6e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669637, "uuid": "1ce91c9a-fae9-4cf0-b2b4-4d7869341966", "value": "b694159868eb3942c94fbb694d997d33.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32919949-7725-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698671214, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671214, "uuid": "30d50970-0774-41a7-a5c3-952fc5e6ba70", "comment": "Malware payload (RedLineStealer)", "value": "d5dd4eef2eaf0d5ef584e9894ac34651", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671214, "uuid": "73f1baaa-bbe7-4951-a236-11d7805637ee", "comment": "Malware payload (RedLineStealer)", "value": "2a6a14a3a0a22ed3d8bd9c07a1b4e303dc690242eabebd5890bfbf54ed051ba6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671214, "uuid": "c30f3bfe-29ee-43a1-bebe-57b78bceca01", "comment": "Malware payload (RedLineStealer)", "value": "ba516a3525433f86c5a92fd3a02b7e2927939d11", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671214, "uuid": "d73b2174-b52d-4a94-99a0-9dc2c6fe7743", "comment": "Malware payload (RedLineStealer)", "value": "b12e59749a35277c63982014bfde94b83482f5961d6187446984cd5f341dd249558fb57b690e321a94e30b89a4c8101b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671214, "uuid": "bdd75460-5270-4655-8b40-cd33de6f0468", "value": "T10485335C68C79E56F68116B5C16646291F18F04018F6BBBBFC1F3BEAAC213AD0F4560E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671214, "uuid": "24854306-8e97-4ee1-8bab-87fb0c7bf369", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671214, "uuid": "5d96f3fb-f320-438f-b1ec-e54917114bc7", "value": "49152:4mOfWquRoTiJpHafKDv5C/qP6g19sFMhX8ikv:RuWquKTiJp2KD5jP6g7XhX8ikv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698671214, "uuid": "ea168492-ae32-42f0-ba44-8cc6a88d64cf", "value": 1821368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698671214, "uuid": "c82adc31-5e20-4e1e-94be-b2149f0885fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671214, "uuid": "7bc6a645-3a12-4f1d-975f-afd01bc461d7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f386b046-7737-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698679268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679268, "uuid": "2f08c113-11cf-4b52-b585-e9e18ee4132a", "comment": "Malware payload", "value": "d5cfef095c2b4d2393cdad42de0898a5", "object_relation": "md5", "Tag": [ { "name": "32-bit", "colour": "#4D0C66", "exportable": true, "hide_tag": false }, { "name": "electron", "colour": "#0E2A60", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679268, "uuid": "deddcdc7-fd86-4611-9231-172793beb50b", "comment": "Malware payload", "value": "2b7fda9022313bcf0d6bc31aa1058ccfcbbb925fd24529b43e7ec29f46fc3c70", "object_relation": "sha256", "Tag": [ { "name": "32-bit", "colour": "#4D0C66", "exportable": true, "hide_tag": false }, { "name": "electron", "colour": "#0E2A60", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679268, "uuid": "c7302b8f-0737-4b76-b805-a6086c568d86", "comment": "Malware payload", "value": "b7773c9460b113d6fec40e8941e6694f75f307e8", "object_relation": "sha1", "Tag": [ { "name": "32-bit", "colour": "#4D0C66", "exportable": true, "hide_tag": false }, { "name": "electron", "colour": "#0E2A60", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679268, "uuid": "a4c06a57-3426-428a-8a5d-65a403175c85", "comment": "Malware payload", "value": "318a1613b0333dd76039e87d935bd2f1a55bd3d44fece0e831611bfed59c500290c486c35c701129020aed3cb5b7a254", "object_relation": "sha3-384", "Tag": [ { "name": "32-bit", "colour": "#4D0C66", "exportable": true, "hide_tag": false }, { "name": "electron", "colour": "#0E2A60", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679268, "uuid": "2619984c-9d30-4530-9431-86c2c4dc1ef8", "value": "T15BE733E4BFDB087FD3388AB592BCA38BC208D2E258797253C3A6B45A074D9573D5C161", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679268, "uuid": "367a81e0-27c2-4a53-8d1b-627f57723c49", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679268, "uuid": "61a31eeb-7bd4-4fbe-8708-7221b24e6229", "value": "1572864:k4/4rzOchPGUqDxtL4Bz/zJYh4LQI+3ezBKSURV1GJ7:vkqcdGUqDv0BH6h40IM1S57", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698679268, "uuid": "9ac306b3-24bd-40be-9c84-fdae6c6124a4", "value": 68682351, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698679268, "uuid": "e06c0c81-0d31-4d12-9243-e234ced7a284", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679268, "uuid": "45e53ed8-0976-4657-b826-4edcbac0233e", "value": "Dual Corps.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7afeabc-7730-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698676161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676161, "uuid": "d09516bd-19ef-48a6-97f4-b783d1d31238", "comment": "Malware payload", "value": "392b185743c93f3885051f8e91968e76", "object_relation": "md5", "Tag": [ { "name": "128-140-77-217", "colour": "#F4E631", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676161, "uuid": "de1442c1-8e41-4db9-bb27-2ac02748932b", "comment": "Malware payload", "value": "2bb7d4d756699065d91957dac407d2af4cab7cdc343ab903cf1919625749b9a9", "object_relation": "sha256", "Tag": [ { "name": "128-140-77-217", "colour": "#F4E631", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676161, "uuid": "ecfe9ec6-74b4-4d1f-970b-fc382f72d6a2", "comment": "Malware payload", "value": "697c01209e9193ac0420764e01f68f7f34ae1de4", "object_relation": "sha1", "Tag": [ { "name": "128-140-77-217", "colour": "#F4E631", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676161, "uuid": "92161976-d0f0-4cc7-8765-7e13c99d80ff", "comment": "Malware payload", "value": "0e21c5f14ead2d93d09b0522196cdbd3032c14f071f41f78c2b69c553998b97f0fe888c76fd316c705757aa8983eea06", "object_relation": "sha3-384", "Tag": [ { "name": "128-140-77-217", "colour": "#F4E631", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676161, "uuid": "ed85450d-95aa-4ae1-98b4-19930ac3f1ec", "value": "T11925E07238C9C63ED317A372481DB29D62FDA2904E720A1776EC076E5F785C3A7109A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676161, "uuid": "cf3551df-34eb-474a-98d4-efc9be5a2c8d", "value": "94bcc5b724063dcec05deb3baa7201e6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676161, "uuid": "aaaf83d5-ca06-44a2-8dec-feeab0acda68", "value": "24576:YTDiWW14O1Pt6H3v3x106r7bbNmyfQ4cTk15Wt:BWW1VPt6H/3b06bF715", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698676161, "uuid": "5847479c-ba25-40e8-b6e3-632bd74e96f2", "value": 1050966, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698676161, "uuid": "c186fdcf-9b13-4025-8162-0e867c1cb415", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676161, "uuid": "a03ad465-2fb8-4db0-b554-136b4b6c10b1", "value": "Qp1.sct", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68e6e4f9-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698645105, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645105, "uuid": "95fc4469-0e64-48fc-8430-4470a184754c", "comment": "Malware payload (Formbook)", "value": "4041c56677d1cb00888fd21ba80683f0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645105, "uuid": "b14ede03-4324-4df3-b2df-810e63710cb6", "comment": "Malware payload (Formbook)", "value": "2f4f94bfed428eddafff6e978a8042cd7519e4708ef6a3aaa6eb4b7f79e3c453", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645105, "uuid": "9eefa452-12e9-4a40-9597-f27b587a82c5", "comment": "Malware payload (Formbook)", "value": "2527c1e306c2d0338580e709304180c69d7a4040", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645105, "uuid": "803a1d8a-a72c-4035-931c-4b95db9a0b17", "comment": "Malware payload (Formbook)", "value": "5e0c2ff4aea87467874088032038d8ab305640ff9951d0ddfc4d113072e31ae7829adeee227acfb98d455fb7c23f4f8f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645105, "uuid": "c2c0d2c6-d8f5-4131-b2f5-2e6a34ca9e98", "value": "T17104AE36DA41C071E2B251B5F67D0B7B883E0E343295A5A6E3E126E06FA45E5F03931F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645105, "uuid": "b0521f82-b8a2-4fbf-bd7b-01b4974824b3", "value": "3072:MhiQaFrSCnW6KU7FQI01V+73eb1cfKTuOLmIWp/aIw2tcXb1o2mfWY:mVCn3BA1VU3e4KTuOLmMW4i2mf/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645105, "uuid": "f8b2752f-25bb-435b-a323-1affb37bfd00", "value": 189440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645105, "uuid": "6ee1fd43-732c-44eb-996d-b2fd98df772f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645105, "uuid": "e917d2d3-4ab4-42df-86a6-2eef9a52a758", "value": "4041c56677d1cb00888fd21ba80683f0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8aa6c4e0-76f5-11ee-8907-42010a9c0042", "comment": "Malware payload (Phobos)", "timestamp": 1698650746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650746, "uuid": "15bb1edd-d1e1-4698-b113-b5d231e4d248", "comment": "Malware payload (Phobos)", "value": "fba616f5dc56b1cd9c463c0b9da86578", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650746, "uuid": "f4b366a1-8fc7-4b01-a9d7-6c6e89ad6231", "comment": "Malware payload (Phobos)", "value": "30e90f33067608e8e7f4d57fd6903adb5eccb91bf426c56569c16bf86f0d8971", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650746, "uuid": "d0df9497-fde1-4a3a-9fd7-c73915183910", "comment": "Malware payload (Phobos)", "value": "ac2b9c5c34af3894210852c7199a32dcd96c048c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650746, "uuid": "37220ef6-5604-4294-9064-4cde4a9ae7d5", "comment": "Malware payload (Phobos)", "value": "5e17adb21f367f4d0cc7f591a5df589daa5c3d59490d971b667b1e42d6ebc8831bf3a7d07c5ed422ef8a9b0801d2a053", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650746, "uuid": "db9772e9-dfcd-4882-84c2-1692ea8a0c89", "value": "T137456B499F4ADA13CE540270D457C5F72B49DE8BD606A3335BEDBDB3308B38857882A9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650746, "uuid": "70d20b3e-b87b-44ef-92f9-1520d6d52879", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650746, "uuid": "8c3a73fb-1cde-406d-9663-5d63278ffc76", "value": "12288:6YFxm3mFshWQKt/kzc8MDz311UVZi/MBJ+z4YTwSPFOXXBumgKGYwhm0XPie4LnM:NrPFYW/x19/MGxPGAmQn/isFhXV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698650746, "uuid": "779e6f62-d856-4c86-8109-71d82301c90d", "value": 1195008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698650746, "uuid": "1b399a13-44bf-4a5e-958e-130662adc8a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650746, "uuid": "788b7f41-3f4f-437e-b063-f8615b5612d3", "value": "fba616f5dc56b1cd9c463c0b9da86578", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5db0d82-7740-11ee-8907-42010a9c0042", "comment": "Malware payload (DCRat)", "timestamp": 1698683138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683138, "uuid": "667239e1-fef9-4110-8969-4dc673cdf5f9", "comment": "Malware payload (DCRat)", "value": "ad0016688550e625c77ab35ea6fd9d0c", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683138, "uuid": "03c525da-79a2-4060-b882-8d70f63daee5", "comment": "Malware payload (DCRat)", "value": "30f36f269a5d3b6b8c74c30dd448c3aa491d4b9fbd7c91e3b78e8eac7fa35857", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683138, "uuid": "0aed5a6f-f1b2-482f-9ab7-95a550a2766e", "comment": "Malware payload (DCRat)", "value": "855a53fc5d5a3a3fc4e9927d42e2a9f72688ef51", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683138, "uuid": "9ac4982e-4795-468d-a097-15046269da5c", "comment": "Malware payload (DCRat)", "value": "c6955127cfdf4408cac1f4daa6a63aef17922fa5da50df80d776954818154c61fd767092be0998a6350b26786a2df3a5", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683138, "uuid": "93ccd3b4-fed5-45ee-956f-1165ae1f21e8", "value": "T18DD4AE0077E84A35E1BE2B71D4B766519778B822AF39DB4F5FC045AD1932380DE20BA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683138, "uuid": "cdd5d096-9da6-4e19-bef0-4bc9906c6990", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683138, "uuid": "2115febc-5b28-4ca7-9b5f-3da68d1c250a", "value": "12288:FRZ+IoG/n9IQxW3OBse5DlbTo2N7wW7Iy+M448ddx3ZP:t2G/nvxW3WnBTo2t8R4ix3V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698683138, "uuid": "492a7ce3-5973-4ec3-993e-ad5837af74c6", "value": 608870, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698683138, "uuid": "346cf0d1-3a02-488d-a29c-6026f5e70d0c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683138, "uuid": "7326a4c0-b57d-4b99-bb67-0900631379bd", "value": "ad0016688550e625c77ab35ea6fd9d0c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d93dc88-7741-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698683204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683204, "uuid": "45620a51-853c-4c05-9544-38ff1b942e15", "comment": "Malware payload (Mirai)", "value": "c099d50d55c4ea98df8aca7dccd5e21b", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683204, "uuid": "fb16a97d-755c-4157-b4fd-1506d06af3c9", "comment": "Malware payload (Mirai)", "value": "32e024cf2b62249a6d8f9b37238d09c836a17a52e7d3e6a83edca8e90da70a4d", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683204, "uuid": "d7a4abc8-6ac7-40cf-92eb-15dcd8312e96", "comment": "Malware payload (Mirai)", "value": "197d70ca3dddbf7891a43104393431484f47dec4", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683204, "uuid": "c9f0a1ca-c577-4225-b706-d7754c4dde74", "comment": "Malware payload (Mirai)", "value": "326bd7114f6f3278dedaed216931826ae9fa4cd0a85d6269e6ca516431eb7daaafb811443587e0ead3f4c28b4b9a10ba", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683204, "uuid": "db1e163f-7cbe-438a-b19d-f28670e2993b", "value": "T1F0A31945F9419F12D4C621BAFA9F414D37136BF8E3EE7111D920AFA023869DB0E73A52", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683204, "uuid": "127693b7-0e80-4820-8aa5-5314f528e797", "value": "3072:VZ19MpYkc1aDStolN6aqtn9u1GUBAOGj3m:VZ19MOL1aDStolNBqW1BBQj3m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698683204, "uuid": "769764a0-5f8d-46e9-a6d1-837cc8262583", "value": 105452, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698683204, "uuid": "4d33e8da-8290-4437-b82a-af13d1242276", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683204, "uuid": "920b73fc-d330-4464-8471-379ab0ca0332", "value": "gangbang.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02887b70-76ba-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698625177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625177, "uuid": "892b79c2-8fdf-4476-a7dc-fa6dd8bf2b03", "comment": "Malware payload (Mirai)", "value": "f490ceab2715d46c595b389cbc4d0560", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625177, "uuid": "23bcd415-f309-4d36-b9aa-7e6d03c222a0", "comment": "Malware payload (Mirai)", "value": "32f202e05b3392350b96c603b91716a70a222e6a5c4bcebbec14c8e88e1fac1b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625177, "uuid": "a72aa6d1-6874-419b-bae6-37d2ff2d0561", "comment": "Malware payload (Mirai)", "value": "bed7a57b2035cf40cdb250a685a8f509056258f2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625177, "uuid": "3bc07431-0a20-43ac-bec8-7ca6ceefc311", "comment": "Malware payload (Mirai)", "value": "4bc8906b714c04f9d3a730f7a8de3f98e9e9259495fe585016ce988ea5bdc442d97f945328610eb86c0ee65d28e4b266", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625177, "uuid": "704caa49-7763-4e15-8ab4-027f3fff4652", "value": "T1FF236DC49643EAF4EC111AB12077FB325737E47B5159FE87D3A9A932AC42701A24B2CD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625177, "uuid": "435d13e7-2881-456d-8f32-b7d06acd9cfb", "value": "768:OaHpjSEZ3ImB5cbWk8u2hix5A1bDcrZDL7hrEXaKNUgj5dG:OKpjSEZ4mBi6kfBVr91caGUY5dG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698625177, "uuid": "1be87697-f0f7-44d2-84f2-b1517e796872", "value": 46672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698625177, "uuid": "047c8f57-af33-453a-848d-9231249117b2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625177, "uuid": "1fa291fb-49bf-4df5-8e38-576fc2f30bc8", "value": "f490ceab2715d46c595b389cbc4d0560", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcd031a1-7751-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698690343, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690343, "uuid": "93988883-5b54-4f91-8843-514c87485868", "comment": "Malware payload (RedLineStealer)", "value": "61348a2f94311f49a86d53f96ade0ad7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690343, "uuid": "aa1808a1-8863-4211-9e3e-318f7e122d93", "comment": "Malware payload (RedLineStealer)", "value": "3504e4a5a07c38293a2dacb167180c4e54663692a3dd6cc95b94d828daaffbab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690343, "uuid": "85d1053d-6805-44ac-b1a1-d0f3d72f676d", "comment": "Malware payload (RedLineStealer)", "value": "dfc8a5c8d1d16eea1cde22e13f805b1a15912554", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690343, "uuid": "40da855e-1b8f-4256-99ba-2b91a6908dc8", "comment": "Malware payload (RedLineStealer)", "value": "2ed1b0f82342eba225553940e424eafb8de48d10ed5e70a921bc26f1fca3294e73ffc72057b513c953d0e2644f59a88c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690343, "uuid": "a276da92-7e32-4898-9e7c-af69f5f99298", "value": "T13565F121FB904537D57316389C0B5768ED39BE113A38A88E7BE41D4C2F7A7C23929297", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690343, "uuid": "7db0b973-a604-4ce8-8738-3930ad028e08", "value": "85eaf26c78904a7e3734d1f5fb1f519e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690343, "uuid": "6a4af2f8-54ce-4cf1-804d-b817d61a81d1", "value": "24576:NNpbYeb7vdHa0RgsBoxJhPeAoMOXxtH53zzihIlmpEalp:NNdN72hPeAbOB5UWlmpE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690343, "uuid": "72bb4db1-d6a0-4a15-9097-d1a573ea2034", "value": 1444864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690343, "uuid": "d746d20b-2a6f-48e3-9a53-ac5ca4926620", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690343, "uuid": "8983b0ea-df76-47c3-933e-3ea7781eda22", "value": "61348a2f94311f49a86d53f96ade0ad7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d9c5ef7-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698644979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644979, "uuid": "306e35f6-b4fb-4843-bf70-b0dcf7022f3e", "comment": "Malware payload (AgentTesla)", "value": "1a6e75682cd627590fbeb1fb9b8bcc14", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644979, "uuid": "9da66cd2-15ab-45be-ad99-fc572e121558", "comment": "Malware payload (AgentTesla)", "value": "3854cb6322618174f8bf14dd58a86f44b31fc764b8334868607a8f44f82f0e40", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644979, "uuid": "1d884d04-1100-4eed-bfd2-25c85153dd58", "comment": "Malware payload (AgentTesla)", "value": "20a26b76919ca3fc9f1bce2b4ecd304878cf1083", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644979, "uuid": "105b9077-127c-43b6-8e2c-5147bce18d4f", "comment": "Malware payload (AgentTesla)", "value": "f10d3b9389a93569bdddc2deb13d29a38a2b099afe0fe54f759faea03f699483971130be82142ea8a12121db2edfc52e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644979, "uuid": "03006f7d-2388-4c6a-b813-3b5a47c07441", "value": "T19F336CA1EA54061A0D0F27E9DC824D41D1BE802D0936557BFEDD239E930B95CD3BEB2E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644979, "uuid": "27bac6c3-f8f6-4182-8fd4-6528b17a33d2", "value": "768:VV2vjAWeiysGD1FvWGjN5RBTJNkjU97/m240eaDDS93VlE+TuKDC3t6AiFj0:fOdXG3vZjNzBlNkQyiMlBaIBFj0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644979, "uuid": "59d95972-a690-42b8-9bb9-ae875345b911", "value": 53116, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644979, "uuid": "2497ad4a-4941-434d-8089-953d4de78d40", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644979, "uuid": "f9b14375-db7f-4303-b2d0-2359fe3a2e7e", "value": "RFQ20231030_\u5546\u4e1a\u6e05\u5355.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab428bef-7755-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698692032, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692032, "uuid": "d3001101-4031-46c4-afa9-51212aa6a879", "comment": "Malware payload", "value": "e8bae2ff6cc2b382b4c4ad3f77d00742", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692032, "uuid": "b60decf9-bb54-4280-a3a7-8cbcfd2331f8", "comment": "Malware payload", "value": "39519bc3329a0dbada982a973dec770825a3455653c8b7cbf09ffa83e1d40e7b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692032, "uuid": "aef69548-2210-4d03-b1c2-2999f2014daf", "comment": "Malware payload", "value": "19ae75ffa328bf9489f205cdc361d29e30856b22", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692032, "uuid": "7957238b-9359-4dc9-9700-d87f65689105", "comment": "Malware payload", "value": "60eac7e3f0c408322c1a74e9e1999b0f54c310c64da183d8d6133b9cd6d3861b27bdf4999e06d3a4998cc78ce65d47f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692032, "uuid": "8b1c7ad6-1bcd-4556-9af0-c7dc90d0382d", "value": "T1882612837B4500FEF03983F5847147DFB2662A936D6265452F8D6A08ADC23FD4E6E2C9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692032, "uuid": "afe19cea-d022-4997-bd54-9698f5520d31", "value": "c2becf94364f15a5960607ffb2981d10", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692032, "uuid": "6475bcf6-7382-42fa-9cc6-cc23d43f90f2", "value": "98304:rVMKfMCVqNpbGvK7N46RRG4xHQOwp/e76O+q7A/kqprZ9PSLr0VJ:BUCmlKKlRRxNQdGmO88GlALQV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698692032, "uuid": "ca6d99bf-3e75-4e71-8220-cd37cae6fc77", "value": 4736000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698692032, "uuid": "c00d3c11-0c2c-4ba0-a935-1fc300da6c46", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692032, "uuid": "2792905c-d702-4674-a7c5-091fe352f0cf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "759adaa8-771f-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698668749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668749, "uuid": "2de213c5-bc97-493d-93c8-0f3faefbe34f", "comment": "Malware payload (Stealc)", "value": "184b8da9345701e378ecb431a7939970", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668749, "uuid": "d1f6eb27-cc38-46d4-a803-74cb4582debf", "comment": "Malware payload (Stealc)", "value": "399023477f553cc6aadbf0ff70eb54241753607bbcf56b31e45a65537efaf25e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668749, "uuid": "b7106409-1cab-4436-91a6-9c4e690db757", "comment": "Malware payload (Stealc)", "value": "8860226c374d12db8eed383a5e8076cbe7ee1908", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668749, "uuid": "ab6fe6f5-ce05-4da1-ad29-b4f6ac9776e4", "comment": "Malware payload (Stealc)", "value": "e95a706279ec064f3e23db00e79f91721134f281e9d9eaa9437d4bfeb03c78f28ef2af44cba11725e80a47d263105d25", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668749, "uuid": "c8c0970d-0426-49f1-ba36-3e5bb6b22fa0", "value": "T19AC49E51E2C14D3AC0672A3E5D1BE2AD58247D1226E8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668749, "uuid": "415f02d5-d72c-4d38-87d5-2c086711377f", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668749, "uuid": "38a6b2fc-feac-4740-94a3-316aac94eee1", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7da3BIlXSY4j+6qj9:aF7M0UJf7gxIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698668749, "uuid": "7c896018-6dfd-4615-8945-33398cb0f5a6", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698668749, "uuid": "0050ae39-f516-4439-bf71-8ebc87eb0d2a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668749, "uuid": "87db45af-42d3-4951-a259-3d067aa6e5fe", "value": "184b8da9345701e378ecb431a7939970.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f282053-76f5-11ee-8907-42010a9c0042", "comment": "Malware payload (SystemBC)", "timestamp": 1698650726, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650726, "uuid": "5f7e73ad-d332-427e-9016-9a2412046afd", "comment": "Malware payload (SystemBC)", "value": "622018aa5fdba418e8aac635cc49a57e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650726, "uuid": "baee66e3-4369-47ca-913c-efbba2789a84", "comment": "Malware payload (SystemBC)", "value": "3a0a12512e1260c6a1dc9ee180af5f8f0a8ca470b8f4296c72d9ea1d3b07daf6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650726, "uuid": "0131d732-58f2-4673-b0c3-ce5958c7e9cb", "comment": "Malware payload (SystemBC)", "value": "86bccbaa157497439071dc7a8feb95aa3a720050", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650726, "uuid": "8e0c2db3-e6d7-4bb7-b61f-306e53f4e2f3", "comment": "Malware payload (SystemBC)", "value": "b38e0c9aa68c76458fa32a0efc4d68ae1fb4565fcbf1a710e7fb26878f240d22d71aee4247309fa59a7b23b536580e1b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650726, "uuid": "dd96574b-db8b-4f78-bf8d-2d2b3ddd3c6e", "value": "T10F84F18DAFEAB5A1C3AE1BB7D16270B55370D2771103F3F600C026F2DA6231669526B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650726, "uuid": "882b9b9d-c0ea-4019-b4df-e4a8307c8962", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650726, "uuid": "b52a1fdc-2c5e-4196-8fab-a381133259d3", "value": "6144:79KMo6zyka515g4YttHQ462jYPp0r2mruh13t4q3DF9M2j:70Rka+ti92kPpeijDF9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698650726, "uuid": "c5c30e34-aafe-435e-90db-0095a40cb9b3", "value": 384000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698650726, "uuid": "48a1b2ee-40cb-41e6-8af6-dfbea24515e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650726, "uuid": "92e56bfd-34e0-4033-b268-723ab18c2766", "value": "622018aa5fdba418e8aac635cc49a57e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b268e80-76f4-11ee-8907-42010a9c0042", "comment": "Malware payload (AZORult)", "timestamp": 1698650236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650236, "uuid": "60d3cdbb-99ed-4218-aa05-08e4f1837974", "comment": "Malware payload (AZORult)", "value": "46c76f2cd819facd5bce193912e78f9a", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650236, "uuid": "34b0bb50-0103-431a-b66d-5dcf3b6a45d4", "comment": "Malware payload (AZORult)", "value": "3a12e25115e3c8643042d73007996080fbbf93e0e2e876210907293b7c20ed1b", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650236, "uuid": "7b8c84ed-d535-47e0-8699-973803b7b95a", "comment": "Malware payload (AZORult)", "value": "3d204644a48d2a4f458b2c75c126afdf509f065f", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650236, "uuid": "6bae866b-c712-46a9-a8f6-0cd3ecb17582", "comment": "Malware payload (AZORult)", "value": "8ded2184c5f3ec61711ed111d277aa7ef8a4edc940022fb1c3eb68b7fa96a1ab55307dce44c164d414f4dd396643b4f9", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650236, "uuid": "1e497d9e-562e-43c1-9580-4de06078b8ee", "value": "T1ED75124BF623C0F6CAA902F3F9C6E1FB1D9DA9AEAC84658857D166DB7010D31C70E164", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650236, "uuid": "8c87961b-cb6d-4231-a817-dcebfcfdda1d", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650236, "uuid": "90a58919-829a-4f23-900a-c13271658df1", "value": "24576:f5rpY4YlFEebbHqZXVgRJRMqljuMLGv6kALPr7ByxKcTLGHeCBs/q1:jglHX8XunRMqVO6kALfAEcTLGHfSq1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698650236, "uuid": "50d7daf0-2af3-4a7b-bd44-da082a42fb2f", "value": 1569877, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698650236, "uuid": "da550b9e-ea51-42ab-9ad0-216e47cee691", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650236, "uuid": "3029043a-010b-4bda-8223-543489a5342c", "value": "SInterpipeF23101016100.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67970a29-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698645103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645103, "uuid": "2d089380-456e-4f59-bb00-4f734ca90aa2", "comment": "Malware payload (Formbook)", "value": "ad69911c4c6e057be421a182f4e6ea56", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645103, "uuid": "7b410cf4-c768-4d4c-b81e-85bab9edf8a4", "comment": "Malware payload (Formbook)", "value": "3ac037f29c08bafccd3cf6c0e88cb933795ea25bf1e9415ed89e83574b7f2566", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645103, "uuid": "178d5dc0-b7eb-439c-9d88-faa49217ba08", "comment": "Malware payload (Formbook)", "value": "4798ce7f3fee12eeaf6831f20d0cf0c1e9d0cf90", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645103, "uuid": "96038c7d-9dd5-4461-92cd-5936a41dabef", "comment": "Malware payload (Formbook)", "value": "f534f3d9b2a38bc2aa43a5b7e1716e421a22dd520981dffc284698269b8b56f9933a23e0ce3c41c100c5bf8070888096", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645103, "uuid": "5efadb1c-81dc-4734-afe5-f647a2c2df16", "value": "T1A904AE35D602C071E2B211B5F6BD1B7B483E0E343294A4AAA7E11AE02EE45E5F57D31F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645103, "uuid": "03273b7c-5a3e-4f5a-b091-b4f720d38e53", "value": "3072:cryUFrxJ/HyyfV3oBFz7LaCWKueseeCWfNVWaWFySjV2nTN:NsJt6BFvcKueseaFY5yLZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645103, "uuid": "b9fb1390-1837-4ce0-94b3-813e614ec3ad", "value": 189440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645103, "uuid": "eb96f146-2bcb-467b-9fac-62e54babea97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645103, "uuid": "e8d9bf50-05eb-441b-a24e-ee1114b14065", "value": "ad69911c4c6e057be421a182f4e6ea56.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "855131fd-76fb-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698653314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653314, "uuid": "44a4fde7-8019-4ff8-8e10-8552b714c871", "comment": "Malware payload", "value": "f6a084e7f01d66c26ad4a59028af33eb", "object_relation": "md5", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653314, "uuid": "e55448b3-9380-47e1-a4a6-42ca1d102318", "comment": "Malware payload", "value": "3bfda84d115e2ff50173e7f515c605b0585a9ae799d59626b053ed1f921abd25", "object_relation": "sha256", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653314, "uuid": "ca6ec8e2-97bb-41ba-8b67-5760508b1810", "comment": "Malware payload", "value": "2f5c7643a7710387b015238e57bbf1bd11bd26ae", "object_relation": "sha1", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653314, "uuid": "ee95a6df-4577-4595-9437-a40a162c6edc", "comment": "Malware payload", "value": "74886a2198d6f18a1d771f4daaff23290e929fb1335354a06819dbe45bdc22bbaa4d1031440ac71b1b9f411c66895805", "object_relation": "sha3-384", "Tag": [ { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698653314, "uuid": "e4f34d26-4248-494e-8495-22f5e635b2cf", "value": "T11EB4790C6EF4806E8EF4E658A376D8848039D1E4D385B72FE0172EB591917E3BADB5C4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698653314, "uuid": "88f65523-24bd-44ba-ad0e-6cbb11170d36", "value": "12288:S2h34gGkJe7eg2QzGq7UJDTNa/12TBlVC45:PSgbJeSq7T92ToM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698653314, "uuid": "10677936-0687-402d-96ee-1d21da2f416b", "value": 533387, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698653314, "uuid": "ded9465b-7e5d-4040-9404-82dfa9a495bd", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698653314, "uuid": "297a90bc-9c33-4396-a549-5aedcb2a1c60", "value": "1.vbe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e252c4a4-76d8-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698638437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698638437, "uuid": "46a9b66b-0108-45b2-a39d-e3288ed88a02", "comment": "Malware payload (Amadey)", "value": "9405f0bdee9cee39055c4dc7bb2474ea", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698638437, "uuid": "37d54e30-d73f-4b4a-a0e3-ad0d603010a0", "comment": "Malware payload (Amadey)", "value": "3caaf50ea078f87fc105751b587f04deb020853eabdc3b52a76fd53424eeb899", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698638437, "uuid": "547eb2ed-a8af-40af-a422-a9c75a3bb799", "comment": "Malware payload (Amadey)", "value": "a5acc8421f2d3606e55f0df48395dbc4f364f786", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698638437, "uuid": "6e2f43f4-9ace-4578-b41e-ea61bfea9499", "comment": "Malware payload (Amadey)", "value": "fb1b06e78048d407530c62a6e27a2dd6e977cae4c81753973459acecd1cfd3cbf9b42ecc5bd386420beec318398be420", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698638437, "uuid": "4baafe44-0319-4ebd-b27c-5fca1a634e5e", "value": "T17D75232662E94076F4E02B3468FF17D32A35FDB1597C4B131F40A5160CA29C6BB367AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698638437, "uuid": "0523c408-eb30-4f2f-9420-8a98eb45845a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698638437, "uuid": "821eaa6c-bde6-43ea-8073-44ca185a3711", "value": "49152:8kQafuEpAKl4vxNZiS4IzYp8hk0cFfrFWZ:9futy4XZiSVk0WI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698638437, "uuid": "afae2539-205e-4de5-9215-3f2f3aceebc4", "value": 1613824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698638437, "uuid": "e826a1ba-a4a8-4f8c-93fb-aa35e125ddf4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698638437, "uuid": "63dbab67-78c6-47d8-a318-2c8795e6cf33", "value": "9405f0bdee9cee39055c4dc7bb2474ea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ca98c37-7755-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1698692007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692007, "uuid": "a7c6935c-74a4-4660-9101-28cd9784db87", "comment": "Malware payload (MarsStealer)", "value": "3d6ea99891659bf9f1e7389c62620105", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692007, "uuid": "83e9da7f-1fa0-4191-a186-b883a5c083ee", "comment": "Malware payload (MarsStealer)", "value": "3e50af1cf3039f0c88664c7df3c86ee628960219ae244fe062cff5e8003286e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692007, "uuid": "a26c6b19-7b74-472a-b03a-15bf6b22f30a", "comment": "Malware payload (MarsStealer)", "value": "95f7ae5afb4326f3f7f95ba5421d3f3c42c48317", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692007, "uuid": "58987c34-1e23-4a47-b3be-c1934afa5a8f", "comment": "Malware payload (MarsStealer)", "value": "ee7661549dd8044b75ba1993d43889c8df6684438c25bf73ec232c7e74cb7d1cbf478c72d8fdb4503e2903e4057141ca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692007, "uuid": "380acfcd-7c39-4faa-96e4-c7749ecbfcd3", "value": "T1C2C49E51E2C14D3AC0672A3D5D1BE2AD58247E1226E8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692007, "uuid": "2614b4e8-132c-4e4f-8394-ba5b86b89c6f", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692007, "uuid": "4fd55dab-dcc7-4ca0-b6a3-b3fcfb8f3cad", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7daXBIlXSY4j+6qj9:aF7M0UJf7gRIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698692007, "uuid": "57571985-c0c4-42d2-a690-7d868fa4c834", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698692007, "uuid": "ece17bc2-63d9-4bef-9470-accd74d2e88d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692007, "uuid": "3b069dc6-d16f-4525-9e66-5015b6df19d8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2819204-76f0-11ee-8907-42010a9c0042", "comment": "Malware payload (PureCrypter)", "timestamp": 1698648665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648665, "uuid": "026955a9-50ab-4447-ac2c-5041f14cd7d6", "comment": "Malware payload (PureCrypter)", "value": "1b50a919fd67ad60b0f5981632faeaa1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648665, "uuid": "4dc46181-33db-4767-a115-b00e7cc2efcb", "comment": "Malware payload (PureCrypter)", "value": "3e9471385936da8656e7a1bc53d44271ec437d1399cd33ad91091b1f286c878b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648665, "uuid": "063eff64-e1a4-4c55-a19f-2027becd26ec", "comment": "Malware payload (PureCrypter)", "value": "d8e5a394b1441115181e51c3b92c17d808909426", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648665, "uuid": "7be7aa78-2258-488e-bd1b-7895a3b5f32b", "comment": "Malware payload (PureCrypter)", "value": "9739feefab9741d4b1480299231cfe07ca1f98f95c3ab73b603ded42dc7db0399bcef7f7743dec8f1a3f91546bd80acd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648665, "uuid": "6dbbb25f-46ed-46e8-9860-06ba2761dbd7", "value": "T10362F794961DDAA3CD1F06FC6CB746531A70F666A449EF4B35CCB20A3C43622243A79F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648665, "uuid": "92334924-ddab-4970-b42f-38d4e4dd3115", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648665, "uuid": "5650fe79-c310-4ede-a55d-3a88bfe2ec32", "value": "192:xBFRb9Vr3kbvUdk/E8KgH24OZEw0hpWMuZfiiLX2HS9yxSyrsRt8G3mSF6zjn:LPwjUZ8DHtI4JIiiay9ycyrsR2vZv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698648665, "uuid": "b2a35d91-42b2-4288-b650-33623f08cb28", "value": 14848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698648665, "uuid": "661ccd88-d267-4382-b88c-e629093971f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648665, "uuid": "10ba09ad-2964-48d3-beda-4087e3089fc5", "value": "EnquiresXOfXParts.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17a0bff9-7758-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698693073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693073, "uuid": "6d566656-e48c-4c15-9e1c-c5e37702959e", "comment": "Malware payload", "value": "85a2f1f6817c2ce85d637cdb9101c2c7", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693073, "uuid": "3a73e32d-ae45-48d1-b2af-498f1933989c", "comment": "Malware payload", "value": "3eae3141471581a8b0024fe47e765a34fa1ff6b7a974cd3aef976d99ebf2add6", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693073, "uuid": "c0486655-dd9d-40f6-a068-0ac98a0f9b98", "comment": "Malware payload", "value": "180a3bcd64e1a8aecd120e75307d32dcabfa5e9d", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693073, "uuid": "0fa45a5b-5878-4113-8128-a9857e19ab1e", "comment": "Malware payload", "value": "872520b830f1414ef753ba71c58daaae5e4827391cf814c4bd8edb3463c5d2006ed6c06d7b8abe774abe3c83f2b3dafa", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693073, "uuid": "97640786-2627-4892-9842-f080554606f1", "value": "T1ECA31744F8448767C3D327FAE78E439D77351A6457DB33116A39AEB42BC2B982E29130", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693073, "uuid": "8cf2740c-cf4f-43ae-840f-d07fa3e38733", "value": "3072:Plf1jKRi/VYf84YAk7XTRUmpEqQ45vVXY0X:vjdVC7YAk7qmpEqQ45vVXY0X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698693073, "uuid": "cfe37bc4-1e61-4cae-9e9f-5d3b43cff0a0", "value": 105111, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698693073, "uuid": "a2960a19-a167-4a19-bbf9-245795d30112", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693073, "uuid": "9e389376-5fb0-4ff2-a94c-02b14da345a3", "value": "a-r.m-5.ISIS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0212bcd6-7743-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698684017, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684017, "uuid": "7406e2fe-0db4-4772-a9ac-84a06e9dbcc6", "comment": "Malware payload (Stealc)", "value": "22f7ba8f63a64aace5cc9833840367eb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684017, "uuid": "133816c0-ead1-44bf-aa87-9e3ffeefa93e", "comment": "Malware payload (Stealc)", "value": "40696e542bb6653503f6590aa7abaabe9607df0d7ee55c88a4448f9d1f04d2af", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684017, "uuid": "3bdc96b8-0dd4-49fc-bbc9-ec08276f1ac0", "comment": "Malware payload (Stealc)", "value": "39a646f392846ba852b5a8956cd4e1d04359494b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684017, "uuid": "a522ee4f-dd6a-4336-82b4-b5c24f656e55", "comment": "Malware payload (Stealc)", "value": "00152d6778357cb2c60d62a3aa6f773cb8cca36cf202971b7284fd8881048718bfa588b63d6d8d868862fcc6dab66a95", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684017, "uuid": "a0c6e4b8-8ff1-4816-a30b-f4fb27f788e9", "value": "T1A2C4AE51E2C14D3AC0672A3E5D1BE2AD58247D1226E8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684017, "uuid": "28d42f03-af11-4318-b4d4-260123ac6474", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684017, "uuid": "919ce7e6-43c2-4c0d-acd6-45572e72034c", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7daLBIlXSY4j+6qj9:aF7M0UJf7gtIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698684017, "uuid": "f173e0df-e0c0-47d7-a799-e9829a73375b", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698684017, "uuid": "8f0497aa-b1bb-4ae0-a1b4-1b71de97be9a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684017, "uuid": "992795be-f694-4653-8ad4-60de6bb91305", "value": "22f7ba8f63a64aace5cc9833840367eb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8238050c-76e1-11ee-8907-42010a9c0042", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1698642141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642141, "uuid": "543d9a67-2da6-48b7-813c-7ec950f74917", "comment": "Malware payload (Adware.Neoreklami)", "value": "efcb306fef9ce8b6feb1374726cefef9", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642141, "uuid": "71a6b7ed-573e-4a64-b0cb-a0991202707c", "comment": "Malware payload (Adware.Neoreklami)", "value": "406d7fbe6e6835c4e660fe5030e3972eef5f66e59c43a39a71ee4888ca22f732", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642141, "uuid": "5030bd72-9c6e-4ba1-802f-1459eaf34d20", "comment": "Malware payload (Adware.Neoreklami)", "value": "6826623cd2df7b9721e717d38f5e12d645ebb9ee", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642141, "uuid": "ea1ea25c-5da8-4ca2-96df-294bfdce13d9", "comment": "Malware payload (Adware.Neoreklami)", "value": "71cc831d19578cd53a0338393fffbcb842b9a43b0fdcd844a0fe980f61bee26f97540fdb985db885060210d40f061883", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642141, "uuid": "edbb71fd-1b72-419b-9023-28b4db9eb758", "value": "T15C7633A070D9D873D4C404350B79DBFA23FDC2E24DA205F3679E696C367C942CA99E1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642141, "uuid": "c90562cb-6912-4c0c-830f-471a201528cb", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642141, "uuid": "6ebc2b8d-7919-47a0-9333-a2fd4ad8ceb9", "value": "98304:91OaHLOOR0QCgzWPSJEomof+FeQ22489JCpEMbNBqA0i9yAYkD4zmms+00GYTDj5:91OaHxIgKSxfjckB4HnAz4zmL7uTXh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698642141, "uuid": "cd080ce3-8076-4528-80da-192a94e485d8", "value": 7508409, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698642141, "uuid": "2f163e5c-289b-45f3-8fa4-4d2ceca29a6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642141, "uuid": "741e6495-e12b-4ad0-8995-91f2cf15d542", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34a6fbc9-7720-11ee-8907-42010a9c0042", "comment": "Malware payload (STRRAT)", "timestamp": 1698669070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669070, "uuid": "1487469a-031a-4456-b45a-309f932e38d2", "comment": "Malware payload (STRRAT)", "value": "fdfd15e9fad07371318a7a30e8d9646e", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669070, "uuid": "e0575912-7ab2-4cb2-986a-64547717c4d0", "comment": "Malware payload (STRRAT)", "value": "40a7240d513c153891985d9445215a11fb340e277eacef40bb6260747126685a", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669070, "uuid": "aa14bf80-d604-48ce-91e1-f7992bfe3e84", "comment": "Malware payload (STRRAT)", "value": "e89ed0e33de2b1c7091d4c6b4be44dccdf963b46", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669070, "uuid": "05ce5920-2684-4917-9e4a-d853bbbf3581", "comment": "Malware payload (STRRAT)", "value": "6d81ec2ae99698850a226308ad95e6276c6e74f398123c57dae4e1c8198694012e765d9b2b4c32eb2c106c9759eb466d", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669070, "uuid": "1f748183-18a6-49ad-b725-f2ccccf0127b", "value": "T17E144A8B75A50F39B8740AC472AA167E73B149056100DFDF92235F5EBA73F5EE10A238", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669070, "uuid": "4b434a99-bc74-4b22-8d7d-c09fb6cb7487", "value": "6144:MQcZI583j+TAlalL1xW/RdOj19G48aXE4p/+Y:Xc6TAw5P/pHUI/3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698669070, "uuid": "2f08da4b-f5be-40db-a92a-9debd66b28e1", "value": 204750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698669070, "uuid": "742d7897-7e70-4804-8bb1-2d09ccec203a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669070, "uuid": "98d1c5c9-a336-493c-95b1-866547ea52d9", "value": "6681b8b7aa0214bdba4eae3f1895256c.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7c78e96-7711-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698662928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662928, "uuid": "d3c46df2-b49b-4450-972b-829fcea9727a", "comment": "Malware payload (AgentTesla)", "value": "fff59fde1eddd1cde551c0e690e21a14", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662928, "uuid": "b698f423-4f00-4b7b-9b86-6bc111dbb6b4", "comment": "Malware payload (AgentTesla)", "value": "41ccff19a3b9824e1266a7f13e8d8521ae5fa933b46f1f73a9375bc40754f755", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662928, "uuid": "926bcb98-2ebd-4b38-aed0-08f34148c2a5", "comment": "Malware payload (AgentTesla)", "value": "2111f704003bd997c6a2e1f2051cb20ecf54007e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662928, "uuid": "c84ff512-4bac-4ba5-aa97-aa718ba71d53", "comment": "Malware payload (AgentTesla)", "value": "54655466cf2d5555ab224675e879fa0105fe3c2f87f3e1268db502d3b3b0b0236320875d0b6404691fcb339996d86f26", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662928, "uuid": "ab2b0f0d-46ab-49db-9131-c18ffdf3bf8b", "value": "T11CE43318C82F221FA916832498366EE269ECC4B71713775AB0517B4E4BE34FDB70D963", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662928, "uuid": "a1617662-8fae-4fcd-9ffb-4f6a2c207703", "value": "12288:Gt7m3YoCc9nnpsAmo6oqN9MV32JIcJJCgHQC6v72ETaqwZyEhAwW/Lps4+nv5:GxTorHsAmbNU3e9QCi7faqu5hArl+v5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698662928, "uuid": "4e74734d-8077-4fea-94a3-3191d3117ce3", "value": 710856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698662928, "uuid": "fe2d06a1-1c19-4395-8bd1-6e094010bdd0", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662928, "uuid": "761cf58e-fc23-4ab0-9e61-758a202501a9", "value": "Request for Quotations.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cb28564-7724-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698670855, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670855, "uuid": "bbbfaa40-766b-410d-a171-4fbb9e0513e9", "comment": "Malware payload (Stealc)", "value": "a3514ea1fba56a1cc534a27c9e75bee8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670855, "uuid": "d75ba4c7-3b84-4c97-a87f-4d54dd340022", "comment": "Malware payload (Stealc)", "value": "41eba5d62436d3cc05e7b1c583a3cbf7a53c46d5fc1f915771dd4c4c5f170114", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670855, "uuid": "97216eee-0502-4259-aaa5-0534b3979b16", "comment": "Malware payload (Stealc)", "value": "1864da242c03e921ccd255bf87cad0b433366d56", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670855, "uuid": "066ef9f0-6a43-489b-9883-309ae8a0424b", "comment": "Malware payload (Stealc)", "value": "feb13cf7921bf201ab37f6d2031b03399cc3166b2aeae92f584d91337868dd6c874ade42d89282666c19dcfe78465bb9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670855, "uuid": "64d3e85a-e2f0-4844-a9f0-6b292d3a1567", "value": "T1BAC49E51E2C14D3AC0672A3E5D1BE2AD58247D1226E8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670855, "uuid": "c56afa7e-bb51-457f-9a38-5078661724bc", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670855, "uuid": "23134dfd-a298-4e6a-b55d-f9cd50c27597", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7dabBIlXSY4j+6qj9:aF7M0UJf7gdIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698670855, "uuid": "f2783206-272c-485d-b986-7889f69a7348", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698670855, "uuid": "fd149ac4-8dc5-43fc-a1e1-9242f5287182", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670855, "uuid": "66443013-75b0-44c6-a51d-b22f8f297ce0", "value": "a3514ea1fba56a1cc534a27c9e75bee8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97a7acad-7725-11ee-8907-42010a9c0042", "comment": "Malware payload (XWorm)", "timestamp": 1698671383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671383, "uuid": "f2d9f7d5-7f0c-4d36-98c2-44cc026540df", "comment": "Malware payload (XWorm)", "value": "e568bed1c5e03e331654dee826b23930", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671383, "uuid": "9915a5f2-9671-45bb-b30b-f9e4bcd54976", "comment": "Malware payload (XWorm)", "value": "4229b3925fbd80f2316493b19c1c7fd23898507284bae4754e76c79a096f2133", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671383, "uuid": "13630f78-d526-45aa-b7ff-f01b1ab939f6", "comment": "Malware payload (XWorm)", "value": "7c0afd12c32103cbd4362e42f334bc072f0ae110", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671383, "uuid": "67fdfcd8-2da9-46ca-9266-71fe3e94b9fb", "comment": "Malware payload (XWorm)", "value": "82891e431d89f434ad244e5f991bc4c0e8e63078d87c17043ed2232af4d6ff1002799ca1460584f968e52c5fd29bca96", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671383, "uuid": "c55879e6-91c1-4da3-bbf6-c1cb110750c7", "value": "T13BE4024E57E748E9D2ADD9BAD3BA529513B2B3AF0506F36A14C482F3EF1074A54021F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671383, "uuid": "a7f93ec3-8c92-42b8-aa2c-376e13bbdc05", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671383, "uuid": "94a1615d-2ef1-4ff5-900a-7493a8496ebd", "value": "12288:SrUbmtTf+IR5xblqCdcqzKAuqctZTX2LpeiZCZ6i:6UbK9rtuyLZY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698671383, "uuid": "4f3c7afd-a7ea-4e8f-9e12-ec6253710427", "value": 691200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698671383, "uuid": "3246ffaf-c890-4933-996a-eae2fac6ee17", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671383, "uuid": "c82a0bfc-2518-44fa-a8d1-1c9aeecee208", "value": "Rev 2 - PO 14449.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7837957-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (MysticStealer)", "timestamp": 1698645237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645237, "uuid": "72c8aa2c-33ae-4364-b697-264015a78252", "comment": "Malware payload (MysticStealer)", "value": "6022a8d865e5331598bad504e6f4de37", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645237, "uuid": "051d3f42-d427-40f7-818b-7a0af47472d4", "comment": "Malware payload (MysticStealer)", "value": "447b333ac04a8b9189d0304c8c0cfd911661f214e6bbdf40bd5ab27d1631f391", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645237, "uuid": "264782f2-cb6b-40d0-8886-bf8c56df4680", "comment": "Malware payload (MysticStealer)", "value": "dba181e4c4f83cf955dbd4af41f2b9400078b2a4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645237, "uuid": "3a5c82ac-5de5-4b85-9dd1-8d3b4a20c99b", "comment": "Malware payload (MysticStealer)", "value": "37c9b80bbf472aba1f56246b7c6366ea068163dbdb7a45c2536a92dd5cd317b4f6aa9782a46aa73cab556fce39a6a58c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645237, "uuid": "1952aa92-dcbd-4e70-a2ae-da9f22334e04", "value": "T13D359E2079C09171EDE220F68BBEB629826DD0B4071555FB06D86BFED7602C16F326B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645237, "uuid": "5dc50f82-318a-41d9-9c58-24d8049d95ed", "value": "b11c9cd467b185b2c3a0a894930ee4ee", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645237, "uuid": "3dd0a250-dfab-4db1-bcbd-b4b9394aa301", "value": "12288:AC9ock3XEA29ADR87kHCYbw13Re0bUjnZk5uWSeT0twCRMnJu3KK:Alp3F29Ad87kHCQWReguGdJu3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645237, "uuid": "11181692-70d3-488e-9b5d-77068729c45a", "value": 1109504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645237, "uuid": "aaf4df20-b9ab-4389-bd4f-0a74774f1cc7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645237, "uuid": "307562ab-0007-446a-910b-4eea93f498b8", "value": "6022a8d865e5331598bad504e6f4de37.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b80399ad-76f2-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698649533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698649533, "uuid": "c5a56a0b-49ff-4825-b54a-bd80b4ecbe06", "comment": "Malware payload (Amadey)", "value": "6255b29cdb93b25815a9b9bc90ab56ca", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698649533, "uuid": "f960699e-45ed-429c-91e7-09ec34fcaefe", "comment": "Malware payload (Amadey)", "value": "44c4cf878242e438357664d720014a44c889797c3ca89628296d9b0c77810ae3", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698649533, "uuid": "40e07fbc-d8de-4628-abb1-b8cdf9a90456", "comment": "Malware payload (Amadey)", "value": "85fe732b623c6c78314add76a355b356fcfa6928", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698649533, "uuid": "4786d8e2-26ee-44dc-8e35-3a6951d4e62d", "comment": "Malware payload (Amadey)", "value": "c8c70749bdbb9c0aea3c830b951e36310745db3478a3ad98452c0a9f079d35ae9fc05e6621cfe868df00b81d7b72c6ad", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698649533, "uuid": "44a8e37f-913c-4bac-a635-40914ed7ce66", "value": "T1CC753311EAF863BBFAA4277509F303932936BD6019B181572789BD970DB1EC5933231B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698649533, "uuid": "605356c6-20de-4774-9433-677c960ad6be", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698649533, "uuid": "9d4fcc57-8bd2-464d-9d38-c492bf3c3888", "value": "24576:Ny1aOutU/oGjAtYZCE+/Hv0/53c2cHLDQgG2s5ZObDpHYibPE2ZdOBo5Om4KXui:o1KtgjAtawvE5M2iL/Gv5ZKN3PlZOm3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698649533, "uuid": "7f6dcf83-8d8f-426b-997f-e62aa3269eaf", "value": 1611776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698649533, "uuid": "19632949-6377-438a-a16f-605e569bcb73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698649533, "uuid": "17ff7608-d28f-4368-8ae9-84efb71e346b", "value": "6255b29cdb93b25815a9b9bc90ab56ca.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93080699-7725-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698671375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671375, "uuid": "bf8042fd-b82a-4d43-8eda-d9ba7fb6a483", "comment": "Malware payload (Formbook)", "value": "8f4ba15a9461c8bd8697cab9090cbb6f", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671375, "uuid": "1e69cf94-40f5-4850-b018-e4fd2ee88579", "comment": "Malware payload (Formbook)", "value": "4529a8e1484049bb19b2b8f5264cfdc5fdc0bf04fd88b50492a39952d5493633", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671375, "uuid": "392de116-7c4f-41a6-8717-de47878fac0e", "comment": "Malware payload (Formbook)", "value": "24db2ab7ccb3cf47c3a7356b426528f0496b8868", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671375, "uuid": "87204c3f-82e3-4764-80a9-6e12a1559847", "comment": "Malware payload (Formbook)", "value": "b7942460998b1b573734a9d6cbd285228951ec4a47e191760c29b8237f073ecf75aa8b55b225f125abbbf1e5f82f1199", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671375, "uuid": "b20c18c8-11a6-4c75-ac8d-5c7d519a6651", "value": "T15845AEF876047DE6267F526BDA96ACDC13B627639ACBA4CC4064B7C305A3375FE02805", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671375, "uuid": "96e775b1-1ff2-47ac-bf30-85c48fd5232c", "value": "24576:2LipR8ou+5YsYnB2+xbjoSuhiRlYFPsoF3sUKcQyeU+PkAjbRFg5/453q8Y6qdOV:A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698671375, "uuid": "9dd42158-3ec1-4c4c-b25c-f69de01be764", "value": 1213026, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698671375, "uuid": "0f6f377d-f6fc-4093-8b4f-89e7cafbef40", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671375, "uuid": "ab940ec6-5d08-43c2-b7d5-d1526180fada", "value": "310036 for Production Requirement.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2ee5e2a-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698690810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690810, "uuid": "dac67bf5-9399-4894-86fb-2b0bf0f8e56e", "comment": "Malware payload (RedLineStealer)", "value": "358dc0342427670dcd75c2542bcb7e56", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690810, "uuid": "dc0e2630-edb1-41e9-a4f4-0bec78f446ab", "comment": "Malware payload (RedLineStealer)", "value": "45d1df2aa5755f65a6710f2a4652bedc72f099ff53cb69301aac9a5518276e60", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690810, "uuid": "3c845ccd-8337-4c78-a563-a69b094e33ce", "comment": "Malware payload (RedLineStealer)", "value": "5b70d6eb8d76847b6d3902f25e898c162b2ba569", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690810, "uuid": "7fd3b5fc-de90-4d75-97f3-8e683e3a002b", "comment": "Malware payload (RedLineStealer)", "value": "26544cbb1e21d56bf25116d755e9464c49c58dfdb4245d93838777cf4bdaab163262d1834537a209e4cac591ebde2efe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690810, "uuid": "d366f22c-427c-438e-a4a0-549c7b27055a", "value": "T1D8843AC0560381B7CCD016F67FB52B764E301AB06BB1EDCB16C9E98999D768B333158A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690810, "uuid": "58f2b762-3c83-44c1-8907-38fc900ce59b", "value": "b6f743fe1f376c97dc3743d9bd95f0c5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690810, "uuid": "da70807b-1412-4012-9efc-a588f4354ef9", "value": "6144:FBItoKp6/wQm+h2pj6RF84hID1tK2eeeeeeeeeeeeeeeeeeeeeeeKeeeeeeeeeeX:FKton/tm+cdCmD1tK2eeeeeeeeeeeeeU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690810, "uuid": "8016ef29-8891-4f18-993f-5181bc22535c", "value": 391988, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690810, "uuid": "91c0c233-c822-40f1-b8f8-b1b189d28427", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690810, "uuid": "bdccd7db-abe6-4b38-9089-a77519ea499a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a119abfc-7775-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698705759, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698705759, "uuid": "c3d8e98e-79ef-4849-9475-777f93b5d4fd", "comment": "Malware payload (AgentTesla)", "value": "5748b9b19c0b360457a29cbb85f362cd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698705759, "uuid": "48dd8ddd-5576-4ce9-b4d4-6f2b1985d664", "comment": "Malware payload (AgentTesla)", "value": "46fcae3b6b6c7a56346b59c2c314c572b6420032d6fca0cf627923f3fc801d47", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698705759, "uuid": "50de1a35-4335-426d-8297-9a128f6f3d9f", "comment": "Malware payload (AgentTesla)", "value": "758bd048d3ae308cbf79a39fb6ad9552509fb65b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698705759, "uuid": "1b625b0f-4912-4dd2-97ba-4a43fd446086", "comment": "Malware payload (AgentTesla)", "value": "68e10e14f75d728da291ee6a513dc6c6fe2e2c3a913250e281ef82d75794e060c95b6245fb53b4e4ab15c824605747d5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698705759, "uuid": "eecc5a50-f500-49ea-bad6-c1afa14f959d", "value": "T15BB4126F67DA48EAE36D4EB78641935A23B1E3CB5102F76B10C4B1F2EE2775464022F1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698705759, "uuid": "04ef993d-9f0c-4c17-a52a-99c76aac5ca5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698705759, "uuid": "282931a2-07a2-4362-95a0-ce3ea232d135", "value": "6144:3cAfZdsbm57TkQMpHIYlej5TtqiK4byOXsG0UL19s18EETdO98EGWQCUwO1bLptF:3ZUbmtTf+IR5xbyOp0UHUpIPEGWQzL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698705759, "uuid": "46115453-dc20-4b62-9be0-43a824804959", "value": 540672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698705759, "uuid": "97ea9d2f-9d10-492f-98c4-7322b1234302", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698705759, "uuid": "7129d984-5c2f-4935-ae2b-0b23e61f70ad", "value": "SecuriteInfo.com.Win32.PWSX-gen.13104.19853", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcbebdd0-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698690826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690826, "uuid": "2267ff85-1393-4337-aac9-69884b2140b5", "comment": "Malware payload (RecordBreaker)", "value": "dd6d6b04f733757601eb71262500d99f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690826, "uuid": "35baaf10-d8fd-4b40-b144-d0e4c9029f06", "comment": "Malware payload (RecordBreaker)", "value": "47465ee8b98fdc4fb2e0764ae7e5d391a852de8c5dd9a2153d4d094e79769b18", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690826, "uuid": "ad3d3292-3c0b-46ad-bd5b-e455429ad36f", "comment": "Malware payload (RecordBreaker)", "value": "9c67d449d6bd13eb79b453d1ec69b80fe62f05f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690826, "uuid": "a5fe0108-faee-40a4-8325-7e4fbb640232", "comment": "Malware payload (RecordBreaker)", "value": "89a8e1b3b4c24ba62da3c9210af0b8e54f4075d6e6e16ac62403b2cd721fc682adb3274703e9b79b4846f00f6bd45f9a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690826, "uuid": "0dd2e6c0-550d-4a50-972c-2767ac12bd9b", "value": "T1AC158D2178C09176EDE220B783ECBA3643ADE4B4071546DF06E85BEED7606C17B36786", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690826, "uuid": "b5e6aeeb-e612-41b7-87c3-427968fdc29c", "value": "b6874b762c445425cfcea5128380cca5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690826, "uuid": "ada3f7ec-9f4f-4265-8538-351df695e982", "value": "12288:I8ySmtwUJo7a0d0Fzik+8/miEIIZHtJfxmqg7u+C8zievqB:I8ZmtwUJo7a0dAH5/mRZZ6xiev", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690826, "uuid": "e270fa58-873f-4f16-8132-7a72a131720b", "value": 918016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690826, "uuid": "7bb7d0c3-c126-4247-8c4d-134dd2a1cac4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690826, "uuid": "813c69ec-ad03-49b5-807b-ca7b19f10eda", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1337d88b-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698690488, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690488, "uuid": "2acd2f57-e29c-4d4a-a262-b961f2283405", "comment": "Malware payload (RedLineStealer)", "value": "510e693ef4916262d8a0b69204718527", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690488, "uuid": "3d1204d6-af92-4a62-9c50-ed1eb6900107", "comment": "Malware payload (RedLineStealer)", "value": "48cdeb7676697b47dc59384c1eebd75b13a3b7e10b83514f94b7571c4fe8d86f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690488, "uuid": "abe04cf9-5147-4d62-9d0f-bcd16bc4f0d8", "comment": "Malware payload (RedLineStealer)", "value": "87a7877ee6c97618a9fb3b5cb274d57827425f97", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690488, "uuid": "cd1dbc70-0ad4-4996-98e6-d1025941170f", "comment": "Malware payload (RedLineStealer)", "value": "b64470b3a6479d13ae114dbd21b08a76661396e3b3ce07cf6f49a8b35d93af83d0f457d90c1832910a2bac68dee35c07", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690488, "uuid": "078ceeb9-57e5-4494-806f-805cc886ad92", "value": "T17624C52AE304555DE83E433DB41C38709F70BC52E16ED32E59BA7AED693BB498B104D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690488, "uuid": "214895a1-ebcc-4aff-9e40-2adbd76f32f9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690488, "uuid": "be560759-bc18-43fb-874c-331ba27d1f11", "value": "3072:qRgmyg7ANgckY+tdrmjplyb1bElPaXRSd2x1SZwebKSH:XXg7ANgcLyrmjkQPY0Mx1SO5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690488, "uuid": "1898222f-e87b-4cd2-a11d-a5a4434083a7", "value": 224768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690488, "uuid": "e5564ef8-fad5-4822-9f86-c773c0fc0d2f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690488, "uuid": "36dc8a2a-a1bd-4756-a485-cf8363336e8f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be577e83-76f0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698648685, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648685, "uuid": "20e06547-b61e-4457-8b33-6dfaa65ad771", "comment": "Malware payload (AgentTesla)", "value": "a5ba5b8bc956d4b2e47ff5611d906df9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648685, "uuid": "e502dcde-6eb5-4e68-addd-33becd4676f6", "comment": "Malware payload (AgentTesla)", "value": "49b438745f45f7dc2640ebf88c016febd528d4ee758437b778de1ee02a59e2f8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648685, "uuid": "49cba6fc-8934-439e-99cd-8d169301d5c0", "comment": "Malware payload (AgentTesla)", "value": "52773f746422691be9ae1197967ff9af21ec7c80", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648685, "uuid": "7efe6ed1-b59a-41de-acee-3d844050b0d5", "comment": "Malware payload (AgentTesla)", "value": "3ffcc1f83e8ce25517b5ec9b7677d666cd2950560579b29e6bc83f0ce5ae4b1f2b258ddd9d757dfb5c7d840d578b2878", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648685, "uuid": "ba8b416f-9571-4bc4-854c-4fb99e36dc43", "value": "T18D05BE1DBFA464D9ECC79A71DE1065C19432B5332E0AC67BCDE0A7CA78181E786C87D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648685, "uuid": "828cf2db-f294-445f-a7bc-f9f14b85202a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648685, "uuid": "a4c1f95e-cd51-43bd-895d-6a61f65c30f7", "value": "24576:VYVApKI+PhMjwBhoOrcOy83IFG5a9TSmSxg/J:VPcI+PWjwBhZcBSWG5xmUKJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698648685, "uuid": "30523959-9eb1-4e47-aadc-6b0c8108c4a6", "value": 828304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698648685, "uuid": "1479efcf-5555-4f9c-befa-235c70866fe9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648685, "uuid": "9137ab54-ef6b-47c8-af16-23c7726c3553", "value": "CFSA69383P-30D43F RFQ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3db3ffa0-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698645033, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645033, "uuid": "f1acdb32-3fe7-4813-bf41-ff60a6f1233c", "comment": "Malware payload (RecordBreaker)", "value": "db545b35dcee3ccc2bd42c2295d360de", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645033, "uuid": "c50ad0b7-0f02-480b-b3e8-e601e04e678e", "comment": "Malware payload (RecordBreaker)", "value": "4a0040f550954ce8ca8a7e192fa7e209ff75b93d1614c0859783c17340c591b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645033, "uuid": "931c3a53-6f7c-4704-990f-20ae4d06d30b", "comment": "Malware payload (RecordBreaker)", "value": "cdf83593b7912c6ff7a49547d0a2d4b652cd9bb7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645033, "uuid": "49ba2c73-ccce-43ff-96e6-3c5cd1b91982", "comment": "Malware payload (RecordBreaker)", "value": "45ddb358c58518a48088f1bdacf011eda980740b434444345044f21d5a2e41a77cf5188ff67f10d46c833d1cb411fbac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645033, "uuid": "9d769b80-a518-4548-9322-cfb7d1293b75", "value": "T163752361B6F4803BE9F00B7048F602D30B37BD865D79471B23976A9B4C73AC46A717A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645033, "uuid": "6e3b42ce-fdea-44ef-afb8-f89a9e682951", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645033, "uuid": "58bdf8b8-ef74-4aea-aa86-bf3ca388635e", "value": "24576:Jyo9/FlHHUc4uhqqq8V9hr5PbyUnnpkgI76ed9Io3JPcIS/R0hGQqXTXYm:8WjwuhqqjVbrJb/FI/d2cuNnQqXk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645033, "uuid": "7a102e90-5fc2-4075-bd50-ed18d2261e02", "value": 1613312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645033, "uuid": "39db6026-ade8-485e-9b5a-d09eb3185dab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645033, "uuid": "f3fcd400-7d5a-4bd6-9a36-857a27855217", "value": "db545b35dcee3ccc2bd42c2295d360de.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c40eeebc-7766-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698699375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698699375, "uuid": "9f719748-d98d-4892-a412-552ee813b281", "comment": "Malware payload", "value": "955ee766fec7775bbcd7c9257acc58b0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698699375, "uuid": "d29f5db6-cb4e-4b40-ba55-38fa22ae9e17", "comment": "Malware payload", "value": "4a3b60496a793ee96a51fecf8690ef8312429a6b54d32f2a4424395c47b47fc8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698699375, "uuid": "0e494ccb-8a65-4da1-be6d-e625f3a75eb9", "comment": "Malware payload", "value": "221f0ae0ac78e9271818b334422d984de1eaef9d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698699375, "uuid": "1fa1b723-b119-42da-9373-0926be5b06aa", "comment": "Malware payload", "value": "12de9582c43c68241436e6b0e8346c3bc4ae38ebae67702d09f51165bf785ac905a4ef716a69fce45340fb67b5d17ece", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698699375, "uuid": "45a80ded-b4d3-495e-8711-3e36d0450d65", "value": "T192D4DE043BA4DC508B6D16E868EBA3078B2256A7DDFFFF170AA29170595B86347503CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698699375, "uuid": "c5d2c9af-906a-4522-bdca-b78c85b107da", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698699375, "uuid": "6afc1afe-d57d-4adc-a4e2-44fd56c913d4", "value": "12288:kjm7Bnz9WXY7tXd84pdKG30bMTWuxYop35:EmzDpd8ug2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698699375, "uuid": "95f147bb-401c-4b8b-b710-09c7251f2002", "value": 629760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698699375, "uuid": "773e4dd5-37d6-4276-88f9-25daf82461e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698699375, "uuid": "672c0d3d-f57b-42b3-bac1-d4d39186ffe7", "value": "payload.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae9ecb37-776c-11ee-8907-42010a9c0042", "comment": "Malware payload (Glupteba)", "timestamp": 1698701916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698701916, "uuid": "ef3880e8-44f7-48cb-a4b4-6b343cd4cec0", "comment": "Malware payload (Glupteba)", "value": "c7e1a35456fa34722556dd88dea6e5c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698701916, "uuid": "8d44ed96-3661-4436-833c-ebdd9e0c2672", "comment": "Malware payload (Glupteba)", "value": "4aa80d6935201d51bc5be593908289cc2e239be14991a5dc6054bb19e7f90c44", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698701916, "uuid": "72c9119f-4354-4538-a3c3-edb7872b1da5", "comment": "Malware payload (Glupteba)", "value": "8b2a0d2b39945a80ce06e44a78973e0f9b93194c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698701916, "uuid": "77ee3be5-8127-4616-9028-8688e3179fd5", "comment": "Malware payload (Glupteba)", "value": "2acdb4b4d6589973e7ecbd45f46287447c240f75030a6187f30fe648b5d186023b0166d1c1fa244a619666dea048fc9c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698701916, "uuid": "a1855267-fdb0-4b42-85f2-459fd6c07a7e", "value": "T155A62375FF5A5C2BB0FED179A94739F761AAB274434E366C43BC1290E812630B05AED0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698701916, "uuid": "609f6b05-64ce-42f1-89de-4dadb055e89b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698701916, "uuid": "05dc2f8c-17e7-4659-854e-fd88f9e13543", "value": "196608:dqG6fth+H4TaduMIDwAsrzwBiaBYJwQwvk5KTOYTa+tH/+MpZG:gFhgIDwA9BiaBYJwQk8Z+YMpZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698701916, "uuid": "0d6adb62-3731-4f93-8352-fb3be367cc01", "value": 10346496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698701916, "uuid": "97bfdda9-440b-4dad-ae26-a8fb02b9e6bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698701916, "uuid": "2d90898d-c7f2-4413-9f53-7216d78ef13c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64147d3a-76e3-11ee-8907-42010a9c0042", "comment": "Malware payload (AZORult)", "timestamp": 1698642950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642950, "uuid": "9e9993e9-f092-49dd-904f-856a68ab9f9e", "comment": "Malware payload (AZORult)", "value": "4b840c2719ee2df21e2f5629de1cd855", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642950, "uuid": "59e6e783-4206-40b2-869e-00ae3941e9f5", "comment": "Malware payload (AZORult)", "value": "4b60e39d62276df716c54ff9063923c956320b5b887c5abda5978bb090830489", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642950, "uuid": "6b2291c7-3d8d-4db6-832c-27580ebb604f", "comment": "Malware payload (AZORult)", "value": "7145698c4e4565797c5a5404338df1aaabfd04ff", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642950, "uuid": "418f93ad-010a-44ca-aea6-d18a0fcf974e", "comment": "Malware payload (AZORult)", "value": "c8ba83752f1aef7b240194b95d29ce2114010ec86c536bf08bdb5a60454543c5fff7c1f66984316289e5b9e2cad440b1", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642950, "uuid": "575a6ca9-481b-4262-8b62-1edd45221bdd", "value": "T1B275120BF633C0F6CAA943F3F9C6E5FB1D9DA9ABAC849548579166DA7410E31C70E060", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642950, "uuid": "af119606-9f2b-4fe4-8195-d9e0dd087e07", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642950, "uuid": "b137f4c8-d65d-4614-b6b0-541266cafb58", "value": "49152:HM1ryYVhHXunRMqVO6kALfAEcTLGHfSq1:s9yEhH+RMWkG4E//", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698642950, "uuid": "f974d37e-a534-4e71-bf94-cc40a1391d3d", "value": 1576618, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698642950, "uuid": "5f831dae-f482-4bcf-998d-d5f19b9a1564", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642950, "uuid": "3082dfd7-4901-4b9f-80e8-d40d84d16942", "value": "SInterpipeF23101016100.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e408588d-76e6-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1698644453, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644453, "uuid": "39074549-0e10-4d53-94a5-3dc50d67a020", "comment": "Malware payload (Loki)", "value": "d839aa32e5eddc843e74e9496b9daa4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644453, "uuid": "6ac53ac9-e8c8-4606-922e-8271cb2cb8da", "comment": "Malware payload (Loki)", "value": "4bcddd74df1696be1eb651c9713d6db0225591efdd2caa049ffb8ddd08ca97f8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644453, "uuid": "5fc20462-aade-48d7-ba08-9138ba84df18", "comment": "Malware payload (Loki)", "value": "22483df41908c7789cb443ec2096a9a2510a8e70", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644453, "uuid": "e02d68cd-17c6-4843-a1e9-4aa734cdae13", "comment": "Malware payload (Loki)", "value": "5949dc3a13d327e469ade95e6aac99c5f239d1d281def0a5008a7243e47ca029275d0522e1edccdce334ca7b93b0f1ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644453, "uuid": "1439b801-af54-498a-bdea-1fa9e8e8e0e8", "value": "T192F4283C48BD1637C5B0EFE19B958426B3E0A56B3255AD3859E358DA0212B06FDC393F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644453, "uuid": "5f87ef78-1606-4479-bf9a-fdb5c50fdd09", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644453, "uuid": "aec5f8f0-986a-47b6-bc95-5263be6ea730", "value": "12288:ZzdIdxqTlrDw3MD7mLz3Y6ItyRxqzTj6mnXFytILz3MEIrgZ46j:ZhIdg5Dw3uifMy/qXGmnLz3XIrgZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644453, "uuid": "d683081a-b802-4fc9-9b95-d6feafe551cc", "value": 761344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644453, "uuid": "6b7e3ae5-b339-448d-91d2-3a5adabfecc3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644453, "uuid": "0544dca8-8450-4638-9cbb-761049a7a0a0", "value": "DHL ExpressAWB#20905889822.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fe1d776-7736-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698678618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678618, "uuid": "dc8fe806-6e58-4068-ad46-f2464277dd4d", "comment": "Malware payload (Stealc)", "value": "5c5556510737bc9b7852c0235186bfb3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678618, "uuid": "9e4dad6c-7d3a-4692-b93e-a4dc17432388", "comment": "Malware payload (Stealc)", "value": "4ce725a2c6e974d7aa4f05c651e803d40efa218ec2668386ce80e3249c577f03", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678618, "uuid": "36385e13-d46c-4168-8d77-c47671b85bf3", "comment": "Malware payload (Stealc)", "value": "0bc139b633d58bd6a14297e8731d8c449aaf82f7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678618, "uuid": "323d5b1a-ceaf-4ea5-88f2-ba6e1bcd540d", "comment": "Malware payload (Stealc)", "value": "e1fea7c31fbcdbea11d3601d13253f1ea3a2cfb80d3255a708b16ee0040c1f7e2144f7e726264930abfedd4178bb3113", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678618, "uuid": "31650c6e-739a-40da-ac56-b3968281cc45", "value": "T15FC49E51E2C14D3AC0672A3D5D1BE2AD58247D1226E8D88AAFD47FCC1F352813BF4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678618, "uuid": "f2695f79-f1b7-4ce7-83e5-468322a56eea", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678618, "uuid": "c0c20548-6421-4a4b-8f10-23bcf657bae7", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7dajBIlXSY4j+6qj9:aF7M0UJf7g1Ilqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698678618, "uuid": "d76dd2bd-ba11-44cc-81f3-4aeeacd2acb8", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698678618, "uuid": "7edf736e-e392-4267-bdeb-4eec96747b72", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678618, "uuid": "d2ae0f7c-c20e-4005-92fb-040e937f6f4d", "value": "5c5556510737bc9b7852c0235186bfb3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16eb7465-76cf-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698634230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634230, "uuid": "efb8d2c2-b845-456c-bfdc-eb7bdf51b945", "comment": "Malware payload (RedLineStealer)", "value": "32e9d86d365416f8554126e4a13186ca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634230, "uuid": "4a6e30cb-57df-421a-ad27-3650c9ba9c48", "comment": "Malware payload (RedLineStealer)", "value": "4ded38ed384196df230cac460de76366c19969db9999731fe75ecf3a0dcc1633", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634230, "uuid": "15d437c3-0383-4fd4-b3cb-37fe05f47d52", "comment": "Malware payload (RedLineStealer)", "value": "a547e6336ecc963518dc61a2acf975818cdf7429", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634230, "uuid": "6f0cb381-f915-43f7-8b22-9c23b8cc3ad0", "comment": "Malware payload (RedLineStealer)", "value": "376f67ec5c1280581f7496f1c3ae6441ead94bf51813461fca5670b408b3d9ae627c59b4390a8566ad09becf33852ef4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634230, "uuid": "b17a46ea-ba0e-4738-ab2c-81a18bafd196", "value": "T1C575239362E8A563D9A02B3008F302B71B363CE35FA146576F99BD9E48319D4E87171F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634230, "uuid": "8337fb43-5a4e-4567-b768-b9d86c24e043", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634230, "uuid": "4f35ed36-e8ad-4a27-9d2d-d0eeb52dfae7", "value": "24576:xyQKXt7O1R1P3wj+pmXE+3BpnPFn+XgzFqaO5kiTUmNDteDRpr47R:kQKXtQz3Y+0RpPFvBqaOmiFNxg2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698634230, "uuid": "18a74773-7abc-4a59-9126-c8366c10f197", "value": 1611264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698634230, "uuid": "5fab3252-dce7-4760-a4fb-5162c9a17ed3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634230, "uuid": "c4639025-883d-4bc0-bc5b-da1420b0df34", "value": "32e9d86d365416f8554126e4a13186ca.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c80f12ff-774b-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698687785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687785, "uuid": "650b8127-1455-45ab-902e-ca9404ba4190", "comment": "Malware payload (RedLineStealer)", "value": "ca3392571598a163989a3b477d3b646b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687785, "uuid": "d647f95c-1a9e-4d0a-b206-a0f6828e3782", "comment": "Malware payload (RedLineStealer)", "value": "4f07b026927014a120dc619407294b0cdda8e9bb31c19b830c2eb6173910c00f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687785, "uuid": "365727a9-3695-46ce-9c49-b4535b4b2cfb", "comment": "Malware payload (RedLineStealer)", "value": "4d336ec9e5f3b5d2a54c8265723342e4035857b8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687785, "uuid": "cbad26e9-3ad9-4a6c-85d6-f3fa5353606f", "comment": "Malware payload (RedLineStealer)", "value": "36b967b198d9f8c3dabf27cc52e6d94b53a134ff416ba8f5e18fcd56a5f780ab2781f1062d1abc26c9d6ef8e3af91071", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687785, "uuid": "1cf7732c-01f1-4bb3-89e2-09ce846903d8", "value": "T14134E766E344552DE83E573CB01C38609F307C56E16FE32F55AA7AED383BB498A144E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687785, "uuid": "05f84dcf-eaaf-45c1-af3d-c22796d884b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687785, "uuid": "13d8397f-fcdf-4910-ad60-6107a899c5a4", "value": "3072:A0pJG3Ah7+HHE1/s4+Ltm5YxjzACYYc6H2P4sicLzgw:AcJG32KEO791LYYc0I4s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698687785, "uuid": "e0d3e287-8b8e-4afa-9035-8421d1f71110", "value": 230912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698687785, "uuid": "c8e11350-3041-48a8-8f43-0b0ee57acc2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687785, "uuid": "f3c97548-282d-4d6a-b72c-2bedbefea693", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b98e448a-76f7-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698651683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698651683, "uuid": "6442e22a-c6f1-4f98-9feb-c8298434e833", "comment": "Malware payload (RecordBreaker)", "value": "2d0e8ac3b760b20093165839746c1e64", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698651683, "uuid": "f82b20f8-94aa-4a17-94be-327f5697ac34", "comment": "Malware payload (RecordBreaker)", "value": "50512b503b7c4a25114c6f8e843934bf659788f0b5c00a8638575217176a95c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698651683, "uuid": "069e07ca-51e7-4757-be60-c8392445497a", "comment": "Malware payload (RecordBreaker)", "value": "1d316fb893a0e63514d176506970400ce2049d75", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698651683, "uuid": "680e2423-f666-4781-9fc2-beda02f158e1", "comment": "Malware payload (RecordBreaker)", "value": "7094019488e5c6ceac6d4ac9051cd2302d0396374aa4767ac0cb8563a883075a433b639ee93bc109080dc1372c24454a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698651683, "uuid": "86e00e96-65db-4fcc-9f86-694cd4b9d2d8", "value": "T16A75231247E8D173F96627F41CFB13974633B8614C3883AB2747A4860DE369EA875B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698651683, "uuid": "599ebc29-bd80-4fc1-b70f-160df951bfd5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698651683, "uuid": "7db5f994-8b31-4aee-8fb1-1c2a6bd3ddb4", "value": "24576:uyzw9dMTZOcaLYW5s1dx77R6vYX19kX/s+gn17fmN9RtPU0cD/C3AEola5ahR9:9zydMTOYW50/d6gXzK/unNmG2+a5ahR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698651683, "uuid": "bfe340f6-2d74-4e29-8a25-168802c85834", "value": 1612288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698651683, "uuid": "4cebd903-0359-4907-b8dc-20e59bff8c0f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698651683, "uuid": "cfcbd93f-9d49-4a99-817e-9c032596b8c4", "value": "2d0e8ac3b760b20093165839746c1e64.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89e6f624-771a-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698666636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666636, "uuid": "ba095081-43af-48fc-b6e5-ca6bb09a5234", "comment": "Malware payload (RecordBreaker)", "value": "e410310c63297392eb3ce82844bfe3e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666636, "uuid": "c7c611d9-a0d7-41e1-a911-6b92b8797118", "comment": "Malware payload (RecordBreaker)", "value": "50b0915a89953b0d9b31ab6238903eae3c4def950b699d0b3f60780902a525a0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666636, "uuid": "81a5b54c-9ef1-473e-8c0c-d37638b67770", "comment": "Malware payload (RecordBreaker)", "value": "c00d92fafbc4a7ea420275f012072cb959909554", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666636, "uuid": "f93d1c5d-bd45-4e17-bdbb-3ae7fe5f14be", "comment": "Malware payload (RecordBreaker)", "value": "255ddc56bf94a55ca82ac2d26ab317c59aa9edddd471a9d3e3b0c51e178c6a3334e214d3af475c92619190fc92daa651", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666636, "uuid": "1c415c73-650c-4308-936f-70a99fe22c71", "value": "T1EFD41247F7D98172D9791B7018F613C30B3A7EB609B4936B27A5EC5E0C72680983672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666636, "uuid": "790640b6-dff1-41c8-9a6d-44677736a3e3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666636, "uuid": "d053ae0f-0867-451d-9b22-4d04175b61a3", "value": "12288:BMr3y90EYftpajQtMyRNA+7EsF7KfznBk5:myt6act/D7Es0a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698666636, "uuid": "3225c039-da8e-459b-8e1c-e1c36d8cf966", "value": 608256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698666636, "uuid": "927a91c2-c5a3-423f-b686-0d832438e9b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666636, "uuid": "7580eae8-9a41-4189-83a8-150324c0cf6f", "value": "e410310c63297392eb3ce82844bfe3e7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecd3e740-7711-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698662936, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662936, "uuid": "9816e6a0-446f-4996-86eb-29fb7b393ab7", "comment": "Malware payload (AgentTesla)", "value": "24238b4a81513300b139f29e76a195a0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662936, "uuid": "f93734f0-e4fb-4ea9-9dbf-d5bac9f8ee80", "comment": "Malware payload (AgentTesla)", "value": "50cf7c8e4c8f102dabb270e61cd8ad3e2e9492d48ce45a9909ea78eb903aae49", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662936, "uuid": "6a7f5823-0644-4d14-94aa-aac44a5f8606", "comment": "Malware payload (AgentTesla)", "value": "47e0f58071acf6d01f83db7e88756a0d7f7d75b4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662936, "uuid": "2403325a-549f-4500-a07d-05609bb51f88", "comment": "Malware payload (AgentTesla)", "value": "43fe43862f7208a6a936e0668516451e71ab370086a7e3a6c2a14dae63bade92f1a07ba3dcd82946ec0c39e8fe3ff3eb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662936, "uuid": "59c97419-7d9b-4840-a139-2b1ed0256dee", "value": "T168155A3C48BD1637C1B4EFE19B998426B2E0A57B3255AD3859E318D64212B06FDC393F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662936, "uuid": "89fc9758-e3bf-4652-a27e-81fc4249d754", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662936, "uuid": "5425e174-aac4-45e8-b9c3-22225e996cbc", "value": "12288:9zpOO4UXsxiqDQy7OAUYfdXerWUVSmQDZtEqiVMthbws9XaJqEB5ZM:9Nh4vrQmxUYfajTWZt8VMfbwN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698662936, "uuid": "31cefcfb-b190-495d-9dba-15609be7b0f6", "value": 915968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698662936, "uuid": "8c8cbded-884a-430d-ab3f-d6dcdfe4f803", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662936, "uuid": "7c834a28-d24c-49e6-896c-9d4451183e43", "value": "Request for Quotations.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75ef4b26-7760-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698696667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696667, "uuid": "a0a1f1ea-37df-49ed-b1ce-523b7a526794", "comment": "Malware payload (Mirai)", "value": "c666b488cc10baa7259a28967cb62e55", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696667, "uuid": "eb5572cd-6407-48af-8004-f0c016068283", "comment": "Malware payload (Mirai)", "value": "51c428ed0141db56fe9b20819464c7b287ac80753fe6e83572fa42ccb6be7b38", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696667, "uuid": "ae513237-0e2a-4bd7-83de-cee53af8d6be", "comment": "Malware payload (Mirai)", "value": "53fe37311d61fd0efb9812cd7ed502175756cb2d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696667, "uuid": "29a1cab8-61c7-47aa-a9c2-6f4b1f5399cd", "comment": "Malware payload (Mirai)", "value": "b85d79581db157573cd84c487f3f1ce113dd24327833029aefe9f75108066378c748b391736fcbbc869613a316f92a5c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696667, "uuid": "6757cab3-a37d-467f-ba80-63d2e76c91de", "value": "T16B538D75D11DEEA8C0424AB4A9598E704F13A0C046733EF7DA9587A69443DBCF858FF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696667, "uuid": "b421bba9-f103-47c0-82e9-04d23013733d", "value": "1536:zag/Vdf5F1LwtkbaOoQ3veifs3guba/qzCEZaCw:zJzf5TLcQfPf+gehCEZa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698696667, "uuid": "119055ce-1b3c-4d7f-ab78-a22cd793bdd5", "value": 63484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698696667, "uuid": "447fd241-b3b6-4363-862b-051fba2030c9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696667, "uuid": "e475e948-ebb2-452b-b0a5-7ee3d87ad3f2", "value": "c666b488cc10baa7259a28967cb62e55", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca3789e8-775c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698695090, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695090, "uuid": "16725878-4172-4d8a-bebc-e39b11e2f4db", "comment": "Malware payload (Mirai)", "value": "ac24dbe3d1fe92668a34875aa6f89041", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695090, "uuid": "7ac1bb99-8d1c-445d-a43c-7ab586cd1ce2", "comment": "Malware payload (Mirai)", "value": "522c87255938bc749ab1c283633dc3c0a9a82d0f5c740f8ce9559924163fe2a4", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695090, "uuid": "ca1fa61a-ffb7-47b2-bd1b-37e0678c0a4a", "comment": "Malware payload (Mirai)", "value": "f92dd3e1fd9112b657c744ec3ea2250ff50042cd", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695090, "uuid": "e6ba8e06-91b3-4ebf-8b71-26de4b5694a2", "comment": "Malware payload (Mirai)", "value": "34147f164bb3516a3283320738bfe2017cdb00d6d4582f2967ca8bc23a3f8d1a9c919b4c235daec038c0693395410638", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695090, "uuid": "12dc1c05-0ef2-4e00-9f5d-1c17212cfe37", "value": "T12DC2F1694228D472A1744536FDBF06039736CEF8C6AF323622144735E097D12D6B9B8F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695090, "uuid": "76496b9f-8890-4296-8a5b-8b8cc4b241f0", "value": "384:KBH2HEdV7UQDoYQHXxcjllK5+AWaFmK0MF9lz7X6AGexXVzonBY6plNC+rhymdGm:byNUQUfhQllxlaH0MFjlOnGsMIs3UozA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698695090, "uuid": "ea3da80e-f84b-47a2-9be4-a6e99025e312", "value": 27344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698695090, "uuid": "35dc81ef-e968-43f4-87a7-9f5c0ccd8cd2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695090, "uuid": "2d8df206-2853-4024-9ead-ed253f24b7ec", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0e45464-773f-11ee-8907-42010a9c0042", "comment": "Malware payload (DarkCloud)", "timestamp": 1698682673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698682673, "uuid": "919b975c-c07c-4990-9bf6-cb3031270696", "comment": "Malware payload (DarkCloud)", "value": "60b040faacd0822b3fcde71c44d2af05", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698682673, "uuid": "4f68d12f-f8aa-44fd-b0c5-29b171f0af99", "comment": "Malware payload (DarkCloud)", "value": "52bf42d91cce8764858e3d324a1f85d198722c43f6ae2a3d51e4dc93132bfa50", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698682673, "uuid": "4228801d-ffdb-4d50-b2cd-a5973bcf8566", "comment": "Malware payload (DarkCloud)", "value": "29f088b87ea2498ff330e87324ecf2a2569e821b", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698682673, "uuid": "e0740645-8e36-41b6-9389-ec25fefb18fc", "comment": "Malware payload (DarkCloud)", "value": "405eede870d4bc51b6eab1f0faefa42d999a58ec4cc298df9fbce281923b6699dbab0f1ee693cc6961de676e8e435383", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698682673, "uuid": "ede72e99-f9b7-470f-b897-fb3c76254a41", "value": "T1D235015A31B9E261C76A4072CCCE91F2473AACA7DD01EA973C81FE1F79F13AA5411187", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698682673, "uuid": "66a3951b-83ec-4cf5-8a3b-12024cc029a3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698682673, "uuid": "f2730ee8-e803-44af-9133-3638d2bde940", "value": "24576:e6XQDuxSze1BdhlJ3AQX52exPEPJodJ9B:HXQVSlJ3AQrhCJs9B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698682673, "uuid": "310a3da3-31e2-43bc-884c-a9d44cf9aa5a", "value": 1088000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698682673, "uuid": "06deebb4-4d1b-4ace-8158-a817e49bde87", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698682673, "uuid": "c4f55b89-5a94-4db3-bf09-45f792987c00", "value": "shipping document.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4aef7ec-76c6-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698630683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630683, "uuid": "cb90de79-4a0b-4bed-8ff2-1a2c3cab44b9", "comment": "Malware payload (Mirai)", "value": "96c6ea85e80af7d4f483615de218b969", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630683, "uuid": "eef5145e-bf8d-48bd-9780-c40c01760fcf", "comment": "Malware payload (Mirai)", "value": "53166f9f7b3461681c4a76b125c4895b81c594b6e04e7f9be4f1782843f01c03", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630683, "uuid": "bfa337a0-3a57-485f-b1ed-e3c1b766493f", "comment": "Malware payload (Mirai)", "value": "f4dbee9dfef2d1081f4fa50ca2405a1805169484", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630683, "uuid": "63b08334-453e-49bc-975e-36240a84eb0c", "comment": "Malware payload (Mirai)", "value": "0d2a4616449873171abe2f49caa281d57d46140ab714e28f11aec1308467da6d4aa79ab705ef5ae46cf6022146fbf265", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630683, "uuid": "2fcc2497-fa2b-4134-ab1f-336a477f47d5", "value": "T13C235CC89643EAF4EC1119712077FB325737E47B5159FE87D3A9A932AC42701A24B2CD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630683, "uuid": "9e177d6f-4881-4f2c-9973-ca790c5cb33e", "value": "768:KaHNjSEZDImB5cjWkYu2Zix5rpbD83ZDlKR3rEXaKNUgj5dG:KKNjSEZMmBiSkzRy3utcaGUY5dG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698630683, "uuid": "e631bccf-3517-49eb-8cf1-c6248df8bcb5", "value": 46672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698630683, "uuid": "e3eb33fa-2561-48b8-8787-923687bfe127", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630683, "uuid": "ad268ec2-b6d1-4934-a0d4-b33e2728e07a", "value": "96c6ea85e80af7d4f483615de218b969", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a2ba41e-7760-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698696674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696674, "uuid": "263574c3-5f70-4b80-8562-dc3fe68e745b", "comment": "Malware payload", "value": "28130391774dcc49fb0613a7f70c2966", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696674, "uuid": "a55814ce-4fc6-4671-b3f6-717b39b70c23", "comment": "Malware payload", "value": "5676d80ebedd612f715a1ed42d18529e201f41a769fb0c2b28b922c6b2c7227d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696674, "uuid": "0782f33c-5121-46ab-a814-584a7e2ec980", "comment": "Malware payload", "value": "478bb4ec7667ae1e35f9a703fb74a76043e276d7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696674, "uuid": "61b3cae6-df1e-41c1-bd91-e0a6269d5116", "comment": "Malware payload", "value": "25720506b321fb5230ef7cd9d2eb3f46afd1d8fbf704f6140e1e78ce3ee1dee995664f280a325e31abae6b945ac3f0a0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696674, "uuid": "4c9d2feb-a910-4272-a690-ea1683db8212", "value": "T187A319A2F900DFA6F40AEB7604D74B24B630FB650F53562673173967AE362D42823F49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696674, "uuid": "df9d3809-2d68-4412-9786-40c44c59b2e3", "value": "3072:fjaaOhAx3rT0qTRDAFWxy4B/ibDmU9VqFyOfk/X:flOyx3rTlTvy4gbDmU9VqFyOfk/X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698696674, "uuid": "3c99e99c-4e12-4d58-b8c5-3154cce76bc8", "value": 101818, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698696674, "uuid": "b80bf93f-2d8b-425e-aff2-b8ddd1f0e64a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696674, "uuid": "4ac819c8-c55d-4093-a7f7-6bdefbcdc549", "value": "28130391774dcc49fb0613a7f70c2966", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc86e45b-7703-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698656842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656842, "uuid": "cf53cc7b-17aa-47a3-8e14-924c05d4a6e5", "comment": "Malware payload (RemcosRAT)", "value": "2f730ad313cf99a13514a37ff64aab61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656842, "uuid": "7c407df2-a5f4-43c6-8e5a-26204326e6e4", "comment": "Malware payload (RemcosRAT)", "value": "56b7b422a1f768b817ce93af8c005db587076d3c619a95a42ad34f572c331b93", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656842, "uuid": "9af55c49-081a-4dc2-bd71-d847fe3cefbf", "comment": "Malware payload (RemcosRAT)", "value": "449c11e8ba1fed33661ff6b576405ddedec23322", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656842, "uuid": "e2647650-f09e-41d2-8125-ac1cbb5e9eef", "comment": "Malware payload (RemcosRAT)", "value": "4964254c1e9cec470c10c39ed3c308fdcdd4cfa68beb19ef5593b80cfcac102fa74e4b63bb7ad7b6078e87d7bbcc5f71", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656842, "uuid": "d3c7d599-2bcd-4468-b8ff-c6f0160544b1", "value": "T1B53412651721E946F0E0D0BCDA44E9F25AA97C202D8B7E0E43ECFE17F917046E78E166", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656842, "uuid": "86d046dd-3d19-4576-b067-772ec556a915", "value": "bc4f8e98d1041d53dd63bfb91ed10d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656842, "uuid": "a5e8cdf7-e265-4e0e-a34e-b1f70cd02565", "value": "3072:0OSI2I7txG68nYrugMZJMfsciIpuKNtrUQlAK3qSjYPS+IAXb3Ixi5eFrgurIlNS:lvG68YrvM80ypnjAedo3qiGUY2ChzI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698656842, "uuid": "bf4c26b5-4dd5-4902-85db-8aa1d25b2e98", "value": 238592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698656842, "uuid": "ce87ed0a-b351-452d-a67d-643fbc2053ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656842, "uuid": "b1199289-f36c-4b6e-9cd4-cc90c73fad62", "value": "bRa9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "402db39f-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698645037, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645037, "uuid": "d0fc33e7-b0e1-4673-92fd-f2744c91a10c", "comment": "Malware payload (AgentTesla)", "value": "6950d76ba2aa907864c44818db028ab0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645037, "uuid": "613781c3-a921-4925-aade-0b832bea9b76", "comment": "Malware payload (AgentTesla)", "value": "56edd334b21edd4b661a370d40e5134f848786eeceb748c838bb36948fda4366", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645037, "uuid": "6f162a67-4101-4a7d-8392-379ce0f0f921", "comment": "Malware payload (AgentTesla)", "value": "1fc8d047c5b87cd9c0acf2eb91cb4c2495335ff1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645037, "uuid": "23600530-06fc-4115-867e-2cedd134a7eb", "comment": "Malware payload (AgentTesla)", "value": "8e87ca16576855a572500f270f7903515d73ce43829c5d81774f1751b4a4b365a672b8b502b7a32498bbe061033dd1a8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645037, "uuid": "fbbeb900-6631-4bd4-8b25-7eec7c4293e0", "value": "T1FB73BF0DB315F828C563D8BE5CDCD1CB66183C65AE46A60F3180BB1E4E766C28B9735E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645037, "uuid": "69274cf3-2f82-46e6-b2b7-0bb8878746b3", "value": "1536:AKt9+CX2UVnxMm7W/jI8q7siMkoRBwImV5zXOHvhR:AKt0fUdyrI8Bpko7lmV5qH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645037, "uuid": "6c6aeeaf-064e-4caa-b828-fc351d057e07", "value": 76288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645037, "uuid": "0746db72-9efa-4ad5-8b9b-57a1dcb77963", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645037, "uuid": "227205b1-c3ec-49d3-9cfd-70ef7b4d6480", "value": "PO_7736372 xls.xla", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79f192df-7754-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698691520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698691520, "uuid": "d0c4e072-309a-4afd-b56e-cf3f649a6713", "comment": "Malware payload (Stealc)", "value": "620dfa59fc0cfbf8226c8f10b11ba61d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698691520, "uuid": "9c6289a6-7331-47a4-bd19-5b8588ef8690", "comment": "Malware payload (Stealc)", "value": "574070ec94222cfc284d569930c61e6efbde27a7b89476e9850cd0d9c4f1e777", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698691520, "uuid": "4d7423b5-8ab2-41ab-82ee-9335ac2ac25c", "comment": "Malware payload (Stealc)", "value": "34628ea5c7ec347c29fa04793ec038093ac9a9ae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698691520, "uuid": "fdd7edcc-61eb-497d-a994-7fd5a08059d3", "comment": "Malware payload (Stealc)", "value": "f1eda78d8e46662317433f1a3a3f6fe73ddc110a1a8dec7f117de242c74d33db78a482d979e5d93ff3d9b5b13a4cc5b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698691520, "uuid": "2524da8f-5e69-4d55-b191-1ce6c246d5da", "value": "T192C4AE51E2C14D3AC0672A3E5D1BE2AD58247D1226E8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698691520, "uuid": "4839f9bf-199d-4a80-8eec-f1581d255fcf", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698691520, "uuid": "0b813d47-1c08-4f52-8c6d-4e17f99329fe", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7dajBIlXSY4j+6qj9:aF7M0UJf7g1Ilqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698691520, "uuid": "1036b8ff-5d22-4a3a-a84c-dfa6ef751ff4", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698691520, "uuid": "467e0871-8e93-4da4-9f30-3bd448c57a2a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698691520, "uuid": "d49bea48-ffb6-445e-a21a-efac0c47fa64", "value": "620dfa59fc0cfbf8226c8f10b11ba61d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80ee5a4e-7760-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1698696685, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696685, "uuid": "a4c18809-f09f-4152-acee-551aeeaa6271", "comment": "Malware payload (MarsStealer)", "value": "cb82eebd29197bf621ac2d699ee4c0b4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696685, "uuid": "4f70be89-632d-4c96-9168-29cb85018fd5", "comment": "Malware payload (MarsStealer)", "value": "591ad6570cbba766edbe7eb69c93204c2eead7a24d43860d9fae61d00264557f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696685, "uuid": "b3684259-a99b-4f58-8483-6a56ae7bdd70", "comment": "Malware payload (MarsStealer)", "value": "503bbf9b6bc428d4382f2a05261ad7f2775b939c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696685, "uuid": "084b3ded-54dc-4485-a5de-e54081ff8ec9", "comment": "Malware payload (MarsStealer)", "value": "35eae35608e94ee9e6962dac87d23493bd1dee4db4c4ba8267f30cb206c3905db1384a6fc271d8bcb2e880e620f34cd9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696685, "uuid": "61eb63e9-5643-4d21-af51-9174389a433f", "value": "T1B6343A0393E53D94FA269B729E2FC6E8761EF5624F5977BA12188A2F04F01B2C173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696685, "uuid": "7ca28e6f-f5fe-45a4-a795-2edfee505744", "value": "6faf3c14e7b3dfa582812500e2537d10", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696685, "uuid": "2ae5c5fd-5a81-44b6-b570-f1034fb9e396", "value": "3072:IAXOe9Hf2UQ063X1psDKhHQ/4SkSVn+YWtI3qO/UgR:FOetf2Uf637sDKhHNS5Vnyj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698696685, "uuid": "187a485b-c9c7-43c5-8242-4d8f10e6113d", "value": 241664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698696685, "uuid": "f4e91a12-c62b-4a33-b707-546e224432e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696685, "uuid": "f4f32acf-d685-4fcd-a05a-585aba27da98", "value": "cb82eebd29197bf621ac2d699ee4c0b4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13b99d4a-7758-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698693066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693066, "uuid": "94db9f48-5db9-47b5-a68b-0d1ccd1372ed", "comment": "Malware payload", "value": "551ed083bf5e24e24b1a432ab5616acb", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693066, "uuid": "1dc1f291-a53b-4f1a-8b60-4d406e6ff6d5", "comment": "Malware payload", "value": "5945604da54c7b80c94c454b13518ba23a4f7a6533522eb4b225529af6bd4e1f", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693066, "uuid": "38ae5b2d-baeb-4c63-aa74-c1496abb7484", "comment": "Malware payload", "value": "fdf15476f4b25ffcf25c4eb0d58b8b617bce8af2", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693066, "uuid": "ea28e05c-2422-466a-9ae7-7995830066de", "comment": "Malware payload", "value": "aee6a04834e21cf2a84f1d94abfd9c6112e4129fcc549c5097e250d3a66a935d09d8dd706c7a935c97ded7ea19c4659b", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693066, "uuid": "5b5e7448-c8b3-42c1-8ad2-596a30d87155", "value": "T1A0A33A33A753D6BAC09322F417DB9675A823B47C0B32322B33D86DE56B05DE91E5A701", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693066, "uuid": "8ccbf2ea-931d-4a56-a1cf-f3013ded8e7e", "value": "3072:2K5ejA4jB4h89HOPQzM9FqVyA9W9vmrYuOHy+ZNzX:sHjBzuPQQqk9vmrYuOHy+ZNzX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698693066, "uuid": "eb8dd5dc-0755-448e-bfaf-a4503cbd1c64", "value": 99332, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698693066, "uuid": "be61f103-31ba-4638-949b-dbbbbb488237", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693066, "uuid": "e40d44a2-37d1-4831-8007-801ccefdbc72", "value": "x-8.6-.ISIS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4fd7870-7733-11ee-8907-42010a9c0042", "comment": "Malware payload (DCRat)", "timestamp": 1698677553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677553, "uuid": "5069b6bf-45ff-4f77-bf20-7c055bc73b2c", "comment": "Malware payload (DCRat)", "value": "9aa4e6752dc30db60a07244cbf9f3531", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677553, "uuid": "75017a1e-7edd-4195-80f3-a0f82b2b9589", "comment": "Malware payload (DCRat)", "value": "5add6f3db721a60c7a7563e5c27f5106cfeddb8f6a2f58655f911242df21d5e5", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677553, "uuid": "d19be602-18f2-4172-9fab-56ddb3a4e2f1", "comment": "Malware payload (DCRat)", "value": "339796e8a21246ea55d9944eae5663b24d107960", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677553, "uuid": "550d36bc-9bf3-435f-8d01-b81e6ada9405", "comment": "Malware payload (DCRat)", "value": "70cd0a8e3d01df5b3822c11bc3c7f09b2af332c1c310d79545514a2c3f9e96f3852467b7aae73fc46ad928e204c8055f", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677553, "uuid": "cfaeac96-cb19-4833-9b05-bed1777336b3", "value": "T1F6E5339377E2E1F2E5445D760AD7AB341CB6FC754B26C9C39AC0211A943C6C6DB3039A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677553, "uuid": "815bbb96-352f-4a59-b71f-489fb672d912", "value": "f6baa5eaa8231d4fe8e922a2e6d240ea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677553, "uuid": "04950a6c-aae0-4f45-bc67-1faba7dad148", "value": "49152:Xw5i77javYr/jgksxWFq2iqjMFQiIX6JH/PB0vxOGs4ZAee0xEJb2NL8v/ON:Xw5iXhLNRFQPJIX6JXepOGxZdelb2NLf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698677553, "uuid": "b235f138-ff7c-4815-9065-3c798508ce97", "value": 3022752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698677553, "uuid": "d306dd25-1624-4e0c-8985-a4e29be09797", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677553, "uuid": "5e4b90cd-e82f-42d2-9993-e7ee9eab4e1a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3df530e-7728-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698672692, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672692, "uuid": "9fd91e8e-c1e9-4058-9384-1ec4bc0421d2", "comment": "Malware payload (AgentTesla)", "value": "ec7f3ffaa29d954d865042d37d3d42c8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672692, "uuid": "dece32c0-d718-4bd3-9bc9-9a68d3602682", "comment": "Malware payload (AgentTesla)", "value": "5b1ed8301bec5e6c27b6085bd77a9090098e2c412d706664bbf4f9c146c2c487", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672692, "uuid": "8fd89268-8f28-4201-a8a1-dec0a2909481", "comment": "Malware payload (AgentTesla)", "value": "1fa9935370784f46dd66bf8635bf7b1d3a4536ce", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672692, "uuid": "b2a1c146-0a1d-4e88-80cb-347fdc39eb5a", "comment": "Malware payload (AgentTesla)", "value": "6c9c543081d0ff1c68109f51eea0fabecfae960576b94043614677efa7d8ef6038a5939248d2a7ca2147c0e78bfec8eb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672692, "uuid": "e95f9aaa-5192-4762-87df-067389b4aed4", "value": "T1CDD423EFD65D2F842E48D50C1D11F777BB9AE0EA63D812418B4DA3C329CC9B426764CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672692, "uuid": "f0805a0c-cabd-4a9a-aa7f-d956c08df924", "value": "12288:93eG7wOUAv+HX8c8+PneyUU06AHamem2q6kR77wfNuyhcpzAl:93elOUDs7aUTn7wf4yhcql", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698672692, "uuid": "26ee6c6f-af4f-4f51-a84e-cea85d4dd02b", "value": 601791, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698672692, "uuid": "27bccb57-f372-451f-b9b5-2c6fbec7ba96", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672692, "uuid": "4bc4106a-935d-4ff8-b465-d67a4d2e11c6", "value": "AWB #150322.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef8d8c3e-773c-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698681409, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698681409, "uuid": "7683f9dc-0259-45dc-89ea-75e0182a0c51", "comment": "Malware payload (RedLineStealer)", "value": "852147aa49c268ccc613a2701b80fb10", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698681409, "uuid": "ebb65e1c-027a-4c87-bdbb-95eadebe5f02", "comment": "Malware payload (RedLineStealer)", "value": "5b7083957796aeacb4ead9e5160d8fb7362c7a2d72318197088caf0207f20532", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698681409, "uuid": "d3f7af19-8966-4bc6-88b7-6521048eb55e", "comment": "Malware payload (RedLineStealer)", "value": "40d77655c51f60f0dbcdbde45d9f6ab7c8356173", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698681409, "uuid": "3664af47-a1a6-4073-99c6-33f499752989", "comment": "Malware payload (RedLineStealer)", "value": "457aecebe155481904d4d81fac24452bbff280a4735956fc4836166b73f9645da7dc5146fa043d3e581bc6d5b7f18943", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698681409, "uuid": "27faef68-0381-4202-ba24-efaa85fcae39", "value": "T184352353E6EC5162FDB223B058FA03C30A3ABDB04D79C2166185E99F4D72AC5B13275B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698681409, "uuid": "06cf606d-0957-49ad-8519-ba9704da78aa", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698681409, "uuid": "802c6de7-c70a-45f0-8087-94e4e4a86967", "value": "24576:Fyi8G0VkFFklfl2yYRlv4w4X3YJrk0/CMg2:gi87kFCqyYRlvQ3YJr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698681409, "uuid": "145e7ca2-3842-42c6-bfe9-b675a73565b3", "value": 1086976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698681409, "uuid": "7b88fe38-b7f6-40fc-bef5-fb21104852bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698681409, "uuid": "2e34e868-5a0a-4f27-bcd1-043d82231c90", "value": "wextract.mui.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d533f7b-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698645032, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645032, "uuid": "200bb508-58e6-46aa-823d-41caa22d5d3a", "comment": "Malware payload (AgentTesla)", "value": "34c9d06db20ee772d09f4f309eb4f70c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645032, "uuid": "25e909bb-32e5-49a7-8700-357f4ffef65a", "comment": "Malware payload (AgentTesla)", "value": "5d8363ce4a9486b0d5b1b4264075040f862f374b958031567f0fe295eabb812a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645032, "uuid": "d8d0e3e2-b0ef-46c1-a75f-4afab25309b3", "comment": "Malware payload (AgentTesla)", "value": "cf3f2316f093bda4ddff218e58c54aade839103e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645032, "uuid": "feaa6b36-4bb4-4518-ada0-f58f5c5be1e6", "comment": "Malware payload (AgentTesla)", "value": "33d88ee28c0a08b0723eeb609f7b01333227b4f3731323fceedba49846a4c23655f3b01a2f41873a9ea936ea3a97f66f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645032, "uuid": "084cf47f-8d9a-4c3a-831e-91a5265c01e0", "value": "T149E42356B7531CDF5FEB099F22B4BDC3843CEA59364EEB992591ACC910D11B83E0818E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645032, "uuid": "8404c42d-d814-4056-96d7-300d17b69564", "value": "12288:ofnWwttRgjzbhIkGjcEEIU954TVmMxtjZd//Jnbbd5YQxn9EWmyCdMxzxbWERL33:QrR4/9mcEJuamMxtj//JbbdXn67NSxtB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645032, "uuid": "e51c0960-5e6c-4d05-8a14-da02e062ba83", "value": 721245, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645032, "uuid": "c8013604-e07e-4332-9369-1c2020153d9d", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645032, "uuid": "fefa963a-2ecd-4121-a961-7ed58bf43291", "value": "Quote.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f6b446f-76d1-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698635131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698635131, "uuid": "13d94a80-cd2f-436b-9d42-2c38b416090f", "comment": "Malware payload (RedLineStealer)", "value": "004ae8909383e9b3a1ab1d20a7319046", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698635131, "uuid": "cfe22985-3f28-4669-b6d3-55a74c3044bd", "comment": "Malware payload (RedLineStealer)", "value": "5e23bc87ce939ee5794a2784aed8c6dad2430b564de414db266cfdf4e55bf634", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698635131, "uuid": "87d65e25-fbfb-4343-a4b7-0a2c434d9f4e", "comment": "Malware payload (RedLineStealer)", "value": "e3649dcab3b6394f08a7b1962ff96515edc2403b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698635131, "uuid": "57f27fb5-5d6b-40ac-b82c-73eb89edae00", "comment": "Malware payload (RedLineStealer)", "value": "f666edcff9fa035156356a5bf74877ca5ae6a821d0075550666c4fce566c8328d8e46e6ae78b53c55689474544ab767e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698635131, "uuid": "b18174ad-2917-48fc-9580-3101e91a322d", "value": "T126E2F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698635131, "uuid": "9a74ec11-b0f6-4a94-86e9-d7cc081ca75f", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698635131, "uuid": "ab7140fa-421c-455f-86ec-b7dbd7e89c69", "value": 31150, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698635131, "uuid": "5ad61dc3-31b1-410c-bea7-8b3906e0dafe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698635131, "uuid": "f1d8aac4-22c3-4281-8c63-8ab2076004fc", "value": "004ae8909383e9b3a1ab1d20a7319046.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5b58d77-7763-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698698143, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698698143, "uuid": "533579e3-7b94-494a-b348-9b01b30e5f89", "comment": "Malware payload (RedLineStealer)", "value": "bdba58e33f2812942b247a427deba0c5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698698143, "uuid": "6bd3ad15-1bbc-4f5d-ac58-e1e07630c313", "comment": "Malware payload (RedLineStealer)", "value": "5eb8c85f95c8fe1232e46b0e33d5adf0a6e9040408e87c4a3e4318a2c2baba2e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698698143, "uuid": "84535b0f-a46c-4ec1-93c8-5a2ec928e43e", "comment": "Malware payload (RedLineStealer)", "value": "e092467edea58c315039cf2fb200cb56397a3c09", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698698143, "uuid": "b56f7a65-2b1f-41ac-afd7-ec8be0347654", "comment": "Malware payload (RedLineStealer)", "value": "402f2d00a9514d6338ab0e954a7f4ea8f5637ba3efe4bd42221781cdb23706970682f54f56252ed05b910b973812ff0f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698698143, "uuid": "274efce7-2553-4010-a72b-31d01f910098", "value": "T153752353A6CD40A2CFB51B345DFA039306357DEAAE34866B3B54ADCA0CB27C0517236B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698698143, "uuid": "ffc3f807-9923-4749-8a24-5a04fe540eaa", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698698143, "uuid": "74028c88-ea81-4ea4-ab5f-0ee2826d4ef0", "value": "49152:lhaMuBSgmXlxgMtyLq6pSthKb9/Ud9wM:/aMuB0pU26m8c9wM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698698143, "uuid": "2e7f07cc-7838-4d0a-96c2-791af0dbd211", "value": 1612800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698698143, "uuid": "881efc35-b21a-450f-bad9-0bea8a4f226d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698698143, "uuid": "cbb499a8-11f5-4bf2-869f-20ae41015362", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "904d7e4a-771e-11ee-8907-42010a9c0042", "comment": "Malware payload (STRRAT)", "timestamp": 1698668364, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668364, "uuid": "66710763-955f-401d-820b-120526cdd2cc", "comment": "Malware payload (STRRAT)", "value": "6681b8b7aa0214bdba4eae3f1895256c", "object_relation": "md5", "Tag": [ { "name": "50kteam.dynamic-dns.net", "colour": "#B80EA5", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668364, "uuid": "c24030f2-3a16-429d-9422-228c125f67ab", "comment": "Malware payload (STRRAT)", "value": "5efae1405875c7defe420704a883a6f8c8c10f7c7f2fd1ec9287b120acd9c812", "object_relation": "sha256", "Tag": [ { "name": "50kteam.dynamic-dns.net", "colour": "#B80EA5", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668364, "uuid": "f1f962e4-ea57-4af6-9557-9d9f501a9593", "comment": "Malware payload (STRRAT)", "value": "5cd3ba63ac41c559a748da6bef37278dab2617d5", "object_relation": "sha1", "Tag": [ { "name": "50kteam.dynamic-dns.net", "colour": "#B80EA5", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668364, "uuid": "dd39d83b-4a5a-4840-baaa-3cae4866bd1f", "comment": "Malware payload (STRRAT)", "value": "a93bc6117c44cf9141da8bce80714294c0285ee56ed1506b1cd44123986e1431faa601136758a8e7c8e74a02ffdef326", "object_relation": "sha3-384", "Tag": [ { "name": "50kteam.dynamic-dns.net", "colour": "#B80EA5", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668364, "uuid": "dd69cec4-6b9f-4953-98de-aba97fd122c8", "value": "T121C323E43BDEAE756ECDD3BA4405DFAB26A64B9F918D0A8D07D13072063E5949F02344", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668364, "uuid": "e7c15407-b120-4572-9751-5eb7460ae491", "value": "1536:06DLux6h/XyHaKLtAZx5VptxsifhZ2/XY/x5sc5SzlmQtL51ZdVFYYdn:06Da0/XByUxDxsifhZ2/oEe5QZIUn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698668364, "uuid": "7438165d-8145-488c-a768-2275a873aa2b", "value": 123886, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698668364, "uuid": "fdd512cc-eee1-4317-b033-726cc6f3b765", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668364, "uuid": "e1087ca4-0472-460f-8005-0de30f1c345a", "value": "DOC757869856647.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2db0bdc0-774c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698687956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687956, "uuid": "bd9bc58a-fbda-4ab8-b46e-c5889c37b001", "comment": "Malware payload (Mirai)", "value": "09bbf1f667b16da3acb2df87cda2c964", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687956, "uuid": "157dd04a-4f82-49f1-a453-0b4166969e5d", "comment": "Malware payload (Mirai)", "value": "61403a2f75c7b5c18bfb79c0192f0429d6eba52ca1b69a04b44ff7e62bbea2bd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687956, "uuid": "bf6fa3c5-b8ce-4f3e-a42d-a142a8fa19a5", "comment": "Malware payload (Mirai)", "value": "59642509d8f475ff0ad1afd2baa617ea5a36d5d6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687956, "uuid": "c3ba03c9-a400-4641-82c4-fafcbb3ad217", "comment": "Malware payload (Mirai)", "value": "bfe4ae3b9ccfde9fb98e58891ee5f6b6232b3c1b7fe7573a8dbea0f8b4c90e8c884668200920168a9924210895270c63", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687956, "uuid": "2b71085a-8d38-469c-965b-393a46b3abb5", "value": "T1605328C5B1D3E9F5EC10097920BABB636AB3F23FB575E9ABC3985433A941202D10526D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687956, "uuid": "4127652a-97b6-456b-af12-8473398113f3", "value": "1536:dx8eSSt3JstpJhaU93CuTBiAd3JHDSWg/CaCkkO6Q9Boe:dyeSSt3ezJhaU93CyH3JHDSWg/PCkv60", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698687956, "uuid": "82c42ccb-9d98-4dc6-bd61-6f0f978b9821", "value": 62684, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698687956, "uuid": "6037f55a-1ece-411b-aa38-09ba2015706d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687956, "uuid": "6d40d9ca-e3b0-430d-bd20-8292955eb5b3", "value": "09bbf1f667b16da3acb2df87cda2c964", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16aac4fe-7709-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698659141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659141, "uuid": "87276b7f-2e2c-45f7-89a1-1399963e038c", "comment": "Malware payload (AgentTesla)", "value": "9ae6d00510c168a48c11020309a6dbe0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r10", "colour": "#E6E94F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659141, "uuid": "d96cb276-3bfb-4833-afe8-20fee4ca083b", "comment": "Malware payload (AgentTesla)", "value": "6143ba7e58a99d8a2e54ac31f076d3917083f91a23f227659165f6c0594c1121", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r10", "colour": "#E6E94F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659141, "uuid": "932dfba3-37ac-4857-bfe8-8cccaa04b2dd", "comment": "Malware payload (AgentTesla)", "value": "e545e710793eea1b7e6262380d960821de65a2fb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r10", "colour": "#E6E94F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659141, "uuid": "5e983d25-56d3-4920-8266-35b02025847e", "comment": "Malware payload (AgentTesla)", "value": "d13ad36deb4b1f1bec6dda0e0da05770fc02c28d3de3932a881fd1a31f263469197e9a695c3c69d64be6af2d1267ec6e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r10", "colour": "#E6E94F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659141, "uuid": "5e7faebd-2294-4e6f-a30d-12683fe9a285", "value": "T1EBE423FFAEE224DC876DB4B54106A24FAF22E969505D5635041FBF922C12E13663CE33", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659141, "uuid": "f41172d7-0bf6-4d69-8798-7eaa86a61ad4", "value": "12288:2ReXD6IKd2MHKCUzKQHOWMpRqgGLWyv6hxaxLDaHG9j5:2ReXDYdSKQHXGqvrxiHGj5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698659141, "uuid": "238e1646-31b5-4e41-802d-68e4f47b906b", "value": 696053, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698659141, "uuid": "6d1eaacf-0b47-423b-9270-dfbfe221f7f7", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659141, "uuid": "0285634f-3298-412b-8961-e41666860de9", "value": "Purchase Order - Orrefors Glassworks.r10", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8e5c421-7710-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698662446, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662446, "uuid": "16e519d5-2a8b-409a-8c3d-57c7f78ec7f9", "comment": "Malware payload (Stealc)", "value": "90db8db72abf9afadd9e44f28d7319d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662446, "uuid": "a90aa542-4f5f-436f-925e-664d82cc63ab", "comment": "Malware payload (Stealc)", "value": "61e3fed6235d30bcce910293323493848318fb4b0654c273e6fdf69fa71cb625", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662446, "uuid": "22e4fbf6-9cd6-47a8-9c87-b074b721c755", "comment": "Malware payload (Stealc)", "value": "f3c7eaa1d138b2f582c809f69796875225904356", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662446, "uuid": "4e7d6885-49b4-48f8-8aa3-02f985ead370", "comment": "Malware payload (Stealc)", "value": "1f5e29d7c2ac9e9dd16847f873117716771a038391717b39787682db2e33c95469bb2b3218e13dfc357664c4bbf4a4af", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662446, "uuid": "0929da23-8842-4cbe-8a59-0c1361b420c9", "value": "T112C49E51E2C14D3AC0672A3E5D1BE2AD58247D1226E8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662446, "uuid": "1a330af8-bb7e-45af-ab1c-2e9651c3046f", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662446, "uuid": "cd6aed12-b4db-4aab-af80-473001baec20", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7darBIlXSY4j+6qj9:aF7M0UJf7gNIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698662446, "uuid": "6f71644d-ee28-4c7c-9982-5585751d9eac", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698662446, "uuid": "227f76fc-831b-4af7-b95c-458a976826c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662446, "uuid": "d9faaddf-f297-4fae-9f76-f5bff83e6a31", "value": "90db8db72abf9afadd9e44f28d7319d0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d84e3a81-76e6-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698644433, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644433, "uuid": "25202072-f73b-47fd-9902-c378ac6ef1ce", "comment": "Malware payload (RecordBreaker)", "value": "00932b9632f5974d443534bede90eee0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644433, "uuid": "1be0838c-511b-46b6-8f6b-ac34892a2311", "comment": "Malware payload (RecordBreaker)", "value": "627e46e4ca56bf4609adde5bc7649889d2eb4f8e678589428b976f885e3fc922", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644433, "uuid": "a881f7ae-4ac1-4bea-b88b-40b25236c0a8", "comment": "Malware payload (RecordBreaker)", "value": "ae5883c30e44fd12e2171b999d883daa42bad07d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644433, "uuid": "d4c2dd3d-0f9f-41fd-941c-88f0ae4af6bc", "comment": "Malware payload (RecordBreaker)", "value": "9063370f0a4d9b023e8ba02da0e9b80f705fc458ea46f151690568b84f4016386326b9859b166d0f01000ad063fcbac8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644433, "uuid": "003b90fe-fe47-4a9e-a417-fdb608b39b68", "value": "T183552383BBD95573DCF92BB459F703EB0672BCE1AC7483A763556E4A4821160A93033B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644433, "uuid": "386339d0-b054-4b4a-b8c9-9826024e7173", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644433, "uuid": "e91ef8e6-f342-460c-9520-9856da7f518f", "value": "24576:MySwf0WQDu2FLeDsDgwGFw+lDqWRI+pIsFihhDQx3a6Vz8T:7RYj06vGbdIsFWNQx3pVz8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644433, "uuid": "70eccef7-3dea-4c61-8494-afc8eff7cc97", "value": 1287680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644433, "uuid": "6e7f7061-1f0d-4b36-94e5-6deca2471d5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644433, "uuid": "cd999abc-6dfe-49bc-8959-4f4fc92052f4", "value": "00932b9632f5974d443534bede90eee0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae5d6175-76e2-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1698642645, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642645, "uuid": "ab600d16-698f-4c3f-9740-bd1c895b90f6", "comment": "Malware payload (Loki)", "value": "10955b61f53bddd2fe389c338b48cfb4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642645, "uuid": "deb7299e-6a1d-4894-a337-ca2b7fc343ad", "comment": "Malware payload (Loki)", "value": "636e1a012f3bd6837ed0267e9dcc1d1dc5fcc939d36e9a2b2d2e292ba17bb2d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642645, "uuid": "d5af8229-68cb-42f3-8df6-4498008a8d21", "comment": "Malware payload (Loki)", "value": "891de36fb7d11e83e3288f39b35d3a77f1557b1a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642645, "uuid": "8aeb1887-d952-4343-8c67-cc597ba641a5", "comment": "Malware payload (Loki)", "value": "76ecc80ff03a49150eb0a0d0fda000dd9f1707128e6531a5d5523b1d07f45cf055d1f082fc2584df8ad103d49fba1ca3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642645, "uuid": "7e5882b2-85d8-4cc4-8313-fefc3669811e", "value": "T1F5F4293C48BD1637C1B0EFE59B958426B2E0A57B3255AD3859E318DA4212B06FDC363F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642645, "uuid": "3f4b741d-2405-4002-84f1-d7be484c4145", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642645, "uuid": "95736ed8-63a2-4a68-8507-1a6cc6308a70", "value": "12288:Azm1onHT5aJVIcOpQBphzRHpss2BOJZ7i8A0Cju2+RUujcld:AFTKOps3zRJsERNCa1Uu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698642645, "uuid": "39c01280-26f2-46b0-89b2-cf0068b6bc1e", "value": 778752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698642645, "uuid": "71b0e131-74e4-4877-b6bf-e35680264c42", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642645, "uuid": "0a1b83bb-a0fa-476b-80e9-e79ec19afa9d", "value": "thong bao hang den 202337210595151.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "331f0cf0-7768-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698699991, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698699991, "uuid": "7884da35-0bd9-479d-9455-27d644c93b85", "comment": "Malware payload (Stealc)", "value": "fdb2e9bda9e3a6b19c2b7246b8b6eb57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698699991, "uuid": "5e65a14c-81a7-4f63-9689-7296789582c2", "comment": "Malware payload (Stealc)", "value": "63a2fa37393b054082a377b69657728756be5dbcca6c271eb80779a2bea1fb44", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698699991, "uuid": "c25ed49b-c127-43cb-981e-8e1bc9086e4d", "comment": "Malware payload (Stealc)", "value": "5ea7dbc2d8f81e4bd37d1d837db716fee760cb89", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698699991, "uuid": "9cab8f35-dc54-4572-b1e5-43e0ea2b94a6", "comment": "Malware payload (Stealc)", "value": "b9c8dcd56f3c895c1c75343c4ad4fcf91d40631bd360b8a0405784db7d75925b3fa96529404f68b3d55596173fd3334b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698699991, "uuid": "709546b5-7f6b-4aec-a179-ca8eb8917c74", "value": "T19934291393A13C90F9268B329F2EDBE8369EF5E38F59376912589A2F04B11B1C573711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698699991, "uuid": "b55d3e68-787e-4066-b517-1a5a41844b5b", "value": "898aaac00ba000f89d80042acce240f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698699991, "uuid": "65fa74a5-dcf4-41d6-a61b-7de2c19dcc16", "value": "3072:JAXgoCiquFrfXgGqrhZ3xhZIAOcNhL4rsrXIDw0L5deNMh:aTTquFDXgPrhzhGpah8rQXIJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698699991, "uuid": "c107bf53-e0b2-4ba5-b006-9b72617c2cf8", "value": 240128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698699991, "uuid": "52cab015-3338-40c8-b70b-e9291d6f69ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698699991, "uuid": "8ee97315-1737-4894-aa95-9a0a3544d0ab", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0eeb67e4-772c-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698674160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674160, "uuid": "3446441f-ed36-4f4b-8473-b13fa8562ca3", "comment": "Malware payload (Formbook)", "value": "30d9fed3cdab59f95cfa52d1770c25bc", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674160, "uuid": "d787c58e-a0ed-4414-bb68-07a18f60eab0", "comment": "Malware payload (Formbook)", "value": "648fa65ef2b55b32208a1406c8d220971389008132172a097a8321589bc9956a", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674160, "uuid": "3007e141-2214-485d-ac20-7ce1f79dcec6", "comment": "Malware payload (Formbook)", "value": "a06f5a2359f1fc182c24c4789e287bfc9cbb7cda", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674160, "uuid": "48589ec2-ba5f-4ebb-b15b-a78c192e6ffc", "comment": "Malware payload (Formbook)", "value": "b7d6ef02dbb0ff16df0f49f831b4c57c62f18ecb2cf3dfa83c35f12f40d55be091c96d6023be60bed091defcbd9b36b9", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674160, "uuid": "33a0994d-382f-45d5-bdc6-33b9e9b066a5", "value": "T139842339BDC70895DB14B3A8DCF9784CA27CA522A599F897EA7079C60B1C708DF439C1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674160, "uuid": "b8ceee0a-c2c2-4368-8492-970f67823452", "value": "6144:opRDRBQxaK9+4excXnqUjWOt/0b+mX4G1g4L/kNJOggPTCSEz1I2eZ49jhV8wpA9:oppRqahRxAHjWOtu+mXThL/OJOtPTKzq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674160, "uuid": "7b56e7a5-7657-452b-a8b1-0e93650dffa0", "value": 378425, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674160, "uuid": "337dee66-4958-4c19-9487-e8fbb94ed65d", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674160, "uuid": "071019c3-3bf1-47f9-80ee-7e684db751aa", "value": "Wrong Payment Information.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29cefc6a-772d-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698674635, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674635, "uuid": "c825dbe0-9c73-4d17-8b00-0088c6d92e27", "comment": "Malware payload (Stealc)", "value": "685172b8013783ba0b49b0a680dbe822", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674635, "uuid": "45984457-dfdd-4c82-94fd-4b77cfcd4c95", "comment": "Malware payload (Stealc)", "value": "64af94fc80d0295702a599ad9a8845c3a869b61ae5b41e5360c679cba6f32c2b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674635, "uuid": "f71b5ea8-23cf-4a8f-80b6-19b5f734cd3f", "comment": "Malware payload (Stealc)", "value": "b4ac62348df1190585093d335aaeb242d0899908", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674635, "uuid": "8ce0f237-bb28-4e95-a822-ed16b1cb6dd3", "comment": "Malware payload (Stealc)", "value": "2967ea8bdb78c16bff6652fbb07a420f17511afc75957c2c3ea49b20feef33c1152d28613b4f4b5ed5f1b98b6d41f3c2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674635, "uuid": "2c4b217c-ef58-4a8d-b105-bd84d7727d1c", "value": "T131248D1263F1AC61F53366328F6BC6E4762FF8714F6DA66B23189A2F08701A1CD72751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674635, "uuid": "58747655-0cf1-4a56-977c-2f4eb1c44631", "value": "8dbd411dee61fc1b63660ff89eef7bc9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674635, "uuid": "ca4386b6-0cfa-4212-9b9c-b9bee5a0b80a", "value": "3072:L5XLQAOIoLcCjOLUu4uzbIMZ8qo4ICpAOAiIe25Zc:hstIoLxKAfuzbzFo4ImW5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674635, "uuid": "1fbb9c51-a807-4c15-a55e-a150403b2f63", "value": 215552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674635, "uuid": "e5d1ed5d-e61b-4b10-b85b-648b2c0ec167", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674635, "uuid": "f318f0f3-025a-4eeb-b794-a76d7daed940", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "764eed50-7718-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698665744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698665744, "uuid": "dbeb7c04-a80c-4eaa-b1f1-00ad106702b3", "comment": "Malware payload (Stealc)", "value": "37563f5f4e01d5f393ef8c36e74cca0d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698665744, "uuid": "97fcf190-7d8f-4346-b021-afdb55ca8256", "comment": "Malware payload (Stealc)", "value": "64c5da3d37c69be0da0c26281ec227ad95f42c0a783e32b4c4553112d7dc0ec7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698665744, "uuid": "163e7eaa-d5d4-462d-ba71-897b8e44ee12", "comment": "Malware payload (Stealc)", "value": "bb30b45983e1b03ce62f19b9667c5d61ce652f49", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698665744, "uuid": "eaaf8b1e-95e0-4750-85bf-c8d592e92cf3", "comment": "Malware payload (Stealc)", "value": "ff004e9c860e19dff3212ef53c1aba694e5dca4aab425ad5006c2767ad895f270dc926b60d751fa44aa613b3fc030f31", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698665744, "uuid": "846165c5-478b-4997-ba4c-f4624a1c2051", "value": "T156C49E51E2C14D3AC0672A3E5D1BE2AD58247D1236A8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698665744, "uuid": "9f78ba3b-22fe-47e7-8312-5878ebd20e91", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698665744, "uuid": "683a89bc-00d2-40a2-a285-4da204ddf25f", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7daPBIlXSY4j+6qj9:aF7M0UJf7gZIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698665744, "uuid": "d80d8109-96ea-44b4-9d20-796f9c5c1f28", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698665744, "uuid": "0c2fd6b9-ff73-40be-a78d-b4a947570305", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698665744, "uuid": "7a5ea9cc-c650-4662-891c-9eb9b99c6833", "value": "37563f5f4e01d5f393ef8c36e74cca0d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "012eda6b-7716-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698664688, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664688, "uuid": "9d4eb0d0-502d-46cb-8fb5-8177b9f94f29", "comment": "Malware payload (RemcosRAT)", "value": "0d4c6d4585c241e6a5b8d2434a46316d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664688, "uuid": "2f05c343-4869-4982-a65b-e15ba61d1cf8", "comment": "Malware payload (RemcosRAT)", "value": "64ea41a81a41b6245100ca0ccdf1ce9c0b128f0054869f74e342dccb1154465c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664688, "uuid": "c4e0ba1e-26c8-4579-869f-24c996e01a68", "comment": "Malware payload (RemcosRAT)", "value": "958fc0f2a74b7341c2c565b1cc5f344b988a259b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664688, "uuid": "f1035356-0705-4d4b-8f69-ccadc70748d5", "comment": "Malware payload (RemcosRAT)", "value": "f0244776a982bc6f3b4f232701183b5fd3b408330648845e2c7546dcf0fdf208fee4ef5cd03363e4557b89c442991d5a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664688, "uuid": "f0556c3e-3d52-42ce-9521-75b27dba7332", "value": "T190C50227E2B190B2EA32D675C72A99D4403C7C103D65A44D6BE87D3DEF7A281342E94F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664688, "uuid": "e8effce1-ea4c-4cc5-8ad2-a2501a78ad18", "value": "cf836acc0cfdcacee4d11561a50177e0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664688, "uuid": "87a6833a-47f1-4a27-bb72-66a4ba02b4e9", "value": "49152:Awnb+oQGU/DDjqvOS6iy3iWOY+YLqaLOlTUF69V/A1jFnY:Aebdy3cy3im3L6069x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698664688, "uuid": "b3de8a48-50ad-44d6-9f8e-36bef6111661", "value": 2571776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698664688, "uuid": "73f54e18-3b15-4074-81d6-9b7769ebd592", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664688, "uuid": "23c04ffd-1721-403a-bb1f-e1301f7aa315", "value": "SWFIT-MT-101-PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b419191c-76df-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698641366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641366, "uuid": "e4007fb7-00a3-47e5-8c2c-57a2608fb10e", "comment": "Malware payload (RedLineStealer)", "value": "917d7cd32c9d179d70709df2fc0cb3ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641366, "uuid": "4b432b5d-20d4-44a3-a78b-bcc3d6675a27", "comment": "Malware payload (RedLineStealer)", "value": "65461b91103fa8470bdadd929b9ae7cbe720ff48a45d67177266882bcfc1390c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641366, "uuid": "d87cff07-1091-4d24-b5c3-4fbf352282ea", "comment": "Malware payload (RedLineStealer)", "value": "007c374f9c90d0231b9b5e6e486da4bc0a5cd37e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641366, "uuid": "e7cd6fa3-dda3-4806-9457-416938b8d57d", "comment": "Malware payload (RedLineStealer)", "value": "192fadd2fc1fe9e9417c4f4a4ca4157fbe8305d6b4b1559a0e44da0da6078f90b48f3b7a8aa1a545c07bf970224c25b7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641366, "uuid": "f9fcc511-d4ef-4a6b-9d48-902dc2703beb", "value": "T1467533C8C7E40032D86F67B8A9F4036727367CA15CF44B676759BC5E4AA6A816832373", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641366, "uuid": "c0ff6366-a47c-48af-8409-eab563b78b28", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641366, "uuid": "65dde3ce-c012-47bb-bce4-8bc5e66cd74d", "value": "24576:lyWBQVsnkhYpQtt1+q/shnzKQ7qqaUOM4sV+rjN7uvfuktqWLe/tBKAbU:AWqVsnkimNE5zB7qqaUBa5kd4Wug", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698641366, "uuid": "ccc1e438-355c-4582-b7a8-ceb98803e524", "value": 1609728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698641366, "uuid": "a83b8344-1132-4654-a8c6-08b4bf2fb3e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641366, "uuid": "db58ec86-6105-4929-8625-f0b92ebc4e28", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef307143-772b-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698674107, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674107, "uuid": "4205c7c1-cbcc-4a2d-a2fc-f63a217a7793", "comment": "Malware payload (GuLoader)", "value": "7de7b8192af1b4a5199a10c4aefae5de", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674107, "uuid": "ca90594f-475b-4700-ade3-4d3478def001", "comment": "Malware payload (GuLoader)", "value": "6579fca35f4616a0a4842acfed45e7ec46504bbca005fdb21b81fec78583ce5c", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674107, "uuid": "628eccf9-31b7-4359-adef-4b6f41327165", "comment": "Malware payload (GuLoader)", "value": "48932485ec49e21c4c075d4822545a8e9b45c8cd", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674107, "uuid": "fe22e8e8-15e7-4caf-b111-3486f3418dad", "comment": "Malware payload (GuLoader)", "value": "33aca6c3d0a91afa890d99bde0afe5914ad642bdb0d979bec5147bac281f685c4750333f8e64fa633c4d6c172511027f", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674107, "uuid": "4a603329-0437-4567-94e6-3b5ad5efb0ab", "value": "T13923F1DC465366039F78E636366125B0F12CF98B28581D2535C72CB7B7639B08BE919C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674107, "uuid": "a840b456-e476-418b-8aa1-9adac4aa5742", "value": "768:sAyJONt4nMQMqhiaHvyeQ3a5gu2uMPjtB8huA4QwbP29T/wW70WJIT:sAyANtCMhq485NaPTudg29ToWIiIT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674107, "uuid": "a167db3b-1952-4728-b274-5b2b767a0600", "value": 46526, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674107, "uuid": "7c8ef830-b2f3-40d4-8b0d-c32753ea989d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674107, "uuid": "b7504a84-54e7-4e3b-b1d6-93eda6187b68", "value": "new_purchase_order_catalog_design_no_TZ806_300102023_00000000023.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4af711c3-76d3-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698636036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636036, "uuid": "654a2ed3-c288-4642-bc46-f1dd7fac13d7", "comment": "Malware payload (Stealc)", "value": "19309259f13f3b44142891003a44a432", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636036, "uuid": "aa5558b5-bb72-485d-a955-d90b6008391d", "comment": "Malware payload (Stealc)", "value": "65ae72cabe43c04b49d3cc9bcfe836aef075ebc7e38502eaa9b83a63813871b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636036, "uuid": "fea1c425-5890-48af-8bb6-bae31ef06918", "comment": "Malware payload (Stealc)", "value": "d65fcd9efa5a0dae75bd64da6237be26c860fe13", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636036, "uuid": "4b1d6c74-f7a2-408d-a042-a2b80897f3cf", "comment": "Malware payload (Stealc)", "value": "5d82c681e3840931c59188ae5930522bab182f4e1dbe4025c4cf575c98e00ed742594d70f7147cdaafa615118df0111c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698636036, "uuid": "53eecb10-5e78-4e4b-a826-9a4b34c83233", "value": "T11BE49D12A2B1823BD07E3A3C981B56BD98697D41F7A8E4CAEFD05D4C5E36F813491393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698636036, "uuid": "c86705bd-de8c-4a0c-9ac3-80faee272c0c", "value": "63dcf426cf592d540da4a68f9741991e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698636036, "uuid": "2f3dfa37-880b-4a40-9fcf-e6198c2c3342", "value": "12288:JHQ4R78rGcukgmWRjAeQ7qtoCldl4Dol9:1HhZcw95jYCloDg9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698636036, "uuid": "8f173f9a-1702-4f5b-8c3f-613dcee04f12", "value": 657784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698636036, "uuid": "f51d4bf6-d0c4-4a2b-b399-e9136252532b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698636036, "uuid": "354f54fb-b70e-46f3-991d-529c8c5c5bb5", "value": "19309259f13f3b44142891003a44a432.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac63fa18-774b-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698687739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687739, "uuid": "33a67bbc-a6bd-4310-a5f0-c0b9328a1410", "comment": "Malware payload", "value": "d25db7e3621d7ef3eb915297970ae32e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687739, "uuid": "66111335-96f9-4ad5-89f1-d22db40253f3", "comment": "Malware payload", "value": "669f6fc0665cc696cd40df0fbdf11799f6999d76cdc0d591f43b07713fbd437d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687739, "uuid": "f3bbca9c-7585-44d1-834d-3b6d438a0bcb", "comment": "Malware payload", "value": "323f0dc4b9fc9a997ba20140ae8392dd0db9874e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687739, "uuid": "9492be62-b7c9-4585-9760-d6cbde6e6d23", "comment": "Malware payload", "value": "49a2a54d47dfe36d71bcfa054b1a744ef1212fe1f4667e3f67f2c0304ba013025c4a1711bbf644e5d5aafc2d81e290b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687739, "uuid": "d0dc3915-4ecb-4c8a-85af-62e3ba2c4e45", "value": "T1C0273354A4C40EA0D4F1863B86B18512D637D8E21B78DAB787F492671FBB3D04DBBB60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687739, "uuid": "d5cd7d0f-7fc5-4d4f-961a-3c2973cc0afb", "value": "380d2cbec5e800eecb6612f15b9ac012", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687739, "uuid": "2aac1193-a5f0-4d9a-b480-e8be5925096e", "value": "393216:BAKCxQ8O+47/Kmr2pu0tTuW+eGQRs9jozPBYZK8t1WoR:BJ0Qb+k/Kmr2puIaW+e5Rs9MIpR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698687739, "uuid": "e20fbe83-0d75-49fa-9f0b-f236013f73fe", "value": 20751816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698687739, "uuid": "f1f100d7-c316-45b7-b88f-06351c677efe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687739, "uuid": "64f1748b-3ae2-4327-9439-9f70a6d0d190", "value": "d25db7e3621d7ef3eb915297970ae32e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0966f25-775c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698695101, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695101, "uuid": "636a28eb-78e0-4398-8e3a-103b04f611fd", "comment": "Malware payload (Mirai)", "value": "088b69493703fd185242caf277698007", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695101, "uuid": "a5794881-cb66-45c6-b1a2-5ef929695fbc", "comment": "Malware payload (Mirai)", "value": "679b5330e5d056806229b0e2e86cabf649a7f5f2f06ea8cd0cd1dd40f92a10fe", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695101, "uuid": "2faf2ddd-647d-4957-bc1e-f49f474b084d", "comment": "Malware payload (Mirai)", "value": "432e4731f2d304ba676aecabd2f8df72f78f4ec2", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695101, "uuid": "ae9309d2-b343-4875-8abe-cb1ca2a5d64d", "comment": "Malware payload (Mirai)", "value": "16343af3ecd10870eb4c7e8b5a5d07db02711578fefa7e48592bdaea912efa225883810541d30ff475b35066bb58509a", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695101, "uuid": "a7f7cb40-9e26-4b0f-9710-e497eb3df11c", "value": "T17FE2F111691A847DFB308471E0F68582776A1BBCB9FEB1B65462064DCCC2942A3E1BDF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695101, "uuid": "34ada2dd-295d-444a-be31-7e9a6095aa0f", "value": "768:TEKkUgXAnURCr6HmDFStmYtSq9q3UELdS:/kEn7uHEemrfLk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698695101, "uuid": "91fa0294-e364-4140-9fe8-caab0b223dcf", "value": 31872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698695101, "uuid": "f6b53091-81e4-4f6a-a1e4-0765a5270aa6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695101, "uuid": "a19a5ed1-6273-421f-9914-9d82971d3a5c", "value": "sora.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dca2b11d-7714-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698664197, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664197, "uuid": "2b38692c-7dcf-4622-a562-e270014c3324", "comment": "Malware payload (Mirai)", "value": "49a07aa19f728c5ddc39806c5b4b312a", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664197, "uuid": "88ffca1a-62c8-4571-935d-e52e3df5e35c", "comment": "Malware payload (Mirai)", "value": "6891d16b227977b5fff97920eae7bab92021ce3f344bfcc761eae521922d5b2a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664197, "uuid": "a36c443d-5476-426b-96e3-c472a369df95", "comment": "Malware payload (Mirai)", "value": "46074af76ed0ee6e5bbc61e731f0a6dd773cec59", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664197, "uuid": "82bfcf8e-e58b-4461-8d37-acbaabb00212", "comment": "Malware payload (Mirai)", "value": "2e28ba8e000a92322bc74aa82bed2b93d29d89cc8f43b301ee2729b01655ed83cecbc2ff18c332f33db4633d2f483def", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664197, "uuid": "a3011227-6c56-43f4-a48f-6c0f0865b8cf", "value": "T1BBC31955FC405B13C6C212B7FB5E428D3B2A17A8D3EE72039D256F61378796B0E36A42", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664197, "uuid": "1133b461-e8b4-4b32-b229-01f2a8711afc", "value": "1536:J9v0s43G5bUWk5RA7Sh71QAFMxK4VIGUT2yZuJO/6AA46n3thlcSwyw1FrR73VMx:Lv0XQ2RQg71QNE43UqyZuJOe463tM3Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698664197, "uuid": "90f91032-e8ef-47fa-bdcf-0ec485624ea0", "value": 129792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698664197, "uuid": "ffdb1a70-e801-4551-af2f-9c97b08ff84d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664197, "uuid": "40f0fcd2-7c88-424c-8362-a040e1413f25", "value": "cundi.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fef22b1-7733-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698677222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677222, "uuid": "4bda9389-5018-4512-88c3-01bd7237c22e", "comment": "Malware payload (RedLineStealer)", "value": "38cb92ff82909ccbf6f48d98415a2fe3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677222, "uuid": "5ab43bec-b081-483a-9049-6b45075b5870", "comment": "Malware payload (RedLineStealer)", "value": "697dd2c3533e5fd0096fa003da7141cf54575fba97208e52a73cb6d3385d6656", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677222, "uuid": "379937df-c651-47a2-b5ec-7ce41b79f2bb", "comment": "Malware payload (RedLineStealer)", "value": "011e3b0ba76ba1c46bae4eb8a9fde401819e7f13", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698677222, "uuid": "059aacbe-6741-4889-99bd-ae4313c4c87f", "comment": "Malware payload (RedLineStealer)", "value": "22f7996c25867c23b3bfcd675ffbce7d3a088f9814be3f0822e99695e9c96b9e663d06f73abace680a2760a1eaddafb2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677222, "uuid": "199fede7-a4eb-4d04-8c9e-84564ea67274", "value": "T1AF8439C0560391B7CCC056F53FB56B3A4E301AB06BB1ADCF16C9E98C999768B333158A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677222, "uuid": "4a7afd64-ed54-4587-a97f-c743486494a3", "value": "32fbd2a9d6a6ea7bac8ea5e7cb7313f6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677222, "uuid": "336ea2b9-316d-44dd-bdac-46bde9c55442", "value": "6144:vtZoJwJkAU2+ta9/64Jfh+WFp0THCg3LnWNh:lZo2WAU2lS0h+wp0bKL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698677222, "uuid": "3f8e448f-bbc9-45aa-9b81-fd9550c5454f", "value": 391508, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698677222, "uuid": "efd4815c-618e-4ce8-832e-b07b90ff4226", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698677222, "uuid": "890dd69c-4fe2-48f8-923f-7652117632cc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "236eec3d-76ba-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698625232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625232, "uuid": "6702d4a9-bd3f-414b-854e-3097e7ba95fa", "comment": "Malware payload (RedLineStealer)", "value": "02375858b6509e3406d6015f488ad574", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625232, "uuid": "303385bb-b8a0-4287-b592-f2e5333815e2", "comment": "Malware payload (RedLineStealer)", "value": "6a2ae0caa176d35e5bf2a992b5bfce55ae18d0ec35428f19e83d2ea02fa25bf9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625232, "uuid": "ac3e7a09-5152-483e-ab77-d05221517bc8", "comment": "Malware payload (RedLineStealer)", "value": "3256957d756d7c8b801f25357e62d7039f632b7a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625232, "uuid": "d681e968-8487-422a-8d58-4331f4bb7f05", "comment": "Malware payload (RedLineStealer)", "value": "a75baafab68c27567c35c61cf8a0e940b912e7b594a32e9ccc833a0b8e19996f7d87c054afb166f493c526e1f987466f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625232, "uuid": "7678331d-850a-4c13-8451-1d73519674a5", "value": "T137158D2138C09176EEF320B747ECBA2682ADE0B4071916DF16D857EED7606C17F32696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625232, "uuid": "67915683-696c-466f-a75b-8481a6f1570c", "value": "79fc9968a714a6b38909530fa0e5d530", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625232, "uuid": "e7e8988e-d7e0-411d-987a-78f9a18a0ae6", "value": "12288:cH1d57Fa2dALbyZa5uHZ/LiaQZKmRuUDm2r+Wg5ukiSjBA:CE2dALbyZa5uHZcQmRbVoBA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698625232, "uuid": "f2d081e8-a2f4-405a-8653-386d342e86ee", "value": 930816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698625232, "uuid": "dbfd5876-0932-4be3-9803-d105d8869af7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625232, "uuid": "3aadab71-c437-45b9-941a-50e585a329e0", "value": "02375858b6509e3406d6015f488ad574.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6b744d7-7755-11ee-8907-42010a9c0042", "comment": "Malware payload (Fabookie)", "timestamp": 1698692024, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692024, "uuid": "ea7126fd-4dee-4b1f-83cf-ffd5fa53d5dd", "comment": "Malware payload (Fabookie)", "value": "f9de699aea1d491fde2316a44ed30baf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692024, "uuid": "e46e87cb-d571-4740-8147-78347dd31716", "comment": "Malware payload (Fabookie)", "value": "6a6ec3bdeb4b01c7c1abdab5809ea290487c31010786f81ff64b6152a48274dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692024, "uuid": "094ac9c0-5f68-4a47-a455-f7b3ad904756", "comment": "Malware payload (Fabookie)", "value": "844316c2ca866eb93bd48803c9b94ba63015dceb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692024, "uuid": "f6be5466-b2bc-4ae6-a24c-c25d7814587e", "comment": "Malware payload (Fabookie)", "value": "9ea658afed05ef5b7f83f30675bd0324d96dd3300ac7afc3eca423563128686c3d8fbe0367825902fef9048c91c72b48", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692024, "uuid": "aa172855-1f70-4b3e-82f4-2577f51266e2", "value": "T13C941849FB7408B6D096C531CDBE8376E2727C831B25930B8641FF6E2FF36216969681", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692024, "uuid": "e3684349-512e-486d-a410-d06a6206a2b8", "value": "ff082fef3d15cdd142534440e54d6a28", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692024, "uuid": "26f0df06-2314-49e5-aa47-c9b57836e2ea", "value": "6144:syUa7AQnwciHMc4oiT4MKBz3I8JUGxerEhgVIXFM:sf4wcAQVrKi6berLIX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698692024, "uuid": "818a88e1-d1b4-4c82-8da4-dedca46173d5", "value": 426496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698692024, "uuid": "a45d0899-64d8-4583-b219-af01a47fead7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692024, "uuid": "d39ac871-2d75-4a70-81e3-ea341b146e23", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d4bd256-76d0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698634698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634698, "uuid": "c2e39efe-0a97-42a2-83c4-f01ab5bcd9bb", "comment": "Malware payload", "value": "4e9d322513ac955f931462159a0db5a3", "object_relation": "md5", "Tag": [ { "name": "DarkLoader", "colour": "#FA1D8B", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634698, "uuid": "8e8fabc8-41b0-4700-a213-c68adf383c99", "comment": "Malware payload", "value": "6b093fa5742346d843f64426c01b5dd9b0e6d9e7a12d0a87059ddfc98484e5e1", "object_relation": "sha256", "Tag": [ { "name": "DarkLoader", "colour": "#FA1D8B", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634698, "uuid": "9b30a0c4-848b-44b3-b62d-2e1d7a815658", "comment": "Malware payload", "value": "467c3ae8b6923a4992bae7df4b04a3b4d9ffccc3", "object_relation": "sha1", "Tag": [ { "name": "DarkLoader", "colour": "#FA1D8B", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634698, "uuid": "d8cc811d-1b2c-4644-88c5-bab9305ff35e", "comment": "Malware payload", "value": "dba2a5dd88f462bd95c9796256fb8b3ee57d7a222159f1f7f5c04367251e2fb3766bf90472fda110861cc3bb9ff27a9f", "object_relation": "sha3-384", "Tag": [ { "name": "DarkLoader", "colour": "#FA1D8B", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634698, "uuid": "4866cf70-6b15-49ce-bd15-238d90ca9161", "value": "T1BBC25CC2E70905B3D3AB0234B8A54E768A7C77700AE05293FB93510D5DB81E7F536A9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634698, "uuid": "52247dbf-3a4a-4398-b65f-d2b5f902094c", "value": "e74682aefd759b7fc008269c4aacd55c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634698, "uuid": "45c3eead-3709-40e8-a4a8-978f4e985608", "value": "768:gZ8g7oe4UkoFODPNRJP0iqPKIBzAscK3Kl1:gZNkoFODNRJkKy53Kl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698634698, "uuid": "f9e03ec3-5b13-40d4-a219-2bf8a76e503c", "value": 27136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698634698, "uuid": "5e1d93cb-df4f-4780-bcec-c4f45caf6b93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634698, "uuid": "59d85793-e676-4b15-b885-37e2a3f038d6", "value": "daim.asi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3672c6aa-76c3-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698629129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698629129, "uuid": "93339780-8fab-40d4-98e8-f8c298ac3d11", "comment": "Malware payload (Amadey)", "value": "3b567ed788b8d07ec909035f6147abd3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698629129, "uuid": "30e6c943-eca8-4bc2-8d38-97a592ee983e", "comment": "Malware payload (Amadey)", "value": "6b3331a3125bad81b752ee094425bdcf799a382b7285bf3295d283de509affc7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698629129, "uuid": "cb3345f1-57b8-4d62-9866-02e4f3fdefd4", "comment": "Malware payload (Amadey)", "value": "470c7ea1a1123e217375c3e1a1e699b476c328f6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698629129, "uuid": "e59b87ca-b80c-42fa-910c-5ac6e6cefd50", "comment": "Malware payload (Amadey)", "value": "7388bdddfd60014b862f71ceb2d24e72db8c0c07646510bbaf50a8219a07a9424d2cf7e0ea178d7d03322a5a924ea3b7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698629129, "uuid": "de6dbca7-89f5-414f-89ef-c54badcd5072", "value": "T160752342D3C4257BE8D627319CF747831936B8824EB08A1727CA7DA70973894B935B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698629129, "uuid": "e6198836-e88b-4265-a525-ff51423a2444", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698629129, "uuid": "1a2b0216-5864-49b4-a471-7091a382c961", "value": "49152:dr35JFQB2byITMleBH67aaD5qHv/hJ4B:TJFQBAAqHoPYH3W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698629129, "uuid": "52a0b3c7-8e0f-49c7-87a0-d9c9e7b6fd68", "value": 1614848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698629129, "uuid": "62e26156-7154-4c53-a722-e9d9ce171140", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698629129, "uuid": "7cebbb20-35ef-45ff-bc69-6f9dd04b4a53", "value": "3b567ed788b8d07ec909035f6147abd3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2fe5063-775f-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698696340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696340, "uuid": "59c218a8-75dc-479a-975a-3c517795d6c7", "comment": "Malware payload", "value": "e016ffa8b01c128f34e3b746034609ed", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696340, "uuid": "dca64e77-be8e-49f6-8f8a-283e85357ebc", "comment": "Malware payload", "value": "6be1d8f00f9c1b386f12b08e13d32dee1f8d1b1df23f41304645fe5bfd128d64", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696340, "uuid": "e53d6cb1-a209-4d69-a364-f7ccde1fceef", "comment": "Malware payload", "value": "72f3c5c27b68fdb4ee5763730f637e6d9d5bf9df", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696340, "uuid": "b6870be2-d69c-4b71-9499-1479bdaaa6e5", "comment": "Malware payload", "value": "f699a80223d966152e4963d7f620c8b0bd934687c0fe0c878ce234bfbde6917f4ee7eec64fdde5a188891a50278eadf1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696340, "uuid": "19016606-a426-45b6-9d53-c2794ac5c484", "value": "T142933A0799A59F77C0C7EAB919EB59300326A8520B2F1F5961386BF4438F9CD740FBA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696340, "uuid": "f6cd4c11-5752-47e7-ac94-c581073a2bd1", "value": "1536:fI7+hcIM9naHAAGtKhmA+J/FosGvJtKqCyDQtmW49VquLeefkcX:YNIMZoAAG0hS/FoHKqlYm79VquqefkcX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698696340, "uuid": "a79b10f3-3214-4d03-947b-b621bd771308", "value": 94356, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698696340, "uuid": "849b945b-f79f-4143-ae20-fbba989d272f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696340, "uuid": "0c534181-5633-4712-b309-fae1fd8e3f65", "value": "e016ffa8b01c128f34e3b746034609ed", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f405b40-770f-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698661840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661840, "uuid": "2c604d08-c988-48e6-8673-07fdb1b0d42c", "comment": "Malware payload (Amadey)", "value": "6c752b163faa36a307dfe59849216aff", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661840, "uuid": "584a7b96-67e2-417f-9e53-acfcd89b4505", "comment": "Malware payload (Amadey)", "value": "6dc5f3bd7f01781b4aaf942e08fee8afbbf1c6ff98a701195537e5a5571caed7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661840, "uuid": "2f0d9c91-3b55-4725-aa93-c9c7b34b16c9", "comment": "Malware payload (Amadey)", "value": "22ccec34a4a2410cf2e35b5745e2624965dc6253", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661840, "uuid": "c43498e6-2f6e-4a18-8dbb-e2b6e6746b63", "comment": "Malware payload (Amadey)", "value": "499998ba94d41644b7472b9a404fadc8bc95ae15a78b31e394a9e2bfbd978e7aa083d926bf5c3f6e9e351701cbce05ef", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661840, "uuid": "b9278ae1-eb06-4613-863a-7b58e5d3b4a3", "value": "T1C9D41252E7C89473C8B47BB019FA03C70B3EBCA05C78876B3749995B19B2694787532B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661840, "uuid": "b41b965d-99da-47e1-aac9-1bbac467fbd5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661840, "uuid": "d7e2930b-1c84-4402-b5ee-13ec78aa9204", "value": "12288:5Mrxy90PzC7UygfLCQAxCq+Aghm6b9YZCLfbJVr2mrLx8:AyqdyMCV4q+AgAy9jLfbJVqmB8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698661840, "uuid": "464f3c39-904a-4759-86ba-8d8f3aa2ac35", "value": 607232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698661840, "uuid": "8155402a-13de-45a9-bc84-75e2e10ba16e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661840, "uuid": "9ea9adeb-375a-4a5f-a5a4-16d0aef5b214", "value": "6c752b163faa36a307dfe59849216aff.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f536d29-76e7-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1698644714, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644714, "uuid": "1bf555e2-4660-4ca4-854a-e437a883c343", "comment": "Malware payload (SnakeKeylogger)", "value": "68ec81a206ccfd9346ab5f01ad9099ce", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644714, "uuid": "550d8839-cd35-4991-8005-0a7908c3b36d", "comment": "Malware payload (SnakeKeylogger)", "value": "6ee1e5991a0d9c2fe23d62b4d13a6279cf121eb49c0675a23050fa5bceee9d37", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644714, "uuid": "ac770e17-a1c5-40cd-a8a1-e15b78e2cc9d", "comment": "Malware payload (SnakeKeylogger)", "value": "28939cfbfbd6f4ad27a0107d8af960a66c0a1f89", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644714, "uuid": "941ec596-ebac-4d58-92c1-6e9d92adf359", "comment": "Malware payload (SnakeKeylogger)", "value": "ad1f660f79f4edcfccf6a07724873310040e58bb30b6771105ab879a052c81558464d251d03f4d0c9113e32984884ca9", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644714, "uuid": "128e3058-d789-4046-bd49-aec1d4f87b1d", "value": "T1757412DE1BECA76AD03B29FF90907915433D703210ACE4CE2A2779D945B33886692FD5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644714, "uuid": "a75da7b2-2d4e-45f9-b44d-2aeae4a95724", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644714, "uuid": "aabf54fd-613f-4757-8b1e-2d2855ab49d6", "value": "6144:5cOazRkHn3DeQLJhpSS4xfFYjtLYE2Odtyqd72frQQD:5cOazmqQLJ2n6JYrOiqo/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644714, "uuid": "fcad9c77-a2cc-4fc5-ab9d-7f9f0190d682", "value": 337920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644714, "uuid": "b4de81c5-4048-4183-b899-4a30e14120c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644714, "uuid": "245caf2c-ccfe-41b7-bfc6-00fd46b4686b", "value": "SB0G28XC.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db22593d-76ee-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698647874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647874, "uuid": "4486e1e5-4317-4afb-b44d-161d682ef6a1", "comment": "Malware payload (AgentTesla)", "value": "029b0c635d8534567818998c7fd5bd52", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647874, "uuid": "7ea70a82-9eb8-4680-a07f-b4e5a1cbc121", "comment": "Malware payload (AgentTesla)", "value": "6f5701ea91b5d10465ef8e3d936239e78c332d01a411bb80b6f227d36c36679c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647874, "uuid": "0825ffc2-9211-419d-a072-64d109a4a68f", "comment": "Malware payload (AgentTesla)", "value": "cbe74f1cbd5184f30d534ddfaf3ced631cdf586b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647874, "uuid": "8062c414-d0ab-454a-9024-c5ede232cf4b", "comment": "Malware payload (AgentTesla)", "value": "f39fb89acef81b8f8a5633ab1ae6bd415507cb77dbe75b35d6c133ef590b2ff6a399ecb0fc380d56b1e985611b92a396", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647874, "uuid": "b72f4a4d-08b2-4cc2-ac2d-eef3fde896e8", "value": "T1A905DF10B569CBA2D57983F6DA1095E407F86C2AE1AED28B1DC1BDDE3035F004BD2B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647874, "uuid": "f2ed4eff-4af1-44b6-9eb4-7e133cca684b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647874, "uuid": "7b8713e5-c75e-43e8-af02-0519248db5e2", "value": "12288:ApJLFFpvgnr1DeCzg4qoTMw6idj3PZlDoW5l3gyPMnCoj/UhWQRuxEwLwaP:kpFpCr1SCE412W7nwC8OWQmTc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698647874, "uuid": "11703d15-8aab-43ae-94b3-c76aa480ae63", "value": 836096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698647874, "uuid": "bbc49309-3a3e-4f49-97c8-9400bd34268c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647874, "uuid": "0da1130f-4c0f-4917-99a8-a5e9db114efe", "value": "RFQ MT-764439977.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57b8c923-7744-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698684590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684590, "uuid": "c8a046fc-1304-4afe-a945-ddea7b3e11af", "comment": "Malware payload (Formbook)", "value": "acae22d54a60cda3e945eb605b2e0d79", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684590, "uuid": "07edc40d-7a27-4b61-966f-03061645c932", "comment": "Malware payload (Formbook)", "value": "6f82869adb98bb714d132260ce2764b4d46e31495fb84d5614c9863763e118a2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684590, "uuid": "7f70feef-a552-4aea-ae74-0458c4e68ce7", "comment": "Malware payload (Formbook)", "value": "41da361b56cdc997da199b5b931f176cd932b813", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684590, "uuid": "a41119fd-1bc4-40ba-be7e-4b57522cc405", "comment": "Malware payload (Formbook)", "value": "2503b808f34f99c15777e6eefadb38e4c9e6aad9255c3bbd7d74c2cc86660d3c147970e54158c325cf0dd8b8b1b80447", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684590, "uuid": "f03cce62-88d7-48bc-8507-671af2dce4b3", "value": "T1DB8422668993D0BAC491437058BFDE7977728E1553A8FA8317B4BF323920643C86D36D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684590, "uuid": "b91d453f-a553-4fae-ae0b-35542188ca5d", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684590, "uuid": "2e6922f8-2b95-4cbc-a743-00ebb532775e", "value": "6144:U8LxBCXMMCj8to85NBbhrAH121W5pcolKkXNJbmuLrUITGA8py9c+o:urCI75LtAHkIplld/FtTGAk1H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698684590, "uuid": "a8de572e-37b8-4c55-b010-b20b90cce362", "value": 378004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698684590, "uuid": "9f3f82b1-0e4b-4719-a91b-46674556961d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684590, "uuid": "31d4f4b0-f118-462d-9411-99120263e894", "value": "SecuriteInfo.com.FileRepMalware.2023.31934", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9cb1a827-76e0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698641756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641756, "uuid": "9d5c846e-24ef-435d-b5c9-b75dd2b97b36", "comment": "Malware payload", "value": "c0fa8580e84472b5b74a4b588e19c306", "object_relation": "md5", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "pw-291023", "colour": "#9880B8", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641756, "uuid": "f2048c7f-3825-4e41-a20e-642577298262", "comment": "Malware payload", "value": "71dda452031a093f925324d3d829bc1015be08a77289a0e35ced039a7fb325ac", "object_relation": "sha256", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "pw-291023", "colour": "#9880B8", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641756, "uuid": "028d1e46-4c1b-4682-9c57-95bc194a45e4", "comment": "Malware payload", "value": "05cc9f7efa9f56503b94e5270503348688115e88", "object_relation": "sha1", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "pw-291023", "colour": "#9880B8", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641756, "uuid": "01d49a61-8f71-432c-a203-860648119dd3", "comment": "Malware payload", "value": "6732e9958cce8d2bec7241d426a83c3cefd3f27772aca59c7ecee9eab1024c5c97df0f85b85e930959d96737df5a9960", "object_relation": "sha3-384", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "pw-291023", "colour": "#9880B8", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641756, "uuid": "2010fe85-c036-4197-a41a-26d7fb5ae0e3", "value": "T1F89633908FF2ADBC1521E81161E5141B5AF8AB36D27ACC94B953922EEF5C140DFFD2C2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641756, "uuid": "b2d044fe-1286-46e7-bde1-e84abdff2db3", "value": "196608:oJRCBUicwhUZTtTKcV7QFhKfR+rFveqHit3mCuNj6Xlunst6q:mCBUlwuZ5gFhgYWEiu6ss7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698641756, "uuid": "338d7fa1-ba2f-45df-bad9-a523b7e26edb", "value": 8716750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698641756, "uuid": "63345bc8-f0a8-47b6-86e0-e8c5d0977f92", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641756, "uuid": "927959d6-f316-42d9-80c7-2f59a4e0eeef", "value": "claim_video_Hotel291023.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1880998-775c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698695103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695103, "uuid": "9b3cbf98-0dc5-4195-9e16-9d7489d01e37", "comment": "Malware payload (Mirai)", "value": "deae2b87dac6aa3065b80ace158cde26", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695103, "uuid": "de58a5f7-17b6-49ab-bdc1-75ab13c925bb", "comment": "Malware payload (Mirai)", "value": "71ea6bc4e29413235bf5396f28c41b48c4307215ff2403d44e1d22a8d5d43a67", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695103, "uuid": "d1d20131-b0e9-455e-aff5-093036b4d069", "comment": "Malware payload (Mirai)", "value": "e071ddf326810a25e1c79ffdde19e0d412ae1f54", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695103, "uuid": "e5b0a377-f151-4972-a607-cfaa130b5781", "comment": "Malware payload (Mirai)", "value": "c6a0804d948b7fa75ca00ff61451027f70392e234efe812a5fce91eef239d38566d19cdbc342bdafea93e5ec780cb8ba", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695103, "uuid": "24b98ba2-e47d-440d-8e7f-6112484c724c", "value": "T1ABB2E171A1463E62D760223E797CCA0057BB57F8A0EA72752124B7AC4BE2C4B647804F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695103, "uuid": "1df16780-adcf-4f1b-8dce-7b6bd4ce2236", "value": "384:5ZUX11S49enZh57fYONQ/yQVQbFxD+ckPvDxqSwPzMvdkZhymdGUop5hKn:UX1De9kONQG5xD+jHMDzukZs3UozYn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698695103, "uuid": "33d5fba9-3418-4e81-ab1f-e62b12e64efe", "value": 23732, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698695103, "uuid": "b827c7f9-8a53-4ea4-91fc-eeda02b2bd8c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695103, "uuid": "79a00368-70c3-4d89-80eb-c91bcb1eddb6", "value": "sora.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9095fe3c-76f5-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698650755, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650755, "uuid": "8919c429-51c2-410d-aa5e-625643e5b8f8", "comment": "Malware payload (RedLineStealer)", "value": "317c1da3d49d534fdde575395da84879", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650755, "uuid": "2a69f729-c7e1-4b58-9ce3-04457779d872", "comment": "Malware payload (RedLineStealer)", "value": "72674e9a3c32d5457c98ef723b938abc0295329c7ec58f9e07a0cb1e99631f48", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650755, "uuid": "f35dee4f-3538-488f-ba89-4a420703d813", "comment": "Malware payload (RedLineStealer)", "value": "ac0b1640dfe3aa2e6787e92d2d78573b64882226", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650755, "uuid": "620c78cf-9223-4389-af2f-2d78c3dac6ac", "comment": "Malware payload (RedLineStealer)", "value": "7b0ef8a5aa10d3b0c07b8ee876089f94bf2247d547695d4f8ef9ab794205a2158d5d7326e09373515ad697a6b9948fd7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650755, "uuid": "115e8b51-ef20-4876-8be6-51eb56e7d7ec", "value": "T146B44A95818788B2DE982E7E7DDC3BE04FA32C3419E13EC72EC9F94021F76656361529", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650755, "uuid": "f5125f3d-e022-4c73-bd24-9d93429d8d91", "value": "84e31d32a2cb7830e40cfcbea395c7a1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650755, "uuid": "2f6ea75b-45ce-412e-b744-717d83c9c9f9", "value": "6144:2SiQd/r1D9jZEDE6Q0CaH4zV0nlFWMlc2ui5MZI26noYfhvIUs:HiQxJ9tAE6nZH4zVAlFTO2uONvnoYZv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698650755, "uuid": "4e5e7067-0aab-4c56-9cd6-f8b1e7005fa6", "value": 502272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698650755, "uuid": "4d5e3e6e-410a-4510-9c58-f0b22dc7ab1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650755, "uuid": "211c99e5-8dcb-4e9b-bf38-af549dbed36c", "value": "317c1da3d49d534fdde575395da84879", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7594c8f-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1698690817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690817, "uuid": "749ce373-3ef9-4d22-b04f-029aa2f52abd", "comment": "Malware payload (Smoke Loader)", "value": "74d49caa0e8054010ca59c0684391a25", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690817, "uuid": "07e2cf93-5f0c-408e-bbd5-f4f9293219c7", "comment": "Malware payload (Smoke Loader)", "value": "728a55ab40a62e82b72a191c56d10c804d4b2b2bd8217832c70d3696576a84e1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690817, "uuid": "0cd76563-f03a-430c-a9c2-246f26948a0f", "comment": "Malware payload (Smoke Loader)", "value": "1f9122ba5dd88b26017d125fb5384237dea985f5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690817, "uuid": "f28f5bfa-1faf-457c-8886-1991dc38135e", "comment": "Malware payload (Smoke Loader)", "value": "5f5be2b5c7c74e1190bf28806d0592e5cc7f71bfc2f16cea11b4b7d58e51339c8a5507a157de49c133726b8006b7dad1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690817, "uuid": "241e3680-1a90-4400-9bea-2b2f158971fa", "value": "T13044BF113A90C832E56259316870C6A61F77FCF2E96495CF37983F2EAE706D09B65B03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690817, "uuid": "5557f940-ffb6-474b-a070-765aa90b0122", "value": "3380c2826a592a76a53bdcebd8c02436", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690817, "uuid": "ad0ea7dc-b85f-46d5-a971-ad342033dd62", "value": "3072:SgBNQMoGW76aFvLC+EEV9Xo5EmfdTK+BKzsHI6MX0nfmKVqHv:vgGW2aFvLCWIDfdP0sHI6MX0nfd+v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690817, "uuid": "934ccc12-c915-4680-8e78-08b3140f9c31", "value": 266240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690817, "uuid": "3ebb5ac3-698c-445b-a34d-b81a1ba22da2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690817, "uuid": "e4e3deb0-a2b6-4ddb-83f9-ef2cdc742af8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0d20a2b-76e0-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698641790, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641790, "uuid": "604bbfce-d027-4f5c-b712-d33fcb4cb214", "comment": "Malware payload", "value": "15a8cc209cc9bd77f5bf901d07d3d0a9", "object_relation": "md5", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mega", "colour": "#8369D2", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641790, "uuid": "1d7d8991-43ea-40d3-8b1c-42a4485ff0f8", "comment": "Malware payload", "value": "72d683597d351182d5ceaf884e2f028eddf3bf9a53fdb166024191720efc49ff", "object_relation": "sha256", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mega", "colour": "#8369D2", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641790, "uuid": "3eaa2cec-c1c0-4da7-a365-ecafe80b31bd", "comment": "Malware payload", "value": "575257651c15b06b39bc8087aa1ae80ae0cc040d", "object_relation": "sha1", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mega", "colour": "#8369D2", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641790, "uuid": "27299139-3b00-4f0c-9483-ccbe9091f579", "comment": "Malware payload", "value": "89d14e2a677d0a1b43bd1aa3603c915706bd258bd198510cfd9aa3dc92963cd5bac6ce9a60f3a8e011f2a66d15472999", "object_relation": "sha3-384", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mega", "colour": "#8369D2", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641790, "uuid": "3a4b2cb0-4f31-4100-b769-3d0e691c44a5", "value": "T13FB612836BB04C77E015C27549A657B0A7FAED65ED0D828F5380B9AC8E33360791636F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641790, "uuid": "b49a220e-8224-4275-a6f0-2575a70391f0", "value": "80a8fe4f507d0d527ee4b84b388b3627", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641790, "uuid": "11f49632-2d4a-44d7-a9f8-cb19187c00b6", "value": "196608:+o/USzdWIvQO/26iZrVG5Jf808zwUIvP4Btk3CDHKhiBm4omLvorW:+o/USzdWEQO/DEkf8xzw734BtnSCmlmD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698641790, "uuid": "c916f973-a3d8-4cad-a1c3-5f6656d997bf", "value": 10569032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698641790, "uuid": "73a39738-aedc-43b6-a723-510dc4deeae1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641790, "uuid": "95403b81-b70e-4681-8452-c65e4823bf28", "value": "claim_video_Hotel291023.mp4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d1cc293-76fa-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698652870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652870, "uuid": "ec7c60fd-42d9-43df-885d-4abeb2a951a7", "comment": "Malware payload (Stealc)", "value": "2dc50760b6bfb9aea30f865248b78372", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652870, "uuid": "215c569e-2e07-4b0f-816b-3779c51cb17f", "comment": "Malware payload (Stealc)", "value": "72f183acddd00f2409edc1fa7b6adc7824d4f975b77ac1c28277520a1da7b4b0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652870, "uuid": "201e0c59-99ed-4725-bb43-ac817a4c925b", "comment": "Malware payload (Stealc)", "value": "9776d7c7c53885c3cecee8c5aeb845c426afa840", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652870, "uuid": "f3c174d8-afff-45b5-88a2-79198463025a", "comment": "Malware payload (Stealc)", "value": "8bd7d938309d7f299089ade65e8d7070def1ff9fef4166651d71cad5d9c8ad97e0160fc65d4a956e24c8ff83531bfb5d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652870, "uuid": "586ba447-5f32-4954-bc10-6caa8cb58c9f", "value": "T1BBC49E51E2C14D3AC0672A3D5D1BE2AD58247D1226E8D88AAFD47FCC1F352813BF4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652870, "uuid": "95930dda-70ac-4b7c-b596-87789131db53", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652870, "uuid": "88212faf-05d3-4727-92a4-6af28a1b85c2", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7daLBIlXSY4j+6qj9:aF7M0UJf7gtIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698652870, "uuid": "f50e4ce4-fd93-4a14-81c6-6988820e8939", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698652870, "uuid": "8610da73-f6aa-484e-b193-c01d6bd0da3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652870, "uuid": "5bf66e8f-a9da-4c53-bc21-87988bb17809", "value": "2dc50760b6bfb9aea30f865248b78372.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1dbc396-76ce-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698634115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634115, "uuid": "4c4b4656-0219-4487-ab87-26ed9832098e", "comment": "Malware payload", "value": "8677ba02d90c948a808844a55a2b0f4a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634115, "uuid": "b7e18dfc-1a92-4016-bc0e-b86062cfee6f", "comment": "Malware payload", "value": "73316948650d7811f68a31de3441b84565df9936043be0ca1461e308a301fbd7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634115, "uuid": "3beadd8e-f68c-4647-bccb-db77b72054b3", "comment": "Malware payload", "value": "24b5b9b8b18c97894045ec02a313115b7c0e0e82", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698634115, "uuid": "63c080ad-d358-47e6-9aa5-74ed6a9765ea", "comment": "Malware payload", "value": "9d778a84c9bb6161d1e6ec952b3bdbb73e40fe265183c4672a9b38b87b3e66a65c9292420e7abe8894479f83d683b8dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634115, "uuid": "1d211713-270f-4d2e-aecb-322aa18f0372", "value": "T16F05F63D58B9223FC3F0FE518A5A4A16F1C1637B32996C38B6B32565431250EF9C693E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634115, "uuid": "9185f13d-3888-494b-acda-341a89ab55cb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634115, "uuid": "e304714a-a980-423e-b40e-5c46e88ea71d", "value": "12288:f6TD9iNX+PIu/JsMK7T787dHHhHKwTiwHNL4ucY4Z8MkxdtuwDiic7H0LiB:UNPNq7T45HhqmBLIY46dtu+pcz0G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698634115, "uuid": "6cbdb74b-0407-495c-a8be-5867e4fb2da0", "value": 839680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698634115, "uuid": "1978dbe0-e8aa-4935-92bc-65ed0a40a5bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698634115, "uuid": "10bedc51-c75f-4956-9ef0-2532ada6efaa", "value": "SecuriteInfo.com.Win32.TrojanX-gen.8001.14204", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b01d835c-772f-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698675719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675719, "uuid": "9544dad5-fe43-4105-a957-5afbde5a9e25", "comment": "Malware payload", "value": "a3f01cfaea3dada7cc49cbfcbcf2df1d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675719, "uuid": "6102c738-1cfd-4851-9da3-a5575b6d5101", "comment": "Malware payload", "value": "738acdc9210666e432746cc7fc7613fa8fb20ab2d6991fc2ae1f1789b9d191db", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675719, "uuid": "588b80fa-3b5d-43d9-8efa-3832cffb0f65", "comment": "Malware payload", "value": "31f57afd310644a9289741b30d7eb9e39b4368ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675719, "uuid": "b4bb6aaa-9a43-4cb0-84e9-a7cb7b85419a", "comment": "Malware payload", "value": "46def685c5c647f6d85e8f05abf38fc2b2512222b0f7718d55e06fc7b76b8d8f5445daa2bf18bd03fd9cda1df7ce658d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675719, "uuid": "ef05fdda-6762-424f-9e17-64eef7d60494", "value": "T1E2E4234FABE154D0EF26EA72DEB04BF5E27AF29128547067C799297816B00C3D6C3193", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675719, "uuid": "cdcd9183-9444-44c1-a57c-24a08ec568c7", "value": "b1a57b635b23ffd553b3fd1e0960b2bd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675719, "uuid": "e9586939-9fb0-4f20-b0fd-fd5216b54aba", "value": "12288:xUf3fsqOHTlnndVTWHmbM2qY3utWkUJB7ZQ9S:xUfsqOHRnXWGbLqY3W8B9Q9S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698675719, "uuid": "d247529a-7b01-451f-bf32-7e8783c8b94c", "value": 697234, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698675719, "uuid": "a217ae64-d2bb-4c4f-8082-2f99d1be8ac9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675719, "uuid": "6fbdbaff-ca90-402d-95a6-f5f7eaab596b", "value": "PURCHASE ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcd2c254-7722-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698670264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670264, "uuid": "ca9c8985-e6d2-43ee-a759-1ab7bf4a27f2", "comment": "Malware payload (AgentTesla)", "value": "0b24ca774db69d7d49f11f92f28c661f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670264, "uuid": "30316c18-be1e-4630-ae35-7cbc98846401", "comment": "Malware payload (AgentTesla)", "value": "75a2714348d7cc5c8f9fdd53677d60d13f94e6f1d1694c22144e9dc172fb07a3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670264, "uuid": "b0efda18-a90f-4523-a7df-1d96972e500f", "comment": "Malware payload (AgentTesla)", "value": "02634a5d92e5cb05444dbe7e409f7244bf93dbf7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670264, "uuid": "1bb8fcd4-7e3d-498f-81da-d94212046882", "comment": "Malware payload (AgentTesla)", "value": "d1a81b800b5d2a2265cba9f3a2b7d6b69c6c781520304cba4264d8ad772fb6c30eeaa84c865b900fd6f5d340d20d42d1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670264, "uuid": "b4fff6bb-87d4-45d3-9279-f831760bf8f8", "value": "T136C423C74BA2373B363B9D72A3585F8205908D96E2C91F7B22F49F5547C0D26BD88362", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670264, "uuid": "152fe80a-51c9-4ebc-b0c3-d612135b80ba", "value": "12288:m9d//e9nrxvwYS+2QAIu8peJpWraBBDCjQjfFpEg:GdeNLrA8e7WmBZCjQjR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698670264, "uuid": "a2e5e01c-a4f0-439c-b84e-2be1ad2365f4", "value": 576814, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698670264, "uuid": "1a3b4b87-a490-4e89-9142-a648550df926", "value": "application/gzip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670264, "uuid": "6ec57c16-6b45-454d-a501-3523778078af", "value": "NEW PURCHASE ORDER - 45323409712.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de502a55-76df-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698641437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641437, "uuid": "929f85f6-c7f4-44a4-9d88-9eee3be680d4", "comment": "Malware payload (Stealc)", "value": "793db7c65fdafcdc4b753a8e9f495b05", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641437, "uuid": "72275ce1-150f-41cc-a410-50e854534424", "comment": "Malware payload (Stealc)", "value": "75d548831ca2f225524f60ff9817d37a2ad50d8e64972f9583441421f530d88f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641437, "uuid": "f8a71c5d-f1bd-48c8-9100-9010d5402d55", "comment": "Malware payload (Stealc)", "value": "e48db4e1a056a5810200995d2eba186a7eb5f463", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641437, "uuid": "3d7afb46-064c-4fc5-9310-714f0e9c4eac", "comment": "Malware payload (Stealc)", "value": "94782b7fd347600a628f702bd5c2c9ac8330c249d0a35ce53dd6f4cf654c89b55e3e7f236947c7b2bdbbfeeab25afef8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641437, "uuid": "63ecb7f9-d514-482a-951d-7c61e2e28345", "value": "T1B7E49D12A2B1823BD07E3A3C981B56BD98687D41F7A8E4CAEFD05D4C5E35F813495393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641437, "uuid": "a18bde23-fbf1-4942-885d-02b7489927c3", "value": "63dcf426cf592d540da4a68f9741991e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641437, "uuid": "5d4346ba-0453-4600-8253-105d6b421d04", "value": "12288:JHQ4R78rGcukgmWRjAeQUqtoCldl4Dol9:1HhZcw95jLCloDg9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698641437, "uuid": "6f3df8aa-2c79-4da3-8b5d-7b84ce356da3", "value": 657784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698641437, "uuid": "f7b675ab-2a50-49e2-9360-db6bad301c9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641437, "uuid": "aa3abae6-08e5-4d3e-b1e4-bf82b51a31e9", "value": "793db7c65fdafcdc4b753a8e9f495b05.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd5acefc-76e6-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698644442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644442, "uuid": "37ce3a37-d1b6-489c-ac6c-59b13749345a", "comment": "Malware payload (Stealc)", "value": "142661f006e08178eb9afe845da7518b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644442, "uuid": "3e6cd8a5-7b95-4db6-9e92-ed6639c94bd5", "comment": "Malware payload (Stealc)", "value": "76b6b40ca473684a7c1f91d36d839521b759b945383a69174fe64cf3df607401", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644442, "uuid": "5adf944d-0528-4b51-b07d-638a5d772441", "comment": "Malware payload (Stealc)", "value": "603e660d7888c910e96fc00b650a2962abf3c736", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644442, "uuid": "d7a1000c-947f-496b-bbf3-ad20a1458e43", "comment": "Malware payload (Stealc)", "value": "1dfda9bdd654686efc0c7f667e83eeeec74922bb4856f5edce66eb6bd51a9615e9e42bc89ff658b2802e04a55e969e04", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644442, "uuid": "f8ddbc2a-6cd8-4c81-af4a-82aae78c85c5", "value": "T130E49D12A2B1823BD07E3A3C981B56BD98697D41F7A8E4CAEFD05D4C5E36F813491393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644442, "uuid": "e3dbba51-5188-4d11-895f-627edf29c528", "value": "63dcf426cf592d540da4a68f9741991e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644442, "uuid": "14e2ac0a-33d4-4d93-8f0a-165546442fd7", "value": "12288:JHQ4R78rGcukgmWRjAeQPqtoCldl4Dol9:1HhZcw95jACloDg9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644442, "uuid": "02d477b2-4d84-475d-a4f4-99c38aed72c4", "value": 657784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644442, "uuid": "742de15a-521a-415f-9708-6b54ee215a57", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644442, "uuid": "2e2107cb-bb37-4b61-9ee7-3670b6306e0e", "value": "142661f006e08178eb9afe845da7518b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cd0313c-76dc-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698639931, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698639931, "uuid": "c409d79d-24e1-40e9-b518-76d776e474db", "comment": "Malware payload (RedLineStealer)", "value": "16db2984eda1ebb02bd6b0d199cf58d4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698639931, "uuid": "6b383445-e30c-4cdd-8827-ea53d5f0da43", "comment": "Malware payload (RedLineStealer)", "value": "7b1465d501c1ed4813242cee88045e363a9eda0a7b957cb323800b7c0b4e770e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698639931, "uuid": "843046d4-b492-4230-a2c3-8e526463cfc4", "comment": "Malware payload (RedLineStealer)", "value": "7fa08e875dabe9db208bd8e5511806ef327552c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698639931, "uuid": "96e67eaa-81f9-4ad8-a1fe-b0ad00ab79e6", "comment": "Malware payload (RedLineStealer)", "value": "b4430449e71bb4c83c65b99b4345ca4e1ecf001a080ee65b299fdede15f588d692277059528fffcdc2b3f66383e27adc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698639931, "uuid": "29083f53-3503-4c60-8ca9-9513fb6b8cc9", "value": "T17B452313FBDC8075D9E6677024F70AC70A397CE45DB892BA23815A8F4C7275069B272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698639931, "uuid": "65de6bfd-209d-43f3-8b15-ae0281464e2b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698639931, "uuid": "1897e357-047a-4904-8425-fda2aeb25cff", "value": "24576:9ycSzpPKm0k0HjV+8iKKKCEwDRCHbr9DHY0T7pAJzoK5HfSMVQ6P9uDrg:YcKPKjkKjVD5FnT7VlYoqHfSMV6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698639931, "uuid": "90e63cb9-8ebc-430f-9a47-f7cf911c541b", "value": 1276416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698639931, "uuid": "0aac5a8d-4033-494f-a5e3-a90aecf28e5f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698639931, "uuid": "97ba47aa-efe7-4dc3-8eef-0f22a3204b9c", "value": "16db2984eda1ebb02bd6b0d199cf58d4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea6b8f8e-772d-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698674958, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674958, "uuid": "ce3ce8cb-b636-4767-9039-ffa291772103", "comment": "Malware payload (RedLineStealer)", "value": "571b1ba0e76c586a3e9d829738dd4eea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674958, "uuid": "71c76415-46e0-4619-9c39-a551dedc3bf5", "comment": "Malware payload (RedLineStealer)", "value": "7b2ee614889a9c225ed38b5e745638c946ddfc37ad76845b926ae0e1a7267d7a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674958, "uuid": "1f8f6c12-0cd9-4771-8bd0-fc1221aef973", "comment": "Malware payload (RedLineStealer)", "value": "8451f58176383d6bd5621b53f915644a74e9a3f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674958, "uuid": "942b2c3c-4019-4b5c-a63b-bd17d543b254", "comment": "Malware payload (RedLineStealer)", "value": "d3152ccb04315b03778a8723836216f1bc891d57e65544ab22c423b5a6f477ce046df6c692bf64c48a6aa46b2eb6c004", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674958, "uuid": "6766a494-71e4-4a4f-86d6-bc0e894ab13f", "value": "T165752353E7E5A962D4F47BB024F306832B727C5398B0975B3F41292A4CA36D5A5323B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674958, "uuid": "fa70c9bf-617c-4f9a-8d96-55b1832232c0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674958, "uuid": "8f576574-4681-4cc3-9deb-e1628b855e77", "value": "24576:EyUbrT6joy6kBC1MCP2Nux65ng9JdoqQjKti4rPNml19bZ9xCSifT/CouS:TUbrmNvY1vQm65nlqLm3V7R8u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674958, "uuid": "88440bfb-b1e4-45f8-acb0-7400fa7883b2", "value": 1616384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674958, "uuid": "0101bd3d-bb0a-438e-bbc2-d0cb182ebcad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674958, "uuid": "84e33a81-bfcc-4cda-97f5-640a98f4f099", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8ec1bdd-76e7-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698644837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644837, "uuid": "f7c18809-e216-432a-872d-49b113e1de88", "comment": "Malware payload (Formbook)", "value": "2051e174c11bfdb0491a6c78e3701eff", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644837, "uuid": "8b9e21f4-7f41-46a8-9977-983a4eec6f87", "comment": "Malware payload (Formbook)", "value": "7b391076063bdfea43d54bd7e6b4c8f8e3311c62a248f7927237a57472349376", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644837, "uuid": "67104f26-36f6-44ab-956a-ea9c7bc30466", "comment": "Malware payload (Formbook)", "value": "4c7f306a362dd23532a7143ad15f14765d9ae3c2", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644837, "uuid": "07f5d57f-f26c-40da-b71b-a383892a2304", "comment": "Malware payload (Formbook)", "value": "1d3ec8f7ad46460ad07963b91a89a07cf9fbc2d04e4fcc6e46928cd8d3aa388ee45b353712ac41a1c3e5c9e7c8acd660", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644837, "uuid": "528d63c3-8f3b-44b5-906a-208b427f8515", "value": "T17404562DC38B01A98F525377AB1B5E4442BCBA6EF34522B1346C837533EAC3C91252BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644837, "uuid": "f0322230-91e4-402b-a4b0-5bcf60670268", "value": "768:ylwAbZSibMX9gRWjZUxX5cgV3QYDeLTrEWzPPKZRPVP0W:ylwAlRWOV3QYq3rnbK3BD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644837, "uuid": "b3ffdd7f-8b06-45c5-a0ae-9aaa418215d2", "value": 179342, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644837, "uuid": "ebf9ff31-89db-4e47-98f5-cd8fcaccce88", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644837, "uuid": "1ccfba1a-bcb0-4b81-a0fd-68108a83a48a", "value": "PO-6700052214.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4db5207-7713-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698663809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663809, "uuid": "271c5b7f-0902-4a28-b172-2d743d3a9d4b", "comment": "Malware payload (Formbook)", "value": "3f5c1cb6d351c93568a245fba6360d7e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663809, "uuid": "a92facc2-eafb-438c-92a1-fcb839af2503", "comment": "Malware payload (Formbook)", "value": "7d1d279985060889c0213cae4ae9b4e8fecabc7c021b076d6034fdaaa1d903ae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663809, "uuid": "f0ba9ce9-76a7-4a16-9604-ca222abd6114", "comment": "Malware payload (Formbook)", "value": "40d1c3a700f141f95948b58658bf17a019f90004", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663809, "uuid": "892851f8-6e04-4cdd-a9ca-6d12e181bd0d", "comment": "Malware payload (Formbook)", "value": "76b2a48ac5fdb81da0f0b7819af752122977276d27f54efc0e109e622d9a6d91a6341d58e35390c219edc2267c06541f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663809, "uuid": "900f2696-f0c1-4c62-8b3f-b8a2407cbf5d", "value": "T10AD41245BAFC4F16C6B9CBF486939100537B627A56E2D31E1ED823CD0693F4DA2B1683", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663809, "uuid": "f03c35c5-e2f0-4b96-9572-afe7714d495f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663809, "uuid": "118c687d-e618-48e0-9cb5-622956e9b79d", "value": "12288:y8r69yqLAZ74kKhdxYdJne/bcpRJgol7euj3g09AkB3no+PXMNElEMhgO:b6XkZ79KxYdNpRJgoAIQ09AklZPX8EKq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698663809, "uuid": "4a33f244-9999-44bf-9cb1-176c58f00934", "value": 641536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698663809, "uuid": "cfd8c193-7b3f-49ba-89ae-b71bb039c592", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663809, "uuid": "5b1e75f3-720f-46a5-9d06-8e38e68c2513", "value": "SecuriteInfo.com.Win32.PWSX-gen.31302.3536", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44d3780f-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698645045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645045, "uuid": "076c5d11-724d-43ed-82ef-19e8f14fe8dc", "comment": "Malware payload (AgentTesla)", "value": "914d1c2bda2fb13b2d1d1a2abacf2509", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645045, "uuid": "f9593c7e-af5c-42cc-8ea3-83432cda3d96", "comment": "Malware payload (AgentTesla)", "value": "7e93080a4295b5554f419b9bc8fa32d2e47e2cd9ff32520c15a7db47fe3fe007", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645045, "uuid": "16ece07c-f5b8-4ad7-bb3a-11097e29c968", "comment": "Malware payload (AgentTesla)", "value": "bbcd7fd62c57616df238be4552a883a68a965816", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645045, "uuid": "e48ea9b4-775e-4db7-9fc2-bde68430cc56", "comment": "Malware payload (AgentTesla)", "value": "db6b2c160ffdb3ce9374307313fcde481f3275a7671df623c801ccd99b4f81b2b716c19a383e85e14403dbe38df53c86", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645045, "uuid": "b4765703-c4b6-4504-9f0d-f27ad226fcd7", "value": "T14DF423E09711FD58A74A11E237244AB007723F8E888FF31E4F30A96679DA5A5DE5F680", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645045, "uuid": "c51aab46-12da-41ce-ac83-b966e0ce1e42", "value": "12288:D4nWBryKm9dbJgpPA0FjOYTIvZzJHYa6q5n5aKGKVQnnYkRvxHUFSUL16odPsY04:cYmqACjOYT6Z1Hj5aKGK2uFrkuPs0ti+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645045, "uuid": "290e0a94-5765-43e6-8782-b876075c3dcf", "value": 777928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645045, "uuid": "e6ea1055-b17c-4682-8875-9ccdfc9ece36", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645045, "uuid": "a9f86267-95f4-49d1-968c-1cbaa5a517de", "value": "INVOICE 140562.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "144a5229-76ec-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698646681, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646681, "uuid": "51a4b9c0-9d72-45f2-9659-dd1a67608b5d", "comment": "Malware payload (RedLineStealer)", "value": "a4b8c035f34f2a6c6362ddf628ee5fb7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646681, "uuid": "d055b59a-8a0b-4c98-8b7e-4d327d386f12", "comment": "Malware payload (RedLineStealer)", "value": "7f982d7f9245116d14ad12b6d2d850f7cdf791451c1b11d6027cc7258d6e6aca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646681, "uuid": "7987ea75-ea12-4acf-8435-a9f7dead4c82", "comment": "Malware payload (RedLineStealer)", "value": "a109d229888539fd0e06bbe29143211330389754", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646681, "uuid": "5031a425-410c-40e3-b2b8-c21ed7c9cffa", "comment": "Malware payload (RedLineStealer)", "value": "79bbe4dac5b0de435a34f3964224963e9d71567c64f3fb0c97837bcda7458bd2efb0618fe435c403eb8722222cb66738", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646681, "uuid": "8665c67b-fa3c-4ae5-a730-31694b7fa1ce", "value": "T137752302E6DC92B7CDFE73300CF7069B1636BC929E311A1F178AA8DA0AF16516935747", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646681, "uuid": "4377aaf9-3800-4ca2-a008-78b0e635f01c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646681, "uuid": "5c9a3d4c-3906-4522-92d5-333d09c781a2", "value": "49152:uzWidrUCmEGMcm04IOAjRZIuQLEL6tb4uiiPanwxBv6Y:S5VGM2PjNWuQAw2i3iY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698646681, "uuid": "752bac9e-4a0d-4d91-9d37-00df0c492ecc", "value": 1613824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698646681, "uuid": "65211102-a3ee-48be-bc27-5753d8eef4a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646681, "uuid": "291ba558-7bdf-4a8f-b4f8-f8a96534b5cb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59248318-7744-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698684593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684593, "uuid": "338ba393-8db2-46ca-9a54-122b0bc5ba47", "comment": "Malware payload (RedLineStealer)", "value": "ba5e9d2e62f5e1ed6198f7f80f28862d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684593, "uuid": "dd438963-8d1d-457a-857a-d7351473ae19", "comment": "Malware payload (RedLineStealer)", "value": "7ffa3cf71ff6e8aec4029586dcca55a61edcd799212eb14b7a18073fea4e8c5d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684593, "uuid": "c5aa9bf6-615b-4100-9087-0cfeedf2fa1e", "comment": "Malware payload (RedLineStealer)", "value": "36fb5e81eb10c141dee03703bb27cf3b63a6193a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684593, "uuid": "150fb3e7-8d8b-4a16-a981-5e8ae9efda67", "comment": "Malware payload (RedLineStealer)", "value": "3237471934f9e7d3118682ad1e16666e5368ca6cac88fc168fa2eb779bab7b717e1af6477c8970dad5df0d55df82f7fc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684593, "uuid": "3e7f1257-f3ed-4867-9dc2-b0fb49b93096", "value": "T11DB44A85818798B2DE981E7E7DDC3AE08FA32C3419E13EC72EC9F94025F76656360529", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684593, "uuid": "2db47633-a635-4cc8-8ca2-3a213a36ade7", "value": "4061d030c89469c2177a1a0b3120372c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684593, "uuid": "e366ba39-8b45-4356-97f1-c0cd17fe2816", "value": "12288:F01DoqN4lVVE6nZH4zVAlFTO2uONvnoYZvcL:Fo43VErOBDnoYZvcL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698684593, "uuid": "04bca5dd-97c2-4e73-b712-e10c7d507282", "value": 514032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698684593, "uuid": "53caa85d-7f63-4a51-a2ae-c9f5ddcdef6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684593, "uuid": "25e4fb1c-4544-420d-ac58-2c7d5af8b1e9", "value": "SecuriteInfo.com.Win32.Evo-gen.13275.4969", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad9f7298-76e0-11ee-8907-42010a9c0042", "comment": "Malware payload (Vidar)", "timestamp": 1698641785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641785, "uuid": "2b45eeed-2487-409b-917e-08407b5ac49b", "comment": "Malware payload (Vidar)", "value": "1e001ef7bda5978ade6ec28da68153d4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641785, "uuid": "6e73ecc5-6c32-4160-b39d-b1c32b84dc38", "comment": "Malware payload (Vidar)", "value": "81d8a95cc4f8b19d5f4d16defb6b3ffdc73bad55e0ab693fcd4ab9cbd5ec2007", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641785, "uuid": "c3a5e761-2a5b-4152-b51f-732f9228624c", "comment": "Malware payload (Vidar)", "value": "d0f2f05420467d7a47ea77d60d6e08dc8c6317a3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698641785, "uuid": "ba885f10-aafb-4ab7-8ca0-b4c611c7a05b", "comment": "Malware payload (Vidar)", "value": "ad44efafabb857212645bb755fe956b6a4a04782f0aade463081913c6923ccfc4ae95ddda4d1625ca1d8a09b24233e04", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641785, "uuid": "11b10742-ffc2-4a83-adf3-5a8450be1e12", "value": "T1CB062A60D34195E5C297C070CD964FF4A5A2743B82364B0F1A84DD273DFAFA1AFAD262", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641785, "uuid": "34b9c116-78c1-4635-b6fa-4a8c115773c6", "value": "87d0737459c3ebc7de35794db4768b2f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641785, "uuid": "6113e662-8898-4399-a6e5-df765fa2cbae", "value": "49152:2XDRUUqKSE3rBo07p/2wQljcP9/zTLT5Mn/x22c/1k9nSJTl0poF+NXLOz5u8cGD:UHbUJcYwQM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698641785, "uuid": "26b3fe2a-03ba-43c4-9773-e475a1419737", "value": 3815136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698641785, "uuid": "540a3ab8-2035-43fd-97cf-a1b351bc9b1b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698641785, "uuid": "b7e9b2c2-93a1-4326-8829-ee62d3403ca6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27cf10aa-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698644996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644996, "uuid": "a1f11073-f7e6-4408-8567-67032b1850d7", "comment": "Malware payload (Formbook)", "value": "df2703f01b2675a3fd6ac6ef587052ec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644996, "uuid": "d773d432-e45f-4a54-9534-a16c9fdb6af3", "comment": "Malware payload (Formbook)", "value": "82f05aec2ded89e7956c4c559b3db88bd9cc4b90a0ab9fda2200493e56df09d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644996, "uuid": "ac4318bf-9c81-4a68-aeb5-01d5efc7ed22", "comment": "Malware payload (Formbook)", "value": "295c17f911d2485e7622b4d97b1bcab5835d7749", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644996, "uuid": "b98660d4-9282-4df2-a961-4e70c426b255", "comment": "Malware payload (Formbook)", "value": "5314614fc54895bedfd292b58b1d78ea314ae91185efbe38dae5385027d63aabb74d01f32ca246b447b5466c47ead54e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644996, "uuid": "108b8329-1dbc-4f9f-bae1-997877d45f94", "value": "T117155A3C48BD1633C5B4EFE59B998422B3E0A56B3255ED3899E318D64212B06FD8353F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644996, "uuid": "c9493405-fc82-43d9-8073-473cfffc04af", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644996, "uuid": "585249e6-fb25-4710-8159-2cf5c16cfbc6", "value": "12288:/zZgpMMOUT75OAExw03P8uYmCFU5Z18qbIxAxvMxKfp8JXJ33SIIh9pqAA/c:/iiMrOAExwCbYmMUN8XxPAh8ZJ3iISM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644996, "uuid": "3899f080-6da6-4d5d-9034-2c6a4bca835c", "value": 920576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644996, "uuid": "e99c3faa-7965-4927-b931-b09c854f6d2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644996, "uuid": "7c53d337-4171-4763-9509-034c4d4a63ba", "value": "FedEx_AWB#817443848264.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f662d62-7768-11ee-8907-42010a9c0042", "comment": "Malware payload (Heodo)", "timestamp": 1698700119, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700119, "uuid": "2bc5c837-f9ce-402b-a408-77012f79c909", "comment": "Malware payload (Heodo)", "value": "772816f913a48aabe00ab1e7db8aa48e", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700119, "uuid": "b41155b2-f962-4f34-86a6-3af5bc8acbcb", "comment": "Malware payload (Heodo)", "value": "82f73f413984430b551ed6ff796f2e36f21014ac389c50bca857a1fec25277aa", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700119, "uuid": "44a11bf6-88b6-4f73-bb39-f9abc630c2c6", "comment": "Malware payload (Heodo)", "value": "68ee282fb46abf7e8f8da52d52141e4a65a9be2a", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700119, "uuid": "2dd621c9-cdda-4f54-aea0-e6d9e9dc7b3b", "comment": "Malware payload (Heodo)", "value": "e6ee6659ae8490cae64613ee03f4c10ac92647c28a515a4db1b5fc08ffe30217c6d1778f9f77750f381f2cbc8dc0738e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698700119, "uuid": "c168ea78-f14d-44e4-b742-d631ca2c5fc0", "value": "T1F40523512D45685E4B7CF7B472FB2D1F33A0E9B25C5AA1CFAAC00E873697A506D4308E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698700119, "uuid": "3e679c19-d1a4-4bd0-a12e-72d9e56eec4b", "value": "24576:gLqf+W9MX/z+xyJiBAUR0Lzd3Ja0NGl7/Suki:j+aMPzbJW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698700119, "uuid": "0a15d969-d1c9-4f9a-90f3-95af563fedb5", "value": 840520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698700119, "uuid": "892d9053-34f4-4866-bb92-1960faa041ce", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698700119, "uuid": "3be9e08f-e55c-4fc8-a3a5-dd4507527385", "value": "payload.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8a0904d-7755-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698692054, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692054, "uuid": "7ec3e871-2742-44dd-bd94-85153e733ea3", "comment": "Malware payload", "value": "79dc0ae92c02abf8e51b5786d83d4de2", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692054, "uuid": "7a8c7e8c-9977-464a-8eb2-95516af44e42", "comment": "Malware payload", "value": "83001fcaf0b0224ef118d879eb488ed5512922ea07806b7f3e26db3ab1ff563d", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692054, "uuid": "b9b2b43d-a638-4f6f-8afd-4d9253cea905", "comment": "Malware payload", "value": "ddbea79f49f5c736c532ede7406329b09814bd4d", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692054, "uuid": "bf5a3b75-ed94-46af-8544-7482295f1ed5", "comment": "Malware payload", "value": "175fe887b24b6ef70f3e90ad6a384ca119c8243bc352c2b01b7758fbc5105637520408e4b4e36a7f75d66c9d2f81f3de", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692054, "uuid": "fa93763c-23e0-4a00-8b80-9161256ac85e", "value": "T10205DF9D761075DFC427C97689681C64AA212DB7531BD203A0633AEAAE3D9CBCF144F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692054, "uuid": "ed3e8ed3-bc82-4b6f-a971-8b51f60b1b25", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692054, "uuid": "62541e92-f301-4534-964c-945c9e97d83d", "value": "12288:I5r69yqLab9tyoruoDgvgslzeYlPdxRIRkJAesb3mJqytnvROlLEIsXzrny1Opcp:66XumoraYsl7Vz2QAesb3mDvAlY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698692054, "uuid": "56a4cc3d-30e6-4473-835d-444ca07cdb87", "value": 796672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698692054, "uuid": "ccd8d920-bdcc-4d26-9ba6-1b68661a5b62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692054, "uuid": "a01af5b1-01e1-408d-a070-ddc33cfa1669", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84144c8a-76c2-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698628830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698628830, "uuid": "399b6cde-1c07-45e8-ac3f-4b00acbd9745", "comment": "Malware payload (RedLineStealer)", "value": "14b4d329d5a91fdfe433c2aa622c42ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698628830, "uuid": "d25806d1-2b49-4488-a299-51bef441416f", "comment": "Malware payload (RedLineStealer)", "value": "833e4a431eb0ebf4ba5409fe67f9e395c3bd836d9657611a3e6895c34dbb863f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698628830, "uuid": "c4863508-2d7a-466b-abdf-05ba51def47a", "comment": "Malware payload (RedLineStealer)", "value": "1b22870a5e2d18089c042e487c1fcec00f2f97ae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698628830, "uuid": "2f189993-f596-44cf-a4d4-21c4b1fc7d17", "comment": "Malware payload (RedLineStealer)", "value": "a485d9c3e572257419248c13995691aef7fe5a0b4d8dd2320b6f8ca935c73e815ae337c7ae3f8ec018ace8837269845a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698628830, "uuid": "38bcdf45-a25c-46eb-8a1f-b23cf38bd580", "value": "T11944AD0174D1C472D972253209E0AFB65A3EB8600BA59AEF67D41FBE4F303C19635A6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698628830, "uuid": "41aa6969-efe5-4344-8988-b005d7352521", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698628830, "uuid": "d22fd81b-7c16-4766-a439-d3b1ba994185", "value": "6144:zsG6HurzSthAcEq9dNlqTTGWqAO4QOceu6xK:zsdHozSthBRtP6M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698628830, "uuid": "475ac7a2-bc6e-4674-965c-a65b5a18520c", "value": 257024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698628830, "uuid": "6b8b900d-b60f-4bcd-9dd6-0fdf38434635", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698628830, "uuid": "516dd237-9553-413b-bb83-de0ed46a3529", "value": "14b4d329d5a91fdfe433c2aa622c42ae.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76b28b9a-76b9-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698624942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624942, "uuid": "8dba6ab1-53d8-421c-80f1-9ee4f82c7ce4", "comment": "Malware payload (RedLineStealer)", "value": "1a3cd4ecc3ab240f4f0c8de3a8a3be37", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624942, "uuid": "846c3936-e5e0-4645-9e77-a7cb3745cf06", "comment": "Malware payload (RedLineStealer)", "value": "838cda25600462df7c20f73c2122e5097ca5fecdff18f71f9e4d55072b8c6a3b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624942, "uuid": "2db43c77-0745-4818-8cdf-1102a67e22fc", "comment": "Malware payload (RedLineStealer)", "value": "3d565e0ad5a8bf4a800681a3a1dd11b812b2046a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624942, "uuid": "930b6ac1-0c07-476b-9618-8baa9fbe957e", "comment": "Malware payload (RedLineStealer)", "value": "d1c1410bd9729f8ce24793bcc524fa1046891c011123e707f190628773551dadeab1ea2715bb0268ebcd1ce70e5dbc43", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624942, "uuid": "f0bd8333-ae65-4edc-93cf-7358d92ac81d", "value": "T1B9349E1638A1C172EF6209B55DDBC9F28CA5E3210B6445F327C2162EEF2C6F2762065F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624942, "uuid": "abfb33aa-29ad-4245-bb99-0138058c8df5", "value": "a09f0d336adcdf96b639e9a29bfc0c18", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624942, "uuid": "2ef54123-36aa-4ecc-9db3-5c82163d8273", "value": "3072:/o/vXgDygHceX87q4oRycMqTeb5fpk6+lYIZ7+Vya0NLxb:/o/vXHBeX87q3XfTqqVlTC70Nh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698624942, "uuid": "cb3dde17-3427-4b11-a518-5be0574273a9", "value": 243272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698624942, "uuid": "b01f251c-1f84-47c0-88fd-3809376080f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624942, "uuid": "1fee660b-53b1-470e-b6b8-ee01063382fb", "value": "1a3cd4ecc3ab240f4f0c8de3a8a3be37.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a84d2e12-7726-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1698671841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671841, "uuid": "332259e6-259f-4c59-8a2e-72946b1815c6", "comment": "Malware payload (SnakeKeylogger)", "value": "d414eca1e374dac20dff6822d0793f84", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671841, "uuid": "655deb6c-78c8-485d-8017-cfec6b48666e", "comment": "Malware payload (SnakeKeylogger)", "value": "84dd2a034d3c9d53d216198cb05f2d5fc65ad7dac487915196eda622a997bb05", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671841, "uuid": "6a22fba9-6d63-4256-8894-119a1b7c902f", "comment": "Malware payload (SnakeKeylogger)", "value": "5f16530c1115f0422d152abc96974d04695a66f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671841, "uuid": "12324d71-09f3-4ff2-8540-1c476ef562af", "comment": "Malware payload (SnakeKeylogger)", "value": "0f79defa274b04076e35693c5569349fb981e78dc23ad7e7c9da327e0a80ff0ecc0f0d992c2d3c58f644fdad44478a5b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671841, "uuid": "5e24fc29-9ba0-415a-aa0f-ab7a54e4f886", "value": "T10684F18AE665971CDA2316BB4B00F911C33AAD31DA7CF5767D127ACE0ABF51CC281D81", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671841, "uuid": "6467fba3-58bf-4fb7-8afc-0d94c48153b3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671841, "uuid": "7e26bdd2-d0db-4a26-888f-d0670582f264", "value": "6144:I5OazRkvfvYVx96Aq9BTEWVCueYOtYYE2Odtyqd72fgQQD:I5OazyHYVx9k9+uZlYrOiqoc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698671841, "uuid": "1205364c-1a8a-479e-9575-cd21481aa21f", "value": 376320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698671841, "uuid": "f601472e-500b-484b-9541-cf441ee8aa34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671841, "uuid": "dd1cb83f-1129-4f2b-8c95-146ba2d23707", "value": "SecuriteInfo.com.Trojan.KeyloggerNET.54.10231.6973", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8fa75ea-7726-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698671842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671842, "uuid": "5cd5d1e8-b2a1-481f-b6ed-b167947493bb", "comment": "Malware payload (RedLineStealer)", "value": "18db9adba53b6a650a413dce3dde8677", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671842, "uuid": "d1c592f0-cd98-4363-8c49-0d9e1d61e8da", "comment": "Malware payload (RedLineStealer)", "value": "8558a49ee89ad82ffac46831a5b2261438fd9b1713e50c94782d75e755b7a1f2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671842, "uuid": "e71f3ca1-e170-4dd7-bb93-86943261bab6", "comment": "Malware payload (RedLineStealer)", "value": "9ed5daaca0e6398c2bc5c41d4f04c6ac93a37850", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698671842, "uuid": "146b83f4-39cf-4171-9200-29156c34d4e8", "comment": "Malware payload (RedLineStealer)", "value": "2767f834cf7362cd9f73a6bf6510cde5eb0b081fb901393e29574393a2b29d678d74790a6aae6d7b433484ac0e8377c5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671842, "uuid": "14331248-6b32-4db4-b1b5-36c2796ab5d0", "value": "T14E645CC0F923C075CC4114FE6DAD6A25BB6429310B5079C7F7C9A6E96A1B6E3E23C247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671842, "uuid": "c425d7b6-fd6a-455c-9250-7cf44720b0a4", "value": "8896946f9800573d14f9b9f77774d4c8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671842, "uuid": "caed665e-70c8-487c-a24b-6a219028451b", "value": "3072:uXkeDKokx5+UT5lSM4MnOMrylEr0Khb1oKGWDkXtdmI1f/ChUu4KNLxb:heDKok22lSM4Mn9pxb1oqKN4UmNh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698671842, "uuid": "11861eaa-f401-4ef2-8a00-7c6fbf711111", "value": 313716, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698671842, "uuid": "54d229b2-f458-4981-b69c-cb5e550a5751", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698671842, "uuid": "87a10265-a697-4185-87c8-1d4a768a9699", "value": "SecuriteInfo.com.Win32.Evo-gen.20698.19105", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0df9b29-772e-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698675318, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675318, "uuid": "a68f25eb-51eb-43f3-88fa-281a413ae07d", "comment": "Malware payload (RedLineStealer)", "value": "466c6d93f8b1a50f3b86a747c104ea24", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675318, "uuid": "8f92bd37-202d-4fad-b9c0-43de0b90dbf1", "comment": "Malware payload (RedLineStealer)", "value": "8572aa8ad28300f92d7003761d0c7c70387963f0f450f9f93b34f0601cf52a6c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675318, "uuid": "0ed3adb6-7219-4d69-bdb4-073526f299ab", "comment": "Malware payload (RedLineStealer)", "value": "2393018b40f545f92c5cf695d1801daa1a17d5bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675318, "uuid": "ee0086dd-66a3-4628-9177-888dd1ae0630", "comment": "Malware payload (RedLineStealer)", "value": "a987f373e2837e2a8afde280b022d3526bc0d6bd981e6fe7a05fcf3c7325dfcca4e8e2bb64b1e05428a55e89bf3e7bdf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675318, "uuid": "8251cc47-76ee-4343-a386-438160f4a0ef", "value": "T198B45C8581879072CE9C1E7E7D987AE04FA13C346DE13ECB5EC9F94121F7666732092A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675318, "uuid": "fdcb9dec-1a59-4fc4-9b3e-ec82dcef2d11", "value": "6248c92a14daf227a80d296d3089d550", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675318, "uuid": "62447739-715b-491a-afa5-716dafb29619", "value": "12288:MO3oxIFPMDVA3BJ+ktV8TqsdaZxvlo7ZvML:PFkBAJeqy+lo7ZvML", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698675318, "uuid": "942705b7-1dae-4928-b712-0341681d93da", "value": 513960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698675318, "uuid": "ffc92094-0eac-4e34-8dcc-5fbda3c08b2f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675318, "uuid": "efb1bdaa-9816-45db-aeb8-821190449394", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c8fdd98-7744-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698684598, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684598, "uuid": "ac9b3cb9-9089-4f03-8f83-58d803f1f243", "comment": "Malware payload (Formbook)", "value": "4dca2433d6524869e26cda42d6aac35a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684598, "uuid": "5715b867-ffb0-41a6-996b-a77d6253e859", "comment": "Malware payload (Formbook)", "value": "858fa0bb526e7ea49318410817f484fff0bfadebc8da580b27fd73234974fe45", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684598, "uuid": "00a1dcc4-e123-4ffe-bc70-f6c9fab39100", "comment": "Malware payload (Formbook)", "value": "bf8f0f1fe8ad41e9035c4e36abe63f0349167743", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684598, "uuid": "d016c8d9-eab8-4bfb-8acb-5495686aa114", "comment": "Malware payload (Formbook)", "value": "baf0e663a05a8c375d75cc08e43d288a8209e07d7b8dd7fa9e554559cb779b0bb8635a5aa0150d8761d8432eca7d3f69", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684598, "uuid": "a9f7a9f6-f634-457b-98e7-175e6205fa1d", "value": "T18A84124361D0993BE29A93B01D76CF2CF6340E192565674B8B2B3EBF3E74187E912217", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684598, "uuid": "c87726f5-003b-4006-a96b-a8f770c67e79", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684598, "uuid": "77be18ae-19bc-4dbb-b961-aa8ce160ef02", "value": "6144:U8LxBCXMMCGIZMMwxCGkyLS83CKuU5TCecORLr5mnZGn7jFHlhu7LJpiOjhr/n:urCGIZNwVZLRCKuUQJqLlFn7jVlILqOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698684598, "uuid": "95366f5e-2a46-48f0-946b-b238241b58b1", "value": 377833, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698684598, "uuid": "eb831b9c-a687-481a-9315-8158b4c45dbf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684598, "uuid": "7501daa3-89ef-44d7-91f2-7e41500c49bd", "value": "SecuriteInfo.com.FileRepMalware.2839.30700", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4c502e5-7713-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698663782, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663782, "uuid": "1f4be44a-9143-4dd7-9d77-032ccf636749", "comment": "Malware payload (Mirai)", "value": "254bd617ffe6f9ccdab78901f223cf26", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663782, "uuid": "8392612b-0750-4906-aeb4-ff15115c4c0a", "comment": "Malware payload (Mirai)", "value": "8601a62da43a32ed29fefd4618b5e8ee7c7924893f7bc2b627964a5a162539f6", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663782, "uuid": "27d3092a-4583-4741-9f6a-48328fc6b90f", "comment": "Malware payload (Mirai)", "value": "bb9015211619a827da03b917e92b23afbb2e6986", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663782, "uuid": "ff992d8d-8f78-4c9e-a8d7-514234115431", "comment": "Malware payload (Mirai)", "value": "2008f60aabd5a5d2085178040af0015f082bc6ddbe241ac4be3fe1e4c57889eb3db690b4c9a00f118e0049a56953629a", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663782, "uuid": "359804ce-f3f7-40ad-9a8f-1a66ad2e9ea8", "value": "T147E30A56F8819B12D5C111BAFE1E124E37131B78E2DE73029D246F747B8A8BB0E3B905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663782, "uuid": "dc524714-3673-4367-8ebe-0ac8ce66eb73", "value": "3072:EOcKSUobiTVX1s+ngAal8TaXrsC23CGiRVj:EOnSHSVXi+n5aAnv3CGiRp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698663782, "uuid": "db9e0970-ac95-4c78-8829-2c3b20f1a5b8", "value": 143260, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698663782, "uuid": "aa41ef6a-fa3c-400a-9136-d67c803c1283", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663782, "uuid": "5f0518a2-c8c2-48d7-be63-4d14c643c686", "value": "cundi.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c78aaca-7707-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1698658399, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698658399, "uuid": "02f7c243-ce45-4937-8fae-6e4e700a8f18", "comment": "Malware payload (SnakeKeylogger)", "value": "bddc2a8284bfefe392c2552b25f3e0e8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698658399, "uuid": "1420e38d-ab35-40f4-8961-65464ca2b61e", "comment": "Malware payload (SnakeKeylogger)", "value": "861560fab6adef6b87a9ca272f91f8979bc28e85f120a390dadad92bccf77996", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698658399, "uuid": "1d370b4e-9c5a-4520-98ba-2c0bd96861bd", "comment": "Malware payload (SnakeKeylogger)", "value": "8ee6a96a7bdde302d92a3ae7d8ccec53c8523745", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698658399, "uuid": "c9793436-c110-4635-8267-3f6423d5ed43", "comment": "Malware payload (SnakeKeylogger)", "value": "b1903cdfaca87efec7fc3e92ae8ff1ec1296651dfb4d178f28215e9a5e7aa8281ec1496003a0882b02dff2252875be00", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698658399, "uuid": "48954b88-5f53-4fb7-aead-0662a1eb6e43", "value": "T16DB41201BFB81A4DCD2853B5CAB6725403B6412D6D71F75E1EDC22CA03A7B9D5BA0B83", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698658399, "uuid": "b2f8073a-4782-4cd1-a148-e42220eb22be", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698658399, "uuid": "ccd08952-10f7-4e3c-9caa-6655a2021570", "value": "12288:D8Q69yqLAaJSpkRNAaa8zhZ02UOvKi/f0xaL/+VPdy:X6XshkQaa8zYOyi/f0xtVPdy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698658399, "uuid": "8bcddfc2-c34d-41c9-9ab6-547e0c7fb390", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698658399, "uuid": "f06459b8-eae7-46b6-aed2-3a27eb9acc98", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698658399, "uuid": "5d73bf9f-3539-48e0-aa2c-2df5bb2be58b", "value": "Hesaphareketi-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b18b1e3-7762-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698697347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697347, "uuid": "511268b4-148c-4cbf-b072-fb94f70dce40", "comment": "Malware payload (RecordBreaker)", "value": "4331f8b07a24207f798deff126286e79", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697347, "uuid": "61ebfc27-f2c7-464e-bfdd-99778eb78a0c", "comment": "Malware payload (RecordBreaker)", "value": "867c253ac114084e2cda6b03f8820b7179091603fd4b7415b67437ece98c01af", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697347, "uuid": "f04e84e8-25be-4eb5-a00e-8c8e59811a35", "comment": "Malware payload (RecordBreaker)", "value": "0abdb522f82f4698b3bf76235b62d4998a351af5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697347, "uuid": "bf3bd198-130a-4c13-bafb-c4ae9ff29e8c", "comment": "Malware payload (RecordBreaker)", "value": "ca79066cbbea09e7bdcfb6e09fd2947b78131eea85abd240e44eb5755e0aefb7925d7bf7b9a632405dc229290fcdb5cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697347, "uuid": "b5cb9a4a-d786-45fc-a263-ddcc2e520774", "value": "T19B752313B3E901A2DDB9377004F942970F69BD92547C27872756A89F0CF2AE4663837B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697347, "uuid": "b4ed9d19-f7b0-4abc-bf0e-fee1f7b129b5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697347, "uuid": "c64e9ef3-6d7a-4c32-94d1-e1adcb3de607", "value": "49152:MzwcGYuKVOFNOTmr/J7BHBG41Jtfg/YtCnhgD:kSOq7J7BHBG41zcQBD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698697347, "uuid": "f5ec0855-2139-477a-8ba0-4a52e4bc8e02", "value": 1613312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698697347, "uuid": "bae4ad4f-1ff4-45a6-8360-f9ac62e439ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697347, "uuid": "99762a16-11ad-4008-84a6-796f92e3416a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab650cbe-772c-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698674423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674423, "uuid": "ed1bfdb8-6f23-4b1c-a814-1975df7ed1f2", "comment": "Malware payload (Stealc)", "value": "8f4363a72b19cc337a780a355064956d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674423, "uuid": "07ea1780-0180-4f37-9c8e-c9ec08bd3fc2", "comment": "Malware payload (Stealc)", "value": "86a2ec82ed8c28ad823ef6af12f89f0fd6ba2c51b08bfdee098f2da4417bdd60", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674423, "uuid": "c6dc4a5e-6cac-4f15-bf2c-59ac66c7e99e", "comment": "Malware payload (Stealc)", "value": "24ceac7b4d78a78546de899733ff49b0797b63e2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674423, "uuid": "164eb459-3770-46b7-b2b0-8a71f8b4d2b9", "comment": "Malware payload (Stealc)", "value": "b6e1712f5473e1e4eab743afd060ce0a0aa17a1d37b3761ca364b060644ab6d17b05132f60b7b4eb6c501e8f655f5d61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674423, "uuid": "655d3f85-16df-483a-89be-7efccc248941", "value": "T158C49E51E2C14D3AC0672A3E5D1BE2AD58247D1226A8D88AAFD47FCC1F3528137F4B97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674423, "uuid": "93e05122-bb50-4c92-aeb0-4acac725975f", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674423, "uuid": "0cb5140f-df34-4824-922f-aee240c518b0", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7darBIlXSY4j+6qj9:aF7M0UJf7gNIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674423, "uuid": "57e51bc8-cbf7-47a8-960b-c754315ecb9f", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674423, "uuid": "c7c864ce-086f-4630-80a7-78036b80c740", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674423, "uuid": "2e07e00e-6a62-4af6-bd45-59fc44ae9c1a", "value": "8f4363a72b19cc337a780a355064956d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "374eb958-775c-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698694844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694844, "uuid": "330db940-8cf1-4864-823e-4b2e163c9a75", "comment": "Malware payload", "value": "faa5885ce527dc4464ffb0ef7f9deb9f", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694844, "uuid": "6d61b963-35e9-4b0a-8ecb-ac4d1ac1e082", "comment": "Malware payload", "value": "86d129245a74e52fa533ab0e250595f0dfc4563d2c3e4f2781748bd841f30fe9", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694844, "uuid": "a0f41150-6026-4d8b-8e4e-92fcc0beca2c", "comment": "Malware payload", "value": "67792ce7050ceabfb9df1cfbba9e3c9e112d09c0", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694844, "uuid": "525795c3-f28a-424f-90e0-9a5fd1b2643d", "comment": "Malware payload", "value": "409df26a845b6c29494f855de47e3c2e917c92a1aa843db24c1b35291c499e13ef19eee8c99fd3270c8c38efc8eadc3a", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694844, "uuid": "d3d45598-1ce9-48ba-9f8f-93eab5befa4f", "value": "T187C6BF13B684A53ED0AF0E7B5837E654A83F7B613A51CC6727F4098C8F36D802A36657", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694844, "uuid": "dd7db027-6f70-46c3-80b5-a84b34b6f0a7", "value": "196608:urs888KGVjgEhhzHIqrFeLG5gCSyEXZDnCq6SNrU6WnqfUpp99Z:unPzHISSbZhNuqOd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698694844, "uuid": "c5520b14-ed0a-451f-a8fc-fa94faaf48e9", "value": 11490304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698694844, "uuid": "a211e1ba-74cc-461e-8009-d3841df3a0e1", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694844, "uuid": "84c46ec2-1a7c-4dde-8d46-2e61ebb2f272", "value": "factmarzonopagadanueva.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "adead3d5-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (MysticStealer)", "timestamp": 1698645221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645221, "uuid": "6fde0470-a6bf-4c5d-ac46-b4d6226bc61e", "comment": "Malware payload (MysticStealer)", "value": "e206c0fc621b974d1d71137be14fad28", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645221, "uuid": "bf939de9-bba8-4085-bdbb-fb3b503ef93e", "comment": "Malware payload (MysticStealer)", "value": "873b8ed116ade20d02215dcb8186aa73c25e375b67a1cafad0f6113c9d90359f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645221, "uuid": "26231a49-b2cd-408b-bdc3-96d98e697a16", "comment": "Malware payload (MysticStealer)", "value": "fbe1d6f54bd530b764bc2fe40ea3cef33b6b080f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645221, "uuid": "741e3b49-ff61-48dc-9f9d-fe14da113eb3", "comment": "Malware payload (MysticStealer)", "value": "18c4a35c7478ac166816c0f7cf5b5ccbb4f70cd366b9b587c65069f92e14cc2865a6e8aafbf4d4f3c8637474664df34c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645221, "uuid": "ee04a1fd-29e1-4191-976a-8a46f91a8dbc", "value": "T1E335AE217981C172EEF210B687ECB66AC2AED4B4075506FF16C657EFD7602D17B32282", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645221, "uuid": "3e7dd27a-7eae-4fa6-877c-51b17711dbc1", "value": "b11c9cd467b185b2c3a0a894930ee4ee", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645221, "uuid": "e43ac30f-63cd-44f1-8ace-b0fa102cf9d6", "value": "12288:iC9oQkYOEA29ADR87kHCYbw13Re0bUjnZk5uWSe+QgZZlc5WTzezrmjR57kFKK:ilNYa29Ad87kHCQWReguPZZQWWuR57S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645221, "uuid": "209b397d-36ad-4934-95d0-22265200dc44", "value": 1109504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645221, "uuid": "e6cec685-8fee-4f43-b7a8-af0e95a2cdaf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645221, "uuid": "73d57fa8-7739-4a45-ab20-44836d714d00", "value": "e206c0fc621b974d1d71137be14fad28.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b7f11ea-7763-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698697938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697938, "uuid": "777109c6-3e38-4c07-bfe5-c578e1843353", "comment": "Malware payload (RedLineStealer)", "value": "e506a24a96ce9409425a4b1761374bb1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697938, "uuid": "f716c73b-20f4-4a02-bd8c-1c3214b7db40", "comment": "Malware payload (RedLineStealer)", "value": "880265cb3889dd109ac84a6756367ae56b73b483343a84a42fb35d16c816ec71", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697938, "uuid": "aca15aab-850a-4e47-8e78-3f38066672ec", "comment": "Malware payload (RedLineStealer)", "value": "27455f1cd65d796ba50397f06aa4961b7799e98a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697938, "uuid": "08914ac0-897d-48ab-8606-24425f5becfb", "comment": "Malware payload (RedLineStealer)", "value": "42a04a68ea01a92a36708195b1f77cd1ccdedc81f6a8d8f31114bcae5dcd57d12c934c1e3e6059553c18ac2294a93cfc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697938, "uuid": "7216cfda-bc7b-4ac4-b21a-e0d75d037a2a", "value": "T1B9B44A85918790B3CD911E3DFE9C2AE08EB2AC3829997DC61FCDF14525B36B1736092D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697938, "uuid": "cda4f49c-86bd-4cd5-9b71-4c6ea297bd6f", "value": "d8e01a2ea4a40f05cb5ea00dc7d421d4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697938, "uuid": "60165b0d-7f8b-4d32-8ab9-885a06a19658", "value": "12288:1KtPo9vBasSlb3Qtq2cjjTHjPkoaQWsXsL:tasebR2SnkoaQWsXsL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698697938, "uuid": "2d77277c-de3e-43c7-ab72-aaea46d79de9", "value": 516052, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698697938, "uuid": "4c669062-6025-4ba8-a798-68578e2029f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697938, "uuid": "469cbbcf-c7e5-431e-9473-4b7b2708535a", "value": "SecuriteInfo.com.BackDoor.Andromeda.1883.10681.6962", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12c0d526-772c-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698674167, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674167, "uuid": "181d12b2-d64f-4a58-8722-37e02a1acb2b", "comment": "Malware payload (Formbook)", "value": "8604069b558d82968d36724384d64715", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674167, "uuid": "24682a4e-0c4c-4d28-952c-ab745347947e", "comment": "Malware payload (Formbook)", "value": "8963e3262acf00c24bbcc3844edd90a410e2f3fad4e1bf8748c4c798eb214c61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674167, "uuid": "ca991ff5-dccc-449d-9fb0-3583076a14c6", "comment": "Malware payload (Formbook)", "value": "62d9e7d13743972181cfae580d4d1ae6ace11574", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674167, "uuid": "21344363-b8e6-4a66-badc-3b5ca017511a", "comment": "Malware payload (Formbook)", "value": "6c7c2a9a3bb0790f40020c0af2380c7e3e346d4202cfe83388bcf32dc11313cb9160921d0204f6c889d54367523a7966", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674167, "uuid": "be29cea2-b824-4018-96e2-3ad3d0e0738d", "value": "T11C8423411B9744FBF6AE8A30D332DBFAF7B9810262515C4E57D02EBDBE54147CA202E5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674167, "uuid": "443e6914-4ac1-4936-86f5-15e103f4308e", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674167, "uuid": "4cc5c3ad-11b9-4ffd-ac7f-380a25c4c9f1", "value": "6144:F8LxBsLUGVlrw6NeTgtXNaTjx8JY9R6erkjYq4fIJWcK7lZa6B3ug:/LUEleAdBJ8iBRI7XaZg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674167, "uuid": "3faf2074-588c-4d7b-b01a-536979426fb2", "value": 391698, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674167, "uuid": "1d34b6cb-a7f9-47b3-8c22-22544f468641", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674167, "uuid": "b504b58a-0dbb-4112-bb7b-d3aea115e5cd", "value": "Wrong Payment Information.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d9b5aef-774d-11ee-8907-42010a9c0042", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1698688439, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688439, "uuid": "86cb9160-85b6-4fb9-aad9-9306985b7c79", "comment": "Malware payload (Adware.Neoreklami)", "value": "130e88dbba9906ef8b63c1618f500c41", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688439, "uuid": "b2d0a1a0-8352-4ae5-8e21-64bb9c1cab11", "comment": "Malware payload (Adware.Neoreklami)", "value": "8a354c99988a03beed45769b08baaea6083620b45c5c0cc4836e9244b6fdfcb4", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688439, "uuid": "f46febaf-5323-46e8-b1a9-c8ae813f3bea", "comment": "Malware payload (Adware.Neoreklami)", "value": "89f4411bb4dee5f35d6b3633578cfd75790f50c3", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688439, "uuid": "92d3aba5-2019-4712-ae43-74c626218e10", "comment": "Malware payload (Adware.Neoreklami)", "value": "5409bc207027736cb1aba5cafe231a5609e2bd693175731f3a26996f5b75a6e451dd4df66e9040044164605eba777251", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698688439, "uuid": "eb8ee00f-e207-4128-9532-3b28768304c7", "value": "T1A376330079C7C875C695B0338EB40F8241B5DE95AE32DCB37B65098DBF769B4A9A2307", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698688439, "uuid": "c7633f70-de00-45e1-be9c-911e5085a637", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698688439, "uuid": "fc74c15f-884f-4f70-a3e9-1bac344cb576", "value": "196608:91OAzWRT2BdpnZWl6Ud5Ej3uefdi5fVtXm4P/:3OAzWgnpnZWlngZofvW4P/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698688439, "uuid": "07078c74-e198-4a65-b303-844fa8b31ba0", "value": 7512439, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698688439, "uuid": "5e61c7e0-74e2-42ff-8244-097317ee6ea1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698688439, "uuid": "0cda3d13-1286-4b3d-9dd6-63c98704a62f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2124d1d-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1698690835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690835, "uuid": "ee369264-4f3e-4bc7-952d-82303e512d8e", "comment": "Malware payload (Smoke Loader)", "value": "f99fa1c0d1313b7a5dc32cd58564671d", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690835, "uuid": "1bf7d4c5-4769-4512-9aad-d5f97dd77cca", "comment": "Malware payload (Smoke Loader)", "value": "8a964d8fb52489ba9086bf0ab5cf8ca7822fe698d03e5e6d5174640f52b8c5ee", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690835, "uuid": "86378deb-7ff8-4983-b1a8-43b7329a1fad", "comment": "Malware payload (Smoke Loader)", "value": "0e3ada17305b7478bb456f5ad5eb73a400a78683", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690835, "uuid": "d3e1ff85-e41e-4847-8235-99ce44d499fd", "comment": "Malware payload (Smoke Loader)", "value": "4d89aa680fd65a4258c30a47541a86dcbb8e5e5c9dc3cfb74b2d1029dfb1c26f6b8211b074ff5bd3e8bd7654b4e595bb", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690835, "uuid": "ba1e1c54-950a-48bc-9202-f60edfd112b1", "value": "T110A62375FF5A5C2BB0FED179A94739F761AAB274434E366C43BC1290E812630B05AED0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690835, "uuid": "3166a630-1e26-45aa-a188-0edc71d747f0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690835, "uuid": "d9f9b7cf-38b0-4333-9d07-9ac42fc9620d", "value": "196608:yqG6fth+H4TaduMID/AsrzwBiaBYJwQwvk5KTOYTa+tH/+MpZG:5FhgID/A9BiaBYJwQk8Z+YMpZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690835, "uuid": "fd1d733e-32c3-408d-97e4-facc11513d96", "value": 10347008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690835, "uuid": "f71b92e7-70c6-4c40-a996-722ba53b83ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690835, "uuid": "7ec8d0ed-a1df-4093-a88e-403b0158df82", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84f5074b-76e7-11ee-8907-42010a9c0042", "comment": "Malware payload (zgRAT)", "timestamp": 1698644723, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644723, "uuid": "1c1b4058-665f-448d-8328-b34896349c59", "comment": "Malware payload (zgRAT)", "value": "10243ce788b5dcbbf248058fe196f371", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644723, "uuid": "73bfcebe-385a-4e5a-8f05-5a8edbe5dc02", "comment": "Malware payload (zgRAT)", "value": "8bf51ccb2646d38af6778a0712c78415e113b1393509afdc16c97a0bfb91eb55", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644723, "uuid": "b54f8e5d-10c6-4908-a414-ce0a5d8bd5d2", "comment": "Malware payload (zgRAT)", "value": "0da95887908b6ada23c698de6cf2f3f986655721", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644723, "uuid": "39b5de4f-9ec1-4c4e-8013-c0fedaf29368", "comment": "Malware payload (zgRAT)", "value": "a4c4276b6d8207f007ec2025d321a07801232a6f9d2d6f72cff626f4c02ff79f0832db9c546ca560280c6ad4d1337d06", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644723, "uuid": "ecf98914-aea1-4adc-a7d9-15fbd72a6114", "value": "T18CB42915E3027505D8FCAB728FBFE7F02250ABAF5A614206BD8435FA44E939D25C3AC5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644723, "uuid": "60eb80ef-4b3f-4f17-94b2-363b721a1004", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644723, "uuid": "bda68e88-8639-4472-8af4-612e3294da08", "value": "12288:nicNb5chlOMdRL8m6alMG/njrPIRp4tbhknaSJ8XC0x:tqhPRL8m6alMG/njrPIRp496aLXC0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644723, "uuid": "4b520e5b-86f7-4e0b-ac57-0c1c70e7f97e", "value": 510464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644723, "uuid": "521ff285-9d75-404f-8c90-f174c15026a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644723, "uuid": "6e7246ed-63d3-4ee2-838c-b617eab006fc", "value": "10243ce788b5dcbbf248058fe196f371.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e48e75c4-7730-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1698676237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676237, "uuid": "ebfa5394-8650-4429-ac63-34d07c54ffb6", "comment": "Malware payload (LummaStealer)", "value": "a25712449df2299a967768275a3b0c4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676237, "uuid": "f698f314-b444-41fd-bdaf-65bd51abb84d", "comment": "Malware payload (LummaStealer)", "value": "8ce95aee92cffc56420902fa657bc82a44574450ada63eb864d11e404a59a078", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676237, "uuid": "ffc2e10c-85c6-40c3-9eb2-3de79d813128", "comment": "Malware payload (LummaStealer)", "value": "e4676a0ec4368c573d25d12d060dd7f5f7d923f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676237, "uuid": "a0256714-540d-40cf-8316-fadec442a374", "comment": "Malware payload (LummaStealer)", "value": "20f2e1a83efb68bd5e77f189572f4aa405117f605826a5eb2c7651e1896a27c5bc2c58aed3b05d62cfd4c003b543a090", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676237, "uuid": "35f754d4-da7d-4cb2-9ae7-f040fca5622f", "value": "T1D5247D1263B1AC60F57776325F6BC6E4266FF8718F2CA6AA2318962F09701E1CD72351", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676237, "uuid": "9eeb6435-af47-4e61-bd51-7fd7202be63f", "value": "8dbd411dee61fc1b63660ff89eef7bc9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676237, "uuid": "c3073021-1f40-4493-b09a-2d23777a691a", "value": "3072:v5XpQAlIphhgK0TXJmPX6PGmNwiKK5Zc:lyWIphhgKcc/AJ5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698676237, "uuid": "6efd3e08-258d-4bf4-a8cb-5539707bc0e5", "value": 215552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698676237, "uuid": "3826edc5-f4d3-413c-8934-1e90054f4ef4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676237, "uuid": "8ce64ff8-7969-41a8-a163-d01cd7860b04", "value": "a25712449df2299a967768275a3b0c4e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b0d59fb-76d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698637834, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637834, "uuid": "d4a84381-717d-40fd-8e94-b7f6eba5a01f", "comment": "Malware payload (Mirai)", "value": "9b4fd37ec5573482fa02aa498d82cd2a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637834, "uuid": "69b0f414-f309-4180-af9d-cba82bcdd5d0", "comment": "Malware payload (Mirai)", "value": "8d2d9f0004f6024b211c3bae62f5f65233b7796274eb13533d0223f07f9e149c", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637834, "uuid": "051bfdc2-0368-4727-957f-200e32d5270e", "comment": "Malware payload (Mirai)", "value": "aa5d412988f801f5e4673aa5b6daa133837d7067", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637834, "uuid": "0b0137c8-e86d-4a57-85bb-89f68d305946", "comment": "Malware payload (Mirai)", "value": "8c5c74cce7ac60b00caa19d90c554b485e8ca5ea54ed00876b52e22c19f165ec584217ddd02ab29d9ec82c048b2542bb", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637834, "uuid": "e88eb241-ad80-43cf-9a69-40e76f05b32b", "value": "T107E2F160594DF940C9B51A32E94B54D33B0D1EF8D1DFB0412BE8163823E2697FAD81A7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637834, "uuid": "644f711e-92a6-41a9-bb45-9175746dc695", "value": "768:bOqOg531kzVe968nno7GcgeV4GHDsQOdsyvrYEg9q3UELdP:bOqR31kY9rYGIV40DvOtZpLB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698637834, "uuid": "37370820-ddd7-4dd1-9336-c1efc75d2b55", "value": 33216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698637834, "uuid": "c9cafbc9-8bf8-499e-812b-20a76ab00b23", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637834, "uuid": "2eb1a564-a6b0-4f21-ab84-75b9ac4d1239", "value": "SecuriteInfo.com.Linux.Siggen.9999.3267.26981", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a95d003-76ba-11ee-8907-42010a9c0042", "comment": "Malware payload (njrat)", "timestamp": 1698625351, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625351, "uuid": "1e394051-0afa-4e72-95bc-f58983713d11", "comment": "Malware payload (njrat)", "value": "c780afc84a629f184f32120c6952e446", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625351, "uuid": "33d25716-74d7-499c-9a5d-81abbd5c2455", "comment": "Malware payload (njrat)", "value": "9064e31c2802dd7b553c13c91ce09d6a99edf895480b63e3d8fb0138e4da327f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625351, "uuid": "59df5ae5-333d-4a7a-b2a4-a6b3ce09d99e", "comment": "Malware payload (njrat)", "value": "4d7e83654449ef3c5f43d37cc10195a4446a257c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698625351, "uuid": "f4a08f9a-9a48-4745-9022-fbd2c8cc7c35", "comment": "Malware payload (njrat)", "value": "73bcb9f676910437138c7089f5550f2a4d9c7854536d97a329af7c0cabbc076c6344a51e56a61263253cadd9af283142", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625351, "uuid": "9d2ea017-7e55-463b-bcfa-c06f7aff6049", "value": "T1C69502526D8648F7D6512D3A02F7E23EB038EC204F6E8256BBE43C5EEF71E455C90A85", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625351, "uuid": "27bdba79-0905-47dd-a011-f549540363c1", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625351, "uuid": "4d4e0a39-d9d3-48ce-bcef-784be4a564ae", "value": "49152:2zD/EiiFDgQDcVYwdQBmSfySUfgen8AWHFeci:2zDsiIDdDcVYhLfyxgYSQci", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698625351, "uuid": "91de4e8d-dced-4ae5-8b78-25553389526b", "value": 1938903, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698625351, "uuid": "6437e57e-28f3-4455-97d0-3e41bed70312", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698625351, "uuid": "5b8e5280-3cb3-47f3-a657-20e9c379966f", "value": "DS_FREE_NITRO_.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3df90b2-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1698690812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690812, "uuid": "02091b4a-5920-4a2f-983a-37b72fe6c610", "comment": "Malware payload (ArkeiStealer)", "value": "436c7dbf99a38aa791b2316c16d0249b", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690812, "uuid": "0eaa4cfb-0d7d-4caf-9953-d6e36646ed51", "comment": "Malware payload (ArkeiStealer)", "value": "9133ec162eeb4d237c259dafb5722ece057f88a972115299b8280fb0493a30ac", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690812, "uuid": "85344f50-ad81-4a0d-9302-0959e0e5abd8", "comment": "Malware payload (ArkeiStealer)", "value": "b2d43eb5437d0a225950d6bcccbd211ab406031e", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690812, "uuid": "837bf74e-fd1e-4969-8b97-314165947957", "comment": "Malware payload (ArkeiStealer)", "value": "558835ccaa4882f31906729cea5d90577525bac39e1bb8de7f4a3ff92e06d7d23fa55430b687e32950b571ac7c936020", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690812, "uuid": "19959ebe-4ee1-4a6f-a89d-4b9992d0375f", "value": "T1C864C013A3F26D61F97626319F2BC6B47A7FFC304EAC965A23149A1F08701A1ED72711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690812, "uuid": "c327d497-6022-44b0-9735-4f6d5bea8b78", "value": "e152f6e328695c7be0e02666bddd99cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690812, "uuid": "282d8991-ffd6-42cc-a01a-081565242206", "value": "6144:CAlTOjjfHJwV8CHwD+oL9gz5372vpK6QAsf11KL/SJn5:CAlij7HVVioLyl36vbQAsd5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690812, "uuid": "dadea1e4-3b5f-4555-b014-9c5fef5ddb6c", "value": 317440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690812, "uuid": "dffa51c8-08fe-44e9-b53e-78c8c12868fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690812, "uuid": "af08457c-af66-4db5-b4a5-855ecc5c8c25", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5df9bcc-7713-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698663810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663810, "uuid": "3e0a254c-408d-4763-9f6c-66ec03652f9f", "comment": "Malware payload (AgentTesla)", "value": "c62de3bce8b46bf89bad3a78bd43f638", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663810, "uuid": "df775fa9-e370-4659-bdbf-9c7782b565b5", "comment": "Malware payload (AgentTesla)", "value": "956f1904c26473883cab63be719dc256ff50054f8e40b031d151a019c64aaebf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663810, "uuid": "a3623d39-8a30-490d-a95d-a5e6fe635972", "comment": "Malware payload (AgentTesla)", "value": "0965a7fddd0e26c9a24cd5298cbe60ea14e551e3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663810, "uuid": "d1544375-30f4-4316-b96e-2600cf294276", "comment": "Malware payload (AgentTesla)", "value": "e020b1eeab4033f4211dd945cd8c5796756866a1ee902e1db1fae8b6b057de91aa6859facd3f7f48f8d150cec410309c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663810, "uuid": "8f664b61-d8dc-4b27-b93c-87e8e9b42931", "value": "T17005F19271A81A8AED6D2372647A4DED03725E3EC6F0F81D288EF16247733563216D1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663810, "uuid": "f9b0dd7b-5200-442f-83f8-cae078434837", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663810, "uuid": "3c1726aa-2f1e-4564-9d91-ece6d3abe4dd", "value": "12288:i8G69yqLV4mqwL6n6Qfnc/30sMcYxkKE6hQlsk/t1tbg86odP2ei2:G6Xx2k6n6unc/ksrSSUQlRtE86oce", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698663810, "uuid": "23b3185c-9806-4f12-a99d-2f5747d374d8", "value": 843264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698663810, "uuid": "4d19f575-a190-4022-872d-f055c307ebdc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663810, "uuid": "e05077c8-33a7-4113-bbf7-4819f24f702f", "value": "SecuriteInfo.com.Win32.PWSX-gen.6988.10975", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c31ffbda-76d3-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698636237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636237, "uuid": "b257adc7-befc-40df-9ed4-5df27536fb8f", "comment": "Malware payload", "value": "9375e3c13c85990822d2f09a66b551d9", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636237, "uuid": "8b37e3b1-a868-4172-99f8-d97aec2def4b", "comment": "Malware payload", "value": "9645299e58c7521d811fbdcdbd57db45160191db7c7b73eae5d97e4530136da8", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636237, "uuid": "6eed0dde-05c6-4a45-887c-c508656915e8", "comment": "Malware payload", "value": "f6a4a5f9c5afc2a77decd5f848b3a2a411717760", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636237, "uuid": "1515b3ea-edab-4787-be1e-376ef596a944", "comment": "Malware payload", "value": "c49648ad9b3eaa327124e37439871da6c97f301cfbeda3e1e386f28b50ef81ba7db62a4ca34c985c2e556fee0bc63ca8", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698636237, "uuid": "b7a54e93-8e1f-4fc3-9b27-af686f8e272e", "value": "T1D8261890FECB54F6D9431E3044ABA22F57316D054F24EB97EA507F6AED376A2093620C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698636237, "uuid": "58680130-effa-4752-a9ba-f7c9a282664d", "value": "49152:JBUFJ7aVhuFA5R12DwaoXBkXLkjRMzDHSeORqHTF046adN3f10B1:sn4QGf2D76B7a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698636237, "uuid": "afa3c24a-b777-4c00-92bf-c88c5302030d", "value": 4587520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698636237, "uuid": "a2a1ecf5-6b22-4e3c-928e-fb323ca14525", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698636237, "uuid": "ecd1ca16-6ed7-47d3-927d-a365c6688f3e", "value": "9375e3c13c85990822d2f09a66b551d9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6764500f-7716-11ee-8907-42010a9c0042", "comment": "Malware payload (njrat)", "timestamp": 1698664860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664860, "uuid": "25d5e0e8-45a2-4161-904e-8bcf4913dc41", "comment": "Malware payload (njrat)", "value": "a01d852b29efaac0b9671f08ea81c785", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664860, "uuid": "64367ecc-5b22-4965-b7c0-ce9fa1a0ccdd", "comment": "Malware payload (njrat)", "value": "96553ba738a8e268293c58acade34423b565bea52c0f37a6dfeecc6ee8b4c5b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664860, "uuid": "660e8a7e-6e76-4f16-8831-b833b40224b0", "comment": "Malware payload (njrat)", "value": "a788cddfb310a0614315a521f12f09001495470d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698664860, "uuid": "d20bbc9e-e87b-48f8-b2ab-cf5d45189736", "comment": "Malware payload (njrat)", "value": "76ed488141e245851ca66920ae5e95dd05bd06bb4792f57f026f6833aadb2db647cf5569dcbdecc474b79f57b32343ae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664860, "uuid": "0049ac0a-4b15-4c7f-865b-e6818803ffc3", "value": "T14EB23A4E3FA98852D4BC1B7485A5965003B4D1874423EE2FCCC560CBAFB3AD92D4CAF9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664860, "uuid": "7558d931-71d7-4b93-8e88-773ee8c44680", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664860, "uuid": "f073d6f3-96c0-40df-ac97-dc7bd519ae28", "value": "384:MoWSkWHa55BgDVRGipkItzY6vZg36Eh7FVmRvR6JZlbw8hqIusZzZVFJ:7Juk9pDRpcnuev", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698664860, "uuid": "8e7d5659-af97-4b0d-ac0e-bdb1c72604b6", "value": 24064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698664860, "uuid": "262bb4a1-74a6-4d27-8ffc-b7beaab35b3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698664860, "uuid": "f5e7a5e3-c94d-4c36-a1e8-83f150c2427f", "value": "a01d852b29efaac0b9671f08ea81c785.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdd7ef93-774b-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698687768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687768, "uuid": "da3a4a67-71e9-4583-8cc4-fe73c50d9852", "comment": "Malware payload", "value": "d6b9c5b223b21ced85fd9a5e8a6651ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687768, "uuid": "21bd6a77-b3ab-4502-b790-c1d7dc77313f", "comment": "Malware payload", "value": "9777098d0d0de061051d401fb5fcc58121542cff64dc7b5afd3d9a23d6e912a2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687768, "uuid": "0f429462-67e1-491f-b169-92cb14a72cdf", "comment": "Malware payload", "value": "e51cdeeb27fc904b552c2a7bf92ab4f144470b3b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687768, "uuid": "485daef1-b8d4-469a-a87e-ff0c16a88d50", "comment": "Malware payload", "value": "fe496ee081c2b0aec7ac391a9a5ead392f0590e57fc754281112d37030da4f6a1e45ac48bb8b03ca78ae7e0a93b806b6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687768, "uuid": "b4f52cc7-3774-43bb-aee7-c493fdb1aa52", "value": "T14A65339286E05673FDB517310CF197E70F28BCB58635CA97A102A84E18B2AD1F1B17B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687768, "uuid": "2229dec0-433e-4119-8905-45ae4709e7d3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687768, "uuid": "71d66e3c-ca7b-4180-8590-38eb55a15de1", "value": "24576:yypRP7BkGAp+oxOXzDllxnwookK96Nj+2zkHDeOGvXdu8M/g+g7sKE:ZpRPEp+oKjC9oHaW/duTgo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698687768, "uuid": "a816ded4-c61c-4977-9575-e5e74e6cc486", "value": 1530880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698687768, "uuid": "1aa81466-e20b-47ef-934d-893d724ed4ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687768, "uuid": "0ba7c4aa-a00a-433f-b702-5f17df5fd801", "value": "d6b9c5b223b21ced85fd9a5e8a6651ce.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cb34deb-7713-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698663580, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663580, "uuid": "921680d8-9b3f-41a0-a1c4-5a11ae635a60", "comment": "Malware payload (Mirai)", "value": "c64bbc3fd35984218624b72edfeabee5", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663580, "uuid": "d2239dae-7da5-4c05-b388-ddb80f89027e", "comment": "Malware payload (Mirai)", "value": "97d2006d3df3d0be7310909047bb58b18233ee0035eab95619b51d23e90b9c9f", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663580, "uuid": "a13c81ce-2995-447e-a905-1aee35c4c707", "comment": "Malware payload (Mirai)", "value": "8866a316d32cccfcc566197a3efc56e52f855219", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663580, "uuid": "a85dfd74-e927-46c3-bb1b-106836098a87", "comment": "Malware payload (Mirai)", "value": "76dc9b59a85c1a9e1bf46598a9ffb410cf5c74035f35c2d7e53931712d2784628309217b2517bea426ff83b657a6a094", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663580, "uuid": "08538050-ab77-491c-be66-c567d8c39c3d", "value": "T13904E91AAB510FBBCCAFDD3706ED0B0139CCA54722A53B363678D528F54A54B49E3C68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663580, "uuid": "53ffee9f-f5fa-4d5c-a8d0-d928e3b90d32", "value": "3072:+esjcBs3HCl2UH0aED7D/URJZeIG5C3op:+esYiylkaEfDsRTxG84", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698663580, "uuid": "8dbb0924-0600-4e71-bc2e-a1557d0f804a", "value": 177852, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698663580, "uuid": "de9676af-9269-4f12-a33e-1494a30ef5b0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663580, "uuid": "b37492d5-9671-467d-8193-04e37629d9bb", "value": "cundi.mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a30677cb-772f-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698675697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675697, "uuid": "3efb3ee6-dcf0-45a6-965f-53e95b9f6794", "comment": "Malware payload (Formbook)", "value": "bb95b1b72e99ac62a40b9604ba2454f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675697, "uuid": "2633127c-7a41-47b4-b777-0626719cf6d0", "comment": "Malware payload (Formbook)", "value": "9829382c100af443239c2823f7db79049221f5d1ccffe06620b8cd3ed1fcaf07", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675697, "uuid": "593acc4d-db11-4fb9-9cbf-b5b194f6d8cc", "comment": "Malware payload (Formbook)", "value": "384ec9e60b0e5986916c7959b6c2768caacdd8ab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675697, "uuid": "3ad1f34b-ec80-4225-8be4-9516351f2bd0", "comment": "Malware payload (Formbook)", "value": "e416e92c80da7fc07c00f10ac609c30d3a3606514f45336ffe1d34810a278c513e53858d168377e14ac1446f26f43262", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675697, "uuid": "5dfa8a91-7799-4318-8093-451992356b91", "value": "T11484234A91D1D867F5E6C7B1CDB6E338FABDD40881A7794BD7800C6A594234B880E71F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675697, "uuid": "04ab6c8c-049c-4668-86eb-e8b347b11a76", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675697, "uuid": "7a748bdb-7f36-44c6-b5fe-a6c2cf4586e2", "value": "6144:F8LxBsMwrRR9Zn0G0W0Hxal0bexezLJB8BIMkFVVqCh3LkeCxrxSZ4YoyJX:/LRlKyUqev8WBhhk1xWmmX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698675697, "uuid": "22aef9b7-16b4-4406-aded-11ae785248dc", "value": 391546, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698675697, "uuid": "e0545c08-a0da-412c-a7aa-3603fd564db3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675697, "uuid": "743d937b-d992-4b02-8973-7204ba668866", "value": "INVOICE-20073544-2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85b8ab38-771a-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698666629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666629, "uuid": "71685931-45db-4125-a05a-c96a56ed66ac", "comment": "Malware payload (AgentTesla)", "value": "50d2409a3a68ed17f86bd7c6480c9da6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666629, "uuid": "292280b0-7d14-4996-9d25-685438fe8ed5", "comment": "Malware payload (AgentTesla)", "value": "9a4c5d776f205dcb2ef261654ebdc4b5ef42a31e2750a84150a3af05fb847c0a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666629, "uuid": "ed3bea46-5a2d-41b4-b460-241f4c1bf952", "comment": "Malware payload (AgentTesla)", "value": "80e6fe748eca93a113c4d61cb13616ee0589f6a1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666629, "uuid": "a5cdd520-73d8-4506-a192-9ef115940926", "comment": "Malware payload (AgentTesla)", "value": "eb856f920169daab703fc2275e85cb7192abfcf9c2048552de160a6becb93e6749060727c9040052462aab75edfb40e4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666629, "uuid": "d82c40f3-8c31-4ff7-a7ae-365da713ca9d", "value": "T13ED423C576F12F25D3BE93B25AA2424003F542461695DF1E3DC862CE0AE7B385F89B93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666629, "uuid": "3544d602-bafa-4c31-b6c6-94b265f9d261", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666629, "uuid": "af1fb8a6-e166-413b-8b5a-0d42a80f486f", "value": "12288:V8P69yqLb9F3xdkbO22ejFmRIwIvuSzkpsrajBROvQjCfiMDg3F:+6XHbbJejQIwtsmjjOvQjCqwg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698666629, "uuid": "174ed36f-ffbf-4ed3-80fd-bbee1b06b7b9", "value": 611840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698666629, "uuid": "c158441b-003f-420c-9079-b2793f117f4e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666629, "uuid": "d582dcd4-7ce4-43eb-88c9-f5c1a62be942", "value": "SecuriteInfo.com.Win32.PWSX-gen.16850.12735", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac0b18b3-772f-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698675712, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675712, "uuid": "bec99791-9ef9-45c1-9f8e-b667ba693bc5", "comment": "Malware payload", "value": "2528066879a9b130bbec7ba109887ee3", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675712, "uuid": "8142be4c-7843-4695-a102-66a8d3920b4c", "comment": "Malware payload", "value": "9ae815222ecffcb9268b80ee17e3df53cb51f6f3e10e12885c8e46a7c3836fd3", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675712, "uuid": "49caf9cf-e7c3-4260-ab4d-3485b1cc4dfb", "comment": "Malware payload", "value": "28dc1e86d21b56830a70a291f8c4a3cd3405600a", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675712, "uuid": "3943f92d-86c3-4d6e-b8b8-25f758488764", "comment": "Malware payload", "value": "363d009d2de4247c2e3d427b9cc1a323eb8b9ccf9e591fb5c809922e53648a1d0df027be7e37a8bc89466fde712078bb", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675712, "uuid": "bbb9555d-e161-4d69-a23f-6ff31b5a4d9f", "value": "T16CE423F616283D44790ECE1FABD14EAD3E81C34C9EA254F4584980BA2E27BC8E5619F5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675712, "uuid": "b30e0d23-65da-460e-abf8-41be76acfab2", "value": "12288:qCaR2MgX0O3D1p5eRigSLC1DpnjKyj/iaiRSpoZNK2LdM8VWYArhhSXaN1/dm0Y0:guEO3BeigqyDBjRjaa9ORLdM8VJUhh7j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698675712, "uuid": "ca47feef-a2f8-49f9-9989-7b8eccfc34ef", "value": 684901, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698675712, "uuid": "732ce9eb-d535-40ed-a03c-63a5eb9e876a", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675712, "uuid": "c96537ab-15a2-4d3e-b382-cb4035d26ecb", "value": "PURCHASE ORDER.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0aaa0d29-76f9-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698652249, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652249, "uuid": "977c2734-b44f-4ecd-aa8c-a3f576320826", "comment": "Malware payload (Amadey)", "value": "3837ff5bfbee187415c131cdbf97326b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652249, "uuid": "b7faef73-65de-461f-aa9a-dae265dfcdce", "comment": "Malware payload (Amadey)", "value": "9ba7ba0628c6739e758d2efed0207f70aa4dab2d436cdd11cd25d5585b94481d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652249, "uuid": "1448423d-123d-44b5-9d71-9103620b0682", "comment": "Malware payload (Amadey)", "value": "be140d44705431c811c41bc58edcb093aff5330c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652249, "uuid": "ac77e9e5-7a20-4e84-b04e-6728300fe37a", "comment": "Malware payload (Amadey)", "value": "c1dab432fce392f5a948adb5454d7f8ecaa65001cbb6df520d3f45f8b62c6459ad5074f39c87ea050542800e64071ebe", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652249, "uuid": "c61cacac-9860-4d5f-8472-c28650608dfd", "value": "T1B57523B2B5D881EBD8E4333559FB038B1A363CD14F2CC66D2B5868A70A325D4B079767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652249, "uuid": "b0ce57c8-9c77-44e3-89fe-2ee33a42bd62", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652249, "uuid": "deb00bc1-82d6-4c8f-949e-9ee40e4db8a7", "value": "49152:ib28+bc7HJHPmAwCJlYx0/mFCu/MCxIZYXm:k2147lBN/udyZ4m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698652249, "uuid": "7216d783-d3c7-498a-802f-57eb9e5596b3", "value": 1614336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698652249, "uuid": "73f357d2-738e-4e6f-a9bc-c124cf847462", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652249, "uuid": "523fbd98-adcf-400e-a2a2-3f10b9a4c8be", "value": "3837ff5bfbee187415c131cdbf97326b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee099cea-76c3-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698629437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698629437, "uuid": "dfc3923b-d011-4fc6-99de-0e4c3cfaaf67", "comment": "Malware payload (Stealc)", "value": "6520ebb48dc3ed5025c52f35cfcf49dd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698629437, "uuid": "bf93ab6a-1704-4f8e-a6fa-492d4d662e5c", "comment": "Malware payload (Stealc)", "value": "9be331f1059d8f7f371f8cf02d8b5db37ffec33e259b7d25b9902eef45a8461b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698629437, "uuid": "2e613b41-2a69-4373-a61e-36090149f755", "comment": "Malware payload (Stealc)", "value": "c3d26e8c337515e13c9cf33e0ebd387b17df7838", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698629437, "uuid": "313c52a1-ca7f-4b78-ae46-14faea7f3428", "comment": "Malware payload (Stealc)", "value": "1dff0fc2364ead746e5a3fd3b90f9f798e4d3ecbe0717df10d0ef619b93720130042b9a366630c51a1cfd7337dd384fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698629437, "uuid": "550a296f-6240-4a50-bb1e-b73eb27dd301", "value": "T1B0E49D12A2B1823BD07E3A3C981B56BD98697D41F7A8E4CAEFD05D4C5E35F813491393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698629437, "uuid": "981fa6a9-65ec-4b52-8a47-40e96287735b", "value": "63dcf426cf592d540da4a68f9741991e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698629437, "uuid": "9b9a03b4-2f67-492a-b303-c94273db07f8", "value": "12288:JHQ4R78rGcukgmWRjAeQVqtoCldl4Dol9:1HhZcw95jSCloDg9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698629437, "uuid": "bb28f718-069f-4fb3-a42e-de7a3b609aa1", "value": 657784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698629437, "uuid": "80d30a79-4473-418c-961a-eada9d4643de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698629437, "uuid": "6470d5ea-91e2-448a-a418-e089bee76dee", "value": "6520ebb48dc3ed5025c52f35cfcf49dd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9dfb78a9-772f-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698675689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675689, "uuid": "4fbee43b-4561-4f78-9f87-d15bfd6abeba", "comment": "Malware payload (Formbook)", "value": "b00f075e3d51a819b154a8381b842be6", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675689, "uuid": "265bf590-e8b1-4652-bb2b-36440c320454", "comment": "Malware payload (Formbook)", "value": "9c027e94cf9da2e5da48a45f937c25cbf998453dbb4d51d1e7c4e16b6cd9a347", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675689, "uuid": "356c9037-56d5-4abd-bb33-6b2fe667afe1", "comment": "Malware payload (Formbook)", "value": "e5552f9c66dbc446524ddd3530d2caf1ae29d713", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675689, "uuid": "06d90106-1239-4825-b179-ea265f476aaa", "comment": "Malware payload (Formbook)", "value": "afb99d9e890992d01423ad9b8cff9e6a3f042b0b4f258d4c9f1fa4308a0627ffe458dfaa8b79d28e7dbabc4c29056591", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675689, "uuid": "14678db6-eeaa-40ee-87bf-b0bd364a1c75", "value": "T17A84238EC552D50639DAD796C9E9D2387C2CF48581DB7DAFF381089984C634B481EE2F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675689, "uuid": "6dff7088-f01d-4877-97ca-91ce50a5547b", "value": "6144:xL/Sc+h60c0W0Hxel0bsxez5JB8BIskFVVqCh7LkeUxrPSZ4YoyJ/:xL/Sc+nmUUe58WhhhG1PWmm/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698675689, "uuid": "6f272673-9b27-4d68-b53c-fb266f3f72e5", "value": 379056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698675689, "uuid": "c0384e70-edfa-42b5-92b2-42997c9c2872", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675689, "uuid": "30cf8e80-ae37-4169-984f-df4a6484009c", "value": "INVOICE-20073544-2023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24a0d002-76e7-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1698644561, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644561, "uuid": "02d2389a-982d-4c96-8688-803d76fc165f", "comment": "Malware payload (MarsStealer)", "value": "6ceae386182082cb54b1a029243e27ac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644561, "uuid": "65590e15-39c7-40e4-9edc-795a60084683", "comment": "Malware payload (MarsStealer)", "value": "9c9306c968318a95791dee86bbc6c16f6b1d0f53b5b7d682c2a48a5c6cc1a75e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644561, "uuid": "0321ae70-7cf6-4d8f-aa3e-a6b3b7b38c8d", "comment": "Malware payload (MarsStealer)", "value": "d560fb4854cb543a40bfded851bda326e17a65f4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644561, "uuid": "d6c6710b-e7fc-43aa-8dd4-b614822d8d45", "comment": "Malware payload (MarsStealer)", "value": "c4ca5f06ffe20105359d61f1f4ca1fbe35c7f588da64399d18400fe275666f712fe37ab7aadec874e4d61290f6e0f3e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644561, "uuid": "7bb08e8f-3a37-41a8-813c-63a88ae3fcd8", "value": "T1EB248D1263F17CA1F57766319F2BD6E8362FF8714F6CA6AA1318962F08702A1CD72711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644561, "uuid": "351076ee-3fc4-47be-a272-e983fb1f6572", "value": "a7834573a680f6c5596ccc88099e7718", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644561, "uuid": "6ad5e582-9757-4b60-bb46-d63d7aa90641", "value": "3072:M5XKAvgsm/uIbPRgyfhdftYANQ2CoHIQL9lMf5Bc5v5ZO:oK4gs2hb+C7FYdQNL9qfbW5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644561, "uuid": "5199ef30-9bb0-495e-94cd-156c4a68fa2c", "value": 216576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644561, "uuid": "61b5da86-3a1d-4266-8fab-d7ce6af99c32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644561, "uuid": "b7d4df4d-6df0-4794-a8a6-c8c32e727ada", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b428f3b-771c-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698667390, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667390, "uuid": "001ce95d-d31d-44f3-bc6f-769660d37496", "comment": "Malware payload", "value": "d3050b3c7ee8a80d8d6700624626266d", "object_relation": "md5", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667390, "uuid": "56b0e3c7-70cc-4fbf-ae96-d8020dbe46c6", "comment": "Malware payload", "value": "9d8cd5911f7f5af68766a47494b6ae47a1a6f461174f6ed06f2e0d487a8d5043", "object_relation": "sha256", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667390, "uuid": "3db71005-f64a-4fed-bf86-13f26d6ad1e7", "comment": "Malware payload", "value": "7e4a2bb5198a64c68e3ee4fdf97fc14b60a02f84", "object_relation": "sha1", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667390, "uuid": "ec8bf1e1-ca1f-475e-ab33-b6a868b0f1d9", "comment": "Malware payload", "value": "b3204316bd172eeb3ee47970de10f33138e10453ad5edf51b40024a32595fa96cb54af7ad8acb8f9b3f837a5c7a3ad3e", "object_relation": "sha3-384", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667390, "uuid": "b904b48a-bc26-4022-a6cf-c8c376e315eb", "value": "T143A36B5773A440BBE4739678C9A35906D3B6B8560270DB9F07A0016A5F73BC29E3DB32", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667390, "uuid": "b3625f7b-1bea-4978-825f-1a0cd3bb8c9e", "value": "fffe2d973c7d8cf369cdb154a701b2a0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667390, "uuid": "1fdca44b-dba9-4a9c-bb37-f91dd5bab408", "value": "1536:cs2KeOCG3MqSTNTQpbqykujOak615Z8lbX9/R77ZwHv83OsW4dNGVWUz1Rh:dwOWqST9IbpNOJ615YbXr7SH4NJUz1R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698667390, "uuid": "41a43e84-5f2a-4f6b-b444-15cb3d7193aa", "value": 100864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698667390, "uuid": "6329d570-8314-4f6a-8248-be2513962fab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667390, "uuid": "0f36f2c5-8b9c-4880-b0a4-fb8b7a4ca342", "value": "d3050b3c7ee8a80d8d6700624626266d.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79f170b8-76f5-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1698650717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650717, "uuid": "e6cd0998-9acb-42d1-9690-4678e89503ec", "comment": "Malware payload (LummaStealer)", "value": "b4c67afbce5715b8bc9c3b652564ee22", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650717, "uuid": "58a694e0-de48-4f42-9a98-581266bc69ea", "comment": "Malware payload (LummaStealer)", "value": "9e3176f4b02bade546d7e7965ae7a7092977be4f822ad927e62e6603de83e2f9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650717, "uuid": "1049d6e3-c069-467f-acb0-78274715c8dd", "comment": "Malware payload (LummaStealer)", "value": "1904a8f85514871157edf7111cba2e92682af03c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650717, "uuid": "8ca68b63-ca4d-4a4f-b834-cb0d4e8fc50c", "comment": "Malware payload (LummaStealer)", "value": "3a60836341daeb3fb0fd21851c23a192d570f71c29471bc98e44172c38f9cc3121b91a0eadca4a7596ce8dccb2a1ed35", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650717, "uuid": "5fd19de4-f337-415b-ae5b-5651584da3f7", "value": "T139E4BE64F00786B2FDE650F6F06178974C90AEB21742B9E793D49E1066FF3D01B21A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650717, "uuid": "6e6b6bd3-63b0-4b9b-a082-2bd77a16ab4f", "value": "24474625b01796b3171973a0cb41f62c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650717, "uuid": "c89e38e2-f59f-4e37-b537-be0f9b7172a2", "value": "12288:4D6oYmy0vvcL0xzonhWwnW56viEUrvPiKaTicl80cwenIS93p3qVy4FML:ay0HcLIzMWFjvDPiKaTiclDcwi93MVyH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698650717, "uuid": "d6fba925-e8a4-4c7e-9b78-79c1a64a0237", "value": 699672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698650717, "uuid": "67e2f718-1f4d-419c-93ad-755c1928230d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650717, "uuid": "7376001b-24d1-4fc9-ba36-b032ba0e1229", "value": "b4c67afbce5715b8bc9c3b652564ee22", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f2e8553-771a-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698666618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666618, "uuid": "6fe5ebc4-ceaa-48f7-8d68-0cfbddf16d2a", "comment": "Malware payload", "value": "1c428d6ee030d606ce0f4bcbb03bd3fa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666618, "uuid": "25068bf7-5e7c-428d-81bc-cdf1ac7f6d49", "comment": "Malware payload", "value": "9e8f522f7002903b634e692f0ca336073a10640d99aadda5dacbc8b2fd52679f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666618, "uuid": "ca0fb508-fa92-4ed1-9701-d4bad3eaec27", "comment": "Malware payload", "value": "e8fabc81d2c49c23b9f951636d5a0769e02f1e47", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666618, "uuid": "47338a72-93ad-4523-b758-f68cb6c2808f", "comment": "Malware payload", "value": "3c32d769153f4a900b0d8489c26947c190f5ca4ff0ed8f930331df368182a3f62a812cec3d70e52340f2b03564804b6f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666618, "uuid": "f09ec8d7-d20c-42f0-bbee-8ce29ef1cba1", "value": "T1A29733C2E5C755B3DA2B003868B35E351D172E6462D85C5A0EBEF7AE0972AD23F31913", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666618, "uuid": "b4542366-1840-4cff-9f74-045fc1a895fb", "value": "483f0c4259a9148c34961abbda6146c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666618, "uuid": "aab659eb-5bf6-42ac-9027-7c7567ace28b", "value": "786432:0FR9YRd9SGm2IErN94Hr/mNjtHvmBpQUFCiVzBX0869kCHtj:0kdVseyKRHvSpCi5BJ83Nj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698666618, "uuid": "73ef7b32-cf33-4cb2-938c-d14e653c5b04", "value": 42753016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698666618, "uuid": "06e66d7d-10bf-4e6a-b23b-99f4f7203381", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666618, "uuid": "e97b9309-af02-4364-9e36-b2cd26ac2509", "value": "AnyViewerSetup[1].exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95e0e710-76fc-11ee-8907-42010a9c0042", "comment": "Malware payload (STRRAT)", "timestamp": 1698653771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653771, "uuid": "e721701c-ac1d-4f4b-b810-65542400dcd4", "comment": "Malware payload (STRRAT)", "value": "6ad349031a949fd9962a6129fee551ed", "object_relation": "md5", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653771, "uuid": "cec7c1d7-b91e-4c73-8dd3-f061b1ed2837", "comment": "Malware payload (STRRAT)", "value": "9ea3504ddac732ec975be1860cd3c430f6ffcbbd8a75a2231b99b37855773eda", "object_relation": "sha256", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653771, "uuid": "b0e7b726-fb26-4c88-b816-9938a818abd0", "comment": "Malware payload (STRRAT)", "value": "963a1bb4595e80c96a3d278e844972a304d0c111", "object_relation": "sha1", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653771, "uuid": "d734170f-c6dc-4a70-92f7-2889a6c36ade", "comment": "Malware payload (STRRAT)", "value": "87afd47cc0e57b8ecc8b4de1737c13e3a5f4696c2af8cdef93e4c5c4d10f757981970de9169894617e44fe57193c6b6e", "object_relation": "sha3-384", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698653771, "uuid": "9baca487-395f-40ac-9525-dfd6f0a66cdd", "value": "T18CA49F42864C0A17F6AC4D84C4BB83768B6FD50DAC0C94ABD666DF2EFF52E183613947", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698653771, "uuid": "a39323d9-19f7-4ac9-9caa-da700c1499bb", "value": "6144:MQy1oLmmK2bCRQStNcmi+ig1uoWZ6xqgUjixdmPeCo8VXzsOHQ7CppUvRq8bFst:XyzxXrI5oxqvqmPvNgOHtppKjS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698653771, "uuid": "602f85e7-df48-42f5-8c02-3a1fb80041fd", "value": 450434, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698653771, "uuid": "c5b0d44a-3497-4a6c-a304-7f9765a02bb1", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698653771, "uuid": "d82979e1-1f9b-45da-9670-72080b0ebed2", "value": "PURCHASE_ORDER.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "120c9d67-7758-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698693063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693063, "uuid": "9e8c143d-0545-46d3-9732-3a3e0ae5455a", "comment": "Malware payload", "value": "d6617f2014f5a3ff30bc172ee06421ad", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693063, "uuid": "ff8a863d-d0ec-4a18-856d-29e603128d94", "comment": "Malware payload", "value": "9f4f50fe4255223d4549ed03b747711103330295d2888e2ed6e7e19d0d68ea02", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693063, "uuid": "4a646f08-9b95-429a-b60f-251f786d6d00", "comment": "Malware payload", "value": "7e226765517cedbca56729353ec1de293a859be0", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693063, "uuid": "f06ee30c-c5d7-4a6c-bb41-dacdd9e50eee", "comment": "Malware payload", "value": "ac9a81b386e33b85be0b6d6c6614a03a549da7464a4b79b3c50001b893f252dfdad2c6b2a56ed7248e9fe223d50adfe3", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693063, "uuid": "b0df2462-a249-4924-badb-800d3fe643c4", "value": "T1EB835C49D747CAB3C88307B2029BBA764532F93B5E2E9E45F70D7CB49B124D87226712", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693063, "uuid": "07f20658-29a9-410f-a7ab-a26ca249d16c", "value": "1536:sQmab6bXPm8VjWWHT0im5t3ItTShKW6GLdUF5MI5Atpgw9UOGHfV+mLI2VOYjXUd:Oab6bXPm8VjWWHT0B5t4tcnBUF5MI5dW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698693063, "uuid": "0d2a8b98-e688-4d8e-8097-465cd1a15aa1", "value": 86409, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698693063, "uuid": "fc7c107b-5719-4a70-923b-9ced18b2b7cc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693063, "uuid": "927d854f-b969-4694-aba2-d71e39e926c0", "value": "x-3.2-.ISIS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17ce27c0-7706-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698657854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698657854, "uuid": "60f41696-b6af-4f52-af40-36b632bc3035", "comment": "Malware payload", "value": "14f6e66efcbcc6ef30286fa5c5be1697", "object_relation": "md5", "Tag": [ { "name": "ASPack", "colour": "#2CB79A", "exportable": true, "hide_tag": false }, { "name": "blacksuit", "colour": "#E2206D", "exportable": true, "hide_tag": false }, { "name": "ddos.dnsnb8.net", "colour": "#9FE8F6", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698657854, "uuid": "38e53325-6550-40af-a72f-337fbf6625a0", "comment": "Malware payload", "value": "9fbd818dc28ea5561278e873bd9b6deb896d4fbaac86209903bdeaad55c6c31a", "object_relation": "sha256", "Tag": [ { "name": "ASPack", "colour": "#2CB79A", "exportable": true, "hide_tag": false }, { "name": "blacksuit", "colour": "#E2206D", "exportable": true, "hide_tag": false }, { "name": "ddos.dnsnb8.net", "colour": "#9FE8F6", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698657854, "uuid": "a6249e83-9c33-4b56-ad73-e16304b6e83a", "comment": "Malware payload", "value": "ad99edce34103e6e0aa91e4794e96ecf08d5e306", "object_relation": "sha1", "Tag": [ { "name": "ASPack", "colour": "#2CB79A", "exportable": true, "hide_tag": false }, { "name": "blacksuit", "colour": "#E2206D", "exportable": true, "hide_tag": false }, { "name": "ddos.dnsnb8.net", "colour": "#9FE8F6", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698657854, "uuid": "4be0979b-2255-4dd9-98dc-5db4ca12338c", "comment": "Malware payload", "value": "92538dc8099ecb06708a479d24ba712dbe854d8f01228a214ab982670d336605448b316bf3526bb3b48c5472c00c4149", "object_relation": "sha3-384", "Tag": [ { "name": "ASPack", "colour": "#2CB79A", "exportable": true, "hide_tag": false }, { "name": "blacksuit", "colour": "#E2206D", "exportable": true, "hide_tag": false }, { "name": "ddos.dnsnb8.net", "colour": "#9FE8F6", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698657854, "uuid": "d4878034-d36d-4603-8c38-d4f124ba9ffa", "value": "T1D1D58C21BB56B0A1D88E0335329753FA8D3956E4D737A9D387D22E6988113C19A3F3DC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698657854, "uuid": "aec6b100-3e26-48fc-bb48-2766fcc02402", "value": "349e9f843a1e927afb8b322e2d492c18", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698657854, "uuid": "6736ee9c-30f2-4637-bbf8-afaef61df3a6", "value": "49152:UlFcqJWq7TVCfF92zMWGyBk4O1iVIQBzUcdm/ll:UlF1RCN92zMWGyg1DQ+c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698657854, "uuid": "7d3f2ea8-19ba-44b8-8a0c-da1974338142", "value": 2840576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698657854, "uuid": "bebc552e-dc15-4ada-ac13-beaaa3d73825", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698657854, "uuid": "6a154182-8ed3-4798-a8cf-333131e2ca2a", "value": "LckVQO1wmi7Tv4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1dbbba90-775a-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698693942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693942, "uuid": "9991bc53-d1f2-42ea-b2d0-6e14ed0363d2", "comment": "Malware payload", "value": "fa85e1ebb8851f969c4e99d35264890d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693942, "uuid": "8d6b1ab3-8013-4569-8a48-b20c2da911f3", "comment": "Malware payload", "value": "a1018f6e1828a26fe95f6a0c4ef3b1b55b13966fbfd11fecc41a1b295457253c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693942, "uuid": "43b25e88-cb8b-48f9-84d0-d6acadad8882", "comment": "Malware payload", "value": "4e0c0a24148a6fa43ae34f8aba2aeaea35921162", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693942, "uuid": "87a20f63-f602-47b9-852d-0cd30f448793", "comment": "Malware payload", "value": "9892a208fafd8f2005c1da1b17ad9fef0f7d70265dc6ad46827ce3506ec345662246caf0eb45eae5025acfeda5a30b92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693942, "uuid": "c05df356-39ef-4f35-b862-8e27949e1f63", "value": "T186F4CF9C766075DFC82BC872CAA42C64FA2164BB570BD207A05716EDDA0E9DBCF141F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693942, "uuid": "cab3500e-6183-4cf5-82ec-d05c1b14d0ac", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693942, "uuid": "7bc9f6f9-a7be-4c1d-943e-8bb0ce8e0642", "value": "12288:TqRZHn/V69yqL28oSwMkTJAhg5lY8EM2av749GdXjY+94jHw3G48IS6YtzLBgUuI:TqRNnt6XyLSK5KM/v749GdU+qjHwWfIE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698693942, "uuid": "bc122cc0-07d3-4ea0-8ac9-8e997c6141c3", "value": 732160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698693942, "uuid": "773aa0c9-f134-4f49-aaeb-d635fbd17400", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693942, "uuid": "3bc984b2-ca9d-4205-8dfc-b72b4a748af3", "value": "INV.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "821e9104-774c-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698688097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688097, "uuid": "e6b8a7f2-55df-47f9-9305-dc1b1d97e2af", "comment": "Malware payload", "value": "9cdd56d9acd9b190ea7a9eaefe385202", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688097, "uuid": "e1b8a9e0-bedd-4745-8f85-a3c1710dc993", "comment": "Malware payload", "value": "a12ac74e4555847e45eb599787ad86373d8fc7bb39b63550f65ec8d729bf264c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688097, "uuid": "c05b71fe-53cb-4840-89f2-c2db55ef07ca", "comment": "Malware payload", "value": "5e5cdb5fe5859a8b2da327f045ceb8063dfb247e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698688097, "uuid": "91494c24-6a40-4e18-9fbe-9d84c6145d06", "comment": "Malware payload", "value": "f5b5beb91fe117b9dc13d61a10b6e3992436a8b94ada8d1a6eb370add35bc0899be2b19d3449cb27290c7e50980ec947", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698688097, "uuid": "ae3dd95d-6452-49b6-9750-3d68c822155f", "value": "T119D55A57BA406CA6CF4E61F3D3A707086B07C54A5742D3DA2A9690EBB34D2D77A0F183", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698688097, "uuid": "da4da22f-0c81-44b9-b5ce-1275758ea7d9", "value": "49152:Ka13CXFUnRlf2xe9RFFFuRBWV+fZphEhFeMPd5gz8HEiz:z12F2RZJFniWV+semUz8H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698688097, "uuid": "7e29df63-55bc-4632-8534-e833b9f5a4c2", "value": 2973184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698688097, "uuid": "42c49384-844a-4f29-a0e7-9de68466eb46", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698688097, "uuid": "b6a309cf-1282-46ae-92a8-ec2c97423297", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77ec3787-76b9-11ee-8907-42010a9c0042", "comment": "Malware payload (CobaltStrike)", "timestamp": 1698624944, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624944, "uuid": "26b687b8-3c18-4cab-b189-ba9d0d5e0553", "comment": "Malware payload (CobaltStrike)", "value": "1b1d0b1d153a011ac33298c88e073a13", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624944, "uuid": "5c8a0066-e017-41fc-8f54-cf93b0e7a280", "comment": "Malware payload (CobaltStrike)", "value": "a14a970b32a474e1493028415974ed2d330bda6476f9a0a80c7d0647d8b43828", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624944, "uuid": "f54db350-1afa-4756-b847-36fc4987e30b", "comment": "Malware payload (CobaltStrike)", "value": "e9b0d5105553694fe504972b3db3f888fae7ce67", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624944, "uuid": "3c491cb6-49ac-4ae9-b81a-3b319f1cc586", "comment": "Malware payload (CobaltStrike)", "value": "832e7b4a0b12d8a6e985e7603f8fb9b2a34d61e27184b12db727b6184b66b23caf0559ba196867c534c4af32eb426a9f", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624944, "uuid": "ca42a9d0-c3c7-4f48-83f4-62abedfdae6e", "value": "T1F9C44B86E7D0ADEBC60503758DEF0395373AF6A467479B671A28B2301E47BD0FE86205", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624944, "uuid": "1643b8ad-4129-45f6-8840-b2f90fa6b70e", "value": "8a892aa64777baecfe06cc1108860250", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624944, "uuid": "3957f6ff-7bd1-494a-9eed-53d2368b1cfd", "value": "12288:5DrNnxh51MztnaBH0Dwk3Ta77Hp0fWAUmBAm2l7WvYFL9qoOz:5lnxZMztBTiWvYFL9qoOz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698624944, "uuid": "9a2ce807-fab9-4c4d-9397-3de412cbb394", "value": 587545, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698624944, "uuid": "0e7a2cf8-00e2-42b8-be37-e4b8dcab7036", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624944, "uuid": "4b9fac0d-1063-44ff-9e62-457f02844ef0", "value": "1b1d0b1d153a011ac33298c88e073a13.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa33c36e-7755-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698692030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692030, "uuid": "029d8ecc-6a08-4ccc-a43a-dd1867ba54bb", "comment": "Malware payload", "value": "aa89eed25dcf372491a17680f563e275", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692030, "uuid": "b38735e9-d8e6-4eec-8264-2ba9da431b71", "comment": "Malware payload", "value": "a20732b2730208714be474e012b0ae3668201e7c982b595f9f76b03ff6fabdd8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692030, "uuid": "a29451cb-0543-4062-862a-08f8c676564b", "comment": "Malware payload", "value": "953bbbd91e1a34eb4b08b207c87ce2e71ba7302f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692030, "uuid": "60d21241-d3ff-455d-8e65-f5082b2225ea", "comment": "Malware payload", "value": "26c7964a5922f3acdeb5577240ef520411e473bbff005fedb75f6b94382c81b12ed05b003afe5bf2ef03ea52b290f807", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692030, "uuid": "6bbe2dbb-e2fa-4c30-8401-1eabe601dbbb", "value": "T12E062A60D34195E5D297C030CD964FF4A5E2743B82364B0F1A84DD272DFAF61AFAD2A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692030, "uuid": "37fe85f2-62e8-43f9-937b-490a3bae9536", "value": "87d0737459c3ebc7de35794db4768b2f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692030, "uuid": "bb94beb8-c0e7-49df-afd7-172faf41fd99", "value": "49152:0RD0D6qei0HbR4IrA03WG26+R9/zTrz5wM0WR+c/1j9nSJTl0pox+C/LOzHysdFu:IORkJsYwXC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698692030, "uuid": "2d2fc265-121c-4c4c-a9e8-dc1504c2b177", "value": 3815136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698692030, "uuid": "be6c5d90-c8cf-4dcc-9796-afc71b3277d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692030, "uuid": "572a038c-9bc6-48f0-9c73-83a64291d801", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fddd253b-7748-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698686587, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686587, "uuid": "7b111f5a-9895-44b3-9024-5099f16c24ff", "comment": "Malware payload (Stealc)", "value": "2ac98d74492e506d076da99f517c3146", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686587, "uuid": "cd85f65a-4d54-4f4b-978a-46f03b130f73", "comment": "Malware payload (Stealc)", "value": "a26dc029cbda5105a0cb0a4a21b0f0001e6b1d957c5b5f8196cf01ea7b039d15", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686587, "uuid": "d3f4dacc-f91c-4ae4-b181-2f0e0de53b5b", "comment": "Malware payload (Stealc)", "value": "b3defe4a357cd20b5b9b8ecc66bea5fac064a256", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686587, "uuid": "e312d91f-4b52-49d2-8bf9-a7a406458109", "comment": "Malware payload (Stealc)", "value": "c43f87426a16791534eb47d69b7c4af7717efdfcd1d057a1aafa4a8d6caa47ac53b78cf25d61f7cb52fd8cc28e289b05", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686587, "uuid": "3e400377-ce31-43f1-93fc-f3fcd493b2cb", "value": "T1BE343B1382E53D94F5269B329E2FC2F8762EF5624F5977BB12189A2F04B01B2C173751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686587, "uuid": "d6abc2ce-a093-48ba-a2d4-6d1b51d2241a", "value": "73cfa25cc90eaa3b417b5fffd6b6d8cd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686587, "uuid": "5d86c9ce-4521-4969-98de-18fed2140634", "value": "3072:aAXb5Dl3ES2MP1vZprNooACC7cs8fOQuWaq7YuUgR:7bNl3EHMPFZtaoAZ7cjfO+QZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698686587, "uuid": "eeb6fe1b-e296-4321-a5cb-245f6fb36aea", "value": 241664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698686587, "uuid": "7e2c49c4-5482-47ad-aec4-14fbef454373", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686587, "uuid": "ecdc6d41-3d51-4daa-95dc-f5f2a609be96", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e899c73-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698645034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645034, "uuid": "6cb9c52d-9205-4f75-92df-dbfdf371c74f", "comment": "Malware payload (AgentTesla)", "value": "2bb2b303cdc5b7fddc72d1e629677f5c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645034, "uuid": "2019b479-36f6-4cf7-8a90-56eae4752fb8", "comment": "Malware payload (AgentTesla)", "value": "a3446bb104758bb239e4d9268de683822cb0a8e3ad06fca889f0191f7706b64c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645034, "uuid": "088167fb-f42d-4b53-9a42-ba87bc9861bb", "comment": "Malware payload (AgentTesla)", "value": "57110e5ee94ecb78ebdbbfde5bf00ce3c34c453a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645034, "uuid": "7159391d-8fe6-4de1-9985-475e19f46d79", "comment": "Malware payload (AgentTesla)", "value": "c1d0e33db5042cc668cc082ef88876c5128a1c68ab0ac14eca3aa60111eb028cc7e509b9fee171b94d9828989799ec3e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645034, "uuid": "699eda4a-8fff-4258-ac7c-8bc2fa39f4fb", "value": "T11E73BE08B201D419C5539D7E8DCED0E3A6293C5AAE82D70F3284BB1E0C799D75B93B5E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645034, "uuid": "e2a06846-bc5f-480e-9ada-8eac35b920dd", "value": "1536:lKt9+CnVnx4QA0nl71kI8qpsRBCrFiucfwlFJMa9LMRN:lKt06daQA0laI8VmjcfwlDMw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645034, "uuid": "d5584e89-ebdd-4baa-92f7-317b12d3cc22", "value": 75776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645034, "uuid": "9f6b69ae-0ac6-4b97-bd7f-8b323dd14102", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645034, "uuid": "25361913-905d-46ec-9b10-65d7f5090665", "value": "P25102- Andritiz Korea.xla", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e55e397-7729-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698672951, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672951, "uuid": "cf6886e3-6a32-4eb8-aa93-5140fabac62a", "comment": "Malware payload (Stealc)", "value": "4705fe09fae61fc920d384357dac4329", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672951, "uuid": "f0daf097-706a-4ca0-bae3-753458933429", "comment": "Malware payload (Stealc)", "value": "a3a0ec083b5e4e00485974ad2885f89d602a4ea74059b0c5cee54d11f7e3ad7b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672951, "uuid": "1b9f095e-09fe-4822-8daf-e7268b6a1280", "comment": "Malware payload (Stealc)", "value": "24b1af2ec16fd310de21bce230d500e693f4652c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672951, "uuid": "b4f35c11-d2a9-4afa-9096-a798a81be788", "comment": "Malware payload (Stealc)", "value": "49596cf270afd025a1608986613b2903ff741386e0ea59a01698299542d75311116c5dcbf8de345e236cc9777b6b759c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672951, "uuid": "069c12b1-4c73-4d4d-9a0f-1c128bad8184", "value": "T144C49E51E2C14D3AC0672A3E5D1BE2AD58247D1226E8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672951, "uuid": "04d81423-1386-49d9-9ccf-7edc442ef5e6", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672951, "uuid": "6ed7c0a3-ba65-4c4d-b8be-dccffbd525ef", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7daLBIlXSY4j+6qj9:aF7M0UJf7gtIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698672951, "uuid": "356cdac3-0f1f-4552-af73-9d7da06b1a1e", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698672951, "uuid": "8c9fe060-a4f0-4724-a6f2-2b7775a42f73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672951, "uuid": "1aec8b59-b452-4add-b10d-fff89a04926a", "value": "4705fe09fae61fc920d384357dac4329.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3baec4c-7709-11ee-8907-42010a9c0042", "comment": "Malware payload (CrealStealer)", "timestamp": 1698659458, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659458, "uuid": "c4098408-6d06-4809-ae14-cae2f1589ebd", "comment": "Malware payload (CrealStealer)", "value": "243c0655be95227b8295be97789feb97", "object_relation": "md5", "Tag": [ { "name": "CrealStealer", "colour": "#5A9C16", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Python", "colour": "#D6064D", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659458, "uuid": "ac8987a3-62ea-4ec1-b2ae-cc4328ca8f88", "comment": "Malware payload (CrealStealer)", "value": "a3b7ca2eedb0fc1c76c48264a0c863e9cda615d5d41adbc7a16360e6d407f738", "object_relation": "sha256", "Tag": [ { "name": "CrealStealer", "colour": "#5A9C16", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Python", "colour": "#D6064D", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659458, "uuid": "525f93e1-41d3-4cda-8e8a-1bcad4b84882", "comment": "Malware payload (CrealStealer)", "value": "a356795526b56cac6cdb7130586ec58955c2cc20", "object_relation": "sha1", "Tag": [ { "name": "CrealStealer", "colour": "#5A9C16", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Python", "colour": "#D6064D", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659458, "uuid": "5a5e2b2d-b8f4-4d3e-9a54-2bb057810563", "comment": "Malware payload (CrealStealer)", "value": "fb4289e06c3188d88c94c303400716fdd23da4b5ec8cd76cc9b5c73116dc4db485b30674bdaefe73182b5ec7e6d107ee", "object_relation": "sha3-384", "Tag": [ { "name": "CrealStealer", "colour": "#5A9C16", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Python", "colour": "#D6064D", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659458, "uuid": "710e2331-f4a3-4467-b225-6d81e6486e0d", "value": "T10FF63357076A486FD2D2333CD49BE638A1316AD0F633D349EEA466A79DC33841C939C6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659458, "uuid": "e9e3b1a5-9b00-40ca-9e3b-6a6ef4662780", "value": "20d446c1cb128febd23deb17efb67cf6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659458, "uuid": "9c718360-c4c9-473f-b521-3d2f88bb90af", "value": "393216:pJBtZiIE7YoPQ6dQuslSq99oWOv+9fgGISPeiS:pJBtm7rPQ6dQuSDorvSYGIhi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698659458, "uuid": "df03ea1e-4234-42b1-95e1-a62adf76f8ad", "value": 15368492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698659458, "uuid": "2a4ac1bd-1a64-4cad-9f29-f8fb7d0ebb4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659458, "uuid": "b5ffcce8-09b2-4f21-9af5-38c7cd7d6c8a", "value": "Adamx_Tweaking_Utility_Version_10.04.23.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b534eb50-76e1-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698642227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642227, "uuid": "60ef5c63-67ed-4464-a0ce-c04ca7d28134", "comment": "Malware payload", "value": "82351be3f9841488a4cc02544f0646e1", "object_relation": "md5", "Tag": [ { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642227, "uuid": "0283cfc6-6331-4bca-ac0d-3733e1933e9b", "comment": "Malware payload", "value": "a557365e5b1cc30d2ab2af5b6c43433f11f121c7cc844d82081f9bfa5ef8c2e3", "object_relation": "sha256", "Tag": [ { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642227, "uuid": "8e37f44a-10a8-45a2-85f5-f08b800eecb4", "comment": "Malware payload", "value": "a4816ebf3cb3cbd45bf0da2ee3f563304c43214f", "object_relation": "sha1", "Tag": [ { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642227, "uuid": "818afb47-cf9e-4f51-a130-caf5a2b3043c", "comment": "Malware payload", "value": "de5f942086d9410f9d4b469af3ed0fe4577ddd4d07bec6b934def3a729f306c0b9885f149a3e3ca995107255336fb07d", "object_relation": "sha3-384", "Tag": [ { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642227, "uuid": "7a077abc-9996-44a4-a6a9-36a049f4ad74", "value": "T15FC2F183041A7A9E9FEF437F9E10A161203710ECC7245C47B675F379E12197AF8A6627", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642227, "uuid": "eaff4102-5db2-4a53-b27d-b202d398eabf", "value": "768:DQ2O7QzunjPPGieABwhZXPRXP/ikogGdE:D8QSLfeA6XPRXbogz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698642227, "uuid": "f9482fdd-d643-475d-b71e-75da8f5e5fb5", "value": 27944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698642227, "uuid": "5063a1b8-9277-42f2-85fb-bb11fa863e91", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642227, "uuid": "23f25c19-f688-4c4d-b484-5cbbdcb51751", "value": "Setup.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2feab8da-775a-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698693972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693972, "uuid": "05a6fd46-2791-44f3-a467-b83af63adb35", "comment": "Malware payload (Formbook)", "value": "04bfbe662c6fe75d48c45571e1cdb17f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693972, "uuid": "dc8f8aef-6d23-4e8e-a4fd-6d9b715b1e93", "comment": "Malware payload (Formbook)", "value": "a5bea05a2f6c78eef246760dc715dd3fe10b0615ac161efbeb8a2cf6c9836499", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693972, "uuid": "4017d6d0-3611-472e-986f-7dc248111d0c", "comment": "Malware payload (Formbook)", "value": "6fcf8dcd30720bd5ceb7ce3f7d1dcea225b989db", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693972, "uuid": "42fc3e0a-0538-4915-bf80-9d03858cc59e", "comment": "Malware payload (Formbook)", "value": "640318522bc4bfc858351937cc888b46c11bee716fb21455582677c161f73d37b8066c477f5fa173652fe99d662c09f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693972, "uuid": "bc84da5e-6ab4-4ce1-9df5-76e6425c55ac", "value": "T12D92080D5A1DC663C6AE467D68A3038A4775D72BB842E38B1CCCE5E628533D10DC63EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693972, "uuid": "000ef4f1-8fb1-49e9-b77a-5d1d2827646e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693972, "uuid": "40537f08-6acd-4123-ab67-4268d7f3a6e8", "value": "384:O/6i+tTBROM5DWvizocBuLXMEgsYCPGMpizIlkyVT6AstGyFFLuUW:OS9O2NMpizvt1XLu9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698693972, "uuid": "16bb83f9-7c61-47bb-a21f-2eab5cb4c518", "value": 19968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698693972, "uuid": "ad84c3b2-8c68-44dd-801e-3c0e6b328752", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693972, "uuid": "68ba09d3-18f6-4ea4-bbe5-67dde9821fbb", "value": "Statement20233010.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "226f016e-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698644987, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644987, "uuid": "ffc1c2f9-f79c-426b-8790-e8b9a7eba19b", "comment": "Malware payload (AgentTesla)", "value": "60ff524212489c2928c65dddd1a7af6f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "PR_301023xlam", "colour": "#6567F3", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644987, "uuid": "9f399a2f-35c6-4613-a755-673d7d87def1", "comment": "Malware payload (AgentTesla)", "value": "a5d29dabddd6fe61f6167d3477a10b6ba8ffc05757e8ee4d40168c91a1720b75", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "PR_301023xlam", "colour": "#6567F3", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644987, "uuid": "e4bbe094-baab-4350-b416-7b804419c776", "comment": "Malware payload (AgentTesla)", "value": "d06f638dcd3f9809355d72eb5e88f26fe7cd6b02", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "PR_301023xlam", "colour": "#6567F3", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644987, "uuid": "a1759ec5-d298-45ae-bbe8-ca49dd1f6e52", "comment": "Malware payload (AgentTesla)", "value": "4e94b606a9b76523cc4185e41d16f5d03db7f28543ad5d88a5e7856c13694fc77839896dc4ce7112b04539e3f253eb3b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "PR_301023xlam", "colour": "#6567F3", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644987, "uuid": "1237aeb3-a6bb-4161-a96a-6ce8370e89c7", "value": "T128D423EA9A1558A6C9BD00633DCCB5E7899D7D04EF2FD70F76718096920C9EE00E18B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644987, "uuid": "3eb5373f-4c17-41c0-a31f-e31af49c3958", "value": "12288:Y4nWs4DoFwxZFYn8UmBhH4oZxLYH2hqXNo/LzsZprPHjCPGEQIbyR+fz7H2+D:BhFwxIPG1pDMQ+rcGE9wCXWq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644987, "uuid": "9f5f499c-36f7-429e-80b0-74def5e929be", "value": 653787, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644987, "uuid": "3c95bfab-9c97-42ca-af13-f565d2520ad8", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644987, "uuid": "6b327e81-0c8f-4644-8667-fe4c81e8529b", "value": "PR_301023xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7f5a979-76f2-11ee-8907-42010a9c0042", "comment": "Malware payload (Sliver)", "timestamp": 1698649614, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698649614, "uuid": "5d3350e6-c729-404b-a0f7-30f9054fbfb5", "comment": "Malware payload (Sliver)", "value": "d22eacb037ca4cbd864f6d5671d115e1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "sliver", "colour": "#F89DE2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698649614, "uuid": "74e8e46d-8175-4e4f-bf17-ad545cced76f", "comment": "Malware payload (Sliver)", "value": "a681cf93554fb104eab53ace13b6c18c8a3bfd49774fe467b8bf18b1510405da", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "sliver", "colour": "#F89DE2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698649614, "uuid": "c52c7664-734e-487f-87b4-87a920936f68", "comment": "Malware payload (Sliver)", "value": "4ec1402e6b12010da6922ee7ce15f09ba023e231", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "sliver", "colour": "#F89DE2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698649614, "uuid": "fac0f89b-29ff-49b1-8fcd-37b102901039", "comment": "Malware payload (Sliver)", "value": "7ce143d4f0ebf404e5634e7951a083264b0f7ab9f8bb9559ffa0566c7ebc5f5d10319dfdf7bfc8dda941e0ed6716647f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "sliver", "colour": "#F89DE2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698649614, "uuid": "8d08bbac-c12f-47c5-980b-17fa811550d2", "value": "T1C347F42DF9CA7FE3DD23A4B3A121656058CCCC5A9752EB63C491A733B65A33C9C97240", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698649614, "uuid": "207cf51f-a425-4ca1-936e-f4ff9223f698", "value": "c0e3cfd21ea2d1e61fbcf80e0c574630", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698649614, "uuid": "a6685ee3-d6cf-4a02-af27-5c7529aea519", "value": "393216:lJdDPlaPEk7GoH8VYPoaHm+esfrvy6QK5qEdYRCHyUdPMHeyJzkssxPfDosW2mi2:lJ1uEk7fZGF9K5qVZUE7S0sW2m4wx3Lv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698649614, "uuid": "520685dc-1d83-4cb1-9100-414b8ca1994d", "value": 25004032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698649614, "uuid": "f40c2ce3-ea98-4fbf-96c3-41500755c319", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698649614, "uuid": "9db9a1c3-370c-4520-a777-6574a1d21424", "value": "doc2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf9a540c-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (Glupteba)", "timestamp": 1698690804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690804, "uuid": "7fcf4953-dbd5-4c86-a936-b04bb8b21e84", "comment": "Malware payload (Glupteba)", "value": "34974778984b9465abca4245c65dd0e1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690804, "uuid": "06e79851-e657-4c2e-9bd8-a9decb549ef4", "comment": "Malware payload (Glupteba)", "value": "a75f981326ea2802a6255e99d414aad4ebc4871b9547897dd70fea3b8105ed42", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690804, "uuid": "42c89e0b-8d8c-4874-b75e-f7d80fbb1af0", "comment": "Malware payload (Glupteba)", "value": "c9d89c31f422e49f5e79d77ca89071da3fe84913", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690804, "uuid": "00a7303f-1d83-430f-847e-4a49f7e10926", "comment": "Malware payload (Glupteba)", "value": "2f4375f91eba4e610957b1821782e932ff0fd028f1a337566c537f418cf82bebc5fc2251852307ce039741734a399495", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690804, "uuid": "72765f61-d262-4caa-a98e-1fd0b94d7ad0", "value": "T1DC16336262B2BCB6F57A05352F67CABD52AFF9418A7E423D2204F59B6830132CD37711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690804, "uuid": "8eedc4e4-4c35-430a-9c9e-00eaee617c12", "value": "8dbd411dee61fc1b63660ff89eef7bc9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690804, "uuid": "2a1d1e44-2fff-479c-88cf-7c5c05fb0b0e", "value": "98304:7wGwHY3X8oq1XhtwLn9Ms417YHpR0Rhh2N1d8N5UxY/A:zw48j6mDAMX+dS56h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690804, "uuid": "a4df308b-e4ab-4372-aaa0-6c9b7ccb9192", "value": 4304792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690804, "uuid": "0cf83704-c412-46f4-87e5-c2b0045724b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690804, "uuid": "48dfd103-40c0-4086-9a76-b6ec5da4e213", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d168d17c-770f-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698662031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662031, "uuid": "fb424ef5-cc41-46b3-84fe-cfede9527a9a", "comment": "Malware payload (AgentTesla)", "value": "dd19672f3f5cb8bbe9ae3bc8f803acff", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662031, "uuid": "ceb92380-c047-4b28-b96a-6b7051023765", "comment": "Malware payload (AgentTesla)", "value": "a8c216f83cf0db1dcc1ea95d130009f92c278fdc1e6c44d56c34e3a7cf0d3aee", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662031, "uuid": "4f40f1c8-0d46-4ed5-bfd6-c9ea7aacb607", "comment": "Malware payload (AgentTesla)", "value": "b4eb65175bae5646b04ad6003ee6bf4e0dc53474", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662031, "uuid": "adef09a9-44b3-4e8d-a85f-2d3797d510cb", "comment": "Malware payload (AgentTesla)", "value": "45589a74458302fabca7ef826d84e7972107ec221649b9a5688d6c0d131c11b72b850ef0b724caf711d2932e89c2cd65", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662031, "uuid": "953307d7-754c-4cc5-a174-ae5acdc89197", "value": "T159F423A501652CECC2556432FF916ED5335C512F9012BD1F72EBAAE649333238BEC86E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662031, "uuid": "82f8d528-f250-48d1-8c03-ec544f3d97b7", "value": "12288:WsN1h/KZbjLUeZ5Pv5LhAEFlCl0WSFa+ebI3A/K92spO1tOGixUebyX5ge:rr5KpMwv5NA0CCc+etKLAOxVmCe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698662031, "uuid": "60712bfa-0ab5-45d1-8fd8-7fadbbc4115d", "value": 748161, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698662031, "uuid": "fd888dab-edca-4d05-b87d-071bdc1acfc1", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662031, "uuid": "9e71da4c-32a6-4a0c-bc40-5c916049670d", "value": "Bestellung -10 0652023 Oktober 2023.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aba744e8-770f-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698661968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661968, "uuid": "0c1a2f66-41dc-497c-b2fb-c01a121dbf2a", "comment": "Malware payload (GuLoader)", "value": "89f5d097593ce1318435d33ffce39d0e", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661968, "uuid": "2e1d3697-451e-4cda-860a-4d3371fc74a5", "comment": "Malware payload (GuLoader)", "value": "a9a59aeb2270450bd64fb2ea856572029fbba4659235e0b766b024ff768e9c9b", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661968, "uuid": "3a3dd284-7510-4ad5-87e3-eb4babe12531", "comment": "Malware payload (GuLoader)", "value": "9283c4752bf0ff32014d9cc40a2130ddba608e24", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661968, "uuid": "3491bd9c-3501-462b-a29b-248d4fd511a8", "comment": "Malware payload (GuLoader)", "value": "4a9cab640008f45ff1db1439ab3dd819958b32aaddcfd438e3a88619ef6ac27afce7d6a7ce164d261feb98063292f785", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661968, "uuid": "132ac11e-4dd2-4aaa-9927-5222e85e9b63", "value": "T125936EE2DF94161D4D4B27AEDD424972CD78811D3623063ABFED078DA20B94C93BEB09", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661968, "uuid": "55192f60-f6f9-4dfa-9347-3f7f92399818", "value": "1536:utWV4KDjxsAcPljwHJhTb7ZqSIo+sWdwEQhkXd1tiwRrOFeBUjpy4:sOZjxtc9jwHJR7ao+duhhQdjiwJseBW7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698661968, "uuid": "04b37279-0f06-4c30-957f-b9a62f349212", "value": 90822, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698661968, "uuid": "9ab17dde-753c-41b1-8bdd-28df020a0e48", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661968, "uuid": "7e08bed2-311c-44f7-aa87-52f0fb1afb95", "value": "Dringende Angebotsanfrage 202310_30432NYCUDE.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be1902f4-76be-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698627210, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698627210, "uuid": "7e91d9b6-d3ad-4e22-b007-ed5b2fbd321a", "comment": "Malware payload", "value": "cea923ae0769823ccec712a8fe2699bc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698627210, "uuid": "618aabd3-094e-4853-bbae-3c2d85f0230b", "comment": "Malware payload", "value": "aa181a22a8dfa5cb554b547b7e940d6e4dae5f4e336f2511af6c1ed3a34711a2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698627210, "uuid": "bc87c257-407e-4022-a143-bcd9bfad89c5", "comment": "Malware payload", "value": "ede47e45d28e7cfd5735d1bdc26a0bff618e30eb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698627210, "uuid": "9646d704-7b3f-4447-90f9-dd247b840248", "comment": "Malware payload", "value": "80bc94ca0c2bc52c8a47dba618a55b3c8e1106d53d4c5aaac185bf02d288a052b100098bb44d1887cd1ba07af3fbba44", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698627210, "uuid": "98a5b14d-233f-448e-adde-340aa7306f98", "value": "T1A5850BBD0240E43AD95AED72654A30FB5397F35B29F300AAC60B9065C4A91FBC7393D9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698627210, "uuid": "d99d81c3-9ebd-4b14-abf6-6f1bdad2a3bc", "value": "e610f37eaa24628a7a222cd0ae20964a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698627210, "uuid": "cb79a7d3-adbb-468c-9f9c-006ff396333a", "value": "24576:YZvmi1LYtqEo4qjXx5JSN8MUcaujpX2jU3qgF+L2X1fDqbZBU:8v5BMUVmXmUagF+LQBDqT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698627210, "uuid": "8111b0fb-254f-4c31-9080-31f37c52bf7b", "value": 1742848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698627210, "uuid": "a6f22d36-a531-4dfd-9023-75ea5ae15dca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698627210, "uuid": "48fca51e-62e3-43c3-a8aa-90430b3ae452", "value": "aa181a22a8dfa5cb554b547b7e940d6e4dae5f4e336f2511af6c1ed3a34711a2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7baf954b-76d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698637836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637836, "uuid": "67a0fce8-99de-488d-ba26-532a0c7e260b", "comment": "Malware payload (Mirai)", "value": "96843416293dc60c19213be5ba385ea9", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637836, "uuid": "8d4dab6d-32cf-448c-986a-d241baea34c2", "comment": "Malware payload (Mirai)", "value": "ab0cfa339d1d4c8ae5f940bf58b6512ecb3c72776e802216adcccac5fc234115", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637836, "uuid": "2cee0571-e6a4-4e7f-8982-34674a4c2c4a", "comment": "Malware payload (Mirai)", "value": "8821bfadeff8f388c3e039d5d580c73f243dcfd6", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637836, "uuid": "cb156615-3030-40a9-bb92-9563903e3cb8", "comment": "Malware payload (Mirai)", "value": "26844e115216f0b0dd66605e947281a5a3e5efd7490a6b80ee9e7ddac80ffa67c4d251fd6daa08f46d1af29fd98de629", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637836, "uuid": "e3b29459-b908-41c3-bf53-04d1be828bcc", "value": "T1F8E2E1AFE8906D43CF7D8C328F9A26F96B9633C034CD874693295CC57A5694B790807D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637836, "uuid": "cd3e78e5-ba50-49a2-bb1b-affb0c9235d6", "value": "384:mQ23HgeoYfHKLkINTZ5m0nrZjK60I9N+XKw4K8NFMk9id6cpIRzsvdO53RKXugLR:mQORpo9NT4I9UT4vFMzKUG38RdZWWv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698637836, "uuid": "bb2e666f-fe56-42a8-bd09-a8444b6df808", "value": 31416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698637836, "uuid": "8b40a87c-0dbc-4520-8688-393a1e30c724", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637836, "uuid": "f33c0ff1-f228-4560-a93f-04e773fb640a", "value": "SecuriteInfo.com.Linux.Siggen.9999.5910.18225", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0469fd1-774a-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1698687316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687316, "uuid": "752695f4-1c83-435d-806d-2e85c434453c", "comment": "Malware payload (LummaStealer)", "value": "01a8974ebbf78d8a305fd304784224eb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687316, "uuid": "b431afa8-961f-4437-9387-f62c55fe283e", "comment": "Malware payload (LummaStealer)", "value": "ab2de770aa37881476025be0d91a58826838de592fde00f22ea3a367a0c6a46a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687316, "uuid": "f68dc7d5-1ad9-4198-a67b-0b078f7cb478", "comment": "Malware payload (LummaStealer)", "value": "9b08272594c29f09018cf47e2839a5208b454ad4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687316, "uuid": "09359d98-b052-485e-957a-ca4af9635f37", "comment": "Malware payload (LummaStealer)", "value": "0584737e5f2b0ed23b7c7247bddb79af312adb3d0cbd2b2ea89a2e264883ee1184dc3170e90daeda28748029b6b4f331", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687316, "uuid": "390d2a22-523b-461d-b54c-b23d7743476a", "value": "T17C2633963D921148E89CE63CC1036E6E34BA6EB92540EE8D68F5FF677D739039076807", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687316, "uuid": "23d9bb86-b8af-48e1-b189-b1aa02790ebd", "value": "5c4ca581bd0c16fde33f63c4ab8ff974", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687316, "uuid": "c90a6f8f-a611-4745-988f-0b15a7300185", "value": "98304:ZOSI+ABJpZI1cdtdSJkjScFBiuhivpVf0XYh3fnOaC:8SIDJEQtdSeScrizpqY89", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698687316, "uuid": "d101870c-0090-442d-858e-742a37e66c31", "value": 4783856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698687316, "uuid": "1a9e1c93-3201-4c16-b088-2ac62115ef35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687316, "uuid": "5bc8a311-0bc2-44d6-8e45-9832493e4cc6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f5d09db-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698645009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645009, "uuid": "9ff8b8f4-4d91-4fb8-b293-7b2b7b032b4a", "comment": "Malware payload (Formbook)", "value": "52df53e5c6c753ace9c8bfa3568facff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645009, "uuid": "64f9c183-7267-4d75-88c5-39720595a929", "comment": "Malware payload (Formbook)", "value": "ad75b282d723aca18196bbafaf8cce4901aa56b696967fd652fc163e1c0fc9ee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645009, "uuid": "e5efd318-ab11-467c-9e60-9c1b210fa6c7", "comment": "Malware payload (Formbook)", "value": "85fffebcfc97980e035ddc2a61e582b50bf259a9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645009, "uuid": "89347e9d-bf9e-40f8-af69-d109f487b000", "comment": "Malware payload (Formbook)", "value": "32b02a365aa877166237c09fd73af40f5faccea4c4fa410ec1d9618e0297ea98223b747034091e0a069a135c3f3a9e1a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645009, "uuid": "dc012a82-23a5-42b1-8ec5-fd550d78bdf8", "value": "T1EA154A3C48BD1637C1B4EFE19B958426B2E0A56F3255AD3899E318D64213B06FDC392F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645009, "uuid": "a6151605-b346-4358-9c77-e95423b99248", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645009, "uuid": "643765a4-4e69-4a4b-bd24-61ae7857c15f", "value": "12288:xzZZL90nrDphX3ZPjLRzn02ChMVw0Vl8Ux7cRtQ2EVEyAsMKz:x7mbZPnR702/a6F72rETMKz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645009, "uuid": "522b871e-9e8b-4f0e-a337-7051fedd0b83", "value": 876544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645009, "uuid": "4ea1ab50-e431-4970-b6bd-172f1231e937", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645009, "uuid": "2c1e576e-0cd8-4395-a5a7-b586ca9c1d8e", "value": "Ziraat Bankasi Swift Mesaji,PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfc2ba25-76e1-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698642272, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642272, "uuid": "b95dd54e-9ae6-44de-9675-63d89d752f15", "comment": "Malware payload", "value": "30e7fb6c0637531e9c13bab0a328e8df", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642272, "uuid": "30df525b-71c8-40b9-a820-de924e675918", "comment": "Malware payload", "value": "aed0e8ecc08f9832929c639c9ef96905c57905ddb757e66e4a1409297902b4aa", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642272, "uuid": "349f195c-1557-429b-bec0-9cc6fdf4e410", "comment": "Malware payload", "value": "3afdfda8fafbb21f2bafe2afd02440c83c5186a2", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642272, "uuid": "56147dd6-860a-4ef3-9902-37c802cd6547", "comment": "Malware payload", "value": "7263db4e48c3f8d61022280a9c42e934dde535f9af07075bf0012510eaf0ce8fbb2c691cce2fee70403e4eded681f9bd", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642272, "uuid": "87743bec-aa88-495c-99ef-9f81f8bd7934", "value": "T14563E62776441332F541033295DFA7A09F6A8C5C8BF205126256F3DC2DB3AE4A3BB9E5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642272, "uuid": "0098f67e-6392-498b-8e83-efca1ad8f2c4", "value": "768:ZHLzyKrqJqTc5rrjHCh7fIASUHlrTShGMnaB9YmI2TvgomhpjKdByxixI0UsiAj:ZHWFtC7FSUHlXAcY8midBEi+0sA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698642272, "uuid": "95ac8845-7639-4cc4-b490-1d782e9fd162", "value": 69120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698642272, "uuid": "89e68f3e-192b-4df6-95d4-c57c1ecd69c0", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642272, "uuid": "097adf2b-32ad-448f-9a5d-826fec08d9a1", "value": "Setup.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc92a950-7755-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698692061, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692061, "uuid": "5d8fe848-2c30-4462-93d4-45549ddede55", "comment": "Malware payload (AgentTesla)", "value": "6c00dff27e7b9281f4aa295b522b1e4d", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692061, "uuid": "7222f76e-3cd9-4f0f-a312-a61077e53fe5", "comment": "Malware payload (AgentTesla)", "value": "afc29232c4989587db2c54b7c9f145fd0d73537e045ece15338582ede5389fce", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692061, "uuid": "9e12e06a-9594-4b11-86b2-7aa1b2e59723", "comment": "Malware payload (AgentTesla)", "value": "4ed317a0661c31766048fb6859f55c9646bb3534", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698692061, "uuid": "e8c01868-8e5f-4a93-be53-c47ab5c93f2d", "comment": "Malware payload (AgentTesla)", "value": "0458ef60fbd120a4611a24c5483038cb3cbf14e2aa30773a10450e423be94a08b35ef8e155624fb5bdd004b89eb2bdf1", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692061, "uuid": "62224262-dbba-4f1c-9cf3-fd5c3cc74a63", "value": "T18834FE037E48EB15D65C3D3B92DF6C2853F1A0C70673964BAF48ABA529522436C6E37C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692061, "uuid": "0a96b44c-f558-4944-ae1f-d49f2d0e27f4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692061, "uuid": "a74fc337-e55d-49cf-b52c-6811bd9120ce", "value": "3072:F9iiqY2SmTxxErFa6b/HGr8H4DEKSM5s:ncNTxxErrb/g8HNKZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698692061, "uuid": "ea4dfe82-f329-4281-9a67-1d34bd8cf583", "value": 243712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698692061, "uuid": "536ce7c2-2063-4e8b-b559-39f47a21ad3a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698692061, "uuid": "30655a68-6a26-405d-9244-798c7cb0737e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24d0d271-76ff-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698654870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698654870, "uuid": "3d73dbd5-c4c6-450c-ba70-de17d2a4d6d5", "comment": "Malware payload (Formbook)", "value": "e2c27799f6cadebcc100c42409bbd869", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698654870, "uuid": "8e4e3af3-8354-4be4-b25e-624c69d8b114", "comment": "Malware payload (Formbook)", "value": "b253502d8bce85fda32fc5264bb7736c3280149b529fffc2e77f2c66257b0696", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698654870, "uuid": "da17f095-03e2-4845-aa07-c94ad3fe4cfc", "comment": "Malware payload (Formbook)", "value": "9ad85e2221b312a7204ca0dd9c6a0970a695508f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698654870, "uuid": "cc089948-c5e2-4ba3-8342-2c4c9aa0bbab", "comment": "Malware payload (Formbook)", "value": "b97144e38987c9ea9d903adceead802e057b55f389725ef684c9d28d93806647254962def5d84f758406003e6b88d303", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698654870, "uuid": "8931a3c0-01a7-48c1-aab4-60e7a5257302", "value": "T11C84236953C34AB3C05A683042769FB9FBBBD7040336578377189F2B2C518E60B6F689", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698654870, "uuid": "89e40383-6f70-4ef8-9647-f0c37f521734", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698654870, "uuid": "510656a2-d04d-48d8-b72b-f6062fd32aa1", "value": "6144:F8LxBsMv1pCyr1tvpKKR+U3Vn5W3OvP2mTBsMBUWb7PFImeYnK3bSSEGvGL690aN:/s3CqBKK53N5WLmTBnPl5nGObvLs7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698654870, "uuid": "826753d5-6063-4f6d-870c-aa0ba3d89786", "value": 392164, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698654870, "uuid": "132cdabd-4bc8-4905-967c-e0e4fe67c55b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698654870, "uuid": "2a131be1-6669-470e-b6c4-c1b87ca561e8", "value": "PI-INV-0459384.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0bfd593-7779-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698707503, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698707503, "uuid": "dad0baab-7f6f-4f6f-8b60-acc415767e8a", "comment": "Malware payload", "value": "718ad68024be88417072f727b1b3d737", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698707503, "uuid": "b40eb6cf-4a2c-4096-bee1-1bdb8dbdb959", "comment": "Malware payload", "value": "b2595a51a6f691065b3f844c5ba28f175ed78821ca27bb0c97bcbf260d4f1285", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698707503, "uuid": "a764a842-3d21-46da-97ac-5cec12d3d767", "comment": "Malware payload", "value": "28555b1a9db8a0b35ba67e65c6e549d6ff1b7b30", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698707503, "uuid": "a46ad1f1-d7bd-4227-8783-31e34e0d6d73", "comment": "Malware payload", "value": "bf1d6298f0174cee075230a8e56974a4779f43e588c69f6bdc2a4d5dbfa257b398b1d50c8f423ffe670b4f21b5cb3617", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698707503, "uuid": "e7200b31-44ab-4538-b0db-bd7b7517d02d", "value": "T19DF533DCDA34C9DFD10431B5904CE33E49CBE1665AAE434EC2EB1E78B9B5380AA455E3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698707503, "uuid": "d24182fa-7e64-4052-a2f6-c07eed8646b3", "value": "49152:1MutWdXosgzP56Fo8Uc/vRCNznkafpGNQm6rehAbnVbOU+idEMqRtVQa:1ZtEXoJ756FoMRCdnkGmUe+bZEMqRjQa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698707503, "uuid": "b4bf3678-af16-49fe-b3c8-f25b1fe1a37b", "value": 3475983, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698707503, "uuid": "c3ad746a-8717-45b0-a67a-3fc32612385c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698707503, "uuid": "4da850d3-8018-4924-b7a1-b36f876896a5", "value": "OverdriveNTool 0.2.9.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ef3385d-775b-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698694535, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694535, "uuid": "eba9fbba-42cf-48f1-9cae-de0ac0bddaa7", "comment": "Malware payload (RedLineStealer)", "value": "6a2b4e477e52e1fb7105e45e608435eb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694535, "uuid": "72e4c163-eb7d-41a5-8292-6af761da5acf", "comment": "Malware payload (RedLineStealer)", "value": "b28bb174b20f06d302df870e708d1f3f7fa3320c3392bb4516232fb3632ed697", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694535, "uuid": "804f89a7-6afd-4cd8-be46-4345aed0a178", "comment": "Malware payload (RedLineStealer)", "value": "4956f341d022b42dab83f2b5f002e8614f4064f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694535, "uuid": "ea285cd0-e7fa-45bb-b893-91c5ecfb027c", "comment": "Malware payload (RedLineStealer)", "value": "2a239c8b4c9f3eafc2220a1ba4f60bd19dc794e0d535a4b5bce54b506b2638e4eb28e1a0471b69869ce18b4946536380", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694535, "uuid": "576cce8b-f2dc-4a2c-8766-ab2a0a5eba2c", "value": "T17CB448A5918780B2CC901E3D7F9C2AE2CEB22CB419A17DC61FCDF14439B36A5736592D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694535, "uuid": "e0b6080a-220c-47da-9b28-7027b10f0773", "value": "1cc2b28e03c08206737d0d5103ecb2d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694535, "uuid": "0a0c3c1a-bb87-4abb-8e21-3ca7aa81fa03", "value": "12288:iO/Po0YFCIrNgndWH9FTwNVKnkcq491QjPPosQWsXyL:qFJryasVKnp4PosQWsXyL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698694535, "uuid": "9b7d9b8a-f755-4323-b248-a236350633de", "value": 516052, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698694535, "uuid": "397fc964-4e73-4761-afac-6f765bd67374", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694535, "uuid": "20b488cc-dd59-41e6-aab3-3c462d87f20f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a3a348d-76e7-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1698644705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644705, "uuid": "6d99fd94-17ad-4d8b-bb18-4fb0a5861f81", "comment": "Malware payload (SnakeKeylogger)", "value": "4fd9426e87355c0c15b1d2214720a273", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644705, "uuid": "6ee54a12-c5d4-45ad-81ab-8a84b3e3c629", "comment": "Malware payload (SnakeKeylogger)", "value": "b3c45a636fbb907b7a96dc9bb2986f698ca375524c61507a5fe414a940f72b16", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644705, "uuid": "e87d6adb-6885-42b6-b82d-cca02d55ab81", "comment": "Malware payload (SnakeKeylogger)", "value": "e885e94d35df088ace24031f9e6822ac81c5506d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644705, "uuid": "36cc8ab2-3b13-4785-beaa-b583a67de685", "comment": "Malware payload (SnakeKeylogger)", "value": "2a281ddb4650e317993257210e50b5e10fe237b328d01ae9c8ad13bf38e25b811ff20298202254a07fea1c5dddf9bdff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644705, "uuid": "a46f3ab0-0554-42f7-ad82-cb80e97bb866", "value": "T16784F099F7659725C33719F7A680E860C27E3DB0D134E5B67D02318E66BF62CC212E91", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644705, "uuid": "6cebfc04-dc1b-4db3-a87d-49824155a9b3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644705, "uuid": "6a6ace83-43ea-41bf-a118-989e6fbc3e72", "value": "6144:IKOazRkw8kJbjgehnX3Zosnp5eZf5TB/5a2pzenmeYOtYYE2Odtyqd72fgQQD:IKOazV8ojgehX3Zwf5TB/5aozenmZlYw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644705, "uuid": "7fd5d4c6-7947-49f4-a954-224b2762789d", "value": 376320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644705, "uuid": "b57965e3-9c1c-41ed-b759-fe2613ba4872", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644705, "uuid": "59a727b2-31ce-4f5c-bdbe-bf314021fdaa", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50ea483b-76e9-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698645495, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645495, "uuid": "01f1936b-9fe7-4e22-a80e-8423609a27ac", "comment": "Malware payload (Amadey)", "value": "b56569ed7e9cd0506cd1bad5bd1b4fb2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645495, "uuid": "ad475929-3fb6-4c1a-a53a-85158bea070c", "comment": "Malware payload (Amadey)", "value": "b7c537189b5696616108b960525ee2185b768c2af4eaea1e01642d27817a9d49", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645495, "uuid": "f90bd8a4-a961-4f6a-ac80-c4dc4a84218c", "comment": "Malware payload (Amadey)", "value": "75d05e9ac0e3396efa87cae60625e48e009fe93c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645495, "uuid": "4f0213d8-e655-4c51-a684-de2ba99a5663", "comment": "Malware payload (Amadey)", "value": "508cc2d3b07f8ee7d0d6ab9192774ff5a8c56e1be56ed1e34e11e749d9dc3c5044402b256734cd9beda7adbf7c4063bc", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645495, "uuid": "ff83676f-2973-4589-892e-4d049bf0079a", "value": "T16F752341EAECD23AE6E35B344DF643971A31BE908C7903212B6A589615B3DD0F9F2353", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645495, "uuid": "656ad565-7002-4c1b-a1b6-08b17bfe7919", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645495, "uuid": "e3887696-be89-463e-a06e-093d5e946923", "value": "49152:xow/FiRTsamM/orXv72AViyQ+kkXesMro:Ot1/QDih+97", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645495, "uuid": "5af0541c-c6fb-44e9-a77e-37e3c1fd9711", "value": 1610752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645495, "uuid": "e26b7e92-79d9-49b8-811d-ff44d71e26be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645495, "uuid": "4a121007-b35f-4119-846f-d178f2924857", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "415c5b51-7737-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698678969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678969, "uuid": "2ed10a40-d743-4965-b0f2-d677a118b7a9", "comment": "Malware payload (AgentTesla)", "value": "f32b86ecf57381f21b61da2767f3c149", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678969, "uuid": "e7686b0e-7c46-46c5-a2ed-d680909e0e58", "comment": "Malware payload (AgentTesla)", "value": "b84938f26ff709a2c3bc4d0e946e381929f48ac47c1c945ff561f10a2d4a7536", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678969, "uuid": "154a4aa7-0dab-4c9c-a4d5-019da1499d31", "comment": "Malware payload (AgentTesla)", "value": "c0f5685662d1191824c6772e2a2cdd6745c401e7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698678969, "uuid": "46e035f4-fce1-44e5-9cea-db626559e905", "comment": "Malware payload (AgentTesla)", "value": "d8455dedd11c88d0bd57f69b9336980b85e5f8db180a0e5cbc70a1f411d8245ccbde4c7da6a3feaba320c0001705f526", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678969, "uuid": "0a718b63-0b3c-4368-ba1a-877344eb22a0", "value": "T1EED423927EED1B59DBB869FA4A71024053F7161788E0DB4D2DC532CD02A3F281BD2B97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678969, "uuid": "e26a27e3-2fd6-4932-a086-208ea4f9f8f7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678969, "uuid": "74491098-3857-49cf-9dc5-c91ce6e33fd9", "value": "12288:28s69yqL/IjTRb397BfzuIt0WTDiG1uQ6f2w/FA6W:Q6XTIfVvfzuIpPiaVE2w/FA6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698678969, "uuid": "2a0ec2c0-0210-4ed6-bc53-5f20a0330294", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698678969, "uuid": "28cd1a60-a0a2-4b18-b531-bdad9912dd0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698678969, "uuid": "8bdf67f9-2535-4a80-9577-6d04ec4457fa", "value": "RFQ MT-764439977.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86b988d9-771a-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1698666630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666630, "uuid": "d31b859c-3703-4e92-9d72-2fa557e91e28", "comment": "Malware payload (Loki)", "value": "12ac28ab2e76870cd4242008bdfe23b5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666630, "uuid": "283f465f-b11f-4b57-bbe2-28aa0f35de12", "comment": "Malware payload (Loki)", "value": "b89c9502b90523574855ca9452847643e3ee60fb57780be382ab8b6ba3d4ec8a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666630, "uuid": "ee4ba811-9852-4392-b410-729a78564a91", "comment": "Malware payload (Loki)", "value": "2279152eb94aee220c637a9ccd452b19a1940b98", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666630, "uuid": "ff74facd-0a94-44bf-873a-490855a3b605", "comment": "Malware payload (Loki)", "value": "d28ffd0aeca6557df831b73a6f8ca3715919ca823a925cbbeedcf514d825f753b46d83e8847c7d31a1f075553d6979f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666630, "uuid": "2f2a6c11-8ad4-44dd-86bb-455b426ae1ef", "value": "T1C9A412807DB88F48DAB997B599712040A3F2452656A1DF6F2DD433CE06F2F884392F97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666630, "uuid": "67f7d7a1-a4e3-4f24-8990-3fd5e62883a0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666630, "uuid": "f616c87b-00de-4836-b1de-5257fe0b394f", "value": "12288:r8q69yqLiUSXr5zE5+W950iHAKFTaAJlftrZ:l6Xob5zE5f950i3vJ5trZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698666630, "uuid": "fb3c7b21-a1ef-4f89-bc36-66f8f316f1e0", "value": 486400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698666630, "uuid": "ff935b50-b5ab-40e5-a891-17cd96bc4ffe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666630, "uuid": "30f11260-8ef9-40e5-90d9-16cb8b02ebdb", "value": "SecuriteInfo.com.Win32.PWSX-gen.8148.22502", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf0884c5-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1698690803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690803, "uuid": "b3ed521c-d3df-4a69-a9f3-278e365bb94b", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "ff4a0b50cc4e75d5ff10795739abde97", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690803, "uuid": "c7861d7d-d573-49f7-b640-133f25a4e936", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "b98bf14f443ca064cd02bb82354743bcc4ac70a57a66ada9d058bb3bb201b9a1", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690803, "uuid": "9d0aed5a-4451-45d5-a874-a9eea754c86c", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "b341e9332a27264e8a393dfd592f98482adbfbc4", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690803, "uuid": "0e311982-0596-41b5-9790-c29bacdd43a9", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "796078b2be982eecae5c1e10331c5df9069e7a3de95fe97b6110294e07a67787ea64bc82cf89b9f5ae099b6721895994", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690803, "uuid": "95775129-0f01-43ac-8883-105640c5d575", "value": "T151D53395F5990AF9F06257BFDC23619197B76FD87438001D3B5EBA0B273B091980A3CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690803, "uuid": "c29dce3b-275c-4dd6-8793-416ccd22eb35", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690803, "uuid": "33822021-a35c-4d75-b347-a09fdf7c49a6", "value": "49152:y2voN4lo/nOl/xqd/GxbmKH/RW7adpzcT3KsxcizQ9HDXHxiLNXeH:jq4G2Cn0M3KsCJLHxJH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690803, "uuid": "7444b09b-30fc-4c6b-a2c9-5b1d6f4087a0", "value": 2785606, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690803, "uuid": "4fb1398a-63d8-4480-92c3-66e82c3f724d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690803, "uuid": "de5cc64c-cb85-4c3a-9a54-25a0ab30ffc4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "788e7769-7724-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698670902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670902, "uuid": "4ee5ec50-3789-44d4-b3ad-97a48042ba27", "comment": "Malware payload (RedLineStealer)", "value": "9ca41f9968bafac9a708d0a54ef6d92f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670902, "uuid": "d6d1cc89-3644-4497-99bc-f8cad415a63f", "comment": "Malware payload (RedLineStealer)", "value": "b9b9a3ccb8da87c05211459022c6f860d7b1a040708947f736f836521923ac22", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670902, "uuid": "6da793c9-ffc1-46d6-b836-5654e7548df4", "comment": "Malware payload (RedLineStealer)", "value": "bbd344b387d17edbf93e253df1bd33e088632f20", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670902, "uuid": "e3e6f3a3-f7eb-4ded-945d-d315bf04627e", "comment": "Malware payload (RedLineStealer)", "value": "81606b8de85b7383761ca09ae3795ad10b0a9c273913caafc519543b0f9265d95a749be74130fc4ef43a1e1ffb14342a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670902, "uuid": "f222a01b-0e91-4773-894d-72e49b4f82d6", "value": "T18B6533F7ED3ABA5BF0E8EF786027A3B1707195BADD7CA22C76DD060934191809A5C341", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670902, "uuid": "38bb7849-550d-4630-890e-b5cf65d7055d", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670902, "uuid": "7824914f-fc73-459e-b0e2-5c149278bdea", "value": "24576:qAPRKhgEUnYgZMTdGONioWbRmpZIkLggdN7VfFqoSjHfcnzj0/Eoi9Lf:qAPmHUnYSeoElWcwSvdVxFPSjHfcnzQ+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698670902, "uuid": "43bc4aa0-e19c-4e96-8d49-15ddcb3197f0", "value": 1532088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698670902, "uuid": "d13190ee-3b63-4d52-a8a6-27f8557208ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670902, "uuid": "493efff7-1417-4f25-9bfe-53c5a929d44d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09ccc8eb-7730-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698675870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675870, "uuid": "e875456c-f642-42a4-90c4-af0da0c734d7", "comment": "Malware payload (RedLineStealer)", "value": "fd76615a054e48144bcbc4249a22488a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675870, "uuid": "4b24a7aa-c0d8-423d-a635-a5d552668c63", "comment": "Malware payload (RedLineStealer)", "value": "b9d720bd4d7cdbcfa2815420e954192102de7e7ca8ae975bc54cfc367edf9c5a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675870, "uuid": "8ef4ce22-564f-4b07-943f-dcee587219b1", "comment": "Malware payload (RedLineStealer)", "value": "1dabaee43b93c67633679f117e01727f3baeb493", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698675870, "uuid": "badaed52-0adc-4304-819f-afff50dd7ee8", "comment": "Malware payload (RedLineStealer)", "value": "69fc42e1dc4b6ae2141552af332cbe0cffcada151b4ef0bf060906ba8f875d23d6ca108829c28c4882944b6e67462f93", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675870, "uuid": "44cb8490-a863-4083-ab4f-9f533528ff00", "value": "T15075334273E45533DAB18B7488FB16D30637BA91FAB0AA1B63D295270D722E1743533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675870, "uuid": "8800700a-ad7f-4cb0-ae37-5dc3e21a800b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675870, "uuid": "bcce6c75-2737-45ce-8bd2-7ac641ed9dad", "value": "24576:Zy3mhN7h4nWsg5a4xM6DpiJGUTqqt4QhscDmOI6CrHXfXBbm8IYczsP070:M3mXPA0iJGUOUjDmGEXvjczsPk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698675870, "uuid": "4036c9d0-3136-4ca9-a529-902b8ffb681d", "value": 1611776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698675870, "uuid": "89fa2478-be4a-4d8d-9541-a7b0b55d781c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698675870, "uuid": "57416a63-efb5-47ee-80c8-83d95aad583f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "deb86039-7719-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698666348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666348, "uuid": "4e5488ec-82e0-4c19-aac6-0130489a0575", "comment": "Malware payload (Stealc)", "value": "f8d436ebf003b6e3a4f0416e2d822114", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666348, "uuid": "48d92095-247f-462a-835e-2644dc44c0c4", "comment": "Malware payload (Stealc)", "value": "badd8f0e26ef3dfbbf405b874290fec88cc64aabd6e4c0acaa4d84a5034fa9ca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666348, "uuid": "cacf68d4-513d-4f80-b990-9091c52edf25", "comment": "Malware payload (Stealc)", "value": "a7e58276a6444f8f5d841c97c652ca66599d3736", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666348, "uuid": "0720c6e2-4272-40ec-bc89-d5418135229f", "comment": "Malware payload (Stealc)", "value": "753d3c06ffe896248acfcdf5f1e928bfe7f7f14b27cd5cee5a149947e22568317539e1785bc985d91d0f33f6e9b4ae6d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666348, "uuid": "ea62db89-cda4-4e8a-a0d0-2b95e207bb47", "value": "T1F4C49E51E2C14D3AC0672A3D5D1BE2AD58247D1226E8D88AAFD47FCC1F352813BF4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666348, "uuid": "f5233bc1-1e19-4cf8-a124-74e5fd3be45d", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666348, "uuid": "d200c955-0e58-4835-a17f-93e73ca2e24d", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7daHBIlXSY4j+6qj9:aF7M0UJf7ghIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698666348, "uuid": "96e0a14f-4c5c-4d31-954a-b7c578642f87", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698666348, "uuid": "407c0ee0-1041-42ab-b013-4ff1664a7d3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666348, "uuid": "e5604ca6-b409-49a4-9d34-e54e62373d4c", "value": "f8d436ebf003b6e3a4f0416e2d822114.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5d6b93e-7741-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698683540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683540, "uuid": "9fa1a4d6-f04e-4d06-a6b2-037eda58791c", "comment": "Malware payload (AgentTesla)", "value": "25341da593224c1eaff7742a20849714", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683540, "uuid": "797080fb-3a4d-430f-a95e-8928d80c5d66", "comment": "Malware payload (AgentTesla)", "value": "bb6071cc36a20c4189ac977ee46f7fc9e1a04f75b3552b06973d6bcbea7f90e7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683540, "uuid": "f682a91e-f15d-47ae-86c1-ec2f30815885", "comment": "Malware payload (AgentTesla)", "value": "9eb23a29f0d95d701770f86faef3a56c14fe1166", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683540, "uuid": "a5342306-6a71-4917-8580-f3f26a4c7e97", "comment": "Malware payload (AgentTesla)", "value": "41276efb701ba2ae74b32c862a20508dc4aa3f12c9664e63f4bd013c1a950f49de623295bde1c72962f28bb53b6f48a2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683540, "uuid": "7820dec2-60e2-4a19-8c0b-0ad3a674556d", "value": "T15CD42383042FCD8FDEF49DAC21630B07512A68EE1CA5BB55E41CE98CCECA9F5557C868", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683540, "uuid": "dc1624c2-d9fc-4506-a6ff-3abc1eec7b0b", "value": "12288:nKeNuafwXiomD2bEBGNkZ5htGqssDjtZwMsc0CwAkD2kuYX4y/IPI:KeNusomD+lg5hlDZZwMiAkD2dYIQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698683540, "uuid": "7ace7dbd-3e64-4ec9-bee6-526a910e3613", "value": 638858, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698683540, "uuid": "98e42a8d-f4ee-4c39-91be-d79ea43cd4e2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683540, "uuid": "b36f747b-c7e8-4114-9d79-7e0955325567", "value": "REMITTANCE-VOLVOCARS.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49191e33-76da-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698639039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698639039, "uuid": "5a51eded-30ec-41c8-8755-22c50761c15a", "comment": "Malware payload (Stealc)", "value": "b210360fc6b7f514715c036fdf5a0cb8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698639039, "uuid": "a86df324-9d4a-4f0a-8e5f-1d24f3dd75e7", "comment": "Malware payload (Stealc)", "value": "bb64bbb1275764b20b7187238f3af234e59a84b56734439c1577811db4fb2972", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698639039, "uuid": "94f0417d-2a47-4e81-8be7-9c209d1ee65c", "comment": "Malware payload (Stealc)", "value": "264d9fb9f52176915d6474efd73037e3a34af784", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698639039, "uuid": "9965c005-24d4-4ab6-9825-a397394feae2", "comment": "Malware payload (Stealc)", "value": "2a599b0c4ee4f01787d16d083fcc1b72f7950a79d4695761bfdaf0255aaa1184692770c710b7e78f8b0adfd4587d8888", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698639039, "uuid": "7cf56028-b5da-4fea-891e-7e0ac7e64b3b", "value": "T17EE49D12A2B1823BD07E3A3C981B56BD98697D41F7A8E4CAEFD05D4C5E35F813491393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698639039, "uuid": "751328ce-c75e-45d0-87b9-5184a0798de6", "value": "63dcf426cf592d540da4a68f9741991e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698639039, "uuid": "b13756f2-7157-4347-864c-c6e540fea01b", "value": "12288:JHQ4R78rGcukgmWRjAeQLqtoCldl4Dol9:1HhZcw95jYCloDg9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698639039, "uuid": "f6dce69c-d176-4b2b-b47b-b0210f535b62", "value": 657784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698639039, "uuid": "011fb2c2-a6b1-4964-8a82-c52b9ccce7c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698639039, "uuid": "4ae88c27-0637-4426-b9df-bd66a44392e3", "value": "b210360fc6b7f514715c036fdf5a0cb8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d611ff74-76f0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698648725, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648725, "uuid": "c7bd610f-bcf1-4d71-8a03-50df21879a5b", "comment": "Malware payload (AgentTesla)", "value": "edc9b4f305d1232558161d5e8d466dd5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648725, "uuid": "6d8c0a5f-1a3e-4e83-8cbe-67099d4b77bd", "comment": "Malware payload (AgentTesla)", "value": "bb9c67f2364dc59759900a28b543dae552475eaa6dfada1cd6cd230c3e44bba2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648725, "uuid": "cb5c592d-6ef1-41fb-b385-e5c5f023b28d", "comment": "Malware payload (AgentTesla)", "value": "81df3694f88ae703ad516e8169665ee69da99bd4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648725, "uuid": "1f0586d3-386a-4758-8ab5-c02e0ff79c18", "comment": "Malware payload (AgentTesla)", "value": "67236f24e4f86dbd347394fb394b6a20ceaf7708cfcf1d3422333bb886ac8acc26c05f9769c2b9903b9cdb0a75f72451", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648725, "uuid": "c00ead7a-34ef-428d-b791-1acb2bbe5703", "value": "T166340E037E48EB15E5A93E3792EF2C2413B2B0C71673C60B6F49AE5524527826C7E72D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648725, "uuid": "a5313524-162e-4624-b672-17ede812bf8b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648725, "uuid": "cc1f6d58-d6e1-43ea-a158-bce541333875", "value": "3072:dwXCIv3nffPa9z3fDldfHy/CjKXfkNU3wOxZ5o2U+VqC9:d4CIv3nffPa9z3fDfQMm3xzU+A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698648725, "uuid": "f5663a51-a862-4f79-b077-d3486d8f7c08", "value": 247808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698648725, "uuid": "9c0c1ee9-64e9-4fa5-9390-af7760f28ba3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648725, "uuid": "0fd6569f-b0f8-4e0c-8904-3ceb2751a2a3", "value": "16986487232974668ff6af372cfa139f9eedde01bdda46fd1d019b6a80a6027b15e1876a01533.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "028a82ed-76c6-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698630331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630331, "uuid": "8c1f6cd2-3508-45f7-832d-fb3e9e193007", "comment": "Malware payload (RedLineStealer)", "value": "03c2ccb0f830a46700efd0f1751685cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630331, "uuid": "c60e6d83-3a7d-4f26-87ef-c1866bbaeacc", "comment": "Malware payload (RedLineStealer)", "value": "bc2ca49c8bd9bf47f058f98d5c6f55bddf1e3d49e9628ea0c37eddb92d908645", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630331, "uuid": "38fee3c1-44d6-4e35-84e6-8957bbdf5414", "comment": "Malware payload (RedLineStealer)", "value": "59ec107aae7dfa70f06104971e0e9f1018482878", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630331, "uuid": "d5056e1a-48e8-4d55-a24a-5c9bfb13dc78", "comment": "Malware payload (RedLineStealer)", "value": "adb4628d6fbfec68dc319b17ad98e3b2fe49c8585acccc0435e6c2334aa4b2d7d8d1a4a86d854c390774871bd68212c6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630331, "uuid": "1007f853-fbfe-422d-85e0-95a64cf05a7f", "value": "T1EC158D2138D09171EEF220B743ECBA3682ADE0B4071516DF16D85BEED760AC17B37696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630331, "uuid": "926ecd30-e7d2-456c-832c-130d4dab9e35", "value": "d880d0ae07cf434dea838358ed4c863f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630331, "uuid": "7e814222-5f9b-4917-8ffe-f785c4f1a107", "value": "12288:Z6ygLh9Uj6WdgRT/26p6tNH0p0lGGbOFFdpulP6j/Zus897tzRIYMzi:LSh9g6WdgRT/26p6jnGGbODOqCtaY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698630331, "uuid": "112e1c2f-e137-4476-98d4-1d97deaa7bc0", "value": 934912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698630331, "uuid": "32a3b4d1-14b4-43e3-9421-26d4c61bc694", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630331, "uuid": "724b693e-194a-4cab-8a08-0fc11f4a875a", "value": "03c2ccb0f830a46700efd0f1751685cc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d77e2cd-7764-11ee-8907-42010a9c0042", "comment": "Malware payload (RiseProStealer)", "timestamp": 1698698424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698698424, "uuid": "5b566f21-55d6-4711-8a0b-fa45ca075466", "comment": "Malware payload (RiseProStealer)", "value": "4282f2127d9a2dd671b58e737c8fc351", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698698424, "uuid": "dc457c67-b076-4a99-92a6-a5851c50fdfb", "comment": "Malware payload (RiseProStealer)", "value": "bca430300ef1273b318f30d949a38df5c9dee4349e7aeb2d0d0ac3b6814764a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698698424, "uuid": "e702d4b4-6d58-427d-860d-af0b9cea217b", "comment": "Malware payload (RiseProStealer)", "value": "71a8f19f2ed141f6be6054003dab083a6da239c0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698698424, "uuid": "cbd7aac2-e7d2-420b-a5a0-1eb2f0daf5b0", "comment": "Malware payload (RiseProStealer)", "value": "0059080b72991cb9f8eb9d04b1bba659aef52ec2673ef1a6c1d38dda75077fe71a6b8431c539a573c09e6d7a105f6940", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698698424, "uuid": "c223b94c-df2a-466d-864a-86894ced5dc1", "value": "T1BC46CF06BB64CE12C0592637D5D6500443F7C5C3A363EB0BBADA63690EA33FE5D4D98A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698698424, "uuid": "bae26c03-f6ae-4a18-bf5e-3bfdf2de658a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698698424, "uuid": "da35e33e-31e0-4e92-81e4-36d11504d761", "value": "98304:oik1EEZdyfsPLXjD4x1SRwygWb28NXBK58V7w3nAjbTijvXY:frEecLTsqua2MK58dsnAjQY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698698424, "uuid": "c90208a7-ef76-4987-9b3a-22ad6e23da30", "value": 5632800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698698424, "uuid": "4d82adf7-89c5-4953-90f4-1fd9a1c6c07b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698698424, "uuid": "1291108c-7a0e-4e3f-a505-5d253d44b8e8", "value": "4282F2127D9A2DD671B58E737C8FC351.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5da76dd4-76f1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698648952, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648952, "uuid": "f8d9bd2a-dc1f-4cee-b4be-51f74d33da27", "comment": "Malware payload (AgentTesla)", "value": "160c6b28665e4a690a2981954ddf72fd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648952, "uuid": "8ca7c9d5-c1c0-42b7-b54a-b4dd309bb2ec", "comment": "Malware payload (AgentTesla)", "value": "bd3991c11217634eaf0cf92a31723cfd3cf3e22619dc629105f0a6b8431ca8f2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648952, "uuid": "db513106-49d2-4167-8a25-891ca8878b5c", "comment": "Malware payload (AgentTesla)", "value": "b51a42a0a360f7bcf5cac808e9804fe57858c655", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648952, "uuid": "3327f376-b806-4f15-bcac-6d40981d16b8", "comment": "Malware payload (AgentTesla)", "value": "81458d94c6e7cbf26431e52c7d5fda6e6e05a5af78cd493365c9fececef88bc1c0d3864706b6f9fea4c8265213aec5fd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648952, "uuid": "619032be-fbdd-4f90-b61e-8c3e7b945de4", "value": "T141355B6C48BC1627D574EFB19B654466B2E0AD3F3264AC3858E374D64332B06F98392F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648952, "uuid": "34dc6dc4-7561-4464-99ff-0cb9eb0135b3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648952, "uuid": "ad559ad5-62fe-49c5-a930-714fae43e5e3", "value": "12288:+zlixRVvMM3AoXW+9DnZ9w8aLNCbe7rTwlOm8SdzO9dZIy1equfK3:+5ixRVEMwoG6Z9w8dbe7Hoxiroc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698648952, "uuid": "7f23b18e-78d8-48b0-8522-b0f39a84b2c1", "value": 1111040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698648952, "uuid": "c9979c17-60d7-4ed0-a126-1925ddbfe386", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648952, "uuid": "319800a4-e9d9-432f-bac8-c9d64f032451", "value": "SecuriteInfo.com.Win32.TrojanX-gen.17852.6559", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "709b0a6d-76b9-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698624932, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624932, "uuid": "c8f19401-6c24-4f96-b20f-9a76e6abc654", "comment": "Malware payload (RedLineStealer)", "value": "6fcef298666edbac494a6e2dc003e257", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624932, "uuid": "2606d2d2-b22c-40b6-b9c1-e7634d939333", "comment": "Malware payload (RedLineStealer)", "value": "bd8a5591dc17ce8459aff7806c25d0ac87a6d2d37978383bb4cac7326f74a58a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624932, "uuid": "32229776-fc30-45fc-80d8-84f77312f6ad", "comment": "Malware payload (RedLineStealer)", "value": "dcb736536d9ab597e999cbb554a4529df38fbeec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698624932, "uuid": "2c1cc46f-6b25-4cb9-90f6-b242091321ff", "comment": "Malware payload (RedLineStealer)", "value": "83d8c0f1c203fc2ba53934ed331d71bdc0593b7bc68f8518bb64ec7711ea16f56e3478db2f5eadc50382d6770f349362", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624932, "uuid": "2b7a4381-2147-442c-a5d0-80d19efcaeb4", "value": "T1F5753310EBC479BACD6807B059F613A70B3638928F790A6523C67D6F06738D12E3675B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624932, "uuid": "21b73ffd-bd9b-4f27-9f9e-bc226d1e94d9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624932, "uuid": "f6e1adf7-fe77-463c-b0e3-b42b5c50ac5e", "value": "24576:SyJZYNigaJ4jW5J2KK/UkLJungWatggDsgOFRicDzhABJxr7KN01B3:5TYNigamQJ2xSgntzDsgcRHuPq01B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698624932, "uuid": "8aa33516-f583-443d-a15e-28972783e735", "value": 1609728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698624932, "uuid": "a6de575d-fe39-42c3-9bbf-fcae10026f3a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698624932, "uuid": "7866881c-5380-4bba-9771-a4b6df7f6883", "value": "6fcef298666edbac494a6e2dc003e257.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8f8fc75-7703-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698656863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656863, "uuid": "65d56aee-551d-4236-bd2c-3ca1ab20b68d", "comment": "Malware payload (RemcosRAT)", "value": "5b876bd9a2608e8de84f55b15079837b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656863, "uuid": "2bc992e3-a88c-4755-8352-200fbff26dac", "comment": "Malware payload (RemcosRAT)", "value": "bdca4b93d9d26ac631324c961fd814e25b7bfbb7d38c8fc2503fc4dcb79e7268", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656863, "uuid": "0e4a9fcb-434f-4d3f-a278-c928292ab319", "comment": "Malware payload (RemcosRAT)", "value": "1af678980340e58d5ccf2f83d5d84a5685910e7e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698656863, "uuid": "06ee6503-beb2-499b-99e7-ef936951dd70", "comment": "Malware payload (RemcosRAT)", "value": "6fca0cded87aa98157f4016fc63f2553f41eda09268f7579f648784b9a4c9dfff501ce6674df678ca44c0aaadc677191", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656863, "uuid": "da81bf69-5933-4669-9bc5-ef2c7c5b8fca", "value": "T1B03412641721E85AF0E090BCDA44E8F25AA97C602D8B6E0D43ECFF17F917446A7CE166", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656863, "uuid": "dc4972b9-1ba6-4b41-aa0b-bab3ef5122a6", "value": "bc4f8e98d1041d53dd63bfb91ed10d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656863, "uuid": "445b1e0c-748e-497c-ba16-d7c7d03b8653", "value": "3072:HOSI2I7txG68nYrugMZJMfsciIpuKNtrUQlAK3qSjYPS+IAXb3Ixi5eFrgurIlNt:uvG68YrvM80ypnjAedo3qiGUY2ChzI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698656863, "uuid": "a6f09f7a-790d-46db-927f-d8a13cf5b46c", "value": 238592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698656863, "uuid": "22cd60db-c4ca-4d19-b0e3-0bd2dca4cc35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698656863, "uuid": "db94a1af-14c5-41c4-afc2-ee1ed535ed96", "value": "bRaA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89e09e66-7749-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698686822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686822, "uuid": "0d73efb5-6cdf-4dc7-8ecd-3e6ffb973b0f", "comment": "Malware payload", "value": "139880eac0272a8b4bb4dd6fd8ed547b", "object_relation": "md5", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "MetaMorfo", "colour": "#925F9C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686822, "uuid": "f52aa097-932f-45bb-bfc5-32cc1b3c5aaa", "comment": "Malware payload", "value": "be966619315e9977ff361da80bb1e47110c2ae840c474ce400df35b62e03387b", "object_relation": "sha256", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "MetaMorfo", "colour": "#925F9C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686822, "uuid": "462563c5-9a2c-4fbe-8d1b-f350b44fb71c", "comment": "Malware payload", "value": "336d9943605e7ee4265a09d369a3f94c8aeb656f", "object_relation": "sha1", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "MetaMorfo", "colour": "#925F9C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686822, "uuid": "e29ef4be-29fe-46bc-bad2-17fc7ed76976", "comment": "Malware payload", "value": "e8f48def609197f1cd420c103fe99673b07ade5029a5c0c12ef0d563e7a97a6ca9811935ec43f7c2db1ffed2f08e3941", "object_relation": "sha3-384", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "MetaMorfo", "colour": "#925F9C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686822, "uuid": "2f2e73a9-f3b6-47b6-8c51-0490e021fa18", "value": "T150173310EEA502C0F42896F9FCEDC028D5DB4E85A9B0F5BEC643CB89E56B3E81D61547", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686822, "uuid": "0d7eed44-4874-41d1-99e9-4d09240f8177", "value": "393216:1JYSv7tgQNc2GguO5/lFF5G6J91etUhwpysNfN/Qo0p/rXslA:1Dv7R+2YO5rFw6eUiMWloo0pTXqA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698686822, "uuid": "945f74fc-bb00-4497-b372-3dd3dfefe374", "value": 19066212, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698686822, "uuid": "e5a40766-4332-4ec7-99df-a73af4d03675", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686822, "uuid": "0bbb407d-ca5e-4b7f-b845-d52035216843", "value": "m.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdbf00e5-7743-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698684332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684332, "uuid": "79b622be-dffd-48cd-8cb9-bbbad6a04caa", "comment": "Malware payload (Stealc)", "value": "856dc1ff81894c021e052abf46190e57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684332, "uuid": "913e3148-25a0-4878-8b19-f522f1c89ef5", "comment": "Malware payload (Stealc)", "value": "bf4fa4deac71c6c50cc93e2088424079ec5bec1188710beedde515f9b741f3bf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684332, "uuid": "7b83201c-834e-4a1e-b1fb-616293243a50", "comment": "Malware payload (Stealc)", "value": "9c526901e1c6e50b069fbaa463a746512dc7548a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684332, "uuid": "b33a828e-ba1f-4ca7-aa82-f7b323f094ac", "comment": "Malware payload (Stealc)", "value": "74aa5a3ae73c93dc212e732bf04bf6798efc5f304f9094e39bea6ab5602efe99efcf746268860b23a725309ea93fb74e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684332, "uuid": "13c8becf-4397-480c-aadb-0a46bb92dec8", "value": "T1E9C49E51E2C14D3AC0672A3E5D1BE2AD58247D1226E8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684332, "uuid": "299e397f-5d61-4876-9360-065183f821f5", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684332, "uuid": "efa5fdd1-7f31-4157-82e7-673f1e76f295", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7daLBIlXSY4j+6qj9:aF7M0UJf7gtIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698684332, "uuid": "fb206387-468e-4ec9-911f-8fe244d849c8", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698684332, "uuid": "cc7e5b1b-72d7-495a-a3b6-cdb4b291c3a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684332, "uuid": "6d9813ef-4c02-4f04-a96e-892bde1c91fe", "value": "856dc1ff81894c021e052abf46190e57.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e010897f-7709-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698659479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659479, "uuid": "00b70722-95e9-419d-abdf-36f2d7a881a5", "comment": "Malware payload (GuLoader)", "value": "7d90528b888d9fa16c19caec0dc89f3d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659479, "uuid": "8dfdf1c0-3dc3-46e6-9239-1501fcb8a4ea", "comment": "Malware payload (GuLoader)", "value": "bfb986d33bca739d0a6641eaccd7aa44dd87b7ce6a88f01f639901439a1332b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659479, "uuid": "16430ba1-337c-4048-8de7-ce85367eca9a", "comment": "Malware payload (GuLoader)", "value": "b428da25a3495c537bb1c36447315b5d46addc4c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698659479, "uuid": "6801ef1a-7ce7-4882-8c0f-2eacf3394baa", "comment": "Malware payload (GuLoader)", "value": "664867809abba3ae094e9ef5cc9fee6b301b96d9d8b86bf3b3a443438e3d31272a120c9adbb63abc44c9753252843976", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659479, "uuid": "21332a34-e036-45b0-aabb-13bc3b6b2a9f", "value": "T14DF42369A6E8A19BF58307319DF79B1261E6F9B201B4EBCF9354BD743E30742C701690", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659479, "uuid": "3ea78ab9-3ef6-4b94-bfbf-4ada6524a739", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659479, "uuid": "000a6f1f-1d8c-4ccf-b5b8-9de8b79d90ea", "value": "12288:BqPkO7PdbAuISpWkRZb7uyhig1z6aUaLXUdcw7hQ1vM8nKqntWKC5q1f1s6L+iB:QkRiys1earEuw7wvMPWthWmfiGVB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698659479, "uuid": "d64d4c13-665a-4319-8ee5-82c2c07675bb", "value": 729736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698659479, "uuid": "c0a84140-26a1-4a9f-9749-42aab58de20d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698659479, "uuid": "8e2c7a63-4aac-4c86-845d-c73b94339881", "value": "RFQ GEC-14.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3002e668-774c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698687960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687960, "uuid": "9e1159ce-87a7-48df-9d5f-3f63358f3a52", "comment": "Malware payload (Mirai)", "value": "35f182216018a9c0f39d7b06b7c49f11", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687960, "uuid": "70d3af3a-c19f-4454-b1b2-878061403da5", "comment": "Malware payload (Mirai)", "value": "bfc8d48decf4f55adbe398023252534eaccad5cf5ac03fe04582cd56a14e6e8d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687960, "uuid": "f77c772d-4872-4cf1-bac4-4077a8818384", "comment": "Malware payload (Mirai)", "value": "16b1dc30386cb637898aa460f92017e97e0efdbd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687960, "uuid": "9b4c2efc-116f-48e2-a761-1b290e8171b5", "comment": "Malware payload (Mirai)", "value": "d6efba62a50ae728d3c722f35bb95c71a205ed5cb09b8f56f1dde6901de118cbc622f608ac3580ae57eb64e035560999", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687960, "uuid": "045bc421-9d68-42f2-9c18-9dc4bd6b8ca2", "value": "T1555328C5B1D3E9F5EC10097920BABB636AB3F23FB575E9ABC3985433A941202D10526D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687960, "uuid": "9de256f2-4488-4ecf-aaa3-18386370adc5", "value": "1536:dx8eSSt3JstpJhaU93CuTBiAd3JHDSWg/CaCkkO6Q9Boe:dyeSSt3ezJhaU93CyH3JHDSWg/PCkv60", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698687960, "uuid": "80fddc63-a66f-479a-87dc-7e5c604692cf", "value": 62684, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698687960, "uuid": "bb21aee5-d4e9-418c-8c4b-b87586678a23", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687960, "uuid": "a9ee92f5-3e1e-4581-aecd-e79d47b11a18", "value": "35f182216018a9c0f39d7b06b7c49f11", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fad54b10-771c-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698667684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667684, "uuid": "a0d41442-587e-41f9-b539-7ab7ded91b34", "comment": "Malware payload", "value": "d4d8131ed03b71d58b1ba348f9606df7", "object_relation": "md5", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667684, "uuid": "76e11ebc-e671-4eaa-9014-a4634d4241b2", "comment": "Malware payload", "value": "bfdb3f1a50f061faa7dfc49ba507364d3def60c0eb7f588c94a268742860f87e", "object_relation": "sha256", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667684, "uuid": "a52b41d5-a9c5-4bf7-b447-49a78d866b2d", "comment": "Malware payload", "value": "3d088f65839c7b55a540d736a1178a855337b2d1", "object_relation": "sha1", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667684, "uuid": "5180fd3a-7c2a-4b60-8169-386f2cc7090c", "comment": "Malware payload", "value": "ba924afe7a39f9e5cd0a9593a0d1ab5461ff80b5aa9f6f60515a9ab876b0bbc6e1748a523d9cd67c0bce6a8580a71d0c", "object_relation": "sha3-384", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667684, "uuid": "aae0ad75-fe2b-413c-9877-cddaf10f2dee", "value": "T1E4A35C5763A500BBE4779679C8A35946D372B8560270DF8F07A0016A5F73BD28E3DB32", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667684, "uuid": "eddf4b8f-c6d1-4189-98f2-3e33e4c37d60", "value": "4175aff86e9eefdb26de14ee1e78d0ed", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667684, "uuid": "6a2bd538-3312-40e2-abc8-ae6f7e9b45e3", "value": "3072:2HuXCpSBYTA91bwA0F6duNno4POHD4Exi/I:VX0T4wA0F6wJoZHX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698667684, "uuid": "b749a8d6-feee-4005-98e6-5493f2993952", "value": 101376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698667684, "uuid": "38791ce8-768a-41ad-a84c-cbafcd1cc1ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667684, "uuid": "07533e15-4a56-4db2-96a5-ef0d9f48e332", "value": "d4d8131ed03b71d58b1ba348f9606df7.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa46d286-76f0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698648785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648785, "uuid": "8d5fa3d8-57cf-4d07-9276-b1ba8497f8ba", "comment": "Malware payload (AgentTesla)", "value": "2630f19eed1e2899a652c10f5edf1532", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648785, "uuid": "a58d5b3c-728c-4d98-9eb7-d4a1d98c5a5c", "comment": "Malware payload (AgentTesla)", "value": "c08e7d2a91188673dce13cf4df7403649e277c13296d7466a50aa8b645a3b202", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648785, "uuid": "532aa310-077f-44a5-883c-3b665efe23e4", "comment": "Malware payload (AgentTesla)", "value": "7ea75f426ad5de172a79c5c764b0885d17ec84c8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648785, "uuid": "dcff6a3f-3047-41b8-aa2d-dc64cb8d9894", "comment": "Malware payload (AgentTesla)", "value": "7ebcf9c0f86f948503617d192f563c00811e421f66baaedb8be28ea83cc0642b2f62b669d153db1e75724f4061fe83e1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648785, "uuid": "8aaebe53-fbf3-470b-bee3-41e01a9d840c", "value": "T125341F137E48EB15E5A93E3B82EF2C2413B2B0C71633D60B6F49AB5624517429C7E72D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648785, "uuid": "139c9662-a505-4a0f-97b6-ca589fab9e10", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648785, "uuid": "9c4aa68c-29e7-4c99-99fb-7d5156d80ae0", "value": "3072:xWYueuue4t5DpIHe5+Z6BL4dkTvmCk5h5FW1IaX:xWYueuue4t5Dp6e546lIkTvFeFW2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698648785, "uuid": "967d3770-2235-4d7b-9fab-c57b8a00c433", "value": 240640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698648785, "uuid": "8902773d-03a8-4612-bfec-ebe0f654b9be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648785, "uuid": "49c7657f-ecf6-47c2-ac6e-25408ad42f58", "value": "1698648784ee5f9db434fd074aec31851dec2286f8f49061afd2f62e60bf34102e7a04f9f9836.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c491737-7740-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698682826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698682826, "uuid": "10a874ee-5654-4e9b-80a1-5b3c3d285524", "comment": "Malware payload", "value": "8cc24750661e10f55eb250b42f8ce528", "object_relation": "md5", "Tag": [ { "name": "conti", "colour": "#3F4B04", "exportable": true, "hide_tag": false }, { "name": "Conty", "colour": "#B31303", "exportable": true, "hide_tag": false }, { "name": "Decryptor", "colour": "#968A52", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698682826, "uuid": "fe9f0478-a725-4974-94b3-99c625d1b836", "comment": "Malware payload", "value": "c0a2e1ecf57ee83b649f1d8ff8dd37049865edc8b9a837f3b4ebb5e767229c23", "object_relation": "sha256", "Tag": [ { "name": "conti", "colour": "#3F4B04", "exportable": true, "hide_tag": false }, { "name": "Conty", "colour": "#B31303", "exportable": true, "hide_tag": false }, { "name": "Decryptor", "colour": "#968A52", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698682826, "uuid": "fc71d4aa-9c83-45a2-a655-0225d16291bc", "comment": "Malware payload", "value": "495e6f0a6c9900596ce05a09cb9cf85fc406dc70", "object_relation": "sha1", "Tag": [ { "name": "conti", "colour": "#3F4B04", "exportable": true, "hide_tag": false }, { "name": "Conty", "colour": "#B31303", "exportable": true, "hide_tag": false }, { "name": "Decryptor", "colour": "#968A52", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698682826, "uuid": "b8730c5a-51ab-4838-ae01-9806991f89f2", "comment": "Malware payload", "value": "0a0682333aa9a2048cf037190a0e95f7a06b48c1795f893c29966a7ad15a82900b4ce32be40751d56383798ec3a831c7", "object_relation": "sha3-384", "Tag": [ { "name": "conti", "colour": "#3F4B04", "exportable": true, "hide_tag": false }, { "name": "Conty", "colour": "#B31303", "exportable": true, "hide_tag": false }, { "name": "Decryptor", "colour": "#968A52", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698682826, "uuid": "74a45aa4-16a1-4221-afa0-204793bc4a7e", "value": "T15FB36B0175C1C472E676153219A4DEB68A7DFD344F25AEEF3388063A4F201C19A7AE7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698682826, "uuid": "dc91ea81-5b69-43d2-bf19-36caaadce65d", "value": "ae50b343d74035e4059849a39724400f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698682826, "uuid": "9cfb33d4-6901-4b9f-8c92-bda9ffbcfb5b", "value": "3072:JC2mFM/mbwt+1Haz6GcqFjsy3yEDOmuFunK3BfmIoTGHbn:wbM+Ut+YXscWmuFugoTGHbn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698682826, "uuid": "5614a424-e95b-4b96-b2f4-59028fb45c38", "value": 112128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698682826, "uuid": "70f0b0de-a502-4026-9ed3-0a5d9f5823b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698682826, "uuid": "651b4574-2bae-47b4-874b-de2605019a20", "value": "decryptor.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8febd82-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698645213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645213, "uuid": "2a43cb2d-1019-4864-86e1-3d36ae30b590", "comment": "Malware payload (AgentTesla)", "value": "626f7ff060eebc3c54d87f30df51cff4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645213, "uuid": "8e832085-7d4b-4dca-9b9a-2e9ff4a071d6", "comment": "Malware payload (AgentTesla)", "value": "c1bf99cc27b4632a1916ca5af4d8946a38e1d29ca0cf5af7eab237c5dac930fb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645213, "uuid": "9c3762b8-8723-4aed-97d7-ffeb7de2e95a", "comment": "Malware payload (AgentTesla)", "value": "31efbed417c46db9caaf1a98739eb8cbd7640480", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645213, "uuid": "a30d05a1-4137-4944-8a74-79281272e977", "comment": "Malware payload (AgentTesla)", "value": "8fd3da5c8ff717446985cdeca97762a0e62552ec59a7b4411f44b59a8e3a4a686ae219f4be1bd9fb80d3397e3174deeb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645213, "uuid": "6d937664-5344-40c2-a42a-103b1a85b848", "value": "T15222F704A66CCA33CF5F0BBCACF643830671D7645441EB8F3A8CA1663D436246D6A39E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645213, "uuid": "aa6a890e-e4e6-4c21-8964-fbb242fbf4ac", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645213, "uuid": "af13e3f8-6bf8-4bc0-80cb-6640a0b4fe45", "value": "192:SIBFSb9Vrn1AvJd/hE8KgKhb4F4nEehT0Ba4e6jFXMN+bf1:SUwpEJ48DKmF630B7PFM+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645213, "uuid": "fc159cba-d5ce-4515-b121-9cdff2275434", "value": 10240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645213, "uuid": "292c1be2-7bf9-417c-8112-3a9861e481a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645213, "uuid": "df01d6c6-5842-4e94-a119-05a98e9bf57f", "value": "SecuriteInfo.com.Win32.PWSX-gen.29839.8902", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c087b87a-774b-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698687773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687773, "uuid": "fdc5f515-50c6-484c-99eb-5b6f8af256f7", "comment": "Malware payload", "value": "fe97d934a13e218333f1dac19c841a3a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687773, "uuid": "48f82de0-c993-4a9e-9700-0ebe5601cc82", "comment": "Malware payload", "value": "c42e2b04f2acfc9c7a098d705762b79bdc6a03281be8e5c6ad534ccd792a2448", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687773, "uuid": "2f32e882-b762-4532-a9bf-aaea1657880b", "comment": "Malware payload", "value": "f60fc9ecc03a121c9e62d4cad460d72394d19306", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687773, "uuid": "843b63ab-ca7d-4dad-8e36-fcf2f74cb7d0", "comment": "Malware payload", "value": "7967728e24b636948b8dafc8ac97b013a088479c19741a558807e28da3515a1626c12057a6faffdef9414d47a11452fd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687773, "uuid": "8c0bd093-3523-4928-9587-c676f68b7e2a", "value": "T1C826337641EC6EC5E8563FF3BD563A05087275B20D85896C903F89FA80DE23C9FE512A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687773, "uuid": "63efdef0-32e4-415a-84cc-a75a4439bd24", "value": "8d2803775af2b344d65712330e01834f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687773, "uuid": "e1876a2d-386d-42fd-bf18-b94dc53ccd77", "value": "98304:PE8CkUXJYmzs4MIvlQW7SFKb5F+vVKTFeV++VL:PjCkUXvMI9Q4NKZVL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698687773, "uuid": "180fec95-c34e-43f1-a74d-4cab97dc1d6b", "value": 4619504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698687773, "uuid": "cd3bf78c-7c84-4051-a4dd-f317ac86999d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687773, "uuid": "39c1cf12-f5de-4aed-810e-7339e0695882", "value": "fe97d934a13e218333f1dac19c841a3a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2be0348b-773b-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698680651, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698680651, "uuid": "8bcd681b-1f62-4d78-adb1-b8f7c8d815e3", "comment": "Malware payload", "value": "f64d878ecd1db210887262c850bfd6d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698680651, "uuid": "4e42b1e1-6661-4572-a389-5a7ff6a02456", "comment": "Malware payload", "value": "c43d1f94278e5ed98c1deb1d47d252bb028ebebc62756ad383762732276e78c4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698680651, "uuid": "02588971-ec72-4cac-a0f8-4c6606f74665", "comment": "Malware payload", "value": "c412577c6cdc7a4202ab83d6fdc75f7cd97706a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698680651, "uuid": "83a34024-1ab6-48e2-8050-4ee792c6d371", "comment": "Malware payload", "value": "00bc137f11a16983f2a9505cb4fea1d857b5d97530ab51b4143c7a0831986a5cdcc86f14fb3d467ba6bc7a0de71c5559", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698680651, "uuid": "009bb870-3ece-4fac-bb23-a15d9e450423", "value": "T1A1B3F1896B809B2BD9F216BD07B053660B74E2484823DACF7DD901DE1DF3B670A90693", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698680651, "uuid": "7978ea66-4b36-4397-a74c-43f0b8f6b84d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698680651, "uuid": "f7ae773b-2804-42b1-b653-080bd222e98b", "value": "3072:AshDmXbXwnmlHX7tj5EbAFTnRZhg0my4L2hqHLq:7hDmXbAnm9hi8RZhg0m9y4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698680651, "uuid": "12a8accc-7d64-4db7-8edb-5146fa865933", "value": 115200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698680651, "uuid": "d989fa4c-eebd-4be5-b7c4-5452cf63ac4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698680651, "uuid": "c8b8d02d-c650-42a8-a0cd-85fd5f7d05ce", "value": "Decryptor.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "321b66ba-774c-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1698687963, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687963, "uuid": "77a994b5-91df-449c-920e-b009de206c4b", "comment": "Malware payload (MarsStealer)", "value": "faf3c202050adb00c3142e0db6c250f3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687963, "uuid": "6e3504b3-2a80-49f8-badf-d556ade7e86b", "comment": "Malware payload (MarsStealer)", "value": "c45acfd6fbe8a1c5f12302fa74ff9f33dcffa172c073c9ff9c9335315382077f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687963, "uuid": "77d5ccf2-cd66-48d9-a7af-225e0b47a23d", "comment": "Malware payload (MarsStealer)", "value": "5e1e3e8a4e2d09418d87f89d31287ab160929aa4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687963, "uuid": "acde6cc8-206f-4f52-882d-04fd51bec6ec", "comment": "Malware payload (MarsStealer)", "value": "9fb7e634e49b586e8a6d9bf2cce0d2339629b2515fde165d64148ea5a366f0a95b71c96203cde1d28cdd99baf3c7d42b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687963, "uuid": "25a77065-56f3-428d-8294-ad3296dfe72d", "value": "T14A248D1262F16CA1F53766329F6BC6E4263FF8714F1CA66E2314963F09B02A1DDB2711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687963, "uuid": "4d61bbc3-ee44-468d-9640-a3a21968182e", "value": "e152f6e328695c7be0e02666bddd99cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687963, "uuid": "4d48c90f-cec0-4c74-9e9d-6b8a68365ed8", "value": "3072:t75XBfwNA2x80tesMRpUTRQ//Wc4lFFl8a/qX5Zc:txhOA2x80tHMRKRcYnF+5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698687963, "uuid": "532d005a-1da2-45a7-ad74-0ac373ea2fc2", "value": 215552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698687963, "uuid": "0c53ada4-d89c-4736-931b-ef45b84685d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687963, "uuid": "b024087b-eb1f-428a-8990-3d317715534f", "value": "faf3c202050adb00c3142e0db6c250f3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d67925ec-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1698690816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690816, "uuid": "76567401-9dc0-4aa6-9ccc-a39074cdb421", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "a59978a54fc1323fd2fbf3692c6363cd", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690816, "uuid": "c5e415ce-3764-4fe1-b06d-416a4ccc184d", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "c4e829917aed647a2de16f331bc71b4b847a8172892ef097f845039f6fac2d5c", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690816, "uuid": "501ed7cb-c1d2-479f-ab0d-21f13503a94e", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "1d46cc42c02ec17482ea821b7bebe68c61844542", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690816, "uuid": "59e99e79-d771-41af-88a6-e1a5bc216685", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "54c1803989600f550f7cf119e31e6750462f6730f11268f04e4594457ac5beda817442349152f4edba992ebf5a13be45", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690816, "uuid": "de2bb9a6-72b8-43bc-b38e-7dd2f7600d99", "value": "T139E53388E67531F9C33188BEC96F0412416F7FBCAD356C49F87CB9A88EBB1955402366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690816, "uuid": "5e3497ef-729c-46e8-97a7-d9f9f4a0a873", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690816, "uuid": "a1d7a499-a04d-4cc5-89e2-27f67106cefd", "value": "98304:tBwPOxT6hvALHQAhueBRV6Nb/OvgSJebhpg:jw6OvA8AueB4NSJebDg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690816, "uuid": "d42cb5df-2007-4048-8aed-899f82209d59", "value": 3245520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690816, "uuid": "a6a5c176-e3b2-4fd9-8547-b5b92be585ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690816, "uuid": "1bed43d3-7884-45eb-ba4c-d45e1949a8ba", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6e18f73-76ed-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698647437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647437, "uuid": "4d7ce1a6-e5d3-4694-9f22-3e05d0ab7b6b", "comment": "Malware payload (Amadey)", "value": "5ea020a90ac858c0df9e938c450f1df1", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647437, "uuid": "b03744e3-acf0-4bda-8e03-0a2577e783cf", "comment": "Malware payload (Amadey)", "value": "c539348dd7a503a428964ab54f0cd4aeaca5291946fba061d4c660f993634651", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647437, "uuid": "5c01722a-2d88-44b4-88e3-b4eb3b5bfa16", "comment": "Malware payload (Amadey)", "value": "be7354f0e7cf98e337565387356b7bd1998a3a19", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698647437, "uuid": "fc68b9aa-fad8-43d4-b513-6566b627338f", "comment": "Malware payload (Amadey)", "value": "5d16d105fc20266059721dd9e1d67b635fa0ed9adbcbf6322081e5ddc6225b674901b9f7a615e596a66cef6de521f259", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647437, "uuid": "a130e66e-f040-4480-9b86-dc6212a64f3e", "value": "T1997523A1B6F880A7DC752BF81CF703974F303CD55EBC5A175789249A09F2844E436BAA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647437, "uuid": "19fb2d18-209d-4bb0-b27d-0fa8fbad01da", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647437, "uuid": "131f80a2-e024-433e-889a-8f2f279c8605", "value": "49152:sHgOzpvbMra/AxLqRjgrF3R4pz5ETIE4b7A6GGV6:ygql1Cb4pHbc6GG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698647437, "uuid": "8a6f9344-b921-4d8b-bf4c-5df9093178bb", "value": 1612800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698647437, "uuid": "58ac3d51-7b5f-46ee-ad76-3490ee100189", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698647437, "uuid": "d4bb8923-40c6-489e-b79f-dfe9752f1f82", "value": "5ea020a90ac858c0df9e938c450f1df1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a34e6f9-7758-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698693077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693077, "uuid": "4fcc11bd-c392-4b5a-aab3-97e385a70728", "comment": "Malware payload", "value": "8a6b8a0dc9553bc93fc14848ba51d3c4", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693077, "uuid": "18ff4ea6-6aa3-450a-b6a3-362327bd5c26", "comment": "Malware payload", "value": "c6b670d99d532c93ae16475ee4d7a97dde578959fcc574aad7caccf9d01e87e7", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693077, "uuid": "f1be80f0-1e22-4519-b8cb-88f72488c2d7", "comment": "Malware payload", "value": "9ac2f4815fa66ff02f6197f4db473c870d964a50", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693077, "uuid": "426e1326-6488-495f-9dd8-0d3bc50b7ce5", "comment": "Malware payload", "value": "5d35a7e0ddb0fdb7015f04af1eb9aad2f1cedd9fe0799aac8df7b6c54a7aede7b3b414eabd6a62007547b84e6a660785", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693077, "uuid": "7f7d9231-a6b6-42d8-a8c4-c39cd4eeb6b7", "value": "T189D3956EFA12EBBEE16C863107F76F70D39531A22AA1D341E16CDA181E7125C2D4F760", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693077, "uuid": "6b2b5e80-2153-48f6-9755-eca134b2787e", "value": "3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9Bv:C+nZSZvnJeUmkASFxBKvXZX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698693077, "uuid": "96760730-f50d-4176-9757-d760a3690110", "value": 134222, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698693077, "uuid": "b7cc23fd-35dc-4d8e-8e92-8a2535fea411", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693077, "uuid": "3d904821-3149-4c66-8527-bb9d6e30022e", "value": "m-i.p-s.ISIS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f6892f1-7720-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698669061, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669061, "uuid": "95e21c16-ecbd-48d7-b9c3-618699eb9af8", "comment": "Malware payload (AgentTesla)", "value": "de21c2772bee582119600dd6879be38a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669061, "uuid": "8659dd53-79cd-47a7-a813-a9b659c8bb10", "comment": "Malware payload (AgentTesla)", "value": "c7be1564aa359a6b4e5053520738086c66577fdf38fd773fe76cc5a34bd53e40", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669061, "uuid": "6e0fc0f0-c9c6-414b-bb24-7eb6e27a6415", "comment": "Malware payload (AgentTesla)", "value": "87c6b4a48deca55011768f77dfc5167993a9da4a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669061, "uuid": "b1c1e946-5433-4cc3-a001-316f8856820c", "comment": "Malware payload (AgentTesla)", "value": "72926033ce833f2ac31d5430467bbcae9c6492795ca7b77e8c55badc72f168eba378504466918e1aa75e6edc524d4ef0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669061, "uuid": "a1655e72-5d31-467a-af36-2c6d0f8f9657", "value": "T14CD42302B6B90B05CA7F6BF184B1529013B665072671FB9D2DCE21DF4DDAFA842C1E87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669061, "uuid": "029b0aab-78ac-4e90-96a0-4756d1a6686e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669061, "uuid": "74705ef0-9452-4155-ba52-d4267627068f", "value": "12288:B8X469yqLBpAZVj6t3hGxhrNLFT/5I968HwKtgjtzKKfeqLE4lHK:R6XdCZVj6t3AHT/IXQKSnfLVK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698669061, "uuid": "5f8603da-0ee5-4d06-af1c-d0022d9188da", "value": 642048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698669061, "uuid": "87ff5cb4-0c5e-487d-bedd-f9a6ab00e660", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669061, "uuid": "b40fc6a5-65d8-4b78-8b16-f726bd067073", "value": "Proforma.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70468306-7737-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698679048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679048, "uuid": "7ca8e679-6d71-4865-8d67-9211def964d4", "comment": "Malware payload (Formbook)", "value": "a55f95295e6e4c9c262f6c2fe44a1649", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679048, "uuid": "1a34864a-fe8a-4370-b6a7-a16aba5d8883", "comment": "Malware payload (Formbook)", "value": "c81df87277f737b11645601a7f7f24c272bbc3b77936619460bc9c88e13662cd", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679048, "uuid": "c7bcd0ac-9244-4914-8f29-ec4440d5768b", "comment": "Malware payload (Formbook)", "value": "cbdd31502d24310588c01419d7ff12d86ec27a2b", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679048, "uuid": "c9c72ff7-c3d5-42b4-bdb5-2f08ed4fb23e", "comment": "Malware payload (Formbook)", "value": "a958dda4400e5fa5f850f26c4f38e58175aa80625bc8089942e2369e36b18754573419df54365ac757a46719b157d863", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679048, "uuid": "cae37dfe-4d42-43f8-97ac-de2b54a3b85a", "value": "T11AD4237825828E0651BFF40F3EA0787EA3B0C068AB7703544DBE1EB74B6595582DC9B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679048, "uuid": "caeae474-d600-4cd1-88c3-64fc90256a89", "value": "12288:5elPITUMzc4CKXMo868BUvTIriYUs/nz6WyB9gmgh18Yf8EO2UM:5BTUMojKXMEcUvTW/N7+B9gn1aEO2p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698679048, "uuid": "3aba4127-00a8-4302-b3bc-8ea6fe0961a5", "value": 605733, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698679048, "uuid": "03980e8f-4459-4e6d-89d5-fe2421f6ec1b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679048, "uuid": "41da6c91-8bfc-4bef-8f4b-64c4186c582d", "value": "TT Application Copy for payment.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14f55594-7758-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698693068, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693068, "uuid": "e878d010-4d58-40f3-b196-852dfb77cd34", "comment": "Malware payload", "value": "9f2bb17f62f8194b7f273c5ec9c6dd1f", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693068, "uuid": "ae1b0c68-9f68-4086-9f02-16d29d61f9db", "comment": "Malware payload", "value": "c87a27813019aab5a37ab05260eff38318ca12be6169f3269d2e1e853899671f", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693068, "uuid": "d09c6485-827e-460c-91d5-411730838593", "comment": "Malware payload", "value": "42e2867ee089d613517fb0cfa4034c74117e79f7", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693068, "uuid": "c7b06f58-becd-4a69-82c6-62d58e6eaed7", "comment": "Malware payload", "value": "29ece15bc61b1cfbeda86b7d52071f5b357462b6b721c950f7b1491f53ac39dad010e0ef586e65e690806668ecc71196", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693068, "uuid": "004a68c5-bb2a-4076-9d29-d79e3e5a241c", "value": "T1B7B30804F8448727C2D327BAF78E439D7735566457DB33116A38BEB82BC6B982E29170", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693068, "uuid": "f0f02977-c626-4f41-8b7e-6ec7a686b7d3", "value": "3072:9lX2jKRi0ZDvCTpkv7DSubUmGVrQAXiUXouX:6j6ZUpkv7DImGVrQAXiUXouX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698693068, "uuid": "920adecb-f34e-4df5-b455-5905e57fe182", "value": 112657, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698693068, "uuid": "a33dff7f-4499-4a55-a7f4-0f69b28dd8f0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693068, "uuid": "92ccade6-e6ef-47fc-a6c9-069783c51c6b", "value": "a-r.m-4.ISIS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "547e7c69-76c5-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1698630039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630039, "uuid": "46a50ebe-2060-4d8e-900b-3f19d64bbd29", "comment": "Malware payload (Loki)", "value": "b5f9c86eb0e0a5ed8dc27723d17118aa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630039, "uuid": "9f196fb3-cb1b-41da-bb07-0e9f38067468", "comment": "Malware payload (Loki)", "value": "c9c0dda61ef380564a70491754a148fb093d5f2b54d2f0447bdd3160acca5e41", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630039, "uuid": "336ac394-0c23-4ae1-8c28-d82663e466ac", "comment": "Malware payload (Loki)", "value": "7f987851361a441c544037f00c0926384a264162", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630039, "uuid": "23c6d68e-f72f-411b-9a3e-570b0b98da8e", "comment": "Malware payload (Loki)", "value": "3e00fe1c93d859bfb0136c1cd3b121226aab9f3e5a4cf93f2c9e3fa325404b2ae92816f0c11585acb58abd54b1ed40b6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630039, "uuid": "d1a4ce77-72b9-4aa8-bf1f-1e8312adba7d", "value": "T193E4F121B7C084B1E5B618351EF2B3326B7D75300B758EDF9B404A2D9F355C0AA36B6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630039, "uuid": "c0e75a2f-1602-42ed-9af6-dcc8f889c28a", "value": "fa8d20faea9ef7b4e2b7fbfe93442593", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630039, "uuid": "ab4d2f56-74c4-4d3f-9303-8f5f67ec2466", "value": "12288:X9cOGOiD/3gk78GLKbmtrzuIR5fbzFQvQw20VoqtgJ/UY+xrCH:NcbD/3/7D2bWtfP0qqt9YH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698630039, "uuid": "af05be5a-b803-4eae-964e-0b6e0948c714", "value": 670323, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698630039, "uuid": "d41be2f1-50e9-41a5-bd8b-2d18ce6318e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630039, "uuid": "637aab70-5fd9-444c-9fa3-621cadaffa60", "value": "gunzipped.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "132fa6df-76d6-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698637231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637231, "uuid": "23480fed-b805-4bd6-baac-126ececaec59", "comment": "Malware payload (Amadey)", "value": "8fb84055a9c24969a1c7193ede70fb64", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637231, "uuid": "9f085392-d1eb-4c34-b58b-358d4631a166", "comment": "Malware payload (Amadey)", "value": "c9d5d830e7756196b4199f220922d3643fe1475d283dea3c8da22b87d99bcb8d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637231, "uuid": "3185579f-f5e8-4364-a0bb-cba12c4575c9", "comment": "Malware payload (Amadey)", "value": "3021443d951f9f3960d173ce2c8938f322191b26", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637231, "uuid": "955d3b35-e63b-4395-8d0d-291d624b7ebc", "comment": "Malware payload (Amadey)", "value": "774c742e79824e2f72ed2e9d1362f00c96d791378edcf65ec7a07cfa650d722e77f34a103c06326f5953d4fde0c6ffba", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637231, "uuid": "ba506b4d-6cb7-4d54-86f4-4e3441d96dd7", "value": "T1DF752363D6ECE137DAA61B7418F512A3373AFC915EB24A371746A81E0D326C4E93071B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637231, "uuid": "d3146c22-afaf-4821-81e2-96abeac2cedb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637231, "uuid": "d4445a92-3168-4a71-b790-8956387aafd7", "value": "24576:eyISgUXXa6hENOc23yhxNGbA7eMrWAUcgedzi2AiPFCLa/KY8VjdyZNtNN15To4R:tvhEFxAMSMaAUHePPF4a/78fgrN150", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698637231, "uuid": "e5591284-cc82-4972-84ec-ba1542a2a46b", "value": 1611264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698637231, "uuid": "33a13dd7-204a-4495-a4fa-5ff4c7e639c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637231, "uuid": "39934701-0cab-40eb-b7d9-05bbc655b6e9", "value": "8fb84055a9c24969a1c7193ede70fb64.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d977c006-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (MysticStealer)", "timestamp": 1698690821, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690821, "uuid": "f2e97e6f-60ef-40b6-b5c8-09af9adafda6", "comment": "Malware payload (MysticStealer)", "value": "6b77a369196c9bac51a5c2515830df4f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690821, "uuid": "4f5549cf-ccd0-4c39-8baa-e94e90d1ab3c", "comment": "Malware payload (MysticStealer)", "value": "ca04a52b3f408e8f096815547113918483a0092352f6706762255b2d149b813e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690821, "uuid": "9650189c-5543-4cb5-8b98-0033e674416f", "comment": "Malware payload (MysticStealer)", "value": "c156e5c07bde4cb75456e3d49141a843a92d79d7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690821, "uuid": "bda526da-84aa-48c8-8aea-fe806391b016", "comment": "Malware payload (MysticStealer)", "value": "9d36471d752bed3a20ffd081e4bcd92a90a3a7048fb26c79189513148bb1021eb554b8dbb67f3ce9df73aa08c07fef8b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690821, "uuid": "cfd8a54c-b9e6-43dd-a282-24c577d511a6", "value": "T14935AE2179C58DB2EDE230F747ECB63A46ADE0B8071946DF02D857EEC7506C13A32696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690821, "uuid": "02716ded-0e5b-455a-ba41-45ccb3e41b3c", "value": "b6874b762c445425cfcea5128380cca5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690821, "uuid": "9802d666-dffd-4d89-bacb-ee798ec54e99", "value": "12288:3m68cKlkpYmtww5o7a0dY71eC+8/yqkOIZHEff7eKgru+CVIp3QSKiIesgbbzLdq:3Mzmtww5o7a0dGD5/yDZIiRBKUbd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690821, "uuid": "d53f68fc-5b37-4dee-90a5-b3236cbda5ae", "value": 1105920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690821, "uuid": "677076f5-30c6-4c57-96e4-b4e0bf86cac1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690821, "uuid": "d96ae01d-f45c-47e7-ad57-b35c06e92dd5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae6e4481-770e-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698661543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661543, "uuid": "2f200bfa-a038-469a-971c-5f8968cd1e85", "comment": "Malware payload (Stealc)", "value": "aca4134ba68bda11fb86c7111f8be534", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661543, "uuid": "55427068-e533-42da-a485-1131f9dbd3a0", "comment": "Malware payload (Stealc)", "value": "ca15a5ea935c76480d6cd7be6d57a8d391cdc1696c30abc16ccd2931227d43be", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661543, "uuid": "968cf800-49d7-4e75-a407-f318afa79f96", "comment": "Malware payload (Stealc)", "value": "0140e6d57ce9e17c7a0f42f2b484d88d7fb02474", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698661543, "uuid": "3eeb0929-0a59-4ea1-87db-e2b1e3d8d3be", "comment": "Malware payload (Stealc)", "value": "8041e72e5946e34a122246c332768713b480821ef38b350b1598dfbbf413f71f35459a97f66707f65c1c39bf3e31c9f2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661543, "uuid": "1cf12989-9f2b-4cc7-beb8-023d8293de8f", "value": "T195C49E51E2C14D3AC0672A3E5D1BE2AD58247D1226E8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661543, "uuid": "9a8ecb04-daae-4777-bcd2-51d8b122fb0b", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661543, "uuid": "224f44e4-4a13-4180-81f8-3893db9f41c9", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7da3BIlXSY4j+6qj9:aF7M0UJf7gxIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698661543, "uuid": "e9909e21-e98c-4568-bacf-41c1906fc997", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698661543, "uuid": "d121e8d7-65a1-40e4-98a9-eb61da51b3ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698661543, "uuid": "a8f84808-afe9-438c-abeb-f9695e9bd4fd", "value": "aca4134ba68bda11fb86c7111f8be534.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36c92d1a-7712-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698663060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663060, "uuid": "22ba820d-3eb9-430e-a701-0359f431b0bc", "comment": "Malware payload (RecordBreaker)", "value": "916e98f8de39ebb4272782de0d79b20d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663060, "uuid": "d9f84c66-4d1d-4305-9b22-2ae529b2197f", "comment": "Malware payload (RecordBreaker)", "value": "ca9bf1fdf967f8f859646098b06970c85907228f2767f613a8622884ecb16612", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663060, "uuid": "dc24be09-f1a1-4347-a2c2-e08462a31bce", "comment": "Malware payload (RecordBreaker)", "value": "cf8f1d1d80b2a05693994d5a5d4d362e8c5a272e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663060, "uuid": "a70f9366-c492-43ca-bda0-e04ec7b5a4cb", "comment": "Malware payload (RecordBreaker)", "value": "42fe5fc93941aeed1a9c72b80bfe52a40c94dc149f520e93aa5d910807d1ecf633a61afe6f6ed78534de9642a97b18b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663060, "uuid": "e3091764-c9d2-451c-8f94-07cc18c95678", "value": "T11FD50143D665820EE2B519F25CBF6FB04E842D3B992069E27B51FE196CF8550780FF0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663060, "uuid": "7a45d568-1fb0-41bc-8395-22c07777f9c4", "value": "caf409edf21090c6acdae1ee93adcc04", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663060, "uuid": "667b607b-45cf-441e-ba67-a8ac4840a9c3", "value": "49152:fZTmOKzejxEfav+cv+WD1NrYG2812Pwm3bUEERJawyYTG:frKz/a2cWWpNH2811+pE3Ew", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698663060, "uuid": "ace72b24-6f02-4b7c-b1df-edb0021cc68e", "value": 2797056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698663060, "uuid": "d5845cb1-f01c-4e7b-910f-f419a1b5ec27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663060, "uuid": "7212015b-2f37-4bc4-8881-80c810c46282", "value": "CA9BF1FDF967F8F859646098B06970C85907228F2767F.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be693a67-7749-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698686910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686910, "uuid": "1774478b-63e0-4c87-a6e7-f7f527b7e9e3", "comment": "Malware payload (RedLineStealer)", "value": "f5335eba7a8e7d39eebb593dadd00aa9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686910, "uuid": "671b19fc-1ad0-43fc-9099-6d36dbfc2f22", "comment": "Malware payload (RedLineStealer)", "value": "cb37f6e601f6358b04a52aace6cc17c67013881b5c7bb9edbac0ab52e077a5cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686910, "uuid": "e8c6ac7f-0ba3-4905-998c-3a09d6502647", "comment": "Malware payload (RedLineStealer)", "value": "611ef2f210fed229da7c4abf3597e9a404c749aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698686910, "uuid": "56acde98-a05e-4a08-b0e3-784ec7c3297b", "comment": "Malware payload (RedLineStealer)", "value": "1399c4a95071ea728b1e499ff8492313e2b7927dcf9a01b0c3acfecd8c181215c05427ebda293b66051b2b16f6de078a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686910, "uuid": "277311e9-f03e-4e88-bad5-da6ae7ef410a", "value": "T183752302BAF89072DCF15BF124F115D7177579E10C3CA78B2791A8AA0CB36E4693A376", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686910, "uuid": "635be89c-6920-4655-9718-855eae81aabd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686910, "uuid": "de37c216-0965-4fcf-bbf8-e3f3aa84fd8e", "value": "49152:k4zHFOf8h/q2OUVkSpx7yOClv03thvKJNs:xFOEh/ROiXpx7Kv0dJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698686910, "uuid": "2ffd4c72-fd64-4923-b829-035e345d42e7", "value": 1617408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698686910, "uuid": "cd9a34dd-78dc-47bc-82e2-7a0c9ef9878c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698686910, "uuid": "cbe62e0a-d33c-43c3-809f-0ad0c37e0e20", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41e1fefb-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698645040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645040, "uuid": "31f48706-b04b-4d80-9f8e-2a1dd8153b65", "comment": "Malware payload (AgentTesla)", "value": "ab08321c97a9675294d474468a359f4d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645040, "uuid": "752a790e-375b-4c51-8505-5e4436f0dce6", "comment": "Malware payload (AgentTesla)", "value": "cc0f1f233b4f1da1a556d0c99807516763a2af57cd11541b3893ed6e4d620118", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645040, "uuid": "27392b6a-6781-4b01-93f7-616759b297b0", "comment": "Malware payload (AgentTesla)", "value": "dda09e7b72005f56c4a09dbc4d2794087cd9a81c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645040, "uuid": "9c8a378f-0482-46c7-b7dd-d01d2d17d000", "comment": "Malware payload (AgentTesla)", "value": "6d1b1ce0f98e03043acb7ea770274957fcf82a246f778f33255acf42cab6e407395e61bbd55c0d00e8f8be07a3412daa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645040, "uuid": "fe453fca-44c0-476f-8594-f98d2531d38f", "value": "T174E43320037A696BD31CF4F2A44C4440B75D9D3B719EA69DA322F84C78562E2BF88B4D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645040, "uuid": "8a0eef27-8ca0-49eb-9a1d-2619579ebb1b", "value": "12288:ZHnW3hvg0BOdVQqG6FHOp6g6G9FAx+v2XxEveVVi4BZDXanxvzUExN+bPBxP:ZcJDe86gEEuXWeVVivNzvxW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645040, "uuid": "5a6b317f-59b9-47f0-9bc1-29d65d6f1931", "value": 688389, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645040, "uuid": "6334ec21-755c-4d93-b661-bba9809a4660", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645040, "uuid": "697f4e60-ed69-4882-9ece-733315fb4bac", "value": "USD 18,772.00.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a70b874f-775f-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698696320, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696320, "uuid": "3f962fdd-0e6b-4a27-b7a2-ebc7f90e6e33", "comment": "Malware payload (Mirai)", "value": "7d12d04b8c570aef81aa8c5c0c134b33", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696320, "uuid": "0a5f368e-893a-4695-ade6-d58177a0afa3", "comment": "Malware payload (Mirai)", "value": "cc709435a1bf5b7e731b7c7176999d725a91f97f796ec4da6168a5e1ca4eb23c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696320, "uuid": "fd321dc4-4a3a-4338-9a89-7800d72aba75", "comment": "Malware payload (Mirai)", "value": "fc08b73d22e78e6f5f104d72aaad712a049b252b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696320, "uuid": "86e5d91f-9edf-4361-a0a1-36ac91e2c045", "comment": "Malware payload (Mirai)", "value": "a6d1c9f214eb25256220b991f25923afd8a50ad2d93429845c4cfbcf30e5013f8f7c27738ee743c97c8935c5a60235c4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696320, "uuid": "7f212c83-8285-4dfb-a607-72030399f6bd", "value": "T14D732A26B97A1E26C0D4B57E60FB8B11F6E1278E26B4C50A7D720E5EEF147006502EF7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696320, "uuid": "b81f7a68-8cb6-497f-901c-a114762177d7", "value": "1536:hD/B6f6UD5hAS7mo0DCCAXpSKV6v3G78nN9Wb:927jqCt8v3GI/8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698696320, "uuid": "53283b13-b830-421f-b068-6edbbcc60f41", "value": 74752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698696320, "uuid": "4f56e5bd-3f7c-4c76-a03f-b515279172a2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696320, "uuid": "5cf57af9-6dd8-4f56-88ca-778e4e95a745", "value": "7d12d04b8c570aef81aa8c5c0c134b33", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb38e99f-775c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698695092, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695092, "uuid": "cbeaf6ef-a77d-42ec-a954-342c9b658ea7", "comment": "Malware payload (Mirai)", "value": "d0459cdeb3f9dfe9d46b74e1c70476e3", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695092, "uuid": "ba94a11a-e943-4050-9e8b-0620d71aeea3", "comment": "Malware payload (Mirai)", "value": "cd80caa060b02d952748f3bc9e72eb7a1f1ac2360e787b607bab52e92c41c759", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695092, "uuid": "e60cbff3-eab3-41f3-ba9d-32c95b67d76a", "comment": "Malware payload (Mirai)", "value": "e96f48eec219ab100c9a5672aeaab916f28e43e7", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695092, "uuid": "a48208c4-d0d3-456e-8d74-fd9bceb611f3", "comment": "Malware payload (Mirai)", "value": "fe040df72f092c21a3873370422cf78fea7e5a92e724e39fb953c794437fba2cd38d1d96dec85daeeb8d877067717b60", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695092, "uuid": "28a31b74-bfba-4e30-a68c-d5881c206a30", "value": "T1A0C2E193A4E98E05C87281376E1F259B21386439134DEE2A363AEFDC63464B4A175D93", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695092, "uuid": "56a5f5dc-166b-473e-b99b-355a4967e42b", "value": "384:MRSx9WXUx5+bkbRaliVErjrL9VD9jPwrSaf5dwapDyCTYHHJC8oytPFnAqV/LlTH:t5+Kcrb9VDJe5FLTYTlPFnz/sPYeu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698695092, "uuid": "679bfe08-4829-46b0-a2a6-7560aaf450c9", "value": 27704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698695092, "uuid": "7da0e7b7-314e-4b8b-a2a1-0646d8a39fe1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695092, "uuid": "079a4d9c-e9d1-4579-85e6-e9ea0bd1dd89", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bd586d8-775c-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698694851, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694851, "uuid": "528d447c-5518-4e5e-843a-bda794989a85", "comment": "Malware payload (RedLineStealer)", "value": "71f91e278fa65db096540fe49febe054", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694851, "uuid": "75643a8c-6700-4624-ba3e-cbc11691aea2", "comment": "Malware payload (RedLineStealer)", "value": "ce4b36f2b0a5dd0e066d8b8441c6bb4a4a20e77a505b975363d93f1792f80fea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694851, "uuid": "9bfe670b-aad8-48ac-b5c0-37f608cc5cae", "comment": "Malware payload (RedLineStealer)", "value": "2a64d72bd2e22a32204451016c1d02dbd6cb5f82", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694851, "uuid": "813cbdb0-8ebf-49c0-8675-9176de33c3a1", "comment": "Malware payload (RedLineStealer)", "value": "ba8c3c744bcbd0f8129dc31e78afaafb2ee0b63b9c9b6a523b50df79ff47892b322a11452fd35874c08de08a19e9664c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694851, "uuid": "c434551e-bda7-4e41-a051-ffbdbdc5290b", "value": "T1167533107D4DE67ECA76CFB7B10647252BE0BD306111C65878ABB1ABEE2DEC8B794110", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694851, "uuid": "239c9594-10b5-4bc4-8f93-96aefc1d3514", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694851, "uuid": "3a50846e-787c-40b6-a23b-34f6dcabba0e", "value": "24576:nmNiHbqBmWBvuSBil7wC8EeCP99K+3ZW5siXZdjt9dwpiQIbbz/8GmVYr/A:nmDMWlBilMxCPBZeJ9dwwQIbf/8D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698694851, "uuid": "ae7a0c67-8a76-475e-ad0a-902df39e40ce", "value": 1593720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698694851, "uuid": "884da0c5-4b23-46ac-87d4-7475d0f27295", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694851, "uuid": "5b5c641a-879b-4f80-96ca-96deda9654e6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3677e27d-774a-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698687112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687112, "uuid": "a0014efb-e9af-4b94-96c3-76b5d9fd2b12", "comment": "Malware payload", "value": "fb60a0bfce9da6b14f1d280476982d89", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687112, "uuid": "93e57677-491f-45b1-b413-345259ee4bad", "comment": "Malware payload", "value": "ce9da47d1d49b52fb8864201ee2f284d04d5c76748128e429c852c44c1fa1437", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687112, "uuid": "4e712d8f-c761-4f3d-aebf-d87e7d169a4a", "comment": "Malware payload", "value": "506ffc8fa8fb76daf4646bd1a3174488cdde89e1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687112, "uuid": "be561acd-9986-494d-b4e2-e0b7ff4c3c5f", "comment": "Malware payload", "value": "c4d2c89b2ab0d352e5817afdc4418f6483e498a7d624f4e9ff1b129a8ee639032dd3377184983166a78a24f0a6eb735e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687112, "uuid": "d6d84d42-0fd3-47df-82f7-0ced3040c3b9", "value": "T1D9549D11B481C472C9EF2232152897B98BFDB9704AF1D98BEB95296E0F331C1E73165B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687112, "uuid": "23a2dc5a-74b6-4418-9ac5-6390dfaa4a26", "value": "e1c0a4042c52ea8a187a21f64770ece1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687112, "uuid": "e7a31ddd-4137-4e34-a36d-58d75e7aa0dc", "value": "6144:fYO6xRBLV4jfKWZRkgi42F6IQZRroJX3MpM1Oln:fR6hqjfHZRkgi42F5qyCn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698687112, "uuid": "9d1e620f-9646-4a25-8a95-86fed8891567", "value": 280064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698687112, "uuid": "726c3a1f-76d5-4198-8243-7cf619e8108d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687112, "uuid": "27cd0e7a-09ae-4ed2-b977-53c8d39cdac5", "value": "hal.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fd241e3-76ec-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698646835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646835, "uuid": "dbb085b8-ea42-4d35-805c-2aa275767508", "comment": "Malware payload (RecordBreaker)", "value": "09ea67fa4ad245eeb41719b90293f257", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646835, "uuid": "ffd29ccd-ed50-4eac-8a25-d7551350268a", "comment": "Malware payload (RecordBreaker)", "value": "cf0e25fb0aeb175f6a9c7d85ca576625b0f6b55fd311a8c56fed9c78b3ca298a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646835, "uuid": "24b56cee-08b5-48a1-ad13-a5d21c44db42", "comment": "Malware payload (RecordBreaker)", "value": "b58fdb0f7dd798e5d2f4295cd1c96d7996e8bc76", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646835, "uuid": "6d256e3c-a6e8-4d21-8c0a-7ceec3428509", "comment": "Malware payload (RecordBreaker)", "value": "35aa7b8deef3d70a2536ecabdaa804673788d631c5721500d1a4230520288993e7c34dbbd25d503e2eac75cd1f43f0d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646835, "uuid": "ed07cb6f-8422-4acc-a83c-8089037f7f34", "value": "T148158D2138D09176EDF220B743ECFA2643ADE0B4072516DF06D857EED7606C27B3669A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646835, "uuid": "324e2dfd-32f2-4450-86bb-8e9d0c38defd", "value": "f030c1fd78181b976a79f24c5afc47f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646835, "uuid": "527c7397-a907-4132-a85f-059897f1c73d", "value": "12288:hm4zcCDaHhNmNwTOHKzE0E5GkDy/2yRoYhdZpau4NN19gupDZvKtFDAM:NRDazmNwTuKzE0E5nD3yJrZpe0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698646835, "uuid": "cdb2bf90-d445-488f-af68-c0704559781b", "value": 930304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698646835, "uuid": "983d0dda-99c7-4c5a-9dab-fefd68129f00", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646835, "uuid": "4c4cb801-bb44-4dd4-834f-84a7cd8c3065", "value": "09ea67fa4ad245eeb41719b90293f257.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc0e3b46-7721-11ee-8907-42010a9c0042", "comment": "Malware payload (RiseProStealer)", "timestamp": 1698669753, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669753, "uuid": "de12168d-fc6d-415d-86ad-a47818f49c81", "comment": "Malware payload (RiseProStealer)", "value": "dc609ab902d38535a34a6025180e7f4f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669753, "uuid": "fc6d0d2b-c208-40d7-804a-9e34f4f3ab6c", "comment": "Malware payload (RiseProStealer)", "value": "d08fc62a60cd555065bf1bb8f0e5d8f1ee6992511eb45038d2640d4438727d44", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669753, "uuid": "15309543-a7dd-4b30-9ca8-20dede4a1928", "comment": "Malware payload (RiseProStealer)", "value": "56bb1d3b3b5c411fc767acc8ddf7e8305058a7cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669753, "uuid": "83aa0762-8ab0-45a1-9e4f-52c707a5b2cf", "comment": "Malware payload (RiseProStealer)", "value": "de8c22fa8e84ca1397401f5c041ddd599c1db4fbc00a0fa7dc2ac886be2f1d0ee84426e044a722421d3e94702301c348", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669753, "uuid": "3baad3cc-ca55-44b7-8405-60612c560947", "value": "T17A5623419BCD30B4E5B802355662AF2DF8F76E2732019D18706D3AE76BFB494943329B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669753, "uuid": "6aae31eb-e51e-4e8b-9689-7f5f2910e06e", "value": "0d0546185239791e3ac977a371dfba41", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669753, "uuid": "54f965d4-c2e7-4d7a-b644-d59688bf6929", "value": "98304:xIaG82rZ7NQNd4a3f5e41octDkVVVx9i4WgYOb0mn4dzlTvPu7wQIlSe/JEgawtM:fG82r8Nd4a71DgVVFiQh4dBDu7wNld/U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698669753, "uuid": "f09cf5f9-2349-4f18-b2aa-9ce41e807bf9", "value": 5911224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698669753, "uuid": "c5fa3519-c05b-4044-86fa-9e0f49b58eae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669753, "uuid": "35e04f02-ae69-47cc-a3e0-61f6ce2417a0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b864d74-76fa-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1698652894, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652894, "uuid": "05fe49a3-38f6-4fa2-846c-4393935f312d", "comment": "Malware payload (LummaStealer)", "value": "2fb4f825fe7e8c33bf88366773d31496", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652894, "uuid": "a5c32a86-cd12-49c4-a9d4-04a3868297f6", "comment": "Malware payload (LummaStealer)", "value": "d0d97c70ea6e26b3708dc101a310f056d690bbc17306c493ccba4a6f00fad541", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652894, "uuid": "1e9f9398-d392-4c9e-8a2d-68644002ee2e", "comment": "Malware payload (LummaStealer)", "value": "92593d08d2e69097fbd838347458e1d1fbcb83c1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698652894, "uuid": "b7dd2b98-45ad-4983-b6bb-a78ab8831352", "comment": "Malware payload (LummaStealer)", "value": "5abf32e640f1152c986b4b424098eb347cfcde4f25c0d8a922a38a0d6d1fe624e2927d2800a539c9a485df8bb45de28c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652894, "uuid": "63251654-1f0a-4d20-bd3f-43d5138c3489", "value": "T1A7249E1262F16C61F57766315F2BC5F43A2FF8724F5CA66A2318EA2F08B02A1CD72751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652894, "uuid": "1d58a136-2fcd-40a6-a8c7-b9f5e17c3e5f", "value": "a7834573a680f6c5596ccc88099e7718", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652894, "uuid": "639bb976-a641-4743-bf2e-7cdac92657cf", "value": "3072:L5XKAfS4mUPjUtn7uNs8horIYjUi9Uf07kvTavE1Sxpx5rx5t5ZO:hKoS4FPYhuNs8iMG9RvvEs7xV5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698652894, "uuid": "4752c1c1-052c-484f-8fc8-d0ec9486db3f", "value": 216064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698652894, "uuid": "eb1d97ac-b8e5-4333-9776-2a56713d13a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698652894, "uuid": "56f9e555-9542-41d3-bd08-45f94b0f27dd", "value": "2fb4f825fe7e8c33bf88366773d31496.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4237b2a2-775e-11ee-8907-42010a9c0042", "comment": "Malware payload (njrat)", "timestamp": 1698695721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695721, "uuid": "82173fca-747b-4c0b-bac6-ff1a801a54b0", "comment": "Malware payload (njrat)", "value": "1f1271c5231cbf3607551edfa424692b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695721, "uuid": "2eb9b0e3-94d1-467b-9069-b78e705d494d", "comment": "Malware payload (njrat)", "value": "d22ce6ecc2f98d7507f41b3e43af3b08e8aad02f3cc7740bc77812931c3f7ab1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695721, "uuid": "938690d6-f359-448c-a843-cd4f76283ebe", "comment": "Malware payload (njrat)", "value": "72d7699269fe9d089177a2cdb653d54737a87539", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695721, "uuid": "11028a65-87ef-46e0-827c-d30eb3c1938e", "comment": "Malware payload (njrat)", "value": "2ee51e10c8888fb5299c6438967f92c61119ce39db821ca5b05d66bd2e0e002248ba5421228c1645c28b7cfa7049cc36", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695721, "uuid": "9ab8a11d-6f4c-448c-a396-211c69f5f5ee", "value": "T12EB2184E3FA98866D5AC07748AB5965003B491870423EF2FCCC554CBAFB36D92D4CAF9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695721, "uuid": "09cd0004-82d5-4843-a9b4-77064e8aca9f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695721, "uuid": "23e8c094-e9e5-414e-af8a-370749f80b57", "value": "384:5luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9FmRvR6JZlbw8hqIusZzZZJQN:OOmhtI+RpcnuBN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698695721, "uuid": "5f3c367f-720d-456c-8dd7-5ef6ae0f620b", "value": 24064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698695721, "uuid": "628b6a43-8e33-49ac-a547-098a5c82581c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695721, "uuid": "49588850-1404-41df-b80f-c49e0c0e2f21", "value": "1F1271C5231CBF3607551EDFA424692B.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cde34d9d-7722-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698670186, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670186, "uuid": "6dcc24db-91fc-43d3-b91e-4fcc217859d7", "comment": "Malware payload (Amadey)", "value": "deb414c20dd5d1be338320e944599826", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670186, "uuid": "e0fed3ce-baf7-441c-bf78-ca082e3bbbe1", "comment": "Malware payload (Amadey)", "value": "d28f5ff7eed223d934bb2f8ab8f566cdafa9979110432f16bef4bbd8f87b6e44", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670186, "uuid": "00032252-9d53-425a-863b-704b3159e2c0", "comment": "Malware payload (Amadey)", "value": "02b0383ddccf62668a7bde5343f91c30d336f5f9", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698670186, "uuid": "dfa10418-de61-41f4-b775-58186fa0c838", "comment": "Malware payload (Amadey)", "value": "04e10d17fbe2db887f94a70884123e6d76adef7a60318ca2465f9496ee95f75b5599a2fc4d63c67969c0c9528d3d2035", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670186, "uuid": "ebe988f6-583a-42bc-a8c8-8cde8c565562", "value": "T18C552323AFE44533ECB063B0A9F603831635BD9A4C38527B27A6BD5909B2D54493637F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670186, "uuid": "3db08ca5-9804-48e3-af0d-88e016389dc6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670186, "uuid": "38db971c-06be-4295-8850-6736a62dc3f6", "value": "24576:MylewKaHvAwe0elUfRVXvF5itYNZO5WZuW4blTTSlv5a5+7hrTardXa:7gwKaPA03VXvFvZZkav5A+1+dX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698670186, "uuid": "d124ac25-dddd-4250-be8c-7dd157689be9", "value": 1375744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698670186, "uuid": "ce133f74-94a8-4b0f-973c-dd2680a96c81", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698670186, "uuid": "0f18eabd-2dc6-4d44-9391-09518d30ae49", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a558b4e-76d5-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698636840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636840, "uuid": "30b9e970-0082-42f0-ba19-4c666f298a37", "comment": "Malware payload", "value": "62b6c83d29a7533ab943593eb4dc361b", "object_relation": "md5", "Tag": [ { "name": "DarkLoader", "colour": "#FA1D8B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636840, "uuid": "17231ba0-4e08-41b9-8189-3f54f5eeb76f", "comment": "Malware payload", "value": "d38167696899873f8de15f6ad865522318ecf702047b1b36b8107317324451da", "object_relation": "sha256", "Tag": [ { "name": "DarkLoader", "colour": "#FA1D8B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636840, "uuid": "61bacf3d-bc9a-4703-86c9-574b95261910", "comment": "Malware payload", "value": "2a6d3bed532167f42604f2527ac03099dde7f676", "object_relation": "sha1", "Tag": [ { "name": "DarkLoader", "colour": "#FA1D8B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698636840, "uuid": "bc373898-13b6-4edb-a579-efe0daec9ec0", "comment": "Malware payload", "value": "493fb536fe4bbd53c629c0de96bdfe10e35ca785d5356c269a7a9c79ab3777f78a7e00dcdb73fe49e1f6e9c2636479a5", "object_relation": "sha3-384", "Tag": [ { "name": "DarkLoader", "colour": "#FA1D8B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698636840, "uuid": "ffbf1767-4131-4fd0-b2b7-5746ad16ff02", "value": "T116C25CC2E70905B3D3AB0234B8A54E768A7C77700AE05293FB93510D5DB81E7F53AA5B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698636840, "uuid": "8e81e9ea-39b8-48a0-8a07-1ff1135ce902", "value": "768:jZ8F7oe4UkoFODPNRJP0iqPKZBzAscK3Kl1c:jZmkoFODNRJkKL53KlW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698636840, "uuid": "dc26ea38-a997-45a1-924d-7e3f12097829", "value": 27259, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698636840, "uuid": "0b0f63bd-93b8-42e7-bbab-7dcd1cce2819", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698636840, "uuid": "2c6f1b43-7750-424a-aaa6-293328fec92f", "value": "treasurewh.cs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f94f9b1d-775e-11ee-8907-42010a9c0042", "comment": "Malware payload (njrat)", "timestamp": 1698696028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696028, "uuid": "4210212f-299e-4ed6-b97a-85419e269798", "comment": "Malware payload (njrat)", "value": "47e16f20263a881b3c927c540d7cb791", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696028, "uuid": "c1e05925-4f66-4f6a-825a-47a402dbd6a5", "comment": "Malware payload (njrat)", "value": "d3d7a380b5cb59c5f7793c552dcc32edfc2281af564172388883bc597856d514", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696028, "uuid": "e79356ff-1c3f-48d6-ba5d-b386eca666cb", "comment": "Malware payload (njrat)", "value": "66df5d5f36d4e5e62791b94e9432aba3228074b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696028, "uuid": "4c655c45-b8a6-4282-97e1-4cd08dec33fd", "comment": "Malware payload (njrat)", "value": "db6d30f1acb3a442427c6ae18a278d2dc83272ba3d84841c06d3d208b596519fa03e7ea681bb524fd098549b6b687cf5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696028, "uuid": "f74e9494-a730-495a-9611-a9b8f4fcee09", "value": "T1AA2307467BE58219C6BC5AFC9CB313110772E3438532EB6F5CDC48DA4BA76D04641EE9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696028, "uuid": "19ee6a47-023f-45d8-b2d9-def266fd3e64", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696028, "uuid": "a8cfe802-d43d-4d70-992a-e746ab0e6b2c", "value": "384:20bUe5XB4e0X+OxWANuiEO0YaHWTgtTUFQqzFGObbe:XT9BudoguiEYuobe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698696028, "uuid": "1ee49110-c6f2-4703-b08b-90e9753eb597", "value": 49152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698696028, "uuid": "74314b1d-62a6-4fe4-bb54-f75251d972a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696028, "uuid": "f2663f8e-e88f-463c-a08f-605892a7c4fe", "value": "47E16F20263A881B3C927C540D7CB791.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f4f1b1b-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698644982, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644982, "uuid": "f334676f-2f81-4256-a4df-d7f878cd4f70", "comment": "Malware payload (GuLoader)", "value": "3aa9843bed9be23bc005e6175ca85d74", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644982, "uuid": "a5c50b4a-c128-4d37-b4a2-699c99759445", "comment": "Malware payload (GuLoader)", "value": "d4ec693bbdb85f4d42b64c19e4660860a804e7ab840aa1e6af1f1c8c96df4255", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644982, "uuid": "8426b4f2-5a0a-40d7-bcda-02d63c0baf92", "comment": "Malware payload (GuLoader)", "value": "f5b79b6a7766a96d0ab10f7048d213733f2037aa", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644982, "uuid": "86f23948-2256-405a-8555-5122ae736b8d", "comment": "Malware payload (GuLoader)", "value": "954333e18ede372908b7843efb45338a0d50f08e0367b42d25bc20fd39f801353ab3055a035308faec95968f80cf16ff", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644982, "uuid": "80e1ca8e-0780-4348-9746-9cbb4aba650d", "value": "T1DE935DE2DB94161D4D4B27AFDC4249728DB8812D3613063AFFED078DA20795C93BEB49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644982, "uuid": "0f98adb3-b65e-435b-8826-3e10a33bb112", "value": "1536:PtWVEKDqxd5cPljwdHrhbLZCWII+iWfwGQFYXB01uliwzIOFeBGjpy4:lOlqxnc9jwdHVLuI+LovFkqAliwMseBw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644982, "uuid": "0fdea3f4-3e93-4e36-8eac-994dbd165806", "value": 90911, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644982, "uuid": "04118629-fee9-4767-8d7f-d2a28a2aaf5d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644982, "uuid": "61028cda-8f13-4380-83a3-779f03048236", "value": "\u7dca\u6025\u5831\u50f9\u8acb\u6c42\uff1a202310_29432NYCUTW.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79c9f3de-76d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698637832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637832, "uuid": "588789aa-a0e2-419e-a5b7-1fcaeca55642", "comment": "Malware payload (Mirai)", "value": "5a73a83f989c2530ca73a87635b0013a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637832, "uuid": "e20740d2-919f-4f34-9092-c63975e99ba6", "comment": "Malware payload (Mirai)", "value": "d67f3dec3ec8869cac727a6e3eee3db1a8b4b3a7a2e9e19ce0c7fdb00b23a126", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637832, "uuid": "adbff2c7-a286-4bab-b478-f3faeecaa2c8", "comment": "Malware payload (Mirai)", "value": "5f60658c2a434f18a7c54d9a5b9be4d1da30bb40", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637832, "uuid": "ad9ede13-3c38-4817-9c97-031e3f192b08", "comment": "Malware payload (Mirai)", "value": "e5ca154b81a01a04ea7f571a8c6b9cb33dabb81114d4e5c1845bf6acdd2e6ddc2a60f36c526024a4e61539a809a59b87", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637832, "uuid": "996d8744-09ad-4416-aef1-3c3f9fb469cb", "value": "T153D2E1A07E8E8EB1C3710F36FA7DDB922BB312BDA479353938D42612C38A0055559D97", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637832, "uuid": "8bcf3efe-6469-4bff-aefb-b5b3e898d616", "value": "768:YjjbHpN165ozDIYpF/ChT1Re/iQ5aNdjTOSBtOEQqfPBqX8UAtJs3UozF:YjfJN162hF/QjeKQ5ajBtOEXBqXOtUzF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698637832, "uuid": "172c4e09-841f-401f-86df-01a79ef7c12b", "value": 28752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698637832, "uuid": "67af9902-9d43-42c4-a6d9-aa79785cd803", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637832, "uuid": "dd19dd97-a50f-4f25-8a1f-545addc8edab", "value": "SecuriteInfo.com.Linux.Siggen.9999.11286.6233", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61f08f7e-775b-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698694486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694486, "uuid": "e7481e44-2a09-40de-8cf3-e1bd269360d0", "comment": "Malware payload", "value": "6379b5e4199a88919b1bc31e1e3a296f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SVK", "colour": "#3492BC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694486, "uuid": "f1236006-26e6-4c77-bd11-7f9a9332977a", "comment": "Malware payload", "value": "d69ec137e51ef7166c3f2ecaf8469004ff0ea71585697db496ace68513a977f0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SVK", "colour": "#3492BC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694486, "uuid": "6104e1ce-c37d-41a3-b583-43467c03e063", "comment": "Malware payload", "value": "5386b2ea8f4d927c74b14f900151430ef7dd5f0a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SVK", "colour": "#3492BC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698694486, "uuid": "95e3b108-0708-4086-8806-679484ab0d11", "comment": "Malware payload", "value": "f51b3b166c0d10f57abb408c570ac82f2fe8341f26116f97ea4e3ff927b77091dfd6d545490254b5a2941ed3043e26e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SVK", "colour": "#3492BC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694486, "uuid": "f8fe9e36-10fe-4600-93fa-65f6aecb2b88", "value": "T12975E04A73E90AEEC367913CD947AA13E2B078451310A7DB27D5899D1FA37E01BBD321", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694486, "uuid": "405cbaf0-3eef-491e-bf93-8f0b5f26eff1", "value": "6bc2ac5ddde9cd8f461d79dd928eb410", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694486, "uuid": "f0a9d51a-3eb0-44ff-9c95-8129bdf9468e", "value": "24576:Gh90PFK5rZqRR/Z+XUvklwFi2wDSBnkptl7WRco60OegX7Aoid:nEVA8Ev4Pf4nkdV0Ervi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698694486, "uuid": "3df5e00f-57d5-47bb-a471-7f94b1f1e867", "value": 1605120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698694486, "uuid": "836e46b8-9b2f-4f11-baf0-996dbac5e9a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698694486, "uuid": "7019ad67-608e-4f54-b269-a691e38e5d79", "value": "d3d10.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2475c1b1-7719-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698666036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666036, "uuid": "34142bd1-eb81-4d58-8c09-f5ab53f69b2b", "comment": "Malware payload (RecordBreaker)", "value": "a0a9a6ae303d6351249ed8c5892ab549", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666036, "uuid": "8cff0ee7-0270-4c9f-a1cf-3be4c1ba996b", "comment": "Malware payload (RecordBreaker)", "value": "d7fce275b45595bccd4f35b10a75e1a73b8e97c27cdd0393553032b92ddb3703", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666036, "uuid": "278bcaa0-bb6b-4d77-9474-c40004a220ed", "comment": "Malware payload (RecordBreaker)", "value": "d06d361daef4e07b3a021f60e07c44e969b26d79", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698666036, "uuid": "c55a4987-ef2d-44c8-a8a5-dfb43d1e00b4", "comment": "Malware payload (RecordBreaker)", "value": "5ce823f22600eea8618aabde1cb17838cbd8913e767e530031f1721a444735af9b8752d2dd84ffa9a585e12f86d0ace3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666036, "uuid": "05600a02-b84b-455b-b40e-cfa8c33a93ce", "value": "T168157D2138C49171EEF220B743ECBA3682ADE0B4071516DF16D86BEED7606C17B37696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666036, "uuid": "69c87091-72b9-450c-ab49-c8617ea7c477", "value": "d880d0ae07cf434dea838358ed4c863f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666036, "uuid": "ec156a02-8063-4f56-8135-1d18da8d03e1", "value": "12288:s6ygLhtoj6WdgRT/26p6tNH0p0lGGbOFFdpulP6j/Zus897tzLwti:IShtk6WdgRT/26p6jnGGbODOqCt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698666036, "uuid": "ae5215d0-e06b-495d-bacd-7dbe8e505d8d", "value": 934912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698666036, "uuid": "913f2bc2-18c8-4db4-b3f5-397a0546543c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698666036, "uuid": "cdc4f16a-2fb7-43e1-9d05-aeb757f6cfe6", "value": "a0a9a6ae303d6351249ed8c5892ab549.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48c07aff-7750-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698689719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698689719, "uuid": "de8bab08-1c77-405a-9981-dc7ecc260a98", "comment": "Malware payload (Stealc)", "value": "ac922ce39d4d2aaeab1cdc528ef2b7aa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698689719, "uuid": "9bfb3c23-1396-486a-a5e0-9298cc453e43", "comment": "Malware payload (Stealc)", "value": "da4b24ebe1d17357f778a9947a8146fd9d7e88d1f64a65695fb245fbccc4269d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698689719, "uuid": "ca548c0a-af90-4c6f-9ca0-5190e166acae", "comment": "Malware payload (Stealc)", "value": "a8c680465ec93dd06885a85baf84a860c06b11af", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698689719, "uuid": "894cfff1-300b-4c8c-963c-65ae0eab1819", "comment": "Malware payload (Stealc)", "value": "09824c8e48a6462fc52018113e7fe7400a368d086a46934e50f573ebd9f53096dae2e3dc69bf39ecf9b6332da7329210", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698689719, "uuid": "1b32ba03-ac6d-4e8f-bbd9-b8581f0dc82e", "value": "T115C49E51E2C14D3AC0672A3D5D1BE2AD58247E1226E8D88AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698689719, "uuid": "71758695-d09c-4341-a968-d78d61949186", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698689719, "uuid": "5c7af091-a7ca-4766-a013-e5ab8016289b", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7daLBIlXSY4j+6qj9:aF7M0UJf7gtIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698689719, "uuid": "57874ec1-ee13-4d59-8f70-a76b13e5c1b2", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698689719, "uuid": "a0c6edf9-5ba7-4d81-9236-969b6f0a050e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698689719, "uuid": "5d0924b3-1d31-486e-b140-eeb1feb711c5", "value": "ac922ce39d4d2aaeab1cdc528ef2b7aa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d832424-771d-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698667877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667877, "uuid": "cb57ca25-93fd-4915-8601-f9bdef263032", "comment": "Malware payload (Mirai)", "value": "3adc24c78253e67cc127ab1f26eefcd2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667877, "uuid": "50d3bb97-1319-4fbd-922a-6e687f7b52e3", "comment": "Malware payload (Mirai)", "value": "db82ab5131431b262070085649901cdce63323ca61088c8b1c5a6ecb20190d78", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667877, "uuid": "c34cc289-752f-4ca5-8349-1461d279f6d9", "comment": "Malware payload (Mirai)", "value": "d1e645392b440462b1387099c58c1b248ebfe835", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667877, "uuid": "9da39f8d-e1de-403d-a9a9-169494000cdd", "comment": "Malware payload (Mirai)", "value": "bf970f676a1178371d26cbe13bbde0481785c1b02ce6cb3194de86cf3cf3cdbe8cb74d00f96ce91ceb7461c1c80ea7f7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667877, "uuid": "de5a9797-94e3-4178-a597-ff6ea0d3ce9f", "value": "T13C042A46EA404B13C0D627B5FADF42453333AB9497EB73069528AFF43F8679E4E22905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667877, "uuid": "ca95fb66-6626-44b0-b31d-a98e944796bd", "value": "3072:pCR/56elz/h8kgaj4lyCMkHET23iUBVts/hJjogM/RhbIEv:pCRVlzJjgaj4lybkwuBDs/XMgM/RhbIO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698667877, "uuid": "7ae43698-6e5d-462f-adee-9aaa45e87951", "value": 179781, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698667877, "uuid": "e988d9a2-3227-481d-a4c2-9bef61b975c3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667877, "uuid": "ad231332-97d6-413c-9068-9786562efe10", "value": "3adc24c78253e67cc127ab1f26eefcd2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afe66400-774b-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698687745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687745, "uuid": "9cb2b818-c5a8-4a0e-ae71-458394ef742a", "comment": "Malware payload", "value": "5b8610f908efe0f51a1ccc68c045d032", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687745, "uuid": "16327d7b-04c0-49d6-a77c-323342a10d76", "comment": "Malware payload", "value": "dc2b127b05bd5bf4927fbf18929bb95680144252ecc1f170349dca23464aa0de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687745, "uuid": "310669f3-7d18-4ff7-b82c-6720475a0149", "comment": "Malware payload", "value": "86c4d2411e35329d76976c27bf2782f0e81eef1b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698687745, "uuid": "bfa36e83-00de-4c3f-92e8-5923c95b0bc4", "comment": "Malware payload", "value": "1c2c8090f654650accaeac6dc8e5cab87e80b38947041169112de5a14050272f0aeb9f90fdbd2ac4cd1e2ab86cc012da", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687745, "uuid": "3c781d95-30c7-4106-af7f-400d07e6b823", "value": "T1E4D5232277904CF5E8A7163DD981C50ADBB2F4112750E6DB47A4EA370F133B26D7ABA0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687745, "uuid": "047f3496-9e14-4dae-a46b-7f4cdd74ebcd", "value": "380d2cbec5e800eecb6612f15b9ac012", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687745, "uuid": "acd707d8-56bc-41dd-870b-3ac99c2f41c9", "value": "49152:FbKqkS77rgMOQJGwYaXdH1i6ibINA/8jjQjLcadhI9LrSmZuwXuPH7CSrO94oubi:N5kDQJUq1i6rNA/SQcqC4mlXujC/MBk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698687745, "uuid": "8f494de5-86a6-4351-bfed-4297dabd2a1d", "value": 2875146, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698687745, "uuid": "6dd718ce-3d53-4d85-ae95-f3b420df7d11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698687745, "uuid": "9f887a00-f199-432d-a332-5666065b0aff", "value": "5b8610f908efe0f51a1ccc68c045d032.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ac2f98e-76ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DCRat)", "timestamp": 1698633942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698633942, "uuid": "8e29c107-96d5-48e2-9ef2-750fd5d5d229", "comment": "Malware payload (DCRat)", "value": "0bb6e434a9d037caa0030ba007831d39", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698633942, "uuid": "5fc81f2d-3ad5-4e76-9fd2-422a613ce36d", "comment": "Malware payload (DCRat)", "value": "dc4a96b2332b63be986e022a98d1461ba3c07cf2dec199328f5bf5706e65cd70", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698633942, "uuid": "2cd4b4e1-5dbf-4488-88fc-cdcfc21fe911", "comment": "Malware payload (DCRat)", "value": "015666c3d478ba1867b8e596e5156f5e985432ac", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698633942, "uuid": "2328a96e-2979-41de-866b-7ec9c7fc1915", "comment": "Malware payload (DCRat)", "value": "8e7cedf95453755a3c9be8b20267e89d5f40feb4dfcf0bb3bfe876db3ad5b4e07baeb84ad67f233898f9a8126655ca9b", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698633942, "uuid": "22aeb135-ba81-4cff-8507-83a9343a9bee", "value": "T170455B017E44CE01F42A1233C2FF45584BB4A99166E6E72B7DBA37AD55123A73C0DACB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698633942, "uuid": "361cf036-2e77-4a31-aa00-2aa7818ee66b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698633942, "uuid": "4d3c01b8-7844-4c17-b47e-95b965fe1793", "value": "24576:tX4BThjHEeNFAYU4Jtx5YUxeS80l7hemc:JWFE6UkUS80r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698633942, "uuid": "12b0ac57-4d52-4ef0-89c7-6e0f3c1c9085", "value": 1223680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698633942, "uuid": "013a676b-894b-49be-9146-8041dd19c02f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698633942, "uuid": "a47218e7-9b2a-4f90-be10-46e6a3b14c6a", "value": "0bb6e434a9d037caa0030ba007831d39.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cbd339a-7713-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698663473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663473, "uuid": "5c7498d0-d5e1-4398-b479-b6666edc9df7", "comment": "Malware payload (Mirai)", "value": "480fa8669435c01bb6bb60b127fddadc", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663473, "uuid": "2dfa6e27-dc9a-4904-8028-dc4c6e20db92", "comment": "Malware payload (Mirai)", "value": "dc6979a68ec1a109c92a79d8d77402b3b79d635439181fa125589aaf2f9e13fc", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663473, "uuid": "ed1a7ce2-6bae-44b5-827d-e07b5e69fcf9", "comment": "Malware payload (Mirai)", "value": "b77c49a52df0ca8741ee70fedf3a6073b62aa4c0", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698663473, "uuid": "3b0c932b-4a79-4caa-add9-3b2a3087667b", "comment": "Malware payload (Mirai)", "value": "e71b9a112018169b692e656f022f2b4187a8fde42c6780d20e317181342642c53422b386324511ff406be95763964c7f", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663473, "uuid": "91e5c26d-adb9-473d-a725-82db5a520d09", "value": "T1D7937DC5F283D4F5E88704B1217AEB335B33F0B51019FA53D7699A32ECA1911EA16B9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663473, "uuid": "31786633-76c2-4d11-bb12-86351ca79d93", "value": "1536:B52b8q0AMNQhsp71DfHz3DFG5csMbekqVGpIznkJSstkxmkBfp:B52oVbNU8D/z3xG+mkJpWkA5mkB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698663473, "uuid": "39c5f5b3-95f0-4f36-9d50-edef1e852d83", "value": 89576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698663473, "uuid": "0d9e56f7-3b9d-4b31-95c2-98e585358c28", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698663473, "uuid": "535b4b3d-69ff-434c-b1f9-d6454e2508e2", "value": "cundi.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44c01549-776a-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698700879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700879, "uuid": "2da14a87-6c9c-4438-9a4c-f0ec22c4e54b", "comment": "Malware payload", "value": "8dea867b72374fad43cc301d9af5a24b", "object_relation": "md5", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "UZB", "colour": "#97D3F6", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700879, "uuid": "17e8c782-3e29-4d35-ad61-943625270fd5", "comment": "Malware payload", "value": "ddac61f918ed87b49ef15d05873e7f52b919758aef713145f6a7d538c714fa2e", "object_relation": "sha256", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "UZB", "colour": "#97D3F6", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700879, "uuid": "4fde09e8-eee2-46a2-b166-e3951be6f300", "comment": "Malware payload", "value": "15f433e7c5618551b3488bdd347042277ca22f44", "object_relation": "sha1", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "UZB", "colour": "#97D3F6", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698700879, "uuid": "18fb5bca-72d9-4bd4-add8-8eb3784d48fc", "comment": "Malware payload", "value": "f0e68b555f35caae6f749fc432e57f8c8ec72230ab95c520c96033685fd41840b669d2e53516c34e51fbdcd6e055803a", "object_relation": "sha3-384", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "UZB", "colour": "#97D3F6", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698700879, "uuid": "a6a825c6-34bb-43cf-a450-64bcc00bf1a7", "value": "T14214E571FC836869479EC73B3706919EDF67C4C769098C39FE809EA4649C643A684EF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698700879, "uuid": "612c0cce-67f1-473c-b4bc-0e776c9a3ee1", "value": "6144:nRQbdY5+NTrmwMtGQJh5PAW7LebJcDgym8/kU0:nKZVTiwMtHh5P1Lo4kB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698700879, "uuid": "27ca3e6f-7e56-42d2-be8a-01e7d707a769", "value": 204131, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698700879, "uuid": "bab5bfed-ef44-4a24-a81b-6402d0e31c1c", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698700879, "uuid": "0811d81e-b2c7-4c9d-b961-059558189dbc", "value": "Investment project details.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18e44738-7758-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698693075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693075, "uuid": "cb31769f-7ed3-46b3-b387-c1cb94b5af1e", "comment": "Malware payload", "value": "3e3dbe923ff716a40985ea8516c1500f", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693075, "uuid": "85e7c089-5c1c-46ef-a5d2-18ea3e97a2b7", "comment": "Malware payload", "value": "df8727d8a77d64c6642306b4f692889549ee5ac45746717be89a248511f5cb08", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693075, "uuid": "c1c48b74-a39b-4487-97e7-1ffc6b7f8627", "comment": "Malware payload", "value": "4c288a916488fe2c0f6ff1d56146a609cdea529b", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693075, "uuid": "ca115a2f-ea75-4d12-af7c-09bde560d287", "comment": "Malware payload", "value": "1d558c98ae63e90e4dfc976be4ec5f332c286b371349afa5cd1282dfd0c6f95d2abb686fa1666e6916f9d151bead879b", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693075, "uuid": "758d9e18-1204-4e04-96ea-7d8ff09827b9", "value": "T14CC32905E8918767C2E2177AB79A425D33332B6893CB33255938AFB41BC1B9D1E79131", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693075, "uuid": "648b6eb1-dca0-42b5-94fb-3a92b6b9b50d", "value": "3072:KdB2qwap6KVXPi4jv8x+6MDkmDhZmTQOIsXAqE:aRwap6Kt6+6MDHZmTQOICAqE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698693075, "uuid": "01ab9b2d-10eb-4979-8af0-01b3c0e9d6e0", "value": 127529, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698693075, "uuid": "52e1aba6-634e-4e15-98ac-98d92d18e6be", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693075, "uuid": "9bed0469-8c8e-426c-9878-ebaf1f74a57a", "value": "a-r.m-6.ISIS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0695a7d0-76c6-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698630338, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630338, "uuid": "6c788c22-162e-4280-913e-e179ecb103aa", "comment": "Malware payload", "value": "a236ee932d2398b94ebe3d20c8c0c44c", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630338, "uuid": "86b9ac1f-8074-4e65-b29d-97e77eef3ab9", "comment": "Malware payload", "value": "e06d4ef24160ab32665fc1ee0a639763cd4700fc923c9189b119773a5c17211f", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630338, "uuid": "af60f0f4-e36e-4696-8a5d-6afbf70a66c6", "comment": "Malware payload", "value": "e680015f2f3c3fc8bb14261fde3e93ab3dfcf781", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698630338, "uuid": "92292981-d0b6-4939-bf6b-ecc481f825ed", "comment": "Malware payload", "value": "1452d8d125f712db237eedea9217c001e0350f89aee8e78fdd5566321c301b873f71c5a47360aad5465c4d90517449a5", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630338, "uuid": "ededcc2c-92c9-40d6-b267-2142d195443c", "value": "T19B978CC48A8F87D6D9381A7A041D0C864EA52D7AA2374B93B35CBFC057B93F259C790D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630338, "uuid": "94ef0090-239f-4a94-abd2-d656fe8e9042", "value": "786432:8C7aoNPjn5GN7WItX6rHFVcWCe8THeg8KHXniJ8Ly2cKj0wfOeFv:LlP1GN6KKlnX8T+tabLy2cKj0wHV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698630338, "uuid": "80c36eda-c3f1-4e97-b762-ea02495a6f65", "value": 40898204, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698630338, "uuid": "fead7861-b5d9-465c-983f-9d7dd81bcdf8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698630338, "uuid": "46d29410-3082-418e-b227-789754a79d30", "value": "ir3hk9jgyh66nqcd_android.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c085333-7760-11ee-8907-42010a9c0042", "comment": "Malware payload (STRRAT)", "timestamp": 1698696623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696623, "uuid": "3c018d38-e65c-40d6-9289-5301ecfb68c9", "comment": "Malware payload (STRRAT)", "value": "87c8f9664c3b71f0b26556c27ca32e80", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696623, "uuid": "742de707-b1c6-4805-a06e-f37a5e2f14ba", "comment": "Malware payload (STRRAT)", "value": "e2580cc0724e38ed889f6ac5ad4723c0d64a232090642ced085ddff3b2463fa0", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696623, "uuid": "e0aa02c7-8779-4659-b6ed-325e6d975ae0", "comment": "Malware payload (STRRAT)", "value": "b1c6af2eb43dbbfc1b7b3ce8a96e6c084e206d02", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696623, "uuid": "6ac58c69-a7e9-4c2e-9b69-83cf7db5b557", "comment": "Malware payload (STRRAT)", "value": "b44252ae6d7fa8fa676734d174a7927d3d653a5bf4a0f8e37b926b5e545f6fcdd176eaabdc4af95c8aa27b000407021d", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696623, "uuid": "f5247c01-fcf3-4104-be67-ca955b6c13c5", "value": "T12F24013FAEBB82F1E88BDA35510C8476BA1D458DC50AD66F29FC108D0CB585D0E8798F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696623, "uuid": "228669ad-2109-401c-8197-2c46c32e9d86", "value": "6144:DVa3mHk5xN2K2W3c/yQwP801EdXMQ0eJReSTzBsBfW:DVkhc/RwdC0wFtsBW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698696623, "uuid": "93600577-a68f-46ca-8bbb-ecbb1db24cd3", "value": 224803, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698696623, "uuid": "eb4b65b9-54b5-4ce0-9a51-3773ddebe207", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696623, "uuid": "3068df92-008d-469b-8f00-c8b78dd24740", "value": "TransferenciabbvafatturaenviadosExwork0093004.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a692f53-771d-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698667871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667871, "uuid": "d5233ce5-ba58-4430-8261-a2c6eeb0cb23", "comment": "Malware payload (Mirai)", "value": "e8e55f33de15faf5d82c0f3aca72dd9e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667871, "uuid": "e142cc6f-b3f2-4a2f-aabe-918ad3f41b33", "comment": "Malware payload (Mirai)", "value": "e35f16e0d9dc90cb84fe1e9f45ce4ecb7479f3c5d66915f4b23e04abe06fcfc5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667871, "uuid": "6d1034fe-a9ef-453b-bffe-233615cea491", "comment": "Malware payload (Mirai)", "value": "68416c3669cd084a3d61a9ed4bdf718ae44ff612", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667871, "uuid": "58935a17-ed92-4ff1-a7b2-dc3dbfb39946", "comment": "Malware payload (Mirai)", "value": "3f942bbdf348b77ac2cf58afcc5c536d11b442d962bcc9d42cdebfca134e5d53701618bba87b0bfabddc4424639addd5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667871, "uuid": "e6e7320c-f030-496f-81f1-9a507fa4217c", "value": "T10BB35A73C8296FA8C159D1B4B0B49F792F63A58182872FBE54A6C3764083DCDF505BB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667871, "uuid": "0553f0dd-c203-43e0-9f4a-ab785724cf89", "value": "1536:GaGTHW/qIAm659MHFGEWCR0KNKlnL7lvyinz4tWkEvxRcLwi36:GtWLQ9MlDWM7NOVvyusWzvxfi36", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698667871, "uuid": "fd6cbd70-7413-4861-b4b3-61e29d9a2a19", "value": 117568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698667871, "uuid": "f8e3951e-1d07-4db3-889f-3c273ec20d21", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667871, "uuid": "55fa50d1-e69e-4ed2-b571-45cba8b5ec49", "value": "e8e55f33de15faf5d82c0f3aca72dd9e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c95c6ca-76d7-11ee-8907-42010a9c0042", "comment": "Malware payload (CoinMiner)", "timestamp": 1698637837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637837, "uuid": "f0790d32-f7bd-42c9-b12d-a392f291ca7e", "comment": "Malware payload (CoinMiner)", "value": "ba7759931a7e95a2f0d65778eaf0e699", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637837, "uuid": "531becc2-cf70-423c-b6d5-d73fb5d1a575", "comment": "Malware payload (CoinMiner)", "value": "e380b0d418c625aa7113b56ed438fa707ee2504d10d4a836560b5948805dc9b9", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637837, "uuid": "ae48b12f-6a95-4e6f-819d-dd9735397051", "comment": "Malware payload (CoinMiner)", "value": "a821e70c51a6809d1329ca53b83ce865c882ed08", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637837, "uuid": "527c15e0-11ac-4cbb-b3ee-827e8a5d4ea2", "comment": "Malware payload (CoinMiner)", "value": "f9ea6733735ec7d54d77e739528955fc4d220b5d960fc67ce7f3bd26d38d541fddb5c4ca7d57d3fe2c17a5d94cacc59e", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637837, "uuid": "87f11d2a-4ed7-4efb-8b31-4a13f2b9f0aa", "value": "T1AB062960D35195E5C297C070CD964FF8A5E2743B82364B0F1A84DD272DFAF60AFAD262", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637837, "uuid": "ea67efa2-c5a8-4764-8a90-58765400ad88", "value": "87d0737459c3ebc7de35794db4768b2f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637837, "uuid": "e996566b-07cc-4409-ba1e-08f306468957", "value": "49152:RpOoRzMYq8/zJghZuysrABDFQrNfDS7TAoLUsfQYc/169nSJTl0pox+v4LOzu6Ld:awO/EJMlwA7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698637837, "uuid": "9bccdee6-86d4-43e2-991e-3ef90cb20444", "value": 3815648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698637837, "uuid": "50a9482e-1f50-4d96-9b26-6ddb25471083", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637837, "uuid": "b38efc2d-ed1b-442e-aa49-c40a361ea6a6", "value": "SecuriteInfo.com.Win64.PWSX-gen.28763.10783", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3dff24a3-76f4-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698650187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650187, "uuid": "3d6585f5-147b-49cd-96cc-a3dcbd0c6786", "comment": "Malware payload (RedLineStealer)", "value": "463d1200107d98891f04dbbeece19716", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650187, "uuid": "5575e25f-6c8a-4320-8ad9-1ea6dd51df90", "comment": "Malware payload (RedLineStealer)", "value": "e38d2e806efa284c129eca4aff2e81c6cc43f969c5603c2d48efda1a333746e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650187, "uuid": "46e8358a-5497-4142-a1e0-52360190587a", "comment": "Malware payload (RedLineStealer)", "value": "03a4071c18909714676b4c85e2b960782a0e7d29", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650187, "uuid": "24a5b0e1-04ef-4fdc-b2b6-824c8b572e88", "comment": "Malware payload (RedLineStealer)", "value": "0918cdbd1bce3103a6a506ff936b2964ba12bda53a910039cfbd163c2684a14ca8a6856fd4a89615b0d03ea742d98266", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650187, "uuid": "dc5b1a34-837a-4fac-8090-5f86edf93a9b", "value": "T1FCA35D3067AC9F19EAFD1B74B4B2012043F0E48A9091FB4B4DC154E61FA7B866957EF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650187, "uuid": "3e00576d-032d-4599-b579-d3c2b56a9e42", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650187, "uuid": "8dbc5646-471e-49f4-82d0-900676e67ffb", "value": "1536:9qswXqrzWBlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2PHtmulgS6pY:regzWHY3+zi0ZbYe1g0ujyzdOQY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698650187, "uuid": "21e98379-be82-459e-9de3-8634c6ae6820", "value": 97792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698650187, "uuid": "0a01e307-94cf-4930-91ee-5551c3de0ac2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650187, "uuid": "7692b821-150f-42a7-a32b-1f927dc4dc5e", "value": "463d1200107d98891f04dbbeece19716.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d162547-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698645112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645112, "uuid": "2682ad4f-76a6-43ae-a338-b890627ce8bb", "comment": "Malware payload (AgentTesla)", "value": "f888a337915052164f94202787c501d7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645112, "uuid": "e35348b9-aee1-461c-8dc1-5e570d092c7e", "comment": "Malware payload (AgentTesla)", "value": "e3c628afe7d88b77e6aca9f99ad0739fe6a7c94f331d53f52ea1f627221700d0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645112, "uuid": "bc601923-ca42-4fe6-b8bd-2a1226ed5c87", "comment": "Malware payload (AgentTesla)", "value": "3dbebdf06b3c7566923b570b7893a27c7b812b84", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645112, "uuid": "689dc28b-8f29-496c-b644-9ddd093a4a40", "comment": "Malware payload (AgentTesla)", "value": "ca0d064d958d2eb743a48a7472b6868db51459dc23323007f46aa148ab1fc2775dcd1e474aef92092d97bf430079b1f0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645112, "uuid": "bdb7fd31-05e3-4fde-bac0-bdea546fa376", "value": "T1BC155A3C48BD1637C5B4EFE59B998426B2E0A56B3255AD3859E318DA0203B06FDC353F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645112, "uuid": "33c9088d-9359-44b9-aae7-aa87784da65c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645112, "uuid": "4d9bbc5c-76ac-4269-9996-bd2e7c431322", "value": "12288:kzBbaB/tGY2/iNkFzRGLsHPflWWG+dpl7UDnVtAYdf9kYWOwYCpA+v8FbAV5Jv:kQdQa6zRQwP5dpyDnVtTx6YV4shA3Jv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645112, "uuid": "38e1cd68-3013-4fee-9252-8a15bac0bd58", "value": 919552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645112, "uuid": "b88dcbea-b1c1-400c-a7a6-0b9bd285df1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645112, "uuid": "dfde9856-70d2-44d6-8622-0c631af6286a", "value": "f888a337915052164f94202787c501d7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cc7c892-76e4-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698643233, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698643233, "uuid": "987dd51c-163e-4731-b4fd-8f4e37f9ad07", "comment": "Malware payload (RedLineStealer)", "value": "3ebd936d9e9a4e9a742e8c8fd2a4bcb0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698643233, "uuid": "2a98abae-f9c7-4433-819f-0bff293ccdf5", "comment": "Malware payload (RedLineStealer)", "value": "e5c15f720ea19a647aa51395cf404882038e8b282c2214e25effd6ce279f889c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698643233, "uuid": "cea5efcd-75a8-4722-aa6c-b1763cd3ef15", "comment": "Malware payload (RedLineStealer)", "value": "a759f65c37cb8909df64b5b6581187cc78da39ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698643233, "uuid": "d76fb7be-8611-4114-9046-00fa77fa36c7", "comment": "Malware payload (RedLineStealer)", "value": "e36638af1f623e4a06222b74c7204b73b8b03508463f4e7bf04dfed7327e0cfdc6fae347ac1275907dc5c41d9ae8eb64", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698643233, "uuid": "54dc9628-3a77-47b4-b074-2ba7502f6b80", "value": "T1F07523656BE4407AC66B277428F763D74B397C978E2D432E33D224DA5C722C0A23536B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698643233, "uuid": "44e06b28-1848-47b2-80aa-4b193921ea06", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698643233, "uuid": "ad976f42-0525-4440-8474-fddba5e9efe6", "value": "49152:GYtOWj82P9uE77RblXpOymjelhi2WEqDO:DMa82PLPRblXpO4EEmO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698643233, "uuid": "52f9d5c2-91e6-4402-9216-b4c5b96a1043", "value": 1611264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698643233, "uuid": "d2b2836e-47a6-4c12-917c-4137e22fb393", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698643233, "uuid": "abc35bbd-56b6-4042-93f5-57b262d1f3d1", "value": "3ebd936d9e9a4e9a742e8c8fd2a4bcb0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cff2365-76f0-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698648602, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648602, "uuid": "8ee289cf-9478-48c4-87ea-190a2c58326f", "comment": "Malware payload (Formbook)", "value": "8ffdd7c6fa423f11f2609bab82e66f44", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648602, "uuid": "58f03a5d-d590-4bd8-8489-cb4ede80c9b0", "comment": "Malware payload (Formbook)", "value": "e5d7a9b5347d9c624a68faad5129bbf34be4de53e91375cb4f74b97bc2175257", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648602, "uuid": "15ec9db5-3769-4b7c-800a-6a94ace17dd1", "comment": "Malware payload (Formbook)", "value": "83c732794fc061fe19760e27566b8d26f97f42e0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648602, "uuid": "af52d862-6323-4674-94bf-4b433f96b2d4", "comment": "Malware payload (Formbook)", "value": "7569c38d90344e9b2cbd76c786b7a56c9e726bee8fef22636f01313ef7097a9ba093a4c14f7bd1ddf424a8ba1ac8b729", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648602, "uuid": "86e2aade-c069-476c-8bea-5c773a58d93c", "value": "T1E7155A3C48BD1637C1B4EFE59B998416B2E0A56F3255AD3899E318D60212B06FDC393F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648602, "uuid": "638d853d-7a77-4683-a291-6e291ffa44ee", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648602, "uuid": "527ee81a-a4c6-4bd8-bcbc-dd5a37d72200", "value": "12288:YzudAOejUmKvlC7zboTlsib8k6+zgw4GufeKBu+ICiOlrdh7O:Y5OejUbNuulsyb60gwYGCu+xRlrX7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698648602, "uuid": "6ba14c69-f644-41a5-a070-587982ff8460", "value": 927232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698648602, "uuid": "0aab2cdd-e1d1-4722-a6c6-7c557192b43c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648602, "uuid": "5a827d9c-70e0-4417-bb99-e3842db19a41", "value": "30102023_678096234678909750.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b95754b-772c-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698674208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674208, "uuid": "20b96834-7397-4f78-be10-7d0d8a06445b", "comment": "Malware payload (AgentTesla)", "value": "65a760691928794290590b018c9087ec", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674208, "uuid": "ba8829c6-f95a-48d2-9b63-c5ede0c1316e", "comment": "Malware payload (AgentTesla)", "value": "e7282aa9efa4084acf88cfbec2f58c89f3df216e22692d472cdd758647cb266e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674208, "uuid": "63d5d81f-f71e-411b-a4e3-708f62067728", "comment": "Malware payload (AgentTesla)", "value": "e3769249892f1943044425cab6239b65882ba73f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674208, "uuid": "83b498d8-9fd6-471a-96c5-237c119a2967", "comment": "Malware payload (AgentTesla)", "value": "4223486f485a4280996af46cb97fd8a6b00125ef34e2083190da4ef45d6e4a8021a1aed29754803852129f9c6c176770", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674208, "uuid": "d66c7d6c-4020-4c6c-8a37-4501db3e1dad", "value": "T175D4234037B65B02C97C5FF21B9AA41062BB657606B1DB2D1D4E72CB45E3F8811F0BAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674208, "uuid": "74d93a20-e085-499a-826e-910122f5a885", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674208, "uuid": "db0667b4-e711-4257-8139-d0ec73a39215", "value": "12288:u8y69yqLq6m6C7XRgFow4vCz8FvJOrL7bBFyYYryCKa:m6XxzeDw4vC6RMJja", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674208, "uuid": "5b904109-e5bd-4a37-be2e-87e702c928f0", "value": 633344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674208, "uuid": "fd47b71a-b6f2-4c02-b4ed-7894f05ad206", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674208, "uuid": "3b8df06c-7520-4d46-8af2-0b7525ba9986", "value": "LXPXInc..exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15799f2b-776d-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698702089, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698702089, "uuid": "813521e9-03e0-44c6-b64b-ae170c4cc6d7", "comment": "Malware payload", "value": "9f7ba4c28fcbe218702d8e99105e0e61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698702089, "uuid": "62b4ce74-41ee-427f-8268-1b5fa6aa07aa", "comment": "Malware payload", "value": "e77a7fc61ca7a804cebaa6fbcdc0ebeaa2005b6d0c76691e02ba1cc9fc038175", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698702089, "uuid": "503a7f0f-6a63-4506-90c6-05a5f689e1d7", "comment": "Malware payload", "value": "223e04253eaa9014c2ae9b53f88d64624834cb5c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698702089, "uuid": "0f1bea33-b036-4448-a25d-a8337601ca7b", "comment": "Malware payload", "value": "ab04f026ce35c2af159f8a5e003a31700a2c7803f54246b3ea2e4c69f5a0141676b5cf3e9c08d91d424c4143fb80921c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698702089, "uuid": "b4c8e7e9-1396-44cb-931c-5a3b35be556e", "value": "T13A16337651AA3DE7C896F3F92F53640723A0AC31958A86A9F13F47F88D6731C87A3144", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698702089, "uuid": "c0ff7d1d-04a1-4d10-b6a1-811eb6f4f03b", "value": "8d2803775af2b344d65712330e01834f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698702089, "uuid": "1f99976c-b567-4ab8-b9d5-fe4759885323", "value": "98304:oNN+HqR94dbLbpF2zU/lmDQpM08TvFEOpcvOt2pUoC/o2DU2Frx:JQ94dbLbKukDQpM08TvFpc2tw2lxx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698702089, "uuid": "4c29b9db-7e26-4def-9f9b-d5e482cf22cf", "value": 4380688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698702089, "uuid": "6f1e1915-4f77-426c-ab51-b36e0ef523aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698702089, "uuid": "444032cd-44ef-46c4-a005-9f74e5160345", "value": "SecuriteInfo.com.Win64.RATX-gen.28012.11163", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34b79eb9-773c-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698681096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698681096, "uuid": "36ae0758-c468-4f95-a960-1e8f52f28ad4", "comment": "Malware payload (RedLineStealer)", "value": "3feabdbc736736bc35e8746e9149444c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698681096, "uuid": "f33fbbe1-fb23-42e9-8777-4e61249ba846", "comment": "Malware payload (RedLineStealer)", "value": "e8c42701da92bb0174aaec5a3236695bc6c4c800389dc0800871d9b7177d2bdd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698681096, "uuid": "fbde91f9-d9e6-4daa-94b8-e9c2b44b4eb9", "comment": "Malware payload (RedLineStealer)", "value": "404846b104e6aefc99e7086ea1a6668bb02dfcdf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698681096, "uuid": "6e49ac5b-4600-40c1-a2b7-eddfee60ea29", "comment": "Malware payload (RedLineStealer)", "value": "30413c3751683f8538dd5e6d6c65d6c48c791ab8aaffcb61ff0f1ca14cdb9a6d669e227272b45c8dd9a0cb7bb087cf84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698681096, "uuid": "a2fa83cd-305e-466a-847b-645c358c8db6", "value": "T1DDF42343A7E685B1D9B223B06DFB02830A39BC559D7C83372305AE5E0D732A5A436737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698681096, "uuid": "42bc9c45-3ef1-4586-9693-74c6d28f3601", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698681096, "uuid": "6470c5fa-6b93-40c2-95a9-c1c5d6eb7eda", "value": "12288:eMr4y90dUNJXv196FZqTUaZQsjjC7TTjBV0rFs62P7Cx8KQgnnHzPehU1KNh6V+w:eyFTfLQqTzZQsUzBKrBjWKBnyWKX6oJu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698681096, "uuid": "b678c6a3-061b-4b7e-b63c-d00d090978a2", "value": 777216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698681096, "uuid": "7f6d9457-9689-40e2-8851-df90489829da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698681096, "uuid": "50eeb2ed-d542-4f53-8c66-cfe38c84b29d", "value": "wextract.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9eadf3f-775f-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698696351, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696351, "uuid": "ae09f6ba-4cf7-4929-ba80-5d81a361e7d2", "comment": "Malware payload (Mirai)", "value": "c31b272c7b9754e8d4b2dbf783538908", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696351, "uuid": "0af938bd-7eae-4eff-ba78-3efe4f452f4d", "comment": "Malware payload (Mirai)", "value": "e956a15aee126b595a03913c3f4c247b2c9f530ee030171279ed9a50d66d0b4f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696351, "uuid": "e78a0cbd-061a-48cb-837a-bd4e5f1e5602", "comment": "Malware payload (Mirai)", "value": "6b987a3f6d96e483e98f0327369fff7830898ce3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698696351, "uuid": "351560d7-5b00-41a4-8825-7c1f15193649", "comment": "Malware payload (Mirai)", "value": "c30f61668b33ddcab4e954c911fcca663f66e74730a93fdb9fc7984daadfc713fa39a52a250a8675ac6e91ef4f77c0cd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696351, "uuid": "cca7a516-5d73-4c78-8b13-aeb51a7aa36d", "value": "T137C2E0A1E1F62DC9FB3A6E541FA5C2C16BB04E9EA777CCD22558AF0804A311747096CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696351, "uuid": "d68fa1a5-9cb7-4a09-92b5-3921cc171929", "value": "768:yG959yM0HWubJsWDYcGUU4uVcqgw09S0K:4M0HRJswYcGUU4u+qgw09S0K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698696351, "uuid": "2a63dcdf-b37c-49aa-9a37-02ca0d6b11f6", "value": 26232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698696351, "uuid": "90333b0b-c8df-489e-a3ee-50c1dd0480a2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698696351, "uuid": "1fdd5375-8522-4fc1-b060-d53664952425", "value": "c31b272c7b9754e8d4b2dbf783538908", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7ac4120-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698645211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645211, "uuid": "a1df5d01-247a-420f-b059-623ce1fb51ce", "comment": "Malware payload (AgentTesla)", "value": "b716158774ff8ac3923ac9e8c8091bc9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645211, "uuid": "0263e489-702f-494f-95fe-f7b0a1ecae2c", "comment": "Malware payload (AgentTesla)", "value": "ea15a2963250dd58276e2c90c19a18186c0dd069475cb850c470c2e260291da7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645211, "uuid": "e3bd37e5-62be-43b6-aaa8-62e4bd90a732", "comment": "Malware payload (AgentTesla)", "value": "15c566f98387e9b5c6b181fb9e4da397a2dcc87c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645211, "uuid": "a46d5078-0546-4192-8c90-8d8fe460a3b5", "comment": "Malware payload (AgentTesla)", "value": "2dc959b734679506e1070755ba5f3838ceb2a2ccb34ef50ceb0cdec01ff42123d03a8219c7f56119de71f0cf85d438a7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645211, "uuid": "7422a67a-c4de-4aeb-9eb2-a407f7b304fd", "value": "T153154A3C48BD1637C5B0EFE19B998426B3E0A56B3265AD3859E318D64212B06FDC353F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645211, "uuid": "77c7c085-0a97-401d-8285-974c056fb4a2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645211, "uuid": "ca7f35a4-233a-42c4-afac-d3b917be58be", "value": "24576:hWe+XhEDm1O69YN788/QO4dRumY4rti72:I/B1ObI8oTdYmYqtiC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645211, "uuid": "836ac38b-79c8-4529-8b73-30b9046d60d6", "value": 914432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645211, "uuid": "8e025bb6-a88c-4d17-a702-142e5cb64c48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645211, "uuid": "40b0a851-3765-4a17-a665-ff4aee53762a", "value": "SecuriteInfo.com.Win32.TrojanX-gen.288.12424", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "017e4340-772c-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1698674138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674138, "uuid": "bc0b807b-9e15-4059-8b28-55ebb27b056b", "comment": "Malware payload (LummaStealer)", "value": "a6808209a32a480bd3e4af79dd8ae76b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674138, "uuid": "23316bf6-a05e-4cf5-875a-beb3b5902cd1", "comment": "Malware payload (LummaStealer)", "value": "eba7c64e693a1092dfc9dce17576a7a638c1858dcf69d14534a2f462bce03b23", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674138, "uuid": "d500acae-68da-4287-87ae-12a06afceffe", "comment": "Malware payload (LummaStealer)", "value": "a4ec3b38348290f9ed3491eb0c7deb5736056d6d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674138, "uuid": "cdfb7e91-ab49-4f46-a884-ffd4439b624c", "comment": "Malware payload (LummaStealer)", "value": "4b8cf239152c9894aec7cb082a26fda935c1810eb8d2fc897367225b9575e84dec47b7b13d19719277605f1d230eb3ef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674138, "uuid": "b89aa86c-42e2-4c9a-b3d0-e7240223a6dd", "value": "T12F57CF92B3868072F5A241B6517ADB3B8734B935071581C7F3DC3E695F30AD22A3B74A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674138, "uuid": "a632c6b5-1aca-4f44-ae86-37e2c717c266", "value": "0de22beb7d273dd9309db5681165b004", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674138, "uuid": "ee0ad981-025c-4c49-aaa5-4c9b7f96c840", "value": "393216:WhbSCAHRQptPol4ApKQU8WkyaxgJsv6tWKFdu9C+RSggL/t3ofR6GdtnFnOsMZ:NCAxQptPH3fD392/Osm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674138, "uuid": "1cbdd342-46f2-4673-b1de-c3464ab56985", "value": 27374000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674138, "uuid": "15ab2595-3732-4cf9-90fc-303ce13c143b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674138, "uuid": "46533b5e-9510-458b-9fb4-eb9c59392a77", "value": "a6808209a32a480bd3e4af79dd8ae76b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b303b05d-7707-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698658544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698658544, "uuid": "ba1557fe-3ee0-44f5-ae52-f99fcac17049", "comment": "Malware payload (Stealc)", "value": "ff66fd30040f5d427d605fb961d587a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698658544, "uuid": "fad84c58-e5e9-471b-97b0-2e18a0028787", "comment": "Malware payload (Stealc)", "value": "ebd6b6766337c3cae9dc54c0203211ff65678215772b01c6fa78b37de3ad32e7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698658544, "uuid": "88a9d1de-6d3b-40e6-93b0-9da2d502f40b", "comment": "Malware payload (Stealc)", "value": "e066646c79f2385b01d227250bf43fa70834b475", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698658544, "uuid": "7187ba5f-a068-4396-965c-0c92ad207819", "comment": "Malware payload (Stealc)", "value": "b91faa0457d209f518e37dfaac49b48826c94ac8cce15e5cca92b8d5d24c47f46d0be9e1c221ab9b0d63bc486945c394", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698658544, "uuid": "40a000fe-96db-4421-97b9-f9058657ee8a", "value": "T11AC49E51E2C14D3AC0772A3E5D1BE2AD58247E1226A8D84AAFD47FCC1F3528137F4A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698658544, "uuid": "014132f5-b1fb-46df-82ec-e58bd1977c51", "value": "298cb3d37775391ff8b8cc74cba1548f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698658544, "uuid": "e26ac32d-a83e-4732-988b-9f6363d98947", "value": "12288:MS4vdwKTNWuuRYqrggHp/bLf7da3BIlXSY4j+6qj9:aF7M0UJf7gxIlqjyj9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698658544, "uuid": "649a0fb9-fbf1-4cf5-b7b0-466b1675ba81", "value": 589176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698658544, "uuid": "1bcc20c6-c45b-4645-81b1-69fd64d6c854", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698658544, "uuid": "6837d1ed-418d-4b67-b9cb-661c96306627", "value": "ff66fd30040f5d427d605fb961d587a8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7648975c-7738-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698679488, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679488, "uuid": "cafb950d-e18b-46a4-b4b1-cd48475f7b9e", "comment": "Malware payload (AgentTesla)", "value": "ba941d9de33e7fc41082afb436045510", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679488, "uuid": "91a8f286-e078-4358-88da-1da19111a93f", "comment": "Malware payload (AgentTesla)", "value": "ecb8c82a84bfc4eee6d640f6c562cfd95f65184ab210e4e717f8aff8d0b8a1be", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679488, "uuid": "0aee14c4-dc82-441d-bb26-8b37bc8c4ea1", "comment": "Malware payload (AgentTesla)", "value": "00d5d98ea79881191ae1ee4379352bd140d26896", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698679488, "uuid": "cca6b19b-65d6-4398-ae6f-e1212425765d", "comment": "Malware payload (AgentTesla)", "value": "911fd90541c144b05f1c683797a3fa2f4a738ea5aa892ef705dd6b70e2b1d46e97c775615b044217905351112fb63145", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679488, "uuid": "dc9479bb-17a8-4c87-b3e9-69e5c14a7e97", "value": "T1EFD42245BB945B9DCBB99BF19BC2414013F246565671EB0C2FC832CE0AF3B982629F53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679488, "uuid": "c1820031-370b-448b-b56e-a2332b424e07", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679488, "uuid": "3c0461f3-35a5-48ad-bbca-7aaa8fe95e30", "value": "12288:w8A69yqLMsR48CUgdgqchdjGsuMsnuSSYMRw0bRvXnWrYC3o:q6X4y48EWzUbMguV/w0lFC3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698679488, "uuid": "ffd4a08d-c38b-4de0-b94e-aec64b079ecb", "value": 634368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698679488, "uuid": "2e386895-fa8d-4162-8408-54f9fd755897", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698679488, "uuid": "0ff62f1b-5b01-4f07-b3ae-7b450d438f0e", "value": "SHIPPING DOCUMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da8f3e97-7720-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698669348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669348, "uuid": "0982cf30-d2ef-443a-9d01-7700ca62390a", "comment": "Malware payload (RedLineStealer)", "value": "8bccd16ec98ed17fd80863cf383abb0d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669348, "uuid": "948d08f3-32a2-413f-ac1c-7865519cc6bb", "comment": "Malware payload (RedLineStealer)", "value": "ed06e6acd03acdebecaad472dd46d80938729be60005f4e54e6cb5834e278f3f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669348, "uuid": "36bd63ed-c0c2-4e0d-aa85-7bb36ad97236", "comment": "Malware payload (RedLineStealer)", "value": "b37bfdd0e29df1a5c16b46f394f0452e6a412270", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669348, "uuid": "9970a8de-a788-44e3-94d3-4299c9e04d74", "comment": "Malware payload (RedLineStealer)", "value": "f9283507b9493382195443b7dcc744c5994b51bdc9d906f3a04a935f28f89f7eb538a1908ca0444ef12f63e6254c07fb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669348, "uuid": "d6a93eb5-8f6b-4433-aed1-94f4dac6a3da", "value": "T1A6552352F3E94532DCB433B015F606971E327EE10A70D35F6A85AE9E0DB26D8643632B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669348, "uuid": "a1060513-42de-488a-aaf7-344c55799e43", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669348, "uuid": "cc9669a9-e57e-4c88-aaf5-33af70d380dd", "value": "24576:lyEkqtDlR6X2Vx6meoEYSJiYcrczkKzFwGC+9E+o+qCMUAnss:AE/JRa2Vxreo/S4YwK6+90+qC3Ans", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698669348, "uuid": "02847aff-0fd5-4a99-9817-1749f19b0d1f", "value": 1376768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698669348, "uuid": "a9b124bf-7a99-43ea-97a0-6b992e4578b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669348, "uuid": "a0aef5a0-6ccf-48ae-af9c-b9bb481707b6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9ebc018-7741-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698683547, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683547, "uuid": "8b7b97f7-7fd0-40c5-9bb3-e2045a14bdcc", "comment": "Malware payload (AgentTesla)", "value": "3c9883cd5bdab4f26d00412ab673c3e8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683547, "uuid": "6b22ae1d-4507-4969-aa1b-742fc77616dc", "comment": "Malware payload (AgentTesla)", "value": "ee2cd4c4e84a33e7ffc4580229719e10f89a1be406aaacdedcba45b552a56f78", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683547, "uuid": "7b8639ce-f6ec-42e4-a102-3f690e7a8424", "comment": "Malware payload (AgentTesla)", "value": "6124e94479dbbc9f067f6fe478b761084a315dd9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698683547, "uuid": "ab13e6e8-0c73-4403-b283-772c71ab87b2", "comment": "Malware payload (AgentTesla)", "value": "10eaea3f417900e436d2a4879cd639993b0f6c04233973cc15c3acb4e012b786df8ca85539e32890e5c68cf9a63f58b9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683547, "uuid": "31a5cdc9-fac3-4a1a-aa69-0db0b45a2393", "value": "T15505CE85E98415A1DE28AB709A36CD3452337DBEA874E65C28DE3E2B3BFB7D31011453", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683547, "uuid": "fe72bcb0-47a7-4291-a046-b2ae07b39fb9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683547, "uuid": "b37967f6-a48a-4767-86ae-d4c862403eb7", "value": "24576:M6XKuIm7Lm84A9sDdwMCAkixbCM0Cs1q:1XKuQ3T/3GMHl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698683547, "uuid": "e1fcbd78-1468-441b-bbc5-e81c272a86ab", "value": 845312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698683547, "uuid": "2835d1c3-0270-4328-a90d-516f44715bcd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698683547, "uuid": "e50a371a-5928-45d3-bd14-6e631ece51a2", "value": "REMITTANCE-VOLVOCARS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2a1565d-7710-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698662436, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662436, "uuid": "02eb8c97-3bcd-44d8-9e90-7bbf8fbe5179", "comment": "Malware payload (RedLineStealer)", "value": "03f47c71e5584327e4cdab39031034aa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662436, "uuid": "f660fea3-32bb-4fb8-a91c-3afbdb4a19a8", "comment": "Malware payload (RedLineStealer)", "value": "f0d582941e207d96f85d60274d7a0ec634093dba3d0b22dd7d34ff313ac7a140", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662436, "uuid": "123072a3-5d6e-48f6-a91d-3cceeafcef9c", "comment": "Malware payload (RedLineStealer)", "value": "3dc568d23ffd4b364a54ba85e03f6b8b9b5d0d01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698662436, "uuid": "03def42e-da72-4847-9694-6bd96c537b5a", "comment": "Malware payload (RedLineStealer)", "value": "49b3367b8ec3865a3f062a20fc6a2b04f92670eb7658aa5e4d7cc7bc18174cd163707d97f5193ebe145b83ad264309fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662436, "uuid": "ed20eeff-c381-4cbc-8641-9749c7578449", "value": "T1AED41251BBD89433ECF617B058F617930B39BCA14934876B33566D5A0DB2AC8A83533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662436, "uuid": "45322869-c816-4ddf-b5bf-b52520393809", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662436, "uuid": "fc5eb840-42c3-4496-943f-ac5110000a38", "value": "12288:bMrHy90cZf5IQjFiRUCUOaPyIFY5eF+09ADfn6IM1:wyVZhIQWU1LyIFYQKf6IM1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698662436, "uuid": "f6071345-5ecd-4363-8a6c-028ba482e786", "value": 607744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698662436, "uuid": "9217482f-0a6c-4014-901c-cd7f5457d214", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698662436, "uuid": "03d21696-2b71-4be8-a982-33290272b841", "value": "03f47c71e5584327e4cdab39031034aa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60d421ee-76e8-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698645092, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645092, "uuid": "1da22cf9-7053-4fe6-8d0c-50bac2459e9f", "comment": "Malware payload (RemcosRAT)", "value": "7b44ded7282157013ab154538a36e760", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645092, "uuid": "e8743146-ea25-4cc6-879c-9372a0f4dcbf", "comment": "Malware payload (RemcosRAT)", "value": "f1efd86756d2b913e17e6de502d9de494ffa89b503a209f4d82d204ad1d4be6b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645092, "uuid": "480d0b8b-5414-4c56-ae0d-5eff082b8303", "comment": "Malware payload (RemcosRAT)", "value": "a239dc29c3d0f77b646ed0fd90b684417a68fb16", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698645092, "uuid": "6236d043-6b34-4e75-ac56-8d3eaccfeeb0", "comment": "Malware payload (RemcosRAT)", "value": "6ecd5a68d69e695092db87fb888e829fd63c02659c9c3e5dafaa3affa54993b23be20e67576c273818c2a6ea425e8fea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645092, "uuid": "2b6d6407-0ec7-4b2f-8514-c69f20f0f1df", "value": "T11AB49E01BAD2C072D57514300D36F776EABCBD202826497BB3DA1D5BFE31190B62A6B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645092, "uuid": "c86861f3-c369-4b2c-aa7d-8afa1e87ef3f", "value": "8d5087ff5de35c3fbb9f212b47d63cad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645092, "uuid": "e1262f59-91c4-4057-8dd6-f6f6b2a34c08", "value": "6144:G/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZuAXec7c7ov:G/uPq3AfK496Gw0lwGXN3pvs/Zut8v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698645092, "uuid": "59d42830-f370-4015-a26b-6068bf72bf0c", "value": 494592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698645092, "uuid": "ccd78e57-5040-4841-a338-3dd62a6aae9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698645092, "uuid": "931736b0-2136-4c7f-8f96-d2beac2f019f", "value": "7b44ded7282157013ab154538a36e760.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a6eeb65-76d7-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1698637833, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637833, "uuid": "28d6d799-c1dc-4a81-879d-39cf21e8438f", "comment": "Malware payload (MarsStealer)", "value": "ac3e327680edd28bed1968c0247b5cb1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637833, "uuid": "1b50b397-27fe-4c55-b967-8508456e465c", "comment": "Malware payload (MarsStealer)", "value": "f1ffae3fba1359eb7e6756134268ebabe97102c3674d964469a718e258ff0130", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637833, "uuid": "f4c711cf-86f5-472a-b8b5-00d6528bace5", "comment": "Malware payload (MarsStealer)", "value": "231ec802f5d2aac524e407d19e0fd35b53b211c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698637833, "uuid": "9e9bcf4d-0521-44aa-8715-8375402af750", "comment": "Malware payload (MarsStealer)", "value": "8c34e6d420f60b5a32d316563921037073b8912d9ff07d91d88b9775183b85073224fbe9ac828c8857b0fdd90552428f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637833, "uuid": "628ab32e-3b02-447b-b798-5fc5078822ba", "value": "T15D04CF11F3A3C0B2E5B7853059B1CA602A7B7872A77585DF27A8166F0E703D19E79323", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637833, "uuid": "b06a21df-9c84-46a8-bc51-84704a7f4711", "value": "ec0e0895ba5a22ef72c28650ea778f48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637833, "uuid": "ccc27da5-52b9-4502-a342-ff602a81dc01", "value": "3072:V5XaQY7wmAWBm5s+jG+SImJDYSu4dhAHurMoXWNxNnW:baH7wRWM3C+BmJ8Su4DA9oXW1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698637833, "uuid": "7e47f45a-d3c0-4056-9c9f-6e06c561a002", "value": 182784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698637833, "uuid": "e24aecf4-7156-42fb-b0f5-ff3d47b9757f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698637833, "uuid": "b932d213-d1c4-45dd-929f-b1298aeeb8c1", "value": "SecuriteInfo.com.Win32.PWSX-gen.25545.10292", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "101fef0f-7758-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698693060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693060, "uuid": "c995b90f-d961-4b40-8932-5f1e62b0e4b5", "comment": "Malware payload", "value": "f0b81a92befe2e039bac0a2ed79a5088", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693060, "uuid": "8a8a954e-1470-4534-992c-6ef7988ea1c9", "comment": "Malware payload", "value": "f26414c49046980809378978cfce406228c3e356f1288890b20de6bca77eff11", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693060, "uuid": "f7cba9fb-aec7-45c0-8c38-5deb77ed8565", "comment": "Malware payload", "value": "2ee0ff7ffe37be787565d36cc6e1e6737c7a23ab", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698693060, "uuid": "b0865082-ee08-4186-97be-b735a350fff4", "comment": "Malware payload", "value": "bff59d6cca1894b8e146def00eef26c98bb89a598de1e3057762e2605c7a1b639d8225869ed05e1efab41e7ce8707ad3", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693060, "uuid": "b93aa228-dcb6-4527-ba89-2ffe868f7df7", "value": "T162D3C65AAB619EBBD81FCE37069A4501248DE64682D93FBFB2B0C51CE74B94F08D3D44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693060, "uuid": "60786296-8f25-4956-b738-d6a01a2d0c37", "value": "1536:o2beTpNb9DERkLMurNpZ3efJp68E1wYqGvd00PUmkVmSFxBC7vXZX:o2cNJLlrvJF1JvdlPUmkASFxBKvXZX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698693060, "uuid": "ee212b79-9bf7-4a4d-8b6c-9b05afead008", "value": 134222, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698693060, "uuid": "d3ffc9cb-f711-43c1-953c-ec96704d4b33", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698693060, "uuid": "33c6c698-0ddd-44bc-ba4d-3c28226549c3", "value": "m-p.s-l.ISIS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "745d9af7-76e5-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698643836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698643836, "uuid": "8c3d5225-762b-4a5d-8b67-0898e1ac9972", "comment": "Malware payload (RedLineStealer)", "value": "519d773e0426917a13896be1ec96c80e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698643836, "uuid": "09599b8c-063d-4ff0-a5eb-cce16d96e0d1", "comment": "Malware payload (RedLineStealer)", "value": "f2b6f29ca3d504b1a1946307442a88d96f58ab0b962aed14450ff12e48a6869d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698643836, "uuid": "2341c356-51f5-48a0-9e72-d73a3408acdf", "comment": "Malware payload (RedLineStealer)", "value": "7d154e6b029bf1f9333e7082102afebb563701a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698643836, "uuid": "ad66003e-deb1-400f-af5b-9175e0567b90", "comment": "Malware payload (RedLineStealer)", "value": "90349ca806424a520f44eaf1df0f36534d68a0e78c531ae14b2aa5697d4649f710bec1efc0c361854d9a41bc561e7f44", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698643836, "uuid": "2ae6b23a-7604-43f5-bb38-3c9d42f09662", "value": "T15675334623C469B7E4F527306CF703B317393EBA8C79065A22994DB90472AC9E634777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698643836, "uuid": "8c210512-c96c-4848-9080-0e4c961ab869", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698643836, "uuid": "db25854e-5405-4c9e-bc47-af6735090856", "value": "24576:1y8G0d0efAxEmq6NjHo3aV2k1YfZogX7g8KeDP+oNBtJhd+qhB2ALfQKO5:QSd0iyClack+fZoNReb+ckc80QK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698643836, "uuid": "a8b8864f-f031-40fb-8f32-6bc18404b985", "value": 1609728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698643836, "uuid": "b9f70059-a589-46e1-a50a-daa7d033511c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698643836, "uuid": "979350d5-ad72-4c9a-ade9-bed2bbb9ab75", "value": "519d773e0426917a13896be1ec96c80e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdeff7fb-775c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698695097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695097, "uuid": "1527aecb-d69c-496d-bb16-3068428d706d", "comment": "Malware payload (Mirai)", "value": "8c029e986a9d15c7d03b6f3c90d29281", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695097, "uuid": "b8942c58-04bf-4fc9-b9c8-d974c2c85483", "comment": "Malware payload (Mirai)", "value": "f3f8ba87fd978a9f74f3ddbc8c86fd466a8e5f7b87c573ea190eeeb4b2aa9fa1", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695097, "uuid": "100b8eaa-2be0-458c-985d-a26e90eeab07", "comment": "Malware payload (Mirai)", "value": "1d218d2dd0c026af1033f4a9e880f2abc1a899ff", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695097, "uuid": "65217d38-aada-49dc-a34b-b772f369428e", "comment": "Malware payload (Mirai)", "value": "a1aed31dd9aff73afe0bb182671d6051ae54fb850f441f3573cd8fa3254dfc602d523cdf10b5224914bfcc3b039806be", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695097, "uuid": "ee7afeeb-c17e-4d58-b5cc-01808c9d0590", "value": "T192D2D0AEE4B542C5FD8D5C7E848C3BA10E19E581231BDB9267128C8D5B32C57F17A4F8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695097, "uuid": "4866c8f5-6380-47cd-be84-3b7794cff1ce", "value": "384:e8pVWtmRsLYEpB6V8S628FuRUuNJG9whQ3Cfbo6w+K95orjj9RWGVCz0Nv7:jMYHb62x4ahQ3CfdwLjsW+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698695097, "uuid": "6d4d7159-6710-47f5-be9b-ac88c770ae26", "value": 29944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698695097, "uuid": "54b50c37-3c59-4be3-8156-2e2296a8c21d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695097, "uuid": "e846fb4e-a754-495c-852e-cf056604a6b4", "value": "sora.mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcf44dc7-76ea-11ee-8907-42010a9c0042", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1698646213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646213, "uuid": "6facfaa0-23dc-4973-903b-bb2de8a76a1d", "comment": "Malware payload (Adware.Neoreklami)", "value": "533314d9c5ed6e9e1eaeec6cbe7ceb10", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646213, "uuid": "2e1a4abf-5622-405c-9177-00dedcfc0082", "comment": "Malware payload (Adware.Neoreklami)", "value": "f4495c9db88159860cc2d6b1a6285d88fd7bb6a24a4130fc3fb57a09cb9f8a52", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646213, "uuid": "7952c533-6321-414b-9a3d-7a14b52781d1", "comment": "Malware payload (Adware.Neoreklami)", "value": "6dfab8fd633387df53db8124db00f1448962fbdb", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698646213, "uuid": "2bcfcea8-f8b0-4943-8c74-8fd95494dfdb", "comment": "Malware payload (Adware.Neoreklami)", "value": "26f39233c83a1ca1329a207db3b4d5fbc4703788f367b5c3c89d5e93bc72eb7f800d72f43aec3f7e66a621770f51994c", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646213, "uuid": "c315fbfe-58e4-482d-92a9-0a96a8967da6", "value": "T1EB763384B6FCC8BEF1C75834D9985E88D695F21F3B7408236BE812215F6893E4267F85", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646213, "uuid": "c787b20a-d72f-44c8-8792-22e702e9fbbc", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646213, "uuid": "85f804ce-d026-44da-aff2-44137736ab32", "value": "98304:91Oco3yEmPM5CkmvW4lPI+PAtOAQ0O8wnJbZHN9MV3gqvGF8VYKK6anHLJdEy0bR:91Ocx2fClNYRxwnRdmwcW8NKNFi5+iT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698646213, "uuid": "ea8ffdbe-0f7c-4d4c-aa07-3506a79ab54e", "value": 7509909, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698646213, "uuid": "123f0a60-8693-4829-87b7-bde507ce2bc9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698646213, "uuid": "8cf21fc7-a3ea-45c0-ba7e-7e82a1e7c272", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5deb7c93-76e3-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698642940, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642940, "uuid": "c082aab8-8d1f-43d7-80b6-86bb341411bf", "comment": "Malware payload (Stealc)", "value": "cfec7c94c7f87c5f81e0983479fbe25a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642940, "uuid": "918985ba-467b-46bd-bbc9-531fd4c6d12b", "comment": "Malware payload (Stealc)", "value": "f564bfbcefef157a49b03dd3dce7844cdc2568500c655313a193520e29452512", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642940, "uuid": "9f907d4c-1852-4c3a-9fa3-06bad8ca2a86", "comment": "Malware payload (Stealc)", "value": "ef0df11adc7d36818e95df385dee4d9ad91ff3c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698642940, "uuid": "28870cb5-dde7-4542-9d6f-03f4a168b8ad", "comment": "Malware payload (Stealc)", "value": "b7d797b21b47fcbed16ce46d82847b0da8590f2d6651f882105276ae15ae1539d5bc944fb615a67993e87f6627838f8c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642940, "uuid": "9622bfec-1e18-4d29-9d55-db774f16ff13", "value": "T191E49D12A2B1823BD07E3A3C981B56BD98697D41F7A8E4CAEFD05D4C5E35F813491393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642940, "uuid": "b1706cf2-ff01-4ed2-949c-cfe3438e3182", "value": "63dcf426cf592d540da4a68f9741991e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642940, "uuid": "ee87df28-9b0c-432d-be0b-5dbd0b1b31b9", "value": "12288:JHQ4R78rGcukgmWRjAeQ6qtoCldl4Dol9:1HhZcw95j1CloDg9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698642940, "uuid": "8f8d8a53-8a3c-4854-931f-cb89ccbb7891", "value": 657784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698642940, "uuid": "71e9ec51-f024-48ee-9f39-3ef3919218e3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698642940, "uuid": "daca4082-f851-4a41-9071-f5ab3c058d93", "value": "cfec7c94c7f87c5f81e0983479fbe25a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d34122ed-7752-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698690811, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690811, "uuid": "e4f6adfe-aa40-47ee-bdf2-ba8ab1f1aae3", "comment": "Malware payload (RedLineStealer)", "value": "41ebd4081f51f4b68f79b9eec69efcae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690811, "uuid": "43da21b9-3c5f-4a5c-9768-dadeb8a57f0b", "comment": "Malware payload (RedLineStealer)", "value": "f5b56456c023f9abab5df3b60b4790a5541ddf8453769b6835ca43956770d423", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690811, "uuid": "00b849c9-18e7-4872-9290-b23fd824b006", "comment": "Malware payload (RedLineStealer)", "value": "20f6a3fb0c25793b83e8202c3d41ca60f8b1fa5f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690811, "uuid": "d67ad6d5-f387-4a66-9bde-cc90cc91ceb9", "comment": "Malware payload (RedLineStealer)", "value": "d9efa326595df7133dcb059a383e32478b126f7093b543840fb00749bd55e6614b674dc4c8476f6d6a934a18a6731d61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690811, "uuid": "62c087f1-7598-4cff-bf0a-dcd4764971b5", "value": "T1A1652313AAFE1133DDB92B7015FA12D3173A3C809D345F367B41E96658329988E7A31B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690811, "uuid": "091d1ed9-c0df-4341-95f9-3ed753a255b7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690811, "uuid": "65c0a505-1cbe-4c00-bacd-8d474eb3009f", "value": "24576:xy/4n3XkbQGlC+0FIwobuIA50bPEMD2D1bV93c6tO/NdrrUTyzVZjWs1Wl:k/shGlAFIwsAW9DoV9DO/NmTKKg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690811, "uuid": "fa872d88-c8f5-4480-9bbf-5d5a5fe25b4c", "value": 1531392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690811, "uuid": "51e5216a-1826-44fb-9b6f-bef66194f5ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690811, "uuid": "e9563f2f-a30a-4823-8b9a-293f07377b1f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf6cc175-7752-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698690804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690804, "uuid": "12b0d109-e9cc-42ac-a352-8fdbf4b90bb1", "comment": "Malware payload", "value": "1c32647a706fbef6faeac45a75201489", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690804, "uuid": "8816997b-27fa-471f-b396-74160b648879", "comment": "Malware payload", "value": "f60e23e0d5cbd44794977c641d07228f8c7a9255f469a1fe9b2ae4c4cc009edc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690804, "uuid": "1ee5a546-756f-4f93-994f-5f82757173ec", "comment": "Malware payload", "value": "9055c809cc813d8358bc465603165be70f9216b7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698690804, "uuid": "4700c38e-a8f6-4543-84c6-1bbb06b03008", "comment": "Malware payload", "value": "3294c191ef71a1ae8aa5d4a9c889d27aab4c71e2cae2ea60d31db54247398198a615898c2a7206160c7ff3b7fbd5f51f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690804, "uuid": "bfeccc27-5422-4128-b3d5-8d509524f053", "value": "T13034BF12FAC06471E9A75C341B15BF2E6479EE303B0508A7328DD87D69251F34A2EF9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690804, "uuid": "62690d0d-418d-4e0f-9c61-597e5530be42", "value": "e48add634ee19ef51fd7cf0c4997bc64", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690804, "uuid": "444049df-9fc4-49ff-9fdb-37be2fe6ac16", "value": "3072:lvkpbAuLG+BPk/AAKozNEGwRhZ7JLgf7nDVF6PUp1Yo3ICghM:F6n6aAzNEGwRn75gfzDVlVXg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698690804, "uuid": "d1f2664c-829c-4762-9221-0e98b92291a6", "value": 236544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698690804, "uuid": "f9dc89cf-f623-439e-899f-f7da843cf786", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698690804, "uuid": "8f82bdd6-7e79-4567-ac89-19aecd1f4e03", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "810570f1-76e7-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1698644716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644716, "uuid": "f8374d2a-848c-4e21-b072-6e7c54609e8b", "comment": "Malware payload (SnakeKeylogger)", "value": "3debb64ab0c057b634d3bd9410f604c9", "object_relation": "md5", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644716, "uuid": "a6887245-17af-4491-a1a1-03475cf0cf0f", "comment": "Malware payload (SnakeKeylogger)", "value": "f6c2d0b8bd9246f4e0d5dae254b54f621d22ddd43ab1014f91777c4334c42865", "object_relation": "sha256", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644716, "uuid": "9f518da5-7a0a-4fc6-b8ce-830bd04c0f4a", "comment": "Malware payload (SnakeKeylogger)", "value": "afa15e95c6a2c6bf7bcbbda238851320a6011ac2", "object_relation": "sha1", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698644716, "uuid": "21d09346-b14b-458b-b694-161106a0d786", "comment": "Malware payload (SnakeKeylogger)", "value": "95f88ed2eee4f095d09920ca9c54193d773a22890a37c03221df3175f4e9ecbd4bab4b3d230884ce2f1342758c4ee813", "object_relation": "sha3-384", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644716, "uuid": "0aff7fbe-fc13-41ca-bb7b-492faa630280", "value": "T1AD7412DA07ECB3ABD43715FB90903915033DB46110ACF4DE6A27B8D945B33896AA2FD4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644716, "uuid": "38e20fb1-68ba-4b05-b1fb-76665f073252", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644716, "uuid": "c77175da-9cdc-42f1-a964-18d485d70e63", "value": "6144:53OazRkHn3DeQLJhpSS4TBFYjtLYE2Odtyqd72frQQD:53OazmqQLJ21B6JYrOiqo/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698644716, "uuid": "7d6d6eab-b74b-429a-a3d0-0ba466387f8c", "value": 337920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698644716, "uuid": "1233fc47-68a0-4b58-a21e-3339091d83b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698644716, "uuid": "c97081fa-a1f9-4581-a4e8-2344780a5b16", "value": "CI 84394.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc3d2bd3-775c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698695094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695094, "uuid": "b4e78a5f-98a9-4160-9f3d-2dcd07030e5d", "comment": "Malware payload (Mirai)", "value": "cb22f1bf2a99018d5a4ddaa1dc26cf35", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695094, "uuid": "83888261-0cf0-4f72-bd06-a8d39e132080", "comment": "Malware payload (Mirai)", "value": "f7950cb591c0eb40097a290922335768e385c946bde5acb32bf993b58e1aec95", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695094, "uuid": "4e6a4b4d-aaba-47af-b9e3-b7678fadce5d", "comment": "Malware payload (Mirai)", "value": "08719b814083f309f1f2b51539864732a0845f8e", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698695094, "uuid": "3b8001f2-47ad-4a6c-a154-d18833d8ba9b", "comment": "Malware payload (Mirai)", "value": "8d287892501dd7f553be83f6a9c6d53a8dab6b4d10bf4c01a110f86aa4a5850b66883f0d7e52e4211856c9b57cce5d95", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695094, "uuid": "48912b18-0100-4284-9510-73f3e12ad354", "value": "T1D333F1B692AB9D61C27052BB1539A4ED64462738D3E5F00357210470EACB2F39AFE7C3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695094, "uuid": "a2f4fc70-9271-4e7b-b1a6-dca776c9e03b", "value": "1536:uCoqsGR4eB3g0Vmh1IxIpC8JuL9VE8amFZP7R3h:Xoqs2Twh6P8JuLJ9ZP7R3h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698695094, "uuid": "1f5c0712-e85b-4f43-8476-134623ba9e36", "value": 51444, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698695094, "uuid": "a3bcea1d-f1e4-49de-9ff7-4908fb8e5ff4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698695094, "uuid": "c8b34c67-2582-4a11-9165-85ebb55677a4", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9004597-7728-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698672701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672701, "uuid": "cec1acb1-1873-4281-8b56-14476ebab1f0", "comment": "Malware payload (AgentTesla)", "value": "cb31343e9fc1c0eeb0ec7a4984c869c7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672701, "uuid": "bcde7790-5952-4654-bd2e-1030c38359a8", "comment": "Malware payload (AgentTesla)", "value": "f86cd87fc24befa938704c730fa71b428e8c89009bef10452792a01725db285c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672701, "uuid": "3074f05a-ad81-4f95-bce5-557f494acef5", "comment": "Malware payload (AgentTesla)", "value": "2d46378c4b58c17672c1f278755d26947906dd54", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698672701, "uuid": "17c89549-d54c-4a45-9354-89aedb29ed13", "comment": "Malware payload (AgentTesla)", "value": "0bca738ecc228eb61f80895449cdd695f966f9900267560fc7a14e8a6e5ff2a7d1a59fcb9c0591189768c437f8209aea", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672701, "uuid": "70a42007-efd8-4129-a107-a8c1d2ea0e67", "value": "T1C6056B086840E02DF56812F70C9E4E4F2FAC5E6B3A03B5B7294C614696B7DFB74AD9C1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672701, "uuid": "1c5c0d4c-2df3-4ef2-9587-cbff7fc30988", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672701, "uuid": "d24e2265-52cc-4cc4-9e7b-ca5c28c4eafb", "value": "24576:G6XV0KAhD/v0IQoP8nN9CWXwhX2IMlYXp2UwT:/XRAt/vHIN9CWXwhX21lWe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698672701, "uuid": "dbed1d2b-5fc3-4f40-ae1e-a693b31276ed", "value": 798208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698672701, "uuid": "902809e5-28f7-46d9-bfc9-f47b9dadbf83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698672701, "uuid": "571871ea-c107-4355-aa90-28e6d20db3d4", "value": "AWB #150322.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ebdb1bf-771f-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698668738, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668738, "uuid": "1c97608f-05fc-4734-b68f-a45652b954c2", "comment": "Malware payload (Amadey)", "value": "946d8a2e18b687376eca17c566681dd3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668738, "uuid": "b339f702-a03b-439a-b064-53e775e224ae", "comment": "Malware payload (Amadey)", "value": "f8fac1839db903dc9b40fe5a1ebbe54d51a38806f0ffa89fe715dfe5b8c203c6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668738, "uuid": "41a34777-79fa-458e-8807-b74f681f9df2", "comment": "Malware payload (Amadey)", "value": "ee508c08468299c0393a779d86fa4d3fa6d6521a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668738, "uuid": "d9630ff4-2240-4212-abb9-00bfcf228ae0", "comment": "Malware payload (Amadey)", "value": "9d14dbdaef9d3649f19e5b49d9127c44ac9eaae3e150c5b6611008c84eefae66cff16a01b1536281da136e9313ce15f1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668738, "uuid": "719401c8-ce97-49a3-8851-bfbffb23ed18", "value": "T187D41216BBD88433D8B1273148F712531731BCD2A97CC32A27DAA59E1CB3640A935B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668738, "uuid": "84be2879-40ec-457a-9f57-100f6de2e810", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668738, "uuid": "69fb4825-1c2e-4d29-b52d-826e966d103f", "value": "12288:LMr9y90gdHz2wBv0u+Ta2Jy2Lq+ec1VQNAUt5M2x7:WyrJ2w2C4Lq+e0KNAae27", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698668738, "uuid": "7663e5a8-f0c3-496a-ad68-98b646e75391", "value": 607232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698668738, "uuid": "1f3ecb3a-b06e-43eb-b368-fdacd7293f53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668738, "uuid": "be34a8ef-0eb2-4214-b93d-8dce7140a0cb", "value": "946d8a2e18b687376eca17c566681dd3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdb958b3-771b-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698667259, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667259, "uuid": "504c3548-5e0b-4548-8846-d36d509e2319", "comment": "Malware payload", "value": "0f7002aaca8c1e71959c3ee635a85f14", "object_relation": "md5", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667259, "uuid": "d6fc6855-d04f-470d-8a3b-01c1f6ea800e", "comment": "Malware payload", "value": "f913515b1bebffae8e090b726ae7fb6e08a7213e1ac9636ee250d5b861fc5038", "object_relation": "sha256", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667259, "uuid": "9755588b-7097-4104-8810-56251ed91ddb", "comment": "Malware payload", "value": "dfbc40292ca83efe53c12e0f1fc00ba4d67e7dd0", "object_relation": "sha1", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698667259, "uuid": "f1ae8afd-5025-4c77-af4e-afb3e4d012ea", "comment": "Malware payload", "value": "3ba2eb39a2168fe43accdc66c3a04a98b2247be4cabe9b615dba2373f78293a44c132275072359eb0781d7a0aafc3328", "object_relation": "sha3-384", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tailored", "colour": "#BB6C62", "exportable": true, "hide_tag": false }, { "name": "ToddyCat", "colour": "#122305", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667259, "uuid": "24aa3a96-890b-4a61-a620-cec1b2a63210", "value": "T110A35C5763A500BBE4779679C8A35946D372B8560270DF8F07A0016A5F73BD28E3DB32", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667259, "uuid": "77b533c0-759c-4ef7-ae52-92475b92c8cc", "value": "4175aff86e9eefdb26de14ee1e78d0ed", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667259, "uuid": "c16405ed-7724-4657-b96a-8ed86b499540", "value": "3072:2yuXCpSBYTA91bwA0F6duNno4POHD4Exi/I:2X0T4wA0F6wJoZHX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698667259, "uuid": "37db0884-f8ab-4e64-8fdf-bb2c1287d125", "value": 101376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698667259, "uuid": "68aea7ef-5c0a-43ef-b870-d293e42e3fdd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698667259, "uuid": "ac4b8062-e75f-4a30-899a-326648f8d2de", "value": "0f7002aaca8c1e71959c3ee635a85f14.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0edc4e4-7730-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698676177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676177, "uuid": "40a46da5-44e7-4e4f-bef8-a370999d4d2a", "comment": "Malware payload", "value": "cd81bdeada761a37bb019bc8411aabc0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676177, "uuid": "d10c7ec6-f4d5-4d62-a57d-0ec619ec31d8", "comment": "Malware payload", "value": "f94d2b089c250e8ff7d1398e6f107867255aabfe28d79dff8532e2895e0c6e9d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676177, "uuid": "4a1529e4-bf61-4ac1-917d-ec46072fdc61", "comment": "Malware payload", "value": "8cf9ba99380e90c69f98e6a34f144fac39ff1d1f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698676177, "uuid": "44a94c92-a2ef-4364-b879-ca4c9f2a67d5", "comment": "Malware payload", "value": "ac5a3e16e0c03b6d04eb49595105fa5f91660b66e22740133f8220b7a8474b96549e2d4bc5c7f8b726d82838bb837abc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676177, "uuid": "440eb23a-8bb6-4bc4-97fa-034c0843c97c", "value": "T1C87423DB8E416907EDB965788B3A2C92C3658C83B7D0F2C19523BD4B3901DE19E0BD5E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676177, "uuid": "8900812b-48ce-42b2-bf48-c9e4ac16b33c", "value": "6144:e4syDm6pc7n3t/DOO3WTYdqVga6bqxrevC102w+erJigUou+7JILIOF1XcntxLaS:qyi6W7n3t/SSWatbqcPUouzLPMntxu6t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698676177, "uuid": "1a1bd2aa-8fda-4001-870c-834b44263d5f", "value": 357572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698676177, "uuid": "2394d79c-9bff-424d-92c1-f83a2ef82bdc", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698676177, "uuid": "b994a6f5-475e-4463-a987-f58c65615ecc", "value": "83461806.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62e9f0c0-771e-11ee-8907-42010a9c0042", "comment": "Malware payload (STRRAT)", "timestamp": 1698668288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668288, "uuid": "a481b857-8548-4bb5-8c35-020886c24f80", "comment": "Malware payload (STRRAT)", "value": "7ea677508ce9ed7d252b47ac4669c976", "object_relation": "md5", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668288, "uuid": "ab2a01b3-949d-45d8-999e-140563f01555", "comment": "Malware payload (STRRAT)", "value": "fa305a1e334c49f878ceaf2e6291d11b2ed0b884160872742b91c0112a3c1765", "object_relation": "sha256", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668288, "uuid": "d6361008-6b31-4cbb-955d-7e6d7f8ee058", "comment": "Malware payload (STRRAT)", "value": "f7e44017b482885edda87c91e2141df7ddd9daca", "object_relation": "sha1", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698668288, "uuid": "b730a401-9a89-4d1f-bc1a-b130317d9b1e", "comment": "Malware payload (STRRAT)", "value": "f6c3b4e0b64c82097bea24cd400049374633b1c72dbb2f47157377c9b03e88c9b64e4e14a7cdd8087036d19a5eef4355", "object_relation": "sha3-384", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668288, "uuid": "7c73054c-493b-4407-ac5e-a7ecf0543361", "value": "T1629423E15204DCC3E8725525B987712F8FB44122A0D92BEB2BE228D806B5E91D71E7DF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668288, "uuid": "d43620b0-ac1e-4e18-93f6-4296e90b393c", "value": "12288:NYymYsSNo2kyK9jAnVqh0koUZoRdkprZ7W:TDNo2fVqChYQae", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698668288, "uuid": "f08cf6b3-7034-4826-bd74-10321003d537", "value": 433613, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698668288, "uuid": "502b06a0-0447-4f3f-8bf5-710d96496ae1", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698668288, "uuid": "e90ae270-852e-42c1-95b2-020d38a81006", "value": "DOC757869856647.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b761342-7744-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698684597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684597, "uuid": "8b2f5c99-d566-47a9-9740-079207d2cbb8", "comment": "Malware payload (Formbook)", "value": "49300011797b20fcccb64e9f0642e212", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684597, "uuid": "495f3393-0785-43d2-a4c4-f7ba2d758452", "comment": "Malware payload (Formbook)", "value": "fa75be54659c7ffd8f59a49687c1ddf79c333861043831395b0fb10b87401f7d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684597, "uuid": "d16dd108-eff1-42eb-88ef-a66c0d7fd55e", "comment": "Malware payload (Formbook)", "value": "1944ee9f3e45051d9471507839070dfe8da468ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698684597, "uuid": "19e13a90-aa0f-4980-8849-2b702629ef9c", "comment": "Malware payload (Formbook)", "value": "de603eac98318c8ad8a9c261c776dcef7921e2c924120a280959fec621b10073ac37e94b703237d06c82ab309efd45f2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684597, "uuid": "f6abeaa2-74ad-46a6-b655-5380b10426dc", "value": "T1C1D42282B9ED0B14C7FD5FF2C9F1816013B700B915E2DB4D1E8E63CD0AB6B4856A16A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684597, "uuid": "17adead3-211c-4cb6-aa5e-1aa49027d88c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684597, "uuid": "400072e1-927f-4457-8f17-0bca2d78d799", "value": "12288:e8+69yqLTZbMtFnHTzI9pJFsRODU7eKP8spxliE6agz4pxMzuVJ:K6X3Q/iF+73U4SE6nirb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698684597, "uuid": "6236a02b-25c0-442c-8191-3860e21f016b", "value": 642560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698684597, "uuid": "df327ab3-274a-4cd7-80cc-1dbdd6bfbf7a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698684597, "uuid": "90327622-77d2-4f5c-b69b-8d64a6ffd37e", "value": "SecuriteInfo.com.Trojan.Inject4.59820.201.31258", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03bc0732-76f1-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1698648801, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648801, "uuid": "08f8be5a-417e-4a69-aea9-85feafdaa2ca", "comment": "Malware payload (SnakeKeylogger)", "value": "f02100eb5f3140c05def18e397fd6175", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648801, "uuid": "b3968b6e-6e10-4119-8926-f8314e357d0e", "comment": "Malware payload (SnakeKeylogger)", "value": "fac373a26a5f0458890deea7bc93d6ea6e769eeb6440d56c5adf9f3da8838c90", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648801, "uuid": "00fa96ff-85de-45a6-9518-adc6fc71ec27", "comment": "Malware payload (SnakeKeylogger)", "value": "dabcc934eec02af1b9faaed6e911791272c1a089", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698648801, "uuid": "115332b2-ba0c-4b23-8830-2df8d5b13214", "comment": "Malware payload (SnakeKeylogger)", "value": "6bf06163b06791e62db4cb86f870c48f97563eeec9111ba53ddd1a530076ab65b0e828691bd580ef1b62b76d102547a1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648801, "uuid": "a3df58c6-c774-4b62-a507-b0c7934ca86d", "value": "T115C24BC0EA488623CF1E07B4A17B4A211775FF5A96226B8F27CC735A3D47943262F14E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648801, "uuid": "1ca3927f-8072-44de-8c47-33378c85f01b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648801, "uuid": "8508c3f6-3a4f-4918-a83c-00283765d43c", "value": "384:5PQ9Uh8DHZ7+tCO0VobNPnbn+b/AeH9F9wGjEnAtNCSGFqUD:duZtoZPbn+rLXiiEnuCLFqUD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698648801, "uuid": "cbebfe6e-5256-47ba-a8b3-c858308d1b55", "value": 26624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698648801, "uuid": "d950ef27-0849-4346-87e0-076674a270ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698648801, "uuid": "9cd9ada5-8291-4ac4-8fcf-5330643c91e8", "value": "Yjntdre.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1dd46932-7720-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1698669031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669031, "uuid": "78cceade-7ec8-4147-a2b7-073e0eca1868", "comment": "Malware payload (MarsStealer)", "value": "25d4f846602beb17816964b2c1887320", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669031, "uuid": "91138bab-f00e-48b2-aef8-43a8018e98ba", "comment": "Malware payload (MarsStealer)", "value": "fafe7d66e5bd7b863c859d329c390978d7e2db8627664e1427f7f184ba7dc24e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669031, "uuid": "249241ac-4bcf-4c09-a0bb-c607a9d90e24", "comment": "Malware payload (MarsStealer)", "value": "939d86da40f86926aea6998b7e0b3e0f0fcfd78b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698669031, "uuid": "e6383c13-e7e5-4c56-9357-c879c5241ef7", "comment": "Malware payload (MarsStealer)", "value": "c98cf66c3bb647204c12d64ebd94f20ea18b26e857334313e1ce0cc378a824db58127e6837ca7f008c830f1712143ad0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669031, "uuid": "187e4181-f66a-435e-a9be-f54ca66301a5", "value": "T101247E1263F17CA1F53766315F6BC6E42A2FFC714F2CA6AA1318AA2F08711A1CD72751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669031, "uuid": "56438392-fdf4-48e8-8185-ca243b0a76be", "value": "e152f6e328695c7be0e02666bddd99cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669031, "uuid": "c0f5db13-7e21-4470-a72a-8da2fbac589c", "value": "3072:l5X8fwQ7Kv/JxnO5VpV7DLp8YCAE4sXdOORalPK8h5ZO:Ly/7Kv/JxnOfpV7DCWFsXdJQx75", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698669031, "uuid": "17de444c-ef33-4000-9402-bb5b4eaa9409", "value": 215040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698669031, "uuid": "4dc7371e-ee30-4617-9253-e25e1cce065d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698669031, "uuid": "e2dc33b5-fbe1-4363-af86-9c0e89c9cc48", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0220ef5e-772c-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698674139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674139, "uuid": "40095059-c893-40a6-9338-d0b2ff6cfb29", "comment": "Malware payload (Formbook)", "value": "97135774d7f743324e0f44b1ad57c4a3", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674139, "uuid": "f371e955-2848-49fb-adba-7c0182be3c0f", "comment": "Malware payload (Formbook)", "value": "fb295449d851c67c9ad091d43c136438e13eba36f9da0696dd308287e91af54e", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674139, "uuid": "d1bfcb19-d09e-4ece-b6c9-ff1c57785625", "comment": "Malware payload (Formbook)", "value": "da6ab44f5e930233bf1ffede0584006a34f22dd9", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698674139, "uuid": "db007694-f7cd-46ab-85f4-e2d4286d178e", "comment": "Malware payload (Formbook)", "value": "292a292b204848727909e59cf6bbdf8ed80af143e536a4fb617d6ab7c712159cf5ee38bdb3ee3355b551aa4a33108dec", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674139, "uuid": "0c6b3e0c-0006-497f-a23e-a75f1ef3b86a", "value": "T1B28423F2313FDF5A6D4905ACE46A02D98B4C178A71E61F3FC0594493E8105BB1FA639E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674139, "uuid": "66c435cb-a80a-44e5-ba3d-d5b636a16eab", "value": "6144:oArCPtq4PZGJDTaDUapRZakIvwnGEV9TXIyRY4s7sl8eVsxVOQC3hdD+I2hXmDf9:o0oq4PYJDTepzaT+GEVFXIqY4ysl8eqY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698674139, "uuid": "826cc108-ea1c-4e1e-9bf9-39f3e8bae689", "value": 378774, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698674139, "uuid": "1b317814-e81e-4ddc-a00d-fd09bff0cac0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698674139, "uuid": "8a63d760-110f-46bb-8474-d67b88232505", "value": "PI_790126-10-30-2023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2f3d46f-7761-11ee-8907-42010a9c0042", "comment": "Malware payload (njrat)", "timestamp": 1698697226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697226, "uuid": "b1b1f644-2728-4e39-960d-7f77d49c9005", "comment": "Malware payload (njrat)", "value": "5fc70604b15fe5b409df04bcdc78df15", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697226, "uuid": "6e406f40-75d1-4afa-acba-cc6a04a28de4", "comment": "Malware payload (njrat)", "value": "fb3d2abb360e3dc74ee3646ced736247b25c2ead6e2e0f9776565998060bb325", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697226, "uuid": "d7e43a85-2b93-4325-b94c-1cf51ea6bd07", "comment": "Malware payload (njrat)", "value": "8c8218c524966f2a54132598c7cc67ac29563224", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698697226, "uuid": "cb39961e-1c81-4486-906b-b4e2870d5232", "comment": "Malware payload (njrat)", "value": "19215a6d91804e0d4b40331f83c3ea19f11c9581e63ef7b230346e2a7dc3b82dfba68656d2e20c2f5f56715e24d683da", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697226, "uuid": "ad4591ed-7c12-4f3e-b796-718d500186e3", "value": "T106E208067BE94215D6BC5AFC8CB313214772E3838532EB6F5CDC98CA4B676D00645EE9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697226, "uuid": "932fe37a-3bda-4d46-ae93-8b1830d8c268", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697226, "uuid": "b2c306a5-c64f-4e2a-a245-30bd5fbd7b86", "value": "384:E0bUe5XB4e0XZOnPw0Q0mS03AWTxtTUFQqzFaObbZ:BT9BuAI55dEbZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698697226, "uuid": "2ac230d6-621d-4ad3-b404-7ed4f5e20813", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698697226, "uuid": "807cea72-23e1-42e8-bd71-50da8512226d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698697226, "uuid": "d7a295af-8c7a-4303-826f-9f1eee800d85", "value": "5FC70604B15FE5B409DF04BCDC78DF15.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07b8af3e-7750-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698689610, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698689610, "uuid": "d07caddf-11a4-41d2-b3d3-75825369b9d5", "comment": "Malware payload", "value": "138c57ecd75c9a9ec08d3e2ba490f4b7", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698689610, "uuid": "b52b901f-ecbc-4181-8496-36425c5e8533", "comment": "Malware payload", "value": "fbf768ba44b398c246fc1faa033d3841e66dd799780082cdb61f6a4ba0299a26", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698689610, "uuid": "e4ffe760-5950-4096-97c5-4d36d1fcc9bb", "comment": "Malware payload", "value": "6ed55055522fc08ea0b196aaad1fd04f62de174f", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698689610, "uuid": "cb072374-ae42-4d29-99ef-8a994cce3c74", "comment": "Malware payload", "value": "a125aa233d2ad2d31b42406f0b37789fbf0b56424f7932f492c961383119f4f0c1362efd9cbce7d19382d4c8b6a2f65a", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698689610, "uuid": "62622eab-34ec-4294-b8ec-2fa7cb949489", "value": "T147C35C1116DFA08D71733F731ADD7AFA8E6FEFE1161A649AB24413038A61E40CE94673", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698689610, "uuid": "02db4720-812c-4424-8fe9-19cc1e2983fd", "value": "3072:KG0QfY0+M0AkyTG5T29RTPiTg9dTzTgT4LTmTKgB:KG0QR+M0AS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698689610, "uuid": "012659da-91d3-4fa4-8a2f-ddd8b71e7a47", "value": 124660, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698689610, "uuid": "9e6a5f1d-c04d-470c-9cdf-fe93a39877ff", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698689610, "uuid": "10216b1d-0860-4805-8ec3-5cf3008960c9", "value": "Documento de envio de DHL.pdf.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d00a0ce-76fb-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698653192, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653192, "uuid": "6059a948-3557-49cb-8e8d-7c044a26a1c1", "comment": "Malware payload", "value": "5b8d7aaa4b734bf53c4c4f55bf04116e", "object_relation": "md5", "Tag": [ { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653192, "uuid": "160aef0f-a9ad-4467-ba79-622b1228f3b7", "comment": "Malware payload", "value": "fc015bc3dc9e045882f237825a5cd15eb25b66aadc2b8c599a467f378a683ef5", "object_relation": "sha256", "Tag": [ { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653192, "uuid": "40c52a85-cc0b-49ba-9780-abe332892055", "comment": "Malware payload", "value": "e3c5e4aec87acf88d0b9f7f7bcca3ba71161a80b", "object_relation": "sha1", "Tag": [ { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698653192, "uuid": "68ec498b-4b16-413e-9b6b-87e690d746ee", "comment": "Malware payload", "value": "c388a644a305221158dbdad072279f6c6857321a31264a34d49666106038031f306401e67ea79208490f196f706b696e", "object_relation": "sha3-384", "Tag": [ { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698653192, "uuid": "37461b0c-772c-48a8-8c0b-36b9bfeacd89", "value": "T1F5242267FF82F1D5DF584978AAD07CC6FCB24D142B766139112C77EEAC0250E58A08A7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698653192, "uuid": "fa5d6bd6-b416-4f46-b720-d0073cdadf74", "value": "6144:zdgQ2vmZlJo7c61Fru2ZcpGt1JVUfYxY9sC81u3pjWV0MDjbQHxx7z:RgLvIl67Bru2ZuUVUfYQsC8YZj45vQX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698653192, "uuid": "ef2638fa-82f3-4ed9-a66c-41c3d2717e61", "value": 225570, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698653192, "uuid": "4479b4ea-ffca-45c7-9bcd-de95658a9272", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698653192, "uuid": "34ee19b8-3363-44a8-97b4-6035c46a9efc", "value": "1.chm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33ff3a76-76f4-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698650171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650171, "uuid": "d0cfa5c9-a4b8-4500-9fc0-380f8e8d1631", "comment": "Malware payload (RedLineStealer)", "value": "d20ff3062ca2670136387a8870da3556", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650171, "uuid": "6fcd7eb3-ba02-43e3-a352-a11e6a4abb5d", "comment": "Malware payload (RedLineStealer)", "value": "fdc91eae152f8f8c6230c368d8f2f1ebd38097cfe049d9ec115c0cf0b75855bc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650171, "uuid": "85f95e86-49bf-45e8-b221-146c15a56a0a", "comment": "Malware payload (RedLineStealer)", "value": "2d93ad90ec8e2ac21a3f27eae5b3a231dace2381", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698650171, "uuid": "4395016a-77f0-4811-95e3-03687e787e95", "comment": "Malware payload (RedLineStealer)", "value": "d74126fb7b6f73e686339334ce058098e4c41b32c372a773a52da2f909a6094c95cce50b142d34cc1d03b357275c752e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650171, "uuid": "b8f02b03-fb3f-409f-85c7-c780a2c50e64", "value": "T15175330252D85133C87B4BB629F60AEB1F3EBC918DE9572F33406C9505B26C9A97371B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650171, "uuid": "3ef1d78a-6506-4a39-9409-2af99413c0fb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650171, "uuid": "13c6e3d9-3bde-476a-b79b-a5a562d4ca9f", "value": "49152:sqhiTI4pfbGEj/j9/SM62HKq1tVDaK2t0BV:tIUEjJaL2HZ0uB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698650171, "uuid": "7e631182-fd10-4d55-8ec4-e27e0853d2fc", "value": 1613312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698650171, "uuid": "fdf4ad31-7765-4989-9e39-ed3db621ca2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698650171, "uuid": "b51c4a9f-0cb8-472c-af6f-c479c4e866e8", "value": "d20ff3062ca2670136387a8870da3556.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bf233f4-7779-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698707388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698707388, "uuid": "c44d9314-167f-43f5-adc3-cf171c4ceb0d", "comment": "Malware payload", "value": "6913c2b55bb76f6f3165ef6d65f2cc40", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698707388, "uuid": "3a0dce3b-3628-477b-b2f7-f1b6402dfd39", "comment": "Malware payload", "value": "ff271c8eb4617ea18d558acce2f9d478c505ac54eb2e6adb694a871ab32bd4d6", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698707388, "uuid": "66073d60-145c-448a-ba1b-fcb9df1987eb", "comment": "Malware payload", "value": "c6e30232e6207bccf7d4f3cadee59f1007afd25a", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698707388, "uuid": "b298c171-0646-4677-af0c-8d0ab6902e9b", "comment": "Malware payload", "value": "a64d2c98066f87995ff1ed982e6bc33d17b3447a8a703a80b63240eb0d9774d5788637b164a9a05f099e6c7354c723fb", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698707388, "uuid": "7e53818c-8f5c-417c-bbbc-a874c96f5a88", "value": "T18FE5337861E9EBC1DDB06BFA99992FD3FEA0903064C32DFA340555B9266D180374DC2E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698707388, "uuid": "c88390f1-37d7-47ad-86c7-cca03d7457ce", "value": "98304:AYAov5b7y5WrEeJuFdn1bP5mea1f4jQYdrS:AYASqWrFJshfEf3Y5S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698707388, "uuid": "5f945edb-62c4-4525-ada6-11658b0f74b5", "value": 3311990, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698707388, "uuid": "9d9dc4f5-49bd-405b-874c-c0721aa0415b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698707388, "uuid": "e7ce7cf9-5bb7-4285-8816-de4a42b4090d", "value": "OverdriveNTool 0.2.9.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }