{ "Event": { "published": true, "date": "2023-06-20", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-06-20", "timestamp": 1687305781, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "0e9ec1c0-4fd9-4aad-a4d5-9a3046a7a032", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e168f82-0f34-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687242674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242674, "uuid": "678c22df-126d-4fb0-970f-818aa0226b3a", "comment": "Malware payload (RedLineStealer)", "value": "668547315521929c158362305bdc9a5c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242674, "uuid": "51df5b25-07be-411e-b782-644c5c113ca8", "comment": "Malware payload (RedLineStealer)", "value": "00602c28afac5273634943fec13353ca7efbe28379f32d1904c6e6b5793ac3ec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242674, "uuid": "8b06133b-1e83-44ee-8b6c-1299d52ad8c0", "comment": "Malware payload (RedLineStealer)", "value": "136c9473dcd1af89161babfc8e32b4415ba8b3a3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242674, "uuid": "7558c222-07cd-4b39-8de4-6037fb461c25", "comment": "Malware payload (RedLineStealer)", "value": "e327bb51dec83c099a962a9ca71bcbc98000f5f05977cd62459d5829e8fbcd67267df4921571fc24198fe70f2f18327b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242674, "uuid": "86ef16c6-f05e-4b92-b15d-ead6f2fda4f0", "value": "T10FF4124174D8B124E9360631AC6AB9436DBDF8E08E61DC6F3F60331D47B16E0BAB456E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242674, "uuid": "1dfa85e6-73c4-48bd-b350-be0261094bdd", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242674, "uuid": "ec915aa3-be4d-4fe9-ac96-bddfb1333248", "value": "12288:AtdQJRvv7fWlu+T/jp3s+1VVYQ8QzROTRmz8pgqZ9Wv/f1yqEGE9SNz75LXPMaK/:ACRX7fIugc+pPOtmSgO+1yqEGZNz757s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242674, "uuid": "c47a0b8c-a87c-4c01-8717-bbb13261a2ef", "value": 760320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242674, "uuid": "4ff80841-e313-4162-939a-08cd4a360d20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242674, "uuid": "a1e6cfcd-bd4d-4344-8d7e-0157ee2cde55", "value": "668547315521929c158362305bdc9a5c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8f35544-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687288165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288165, "uuid": "dff5167a-6249-4363-91e8-d557d2f14fc2", "comment": "Malware payload (RemcosRAT)", "value": "c441075240de1a6f57d05dcae26969f3", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288165, "uuid": "c204766d-0d5e-4b18-9eed-3dd3a869ab9b", "comment": "Malware payload (RemcosRAT)", "value": "00a5e0dcc0112b71820c19fa7fd1c3e47d0c9b58270279b0cf870d5a9259c566", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288165, "uuid": "dc14b1f4-f79c-4b9b-9332-5fe48e61607c", "comment": "Malware payload (RemcosRAT)", "value": "ccad92349c6e69881f1df777ff6f0a3ff7a3f488", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288165, "uuid": "aa8c9385-8a21-4bc2-ae85-7bead619876c", "comment": "Malware payload (RemcosRAT)", "value": "e60d60a3fed0d122520330080337a6dbcaffd3c1aad0ccea02ed83b20b275c87d363de17f4c492280cb28b5a4649bcda", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288165, "uuid": "2ace8d9f-8e58-44d7-bec4-6c40c02f660b", "value": "T156B4231EFBEBD1ACE689E97384826C2423345761A40FD629385E139C5F077C79B5E322", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288165, "uuid": "f458f43b-f1c8-4bba-a9f6-77875d57e6cc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288165, "uuid": "05eacb5d-7dfe-424f-b2be-12b9fddfe9e6", "value": "12288:Ig/1OjI2uOwvw9P5pfL/51tneQU/BGyxiDwBeDJ4OOZYmOJuB:9NoI/OwK/LnU/BBiDwBeGOk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288165, "uuid": "7a7c72e3-8e72-4566-ad77-879c9a2e0e7e", "value": 523776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288165, "uuid": "8b33913c-f886-4fb8-b912-d6db868cfca7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288165, "uuid": "68fbbaa7-192f-4901-b906-5071a6933447", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "920d36b3-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241177, "uuid": "71d94a19-b74a-4a85-8842-fd61e1143ad5", "comment": "Malware payload (Amadey)", "value": "965bc03c45faa9ce417d877725beeb9f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241177, "uuid": "c8ff8b09-1195-42b4-818e-9833e7479a25", "comment": "Malware payload (Amadey)", "value": "00efdb259f7bf7cbda59d7ebd883c50e5206cb3b55ad583b2c81399f235786b7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241177, "uuid": "6f10e97e-8d8d-4f36-8361-e4642df715e7", "comment": "Malware payload (Amadey)", "value": "c37900a182be6986007f8e22339657c58698550f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241177, "uuid": "93082676-e1f1-433b-a727-c836d61dd2c8", "comment": "Malware payload (Amadey)", "value": "6a69c33ef51d9347ace7459c1ceebfec6108b59fb4b92e0310801d5f0e85f28588e27f36f77d9f01df3f6b336bbde7ea", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241177, "uuid": "290c3893-a9a0-447c-9147-b6ee0dc465f3", "value": "T1A4F40241B8C8F125D9720531B92A76827DBDF8A44E24DCBF3FA0332D8A715E1B5E0A5D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241177, "uuid": "f5474eff-e7bf-4ef6-9933-f0ccaf1eefb8", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241177, "uuid": "2966a5eb-1b69-4c4b-9f0e-5951d9de6e0e", "value": "12288:tfMnMIREv7fWlu+T/PL0oAwnDP9pqN7pUBgSW5uDyhf4i6QyBNS5:tWnRg7fIuwLi4eNStWoDyhPYS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241177, "uuid": "253faae7-dc28-49b5-8f48-9d08e6f9181e", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241177, "uuid": "660cb8d2-ea63-4c89-94b9-07151d2f0f2f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241177, "uuid": "140868b6-ec4b-4ff2-80f9-c6bd246557f0", "value": "965bc03c45faa9ce417d877725beeb9f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01e2e38b-0f4e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687253820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253820, "uuid": "a0b71e70-1ade-4a53-ae96-cd9dca30c041", "comment": "Malware payload (Gafgyt)", "value": "c65e866ed46436285697a0ab37e711d4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253820, "uuid": "e8cd7585-6726-47fe-8112-e19e3be49556", "comment": "Malware payload (Gafgyt)", "value": "01f75fbc98a1935605d9251f492cd0bd00bfbb899b9cf934ffa106b8edc972d5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253820, "uuid": "5e3dcc2c-74d4-406e-a171-59d322582c0e", "comment": "Malware payload (Gafgyt)", "value": "01c3edde9b692ccce116e7912d1abfff2f6c436a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253820, "uuid": "03acfb3b-8c3d-4fbd-b281-e6a6e6a1987f", "comment": "Malware payload (Gafgyt)", "value": "d08bc1df7ae0fcdbf81b19f39c22b802f2e88a432b1acc6950bfa6811df8e1841bf54c477a55d0947bae2adac456f77e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253820, "uuid": "15c0af38-2bbd-43b6-ae31-7f00e45886bf", "value": "T15BB328436B1C0B87C49B9AB01DA737F18B69BD7112A351C9A90BFEC04733AB81527F95", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253820, "uuid": "5e4dfafc-32e9-4ff2-9384-f58f58373845", "value": "3072:WD3l+XQzPeV91310pWuduKakpNDtm2pgYMidIP1W:WD3l+XQzPe713CpWCuypxtm2pgYMidIQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253820, "uuid": "0f177f6a-c970-4219-b51a-f4856697ebab", "value": 113194, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253820, "uuid": "1cd76134-b0fe-45b3-99c4-0cb1bc2ba593", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253820, "uuid": "6a1d26fb-d4e8-4dc6-95bb-b1dde022a82e", "value": "c65e866ed46436285697a0ab37e711d4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d44239a4-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687288104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288104, "uuid": "b1029ef1-68b1-48ed-94f3-14d342f1d14c", "comment": "Malware payload", "value": "9d95aa1eaac02a9668a56780dd890c57", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288104, "uuid": "ac4035b0-67e6-4fb2-a13d-14fbf72c6df2", "comment": "Malware payload", "value": "01f7a3923f3afd42b4ff59a0e4d9add5b9ce228ca041a2614c5cef8bf6d8a665", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288104, "uuid": "ca45fd36-fa8f-4f17-8bd2-10c98322105c", "comment": "Malware payload", "value": "269415a0eff8b1e4c59ee0ba6771eb52841eb0ec", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288104, "uuid": "4e67be33-e01f-40f1-aeb3-e419ff6c12b0", "comment": "Malware payload", "value": "80e8b0f3bfd6dc8604b172da5edd9d297f5e32c0433196f4913b2491c81af8c69c2cac552fff7ef7ec5ec0abc0a07dc3", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288104, "uuid": "5790744c-917e-4e06-9296-d91d0249e4ac", "value": "T12A032A0473BC4A2BD6BF5AFD943162514BB5E726A512E78E8CD830CE14F3B808651F97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288104, "uuid": "f6aaee7d-c8da-425e-ad21-7e976c14c94a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288104, "uuid": "ec172eea-e4c7-42a4-83bd-f08e921c7d54", "value": "768:urjPZuUA8BwB2OZ1unNj3lyt4PoljltBYCRSyoi+BuIrmmHfEs9pfF:EUCYXlSqmHh9pfF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288104, "uuid": "acc12e93-ac4c-4364-8b92-68197eb04747", "value": 38912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288104, "uuid": "82b77cdd-b6ea-4dea-bd1d-11d5093dce06", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288104, "uuid": "94d4a0e3-aa1b-4275-b5f2-8773e3ee2a52", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1de9dec2-0f59-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687258592, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258592, "uuid": "0e331b02-5da4-4a8f-8cee-8526629dde25", "comment": "Malware payload (Mirai)", "value": "9b5a1678965e7c2d6cf4eb7b17d15eae", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258592, "uuid": "f4c1141d-96a5-4dfb-bc0f-305be0737aa0", "comment": "Malware payload (Mirai)", "value": "032674baac42ba7d823fb5b6257501c18b5c49c089e00c5de938dfc00b6f40c4", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258592, "uuid": "c4d75e2b-bba8-4b42-bfde-dcda08421d27", "comment": "Malware payload (Mirai)", "value": "9a99f26e3c8bca9a6f19c232547b7c3efd0473d2", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258592, "uuid": "4c5d1fd1-6018-4844-b261-a7bcaaddcc4e", "comment": "Malware payload (Mirai)", "value": "71a3a418922f8a55d0062772304a1d4c507d71f3551f29e8583c30acc814e95da1aadd6d34c89710b5fa2213da7de9bd", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258592, "uuid": "de451ffe-3c7c-4122-a66b-0be2b63629cc", "value": "T16544A62A3E21AF7FE5A9877407F38A708399759226A1D745E26CE71C5F302CD180F794", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258592, "uuid": "e345b5db-b386-432f-b81a-2ccdaf2222e2", "value": "6144:+XS+yL4m92r3l13JbOmk8rLaIYXjR1uwrfvG:Nk13JbOmk8rLaIYXjR1uwrfvG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258592, "uuid": "00ff53a4-b707-4e96-b6fb-8d5ccd433164", "value": 258695, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258592, "uuid": "3ac16aa2-eff6-4d91-a90c-b7eb75de80ec", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258592, "uuid": "5d930f34-3e92-455a-8e4d-01b15440d996", "value": "GHfjfgvj", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d1f6021-0f58-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Pikabot)", "timestamp": 1687258134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258134, "uuid": "9ef8df60-15fc-441d-a659-1858b48fdc03", "comment": "Malware payload (Pikabot)", "value": "928268e0315de9bb3576dedb309ea371", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258134, "uuid": "b4481331-3465-4e21-a35a-dfdface0b5eb", "comment": "Malware payload (Pikabot)", "value": "053ee22f7c7331ed01e2e87dff549b555d780739d8683472fd7bfa2115fd3bbd", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258134, "uuid": "f2edc3fc-c709-42de-b5dc-994fc23a3b75", "comment": "Malware payload (Pikabot)", "value": "6c431f5ea48eb98e183a13fb5b9df8d31dc7116e", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258134, "uuid": "8e1a5db1-4fdc-4ea7-a33e-9c0b94ed8378", "comment": "Malware payload (Pikabot)", "value": "b5585f9a4b32c132b13a09014426070d93687b6bd44c4c070db93be49754d600a59a0e633f6d663db2226e4ab099d4c0", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258134, "uuid": "bdd8ec59-1c35-4ffc-9d3c-64cfd23029b3", "value": "T1E7949AC10F41D99151672B27BE16D0E8F7590DE532C049AAF02C22F5EF2C598B9FAE72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258134, "uuid": "4e09b601-8715-406c-852c-bd5e8a255a1f", "value": "12288:6zv2tjuoE1y4V/gRAdoAd5gspZcjSSKVo7f1xc0K2tVD:kafAdoAd5gdSSKVk3cn2T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258134, "uuid": "b0c7a485-8f3f-4d94-80eb-0a335b937937", "value": 414929, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258134, "uuid": "9d27dcc2-e019-4d2e-be22-8b9e849db427", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258134, "uuid": "48d0be76-1071-43fa-a740-533fb72a5c49", "value": "Lvkis.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f71bf901-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241776, "uuid": "68e64179-68d8-4e55-9e43-6f5649c04c5e", "comment": "Malware payload (RedLineStealer)", "value": "1ccf78d9d15d7218979fb063a1ea55bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241776, "uuid": "ff242b11-8577-4380-8105-7051e6f6121f", "comment": "Malware payload (RedLineStealer)", "value": "056cd4d550294b978e510539d2ff730e5a5d00b7c2421c0c4e24f78d04e02921", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241776, "uuid": "f3b2eb8f-6761-4ffe-af62-9ed8c6722ad6", "comment": "Malware payload (RedLineStealer)", "value": "284b5052e57469998f7e6866e95ef761a166dcce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241776, "uuid": "1d8fa6f2-d52b-4731-a604-4c315f2549db", "comment": "Malware payload (RedLineStealer)", "value": "328fb16eff03f578616c37d5764da3c347565645a0e83c0e3df636b1d5ffe005103b6f68033f34d40e9b0a47d6b1b523", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241776, "uuid": "2a1ca7f3-7f88-4e97-8395-395ebee74b7c", "value": "T197F41240B8C4A234DE3604326C597996AD6CF8A08F60DD6F3E54331E4BB5AE0F5F562E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241776, "uuid": "2bc00c83-8a41-4e76-b37c-d6f71a11d58a", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241776, "uuid": "aec905a0-a30b-4c48-bec5-646d29cffe13", "value": "12288:dLs4GR3v7fWlu+T/1WwSD/6w6sWdMlcoxJxPYrdMQeqJZjjgnW4EZhr5Y:mRf7fIunD4ZM2oxJxlTTWrZg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241776, "uuid": "e984f923-1d67-4236-89b5-71154736d2ed", "value": 759808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241776, "uuid": "0b1ebee8-6df8-4319-8fb7-0695155702f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241776, "uuid": "1f34328c-e746-4457-a535-56bb0df60114", "value": "1ccf78d9d15d7218979fb063a1ea55bf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c877362-0f64-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687263395, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263395, "uuid": "75743c06-52da-4602-bed0-3863d92592eb", "comment": "Malware payload (RedLineStealer)", "value": "48031cd88fb41802c2505675e4e43163", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263395, "uuid": "e01e38c1-8959-4edc-889f-1dd0d891d7c4", "comment": "Malware payload (RedLineStealer)", "value": "06644e05bdf6c3cf8d8a436a9c0fd6e8957d9ef5f2e156205423cc128cf83cc1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263395, "uuid": "098b0e64-9de5-4a11-82eb-a1a147147512", "comment": "Malware payload (RedLineStealer)", "value": "ed2fb2defcf347a0cf031542c8bc7a8b8e003c0e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263395, "uuid": "7e2a2438-e01d-4f21-b7fa-563601e06242", "comment": "Malware payload (RedLineStealer)", "value": "40a292e3a97c49160c4f542f044a89e74878eeedc2f4bef46a692e4f368c3e4475aaf7c21f51af2e304acdaebcb0dbed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263395, "uuid": "e6a29cfb-c940-48a1-bdcf-bc2bc771fe2a", "value": "T192E41280B4C8B134ED720531AC6A7A427E7DF8908E74DC9F3F68271E4AB15E079E561E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263395, "uuid": "046c7bc6-e451-4fe7-ba1e-aa7ea35367d6", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263395, "uuid": "f9ce2a75-48ac-42f6-b242-2e77f760bf47", "value": "12288:JyRnkRDv7fWlu+T/y3aFUUG9ZUTy/I2YTwQCwV5dNcpUlwil:JjRL7fIu9KFCiyg2jcVfQ6l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687263395, "uuid": "6e15050d-4ecf-4f2d-97a5-21cd3326a28e", "value": 718848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687263395, "uuid": "f73ea306-0604-433d-bf24-ef2b73332541", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263395, "uuid": "716348bd-165c-41d9-9a9d-010fd2b390a1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a35331c0-0f54-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687256668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256668, "uuid": "ea9324b7-37b8-4bc1-8cd0-d1c455882a1d", "comment": "Malware payload (Mirai)", "value": "4e1fb4af056cdbea31a16523e1b24cfa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256668, "uuid": "2bdb0ca4-c748-4aa4-8607-99672fba3812", "comment": "Malware payload (Mirai)", "value": "0677ae262d4c0088915139286bd17e7fdc266ac42b663fe778c8ddc13541217c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256668, "uuid": "56661b68-6869-4945-b07d-f1832bef0686", "comment": "Malware payload (Mirai)", "value": "e13232e8aeec4e0c195153b31d245f3ac908e751", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256668, "uuid": "79425218-eb66-47cf-af36-502bcb384cbe", "comment": "Malware payload (Mirai)", "value": "80dae665be29fdaba8b5e82c09d7fd269012f360c2a2c2e744f926f6e6dc44f620961e572c3b9deca788075666a0c171", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256668, "uuid": "e93e3f98-6578-4c97-8388-ed11deb7e6d4", "value": "T184E339D7F800DDF9F80AE33A48130905B130BB9255921B3762A7797BED3A1981977E87", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256668, "uuid": "3ef836bb-883c-45a1-bd8c-5c90c6b044cc", "value": "3072:qisqlenLdR+TptPXj60Jup7Gu6VrjbihLqqHWy3Ubj:r8SPjBJUGubLqVy3ej", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256668, "uuid": "b40156a2-538c-40c3-ae6f-5d1a5e175057", "value": 154784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256668, "uuid": "b05b7ddf-b14d-48f9-b7cd-7332cb1b5ac7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256668, "uuid": "fa748fd3-87f6-4a40-89bc-84a74e71c191", "value": "4e1fb4af056cdbea31a16523e1b24cfa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17b95f0f-0f8e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687281345, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281345, "uuid": "a4bab906-9808-40f3-b1e0-f1a4056f8fd6", "comment": "Malware payload", "value": "537e63666c03b32057af5ff05ad1949d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281345, "uuid": "4c0f0b53-bebd-457d-88d6-b63843290b93", "comment": "Malware payload", "value": "067c0acf256bd3849d7a6a1dfe6b39f79c467d4ff8467a85ae863e3742877c31", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281345, "uuid": "a26c7f05-6b1f-4d19-b376-2ef0fefa7cbf", "comment": "Malware payload", "value": "b00338be2a1601d69eda7fedcb60ca2b5a490c7e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281345, "uuid": "0d728f28-3083-40a6-b63c-d7eb21d57934", "comment": "Malware payload", "value": "9494c416d2f3bcf68e36db6105bbf23441b6c472286a9fc376527e19ecca1b1d9ee7280a52cbb34a93890ce0d1d9187d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281345, "uuid": "e60334e6-863a-41a9-8aef-3a76823e089a", "value": "T12574231A5F05A8BBE90660FC4B33463D70F5DFB86F04A6E4A51BB47AE3365B0702D1A1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281345, "uuid": "2d05862a-f711-41b8-b339-db9041658903", "value": "bbff9a3f8f0ff7ca14338c6669c9a1c4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281345, "uuid": "370a690a-62a0-4f12-ba45-6242c8348eb9", "value": "6144:cJ7hfqH0WUTL0n8oGmXlUFzvUZPoRGc53/hgaWJ+MKvb:cJ7hw0jTC85FEoRGc5Zga+P6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687281345, "uuid": "9d57dc99-6599-4fb5-8350-42cf6e342db5", "value": 340992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687281345, "uuid": "1acafdf3-01a5-44f8-bbd8-a7aceb9f8573", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281345, "uuid": "3648cd5f-3b13-40ef-bce5-c91f15a86ed3", "value": "\u5168\u81ea\u52a8\u8d22\u52a1\u62a5\u8868\u5206\u6790\u8f6f\u4ef6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf752f03-0f8d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687281197, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281197, "uuid": "8321b57e-a8ed-487a-9c9e-4bed68efbb52", "comment": "Malware payload", "value": "729cd6b32e49c26dfde4c762722fcdbc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281197, "uuid": "98ba3f05-a620-44f5-a4a6-95eee906925a", "comment": "Malware payload", "value": "06a7ae92792a9dc04b35592202c2465ab51e81f4ec3bb0edc18c6c3d74867763", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281197, "uuid": "45c978ec-7efe-425e-9d7e-d862e57b90d9", "comment": "Malware payload", "value": "65170769960c20d6b2e688e181ea9589959f49be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281197, "uuid": "330dbfed-1295-4752-8be1-c0d4627a4ffa", "comment": "Malware payload", "value": "f4cf7235283adb8ec547dddfe4fcd29e5b805076c2432377e36a2c6daade824a802efac25446a567a6e74541ffda185a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281197, "uuid": "d9d98936-19c1-4ba9-aee6-cf3b19d2545c", "value": "T14225D063A1B20833D167D93C8D0B8BA46F59BD30192C6849A7E67D8CEF3B1C67416397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281197, "uuid": "d970c790-ae03-4480-9f0c-a9596eaf16d9", "value": "1cbcb4b65955c8d081a194028529bada", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281197, "uuid": "72af86a1-6e21-49fe-b74c-93c8c0c62454", "value": "12288:a3zVPhzWUzASXFle5g4Rhxo77LovTJ7bCy8bkXk8oH40qmjUushoLGyfZo2:aDrW6G2PnQd7Oy8eOVnYWo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687281197, "uuid": "09ace6f6-2c9e-4ba0-bb32-83af651d7646", "value": 1014272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687281197, "uuid": "edb001a0-b3f9-42d7-9d83-d987378650f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281197, "uuid": "a53fbb09-01f6-4314-8f37-056cf5e7db94", "value": "Yeni sifaris.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3d3e0dc-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240858, "uuid": "9c888d65-1da4-4607-84aa-424b676031b7", "comment": "Malware payload (Amadey)", "value": "472a36fd1048ed4de9b92a6695ae68eb", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240858, "uuid": "5bac6f46-7580-4435-8ad8-f174bbf7d6f1", "comment": "Malware payload (Amadey)", "value": "06c4bf5848c9e2eae64571f5e8ec48af153ebb732e34b677efd2de9ae25d05ac", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240858, "uuid": "a775dfc9-a077-4261-a482-71233158f889", "comment": "Malware payload (Amadey)", "value": "99e886cfd37278a1e66daf81d0568f0f13d6c835", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240858, "uuid": "8028822f-bfd8-45f4-97a9-50328cb7b3dc", "comment": "Malware payload (Amadey)", "value": "a4b2e2ada1377e90985f6a5a137bdf6108ac328b8980d8a181f6b98d8474d5852bf05ffc52674cf873643751fa0ca425", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240858, "uuid": "830b8230-f7f8-4b5f-b77b-e0d9a390f070", "value": "T133E41240F4C4B030DC311632686ABA527DBDF8A48F649CAF3B54331E8B355E1B9B566E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240858, "uuid": "5e3da641-b358-4b4e-ba65-bc4a77806cd2", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240858, "uuid": "d10f3b7f-bc52-4e11-9df3-ccf2088ace95", "value": "12288:qDMH4RJv7fWlu+T/9PsEBAzeAfvfqkKGlEy+fwW/HAm8YUWnE6:qxR17fIupE4/PqkbZdW/HN8Yj7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240858, "uuid": "c84e6de9-bbbb-47dc-a06b-8a19bce4c9a9", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240858, "uuid": "57524568-af2d-4b8f-b91d-81bb205efc62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240858, "uuid": "4fd8a00a-47f6-446e-9620-405f8a13bb2b", "value": "472a36fd1048ed4de9b92a6695ae68eb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "faf124ef-0f3f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687247796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247796, "uuid": "13ec044d-8b9c-45ae-b730-87bf909efa28", "comment": "Malware payload (AgentTesla)", "value": "4b3f25766a8d9fcb915698bca36868ed", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247796, "uuid": "fbc4f007-6aca-4e7c-ba73-11cc0a0796ad", "comment": "Malware payload (AgentTesla)", "value": "06c668a12f631e181de8c7e2d1cf6b018e6e02bc0bb3eb136799b60cea0f906d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247796, "uuid": "0a7e328a-5ab6-4087-ad89-7dd1c072603e", "comment": "Malware payload (AgentTesla)", "value": "10f02e72f2bf52dff483d59327c4af55b44231ff", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247796, "uuid": "683709d9-89d7-4569-a5a1-a1b1b518a354", "comment": "Malware payload (AgentTesla)", "value": "57d2252a44a299dabee0d094f8e781ba58e336b30a8ead74b77e60b4069edf8b7b7af69744a4a162afd8b67592f35eb6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247796, "uuid": "a8a57553-23b1-4428-9404-9d0e0777a53f", "value": "T126E4237C7363D2F6847110B5DCE2A02B4BC553CC99F829B0BB5BB23ED9DF85A2095681", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247796, "uuid": "626251fa-3fee-4cfa-bbcc-0b03c894f7c8", "value": "12288:YFNlbVHwJTZbI2haMyfhSgmQsPU7vvvhCBm3Ict4JAVD4qp+FD:AYk2le8NFeCm3I01VD+FD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687247796, "uuid": "68005ff0-5c84-4019-8acc-73bcc3bb6030", "value": 660909, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687247796, "uuid": "96a2ef38-e31f-475d-956e-d4e9b11ef65b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247796, "uuid": "d65e44af-7c39-468d-a082-5b6e422ba63b", "value": "paymentcopy.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be97a41a-0fa4-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687291074, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291074, "uuid": "4f212c20-ac4e-46c5-91e2-edd6ae76158f", "comment": "Malware payload", "value": "6ed2786e0f7672c758dc16c9d80ced5c", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291074, "uuid": "ac276986-2f03-4389-8161-57cd912e08f9", "comment": "Malware payload", "value": "080981eb2018eea58c82f2948ecee0026b70aab2d84cde58e556c12ada7405db", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291074, "uuid": "f29d83f0-d1e5-4bbc-9b7b-6943ea8f81ef", "comment": "Malware payload", "value": "05cd7b91390b47e397c22ca3992ada79f6dba257", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291074, "uuid": "8969111f-886e-4fa3-8343-5a20b65d68df", "comment": "Malware payload", "value": "6e2aed128f361bb87c175370e9d3fb807715ab4608f2cf3a4fa27c7408365c38c2abff47ee59a30359ba83f61cdfe95e", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687291074, "uuid": "a9108402-13d0-4fde-9b36-7b9946b78744", "value": "T1ABF50191B3EA1217F5F3CE3996B542A51A6AFCA56A22D71F0108761C0C7BBC08F50FD6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687291074, "uuid": "cdbbd8c1-332f-4dac-b252-1222e6802b59", "value": "98304:gMDSEWcVUJvgrTtfuW8N63BWqKzCPhaST:gVSUJvMRf2aWqBw8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687291074, "uuid": "30818fa4-1596-4dae-9468-2d9fe1a61904", "value": 3451633, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687291074, "uuid": "af46cacc-73ff-4e29-b21e-8e0d8656f0f8", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687291074, "uuid": "40ce64e6-25b4-42d9-b536-22d76eff7b4d", "value": "080981EB2018EEA58C82F2948ECEE0026B70AAB2D84CDE58E556C12ADA7405DB.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2de12288-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload (PrivateLoader)", "timestamp": 1687241868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241868, "uuid": "7e6a027d-60ff-4c2e-b48f-d302c0dca0ca", "comment": "Malware payload (PrivateLoader)", "value": "0a2070a4d22a881523c04982b3e281e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241868, "uuid": "c76a38b7-930e-4f4c-bef1-48ed2cfab3b5", "comment": "Malware payload (PrivateLoader)", "value": "08bbc669e529747d63a7b105e955034cc8f6af9665474865517340cdcad24e01", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241868, "uuid": "94f27af0-0f90-43ee-8842-ce164ea29549", "comment": "Malware payload (PrivateLoader)", "value": "ad606b384c34f1e7760cc96b8fc968ef1a76246b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241868, "uuid": "417c9b8d-1f51-4445-a477-2b71c3876a54", "comment": "Malware payload (PrivateLoader)", "value": "754bc11e46e6d36edf9e6a6546b5127f55c66a637c4d9e7e6ea9e1e54ab13ea67800d641d2faf05d948fb58ddd554ae5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241868, "uuid": "a316642a-7159-4ab0-bd12-20cc316f2d47", "value": "T1A596232271A16591C8B4CA35C937FEB1BB752E7E8A05183474CDBEC73F7A491920B983", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241868, "uuid": "7200dd51-9f04-41cc-91fe-f9f8e61a266f", "value": "00143c7843a6bccd9702bb42aef6cd34", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241868, "uuid": "9fff1d93-1020-40f5-9d77-506da6ec95f5", "value": "196608:X5dKiBA6piP3Vy24Gd2Bpv59uo47/tKAm4OUSGx2fR7OCh7t3PzHLZY3mkVk1:JS13N4/Tv+o47FasM3h7x71Kmd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241868, "uuid": "a282649c-214b-4d60-a6ce-9edc564ff4c4", "value": 8653312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241868, "uuid": "170f15ea-1c14-4251-a1d8-454aff57885a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241868, "uuid": "7f2698c4-354d-4665-b783-5cad5dbab38c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "968e4ab3-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241185, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241185, "uuid": "58e3cdd0-0048-4288-b836-dd3eedd5cfdb", "comment": "Malware payload (Amadey)", "value": "6aec826518959d4af9795f029932c8bd", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241185, "uuid": "fe969131-3e48-47f7-96f9-88ad8b0fb707", "comment": "Malware payload (Amadey)", "value": "0a8c1fd00d29b7a2ce3f140c62862991c423657944a3a0d846c8ead04c23537b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241185, "uuid": "c3f482cd-4fa8-4b24-a66b-1d2716b3a10a", "comment": "Malware payload (Amadey)", "value": "39956932308c2896ae41cc2a236d0f5d7d778fa5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241185, "uuid": "0c397fde-dc6f-4da2-b872-4d3f6a682bc1", "comment": "Malware payload (Amadey)", "value": "c6581a8c1becb4aacfa430e6416283411cbe8e85aab8ae66cb4a1b4a755eb4492cdcb5b2d568c0f788c998b07cc1e6e8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241185, "uuid": "e17f0787-8edd-4f70-acf1-917edfede802", "value": "T171E41242B4D9B034DA314631AC69B6837C9DF4A14F21CDAF3B94370E8A725E1B9F452E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241185, "uuid": "5c31723c-43e7-4a63-8fbe-ed6696189544", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241185, "uuid": "34133b9c-8ee5-4aa0-939e-eade96531b0b", "value": "12288:nBrh4X5nOgt6RL/IYvpgx/RjEID1ddCyGdL0KOHMN/X2x9Rfv7fWlu+T/hstb65k:nBrh4X5nOgt6RL/IYvpgx/RjEID1ddCn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241185, "uuid": "03818878-d519-4325-8eb9-9469902930c5", "value": 719872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241185, "uuid": "792d9145-9389-4499-a6df-cf01643cbc44", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241185, "uuid": "b240b0f9-ac4b-4192-af12-6cba862c737d", "value": "6aec826518959d4af9795f029932c8bd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4375240-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1687243812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243812, "uuid": "449af1b3-b9d5-4098-a397-77e10729d37d", "comment": "Malware payload (Fabookie)", "value": "06858351cc907e62cfc275f69256d288", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243812, "uuid": "0fa3b99b-13d2-418e-b4ca-5e1c627e6a3a", "comment": "Malware payload (Fabookie)", "value": "0bc3689575acffde20abb2ff8db97b9698b07fc0e2f64a04ef10dea26fe64d87", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243812, "uuid": "566c652a-c519-4ec3-a538-e070c4d6f800", "comment": "Malware payload (Fabookie)", "value": "e7289ed8dfdc207ac0ca69d7c00ec52af1c987c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243812, "uuid": "6337e0e5-4d3e-43c0-8c20-29285d2f8240", "comment": "Malware payload (Fabookie)", "value": "67d54a86ce13e49c680acdf7b17a2bd8dadd54d1839e940934ce27dc3bb7ee977923b65cfbab8c0a3bf1ff47067ab6ea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243812, "uuid": "0abae025-fe3a-4937-bad7-b1f11569b93c", "value": "T1B526CE7416ECF853E1C9C8717770B7F3B827331AF4398D99692AB26A1F861D07C4129A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243812, "uuid": "036f3ef3-cd57-4fa2-b229-a6bdfcc53dca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243812, "uuid": "d2474429-b709-4045-9b99-8b5dd9e9f9e0", "value": "98304:3IcB4UYTkq4tLHZyxogYXKfyKoPSnucrUQ31mXe9:4kPvtFyxPW2oqucrUQlMe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243812, "uuid": "c445364b-f9f6-432e-85aa-e7acc3630eef", "value": 4531200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243812, "uuid": "33abf9c5-16ba-4339-8a21-ff2c90507238", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243812, "uuid": "d831b2ca-ec04-486d-9f9a-30a21d3c0f5e", "value": "06858351cc907e62cfc275f69256d288.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0d2dac1-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687288125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288125, "uuid": "a58c432e-abc1-4560-9411-3871cef6c7b2", "comment": "Malware payload", "value": "211a06e9ae68ced1234252a48696431b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288125, "uuid": "c711f8bc-5e65-4425-8520-3c5e1f7d618e", "comment": "Malware payload", "value": "0bdca9c84103454e329cfde4e69dc41a0ec0196c078c8fc195b0fa739d2f905d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288125, "uuid": "65d3ce43-78a4-479e-be15-886f40b47e24", "comment": "Malware payload", "value": "69950e2ee2fafd177d1a295836713bfd8d18df9c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288125, "uuid": "a145443a-9abe-4497-93a3-e43b55404785", "comment": "Malware payload", "value": "d04ea542c58a0f48d38d8488f5300e42d312260b5ed61d711b1b4bd6fd9983831854f207344c58286351502c03a7960f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288125, "uuid": "74c1c364-5d4d-4142-9f85-7b20993e4c21", "value": "T1DD048C113D90C433D857D8B498E9C6B9EE3DB8325B6151C37BC9872E4F256F2A63C24A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288125, "uuid": "9d5b34b9-0e1c-4748-a0fe-267970a681ca", "value": "b08b8f2c51a828d36a7944c4db6dcc00", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288125, "uuid": "8217c0e4-ebeb-41ef-b643-a15634cea6e6", "value": "3072:UAM944odGTs7L0CQOfyn28GWR9sx4WRm6nxw:UAM944MbL0Cno2bQJQmZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288125, "uuid": "41c48f65-d673-478b-abeb-18f4022302ec", "value": 180544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288125, "uuid": "cd3d42be-a257-4b51-b797-6a60bc84b380", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288125, "uuid": "1f5e67d3-5ae1-4f0d-98b3-288283670967", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89d7753a-0f3e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687247177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247177, "uuid": "71116b16-453d-4a7c-a8d2-ae4a641449b0", "comment": "Malware payload (Amadey)", "value": "63cf2b2b8307eb7944f2d8da13f89d22", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247177, "uuid": "4e84179b-d5b9-478d-8685-e778fa9a377d", "comment": "Malware payload (Amadey)", "value": "0d36c927de9511ab07012226e89fc7881466995ecf177d53978dcdb0992d6f59", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247177, "uuid": "479eb490-04f3-4023-9bf8-811dc9d5fe62", "comment": "Malware payload (Amadey)", "value": "cf72f5e74d8817278e9b9d5042c74c6d983e004a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247177, "uuid": "084cbb34-8b44-4673-ab41-4dba82bfdcec", "comment": "Malware payload (Amadey)", "value": "d72437242e17685d075c6f9dcf36dfe406867c0c3dbc458186e52a32601d3996e9801013c29c1f4ccd8acb234baec702", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247177, "uuid": "0d10bd4e-489b-4dc1-9072-ea31b8c8f199", "value": "T187F41250B8C4B238D8221231AC1E7993ADBCF4558E74C9DF3FA4332E46B25E174E566E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247177, "uuid": "5e22f051-fa7e-45e2-a7d1-1b1d9a406ccf", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247177, "uuid": "08e7ac38-5523-495c-91f5-03eff703542f", "value": "12288:KxoBDFRcv7fWlu+T/lF7s+2f3H27QmABdwPTMETTKrGmJ/UrrzH6PbZEj:K+RY7fIuaH2EvAqTL7fH6Pbqj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687247177, "uuid": "87aafa16-b7c6-4e44-af26-323d867e9418", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687247177, "uuid": "698c81e6-259d-476f-b0b7-765ddcac7eb0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247177, "uuid": "3feb95a2-1d98-4d91-869b-588f98bd56d6", "value": "63cf2b2b8307eb7944f2d8da13f89d22.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3b670a3-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687243784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243784, "uuid": "74d16cdc-faf7-43d9-9693-4a929a15da4c", "comment": "Malware payload (AgentTesla)", "value": "f0ea882b05f763307b1c230b0d15aa98", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243784, "uuid": "6b73f686-8f11-4d7a-9f16-ff5537a47c89", "comment": "Malware payload (AgentTesla)", "value": "0d49707dd3dc7f33643c03ec81f9dc60fdacb43d47a577f3a80eb6ffd2851254", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243784, "uuid": "fe454731-c089-4404-a01e-78d17731f0ee", "comment": "Malware payload (AgentTesla)", "value": "a0051a2d1e38e6fd3968c17234d80b87b1a64534", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243784, "uuid": "9b23b8f3-67d5-458b-aecd-346c339e951b", "comment": "Malware payload (AgentTesla)", "value": "6e2fb467c9107df333e2b4d2445e9e518370c81d52eff40a10e9cbc537afab5f2c5eb81fe8ed134c87c448fc6e3b82aa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243784, "uuid": "ef07b79e-0fce-4e4c-aa52-8322e17d3c42", "value": "T149F4125C4AE8920ED67727389B94BBB8133FE7427A27D72B6CA0B0D76C057150B51336", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243784, "uuid": "a408f845-6820-4511-bd1b-eee291ee7a00", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243784, "uuid": "d5186e00-8faa-46e1-ac98-38b1a0101c85", "value": "12288:DVbzdsP1v5n2bZu5fZUkPDYtVVFJ4z9DkoXuJ5WiEbyUKCpQtYq7J3At5iHOq+Zs:DFG72bgn0xFJ4agIWiEOUDoYqtm8OqKg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243784, "uuid": "6fdf5b2a-9ac4-4c23-8005-ef5b68259031", "value": 769536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243784, "uuid": "df250804-937a-4ed0-b6e0-3cc6cf161810", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243784, "uuid": "3c374693-fbce-49af-b49d-6c6b85b941fd", "value": "f0ea882b05f763307b1c230b0d15aa98.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a167a431-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242492, "uuid": "616a4f40-b057-4ace-b6dd-c478085adc81", "comment": "Malware payload (AgentTesla)", "value": "b887da60188b2386090a37cc6e15566d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242492, "uuid": "26b3596b-03c7-4b7b-b27b-8cb3713845d7", "comment": "Malware payload (AgentTesla)", "value": "0deabb80746cb8ebdec5671801426c6b2dd5862398ff79d3db94bb8a95a3a459", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242492, "uuid": "d01d745b-6838-494e-9bb3-c2126c4fe1ae", "comment": "Malware payload (AgentTesla)", "value": "f67aba8fb305f7270f36fe8a240a593e6a471528", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242492, "uuid": "d36b3edc-cf59-4b20-a8ec-8eed48a0f808", "comment": "Malware payload (AgentTesla)", "value": "ce74fde78cfc738358ff93e3e55ca6aa095a238646da75d812b2ed90944e0f9be84ae561ba1bd0fd8c3c7f3a565eea7d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242492, "uuid": "7e15439c-f341-4b62-bbd1-2c71e253c722", "value": "T15015E0243A780F57E07D97F84151A63117BA6A6A783EE7584EC3F0DB2A52F410E91F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242492, "uuid": "45347293-d6b1-45be-ae39-ccc46053cfb2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242492, "uuid": "dc206566-c946-43d2-b19d-871021d0f3bf", "value": "12288:XNcuuqYtYq7J3At5iHOq+ZQO4bex50OZ2GFS8OFzr4e1Jsrz8YC0Kz2XZys75X9x:VQYqtm8OqKo8jONke1JsPC0x/75X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242492, "uuid": "ac52db54-6c18-48c1-af5f-53a94d06a389", "value": 887808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242492, "uuid": "7736008c-82ae-45ca-86e9-4a3bb0324625", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242492, "uuid": "8ee17d3f-0f41-4948-9100-cd11fc679d97", "value": "YOU2KHStqbMOqKH.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d07e83a-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687267744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267744, "uuid": "c50ce5cd-1fb7-4907-b3db-48a78781a5f7", "comment": "Malware payload", "value": "e2b8d2a775e85d9ea950861d2d7692ec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267744, "uuid": "8ae5522e-3054-4837-afaa-2db3e1bfc25f", "comment": "Malware payload", "value": "0e06219d0cb6cace5001252d99fbde1983cf7a1c1997e4fc5c01462928fac686", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267744, "uuid": "7b47c9f7-1e91-415b-8262-8fcc182615f4", "comment": "Malware payload", "value": "3c61551c1334a3ae150ecf49459d6aabdbff48ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267744, "uuid": "51f95e90-8aef-4f90-9f64-a947ab6abb9c", "comment": "Malware payload", "value": "86fd3f96dca19c5da18422f8ab64dfa89e1ab9568585e913e64110cfb911125973e542f7ae05cf076e485db84513a190", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267744, "uuid": "175be941-1253-4fa1-b7e0-eaef90d4e1ea", "value": "T1FEF38D213FDAC0B1E2A22135CD1296714E2BFC654EB199876AC23E793F645C3CA29375", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267744, "uuid": "d82ff91e-5251-488e-af0e-516cdf34a4b8", "value": "a56b7638f62034c14f93fb8fe135de1c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267744, "uuid": "5814b3ae-cf00-454c-8393-3b113dff11d6", "value": "3072:b728BXmfDxHONW/e18CFjLZTyZr+ICxg:bbBXmdOAGNFpTyz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267744, "uuid": "f3ecaac8-5142-4e34-8f7f-9241ef98571b", "value": 164352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267744, "uuid": "1ce15547-276a-485e-85f4-20254874dbd7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267744, "uuid": "f7c43310-3cb8-44ab-8f2c-839781fdc34c", "value": "0e06219d0cb6cace5001252d99fbde1983cf7a1c1997e4fc5c01462928fac686.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0577bc83-0f87-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RecordBreaker)", "timestamp": 1687278308, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278308, "uuid": "ff842a89-de26-4ac9-8c80-878e1a616234", "comment": "Malware payload (RecordBreaker)", "value": "ecfdfac16c6e998cf3407e58a702889a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278308, "uuid": "e98037e8-2398-4d90-9816-cf59aea60a67", "comment": "Malware payload (RecordBreaker)", "value": "0e4ab34f1a096c6157d10a7844a590044b94f67e6fa62f4ef577775c9da60cb8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278308, "uuid": "68a200e7-2f4f-430d-bfb8-29207dc1d9b1", "comment": "Malware payload (RecordBreaker)", "value": "f27f78acc427e15f0afac01aa360481f9c55ca04", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278308, "uuid": "e876301d-3e73-40ae-9a60-cf6102526fde", "comment": "Malware payload (RecordBreaker)", "value": "364f1c1cbe693a30fa2a9c86c4be170516cd2df86e17c2fd0a7b67fec939b4e66158f8209fccbcd303047f49f18e1972", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278308, "uuid": "6bacfda8-a80b-475e-967e-c36fbb8768c1", "value": "T10664D60382A13D85E9AA8F739F1FC3E8760FF2508F497B65121CAA5F24B4172D16B716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278308, "uuid": "bdbde622-c8af-4420-a7ee-4868b664f1a9", "value": "2e2bff69e94ccbf1f33f60d20c98521f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278308, "uuid": "f6e1e9d7-db6f-4326-ab88-69fe2a1f5e3b", "value": "6144:On4OQXIP4pt0sJ8TKAUrYmsQVZj93dVWgR:O4OUD2629UcmsQPjF3L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687278308, "uuid": "9a00fc19-7087-4af4-a3c3-c655875b812b", "value": 320000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687278308, "uuid": "d8c89993-38c9-49ce-ad9b-5f958be81073", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278308, "uuid": "dd986db6-0692-450e-a9e2-e8bf420806bf", "value": "ecfdfac16c6e998cf3407e58a702889a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0914bb5-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687242490, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242490, "uuid": "0efd31a1-17cd-4ede-98de-775e77becc71", "comment": "Malware payload (Mirai)", "value": "ddcae0acf4f27bd3caf437fc4ddbc468", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242490, "uuid": "cb398def-c7b7-47ae-98cc-61fbe8db3637", "comment": "Malware payload (Mirai)", "value": "0e9b8a1ea5e0cc0ef661538eb38da51605ea458a4f6dcbec1d8cf0384c004fb1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242490, "uuid": "86ebb0ac-6e34-4ec6-84b6-4096d1158ee0", "comment": "Malware payload (Mirai)", "value": "8e4df98800d7ec1273bc37c832422b5d3ce20f67", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242490, "uuid": "f49bdbc7-91c0-4ecb-a511-504fbf616ce7", "comment": "Malware payload (Mirai)", "value": "ac931650f2040fbb9ae49524026355a3df0e9b1a5a05f40309381d5104de515f8a206943246f285451ece46d37aecf72", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242490, "uuid": "8e6fedb3-f58f-47a1-8705-9a842d3b331e", "value": "T137A2D181E5996294F04CC0B91FEFF49FA528D159A14682EE29E0B20F49BDF7078BC7D1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242490, "uuid": "277908f7-11b3-4c5c-a6b9-57b61c3afa4a", "value": "384:MSG4IvJumBORz9kGmcBGdmrgjq/S1bXePrDyfg0VANaNJawcudoD7UWDQRj57h:9gMmBixkiGm/S1bgyfTxnbcuyD7UyQRX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242490, "uuid": "9d7fb27d-47d5-427f-928d-4e7718294323", "value": 21608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242490, "uuid": "cbd12346-d21c-4a7e-8b59-360502c3f5ce", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242490, "uuid": "aec3b731-f26f-4747-8f97-d9210e8f7ef6", "value": "ddcae0acf4f27bd3caf437fc4ddbc468", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4e69843-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240860, "uuid": "c688d0b0-564e-4223-a87e-83d4d9f4cee1", "comment": "Malware payload (Amadey)", "value": "47a8e840997d3799dc7e5495c816811b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240860, "uuid": "7347499a-ea1d-4b4c-a5da-5a7576d64911", "comment": "Malware payload (Amadey)", "value": "0ea396424e379688468bb3792c7511cbbd67c88274a3290c0042ab5681218fac", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240860, "uuid": "ce6b0d3d-91d1-450b-8255-b411cc35a75c", "comment": "Malware payload (Amadey)", "value": "fcf1178ac2e8b67cbaa9926cc5cef5ec5d7f0ad8", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240860, "uuid": "32fa40b2-2c01-424a-ae7e-f9d787aa9956", "comment": "Malware payload (Amadey)", "value": "434cd4f1d9283a8289b63da74c112168cdd0fbb2996d449b2d72b7a2dc1e7b3c3344ba1a678d2a2bddc8df4ca74ff2e9", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240860, "uuid": "72e80a69-292c-4f71-9b84-3098eb95e08d", "value": "T12A051213E6D49027F8B62B7018F703430E377DA18AB9439B1789AD5A1D726C4E87277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240860, "uuid": "dcff4bfb-282c-49bc-af54-73961ad340a7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240860, "uuid": "40dc1ba1-3d7b-4666-a1c0-c6b233101d46", "value": "12288:1MrYy90Dsa7Upqpk1JR+QAt3wsMmHFFGM1TNNCSGHCpbAgvYbscIkZG:Jy1dSIRNmFFNg1HCpbVYba", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240860, "uuid": "94a10662-9291-492f-9a64-d0fa3f74d550", "value": 825856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240860, "uuid": "b351683f-ec06-4a3a-a30b-f5d6c3bf1bfd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240860, "uuid": "4839a673-b255-4b1d-af52-1c6233e77f67", "value": "47a8e840997d3799dc7e5495c816811b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef3c9543-0f4d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687253789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253789, "uuid": "d080de53-4a7b-4acb-a3bf-94eb5d24ef3e", "comment": "Malware payload (Gafgyt)", "value": "3758a06f822636b94bb57628a66ee8f1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253789, "uuid": "01cb2439-bd2a-430e-985d-c86d9e1906cf", "comment": "Malware payload (Gafgyt)", "value": "0fb9f842aade254597cac14316c7b53d39cd47ad5a6ec22b12389a21a404ed08", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253789, "uuid": "ece54cc2-fb8b-4fa5-9b3e-584be15d2167", "comment": "Malware payload (Gafgyt)", "value": "017791251a549e8c12fec579d3ecca790f447cc7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253789, "uuid": "9d0936c9-ba16-437f-a576-9b33607bae13", "comment": "Malware payload (Gafgyt)", "value": "4a459df288784b4c3b739cbf98444ab0885a8bdc2b0e7aa87dcafc5de5957a3a999f6dff70a299562999e6fd4d933bc1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253789, "uuid": "e7d2bbda-8084-4e16-a175-d5c04cab5ec1", "value": "T10AD31905F460875BC2D217BAB68A425D37231F7893CB33256A34BEB42FE1B981E79531", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253789, "uuid": "619a93d5-eacd-4ffd-a513-7d17ec6a6d08", "value": "3072:Sdf+fvEqa9FazYA7IboRhae391CErktmCQA9FX9aH:ifWEqa9FaNhae3DrktmCQA9Z9aH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253789, "uuid": "cdbef686-f2fd-498b-b02f-50c5a34b3e9d", "value": 139585, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253789, "uuid": "668c8f3c-a3ce-4352-9aa9-befa230a9043", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253789, "uuid": "f0f04bfd-c158-4b72-90ef-21710cecbac6", "value": "3758a06f822636b94bb57628a66ee8f1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b27326df-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687241232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241232, "uuid": "cb472cb1-6a59-4ef4-86f9-97827b3de320", "comment": "Malware payload (GCleaner)", "value": "3f99dbb6d510a5d017059881212a61f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241232, "uuid": "9320a0e4-eb3c-4d78-bd25-cb4d31fdd462", "comment": "Malware payload (GCleaner)", "value": "10edfa4412d628cdc545e44580f8be59cce735221e16a276db3adf4d3249efa8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241232, "uuid": "548b7daf-bb75-4802-81cc-a27b6aef27cf", "comment": "Malware payload (GCleaner)", "value": "fe2afe5951099e57119b70077b91b1d7fc9ce870", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241232, "uuid": "8e6d83ed-53d9-4d33-9d5d-4b39a0c9d97f", "comment": "Malware payload (GCleaner)", "value": "ebe6777ab83c94b578b02aab8058883941b024db57df350b48da06ab5eaeaac989a3b53b4a4a887a1fb3d951cf92e7c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241232, "uuid": "2f7cb202-672e-4a20-ab98-160c2e5b3bc5", "value": "T1F6C523525BBCD800C0ED88F5FFE133C8B234A5142EE662EA58AB5E3BF49555D2E3B510", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241232, "uuid": "4ec46151-768c-47ba-9d7f-62222aa673ba", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241232, "uuid": "6b29e2e7-6646-4c51-aa2c-1ff350032ef3", "value": "49152:2GagpqQCeJMlR+pT1IwJ2zyQTcQNp1A84/1iRg1nm9rFkJwuqh6JyN1vyDl16752:fagfYMhzJbacQlQco+F+vqh6kN16DlIg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241232, "uuid": "1e540641-6ef8-4f2b-bbe4-4c8f68d89482", "value": 2736090, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241232, "uuid": "8a160f3e-482a-4266-97c2-a4a37138ba51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241232, "uuid": "15fb4b45-aa29-490f-a2b5-6e4096534d46", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "631c6257-0f3b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687245823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245823, "uuid": "da218307-2873-4305-85c6-1b5cacfb7353", "comment": "Malware payload (AgentTesla)", "value": "81841b9abd1f0fb0076edb9e57158963", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245823, "uuid": "5cea1ffd-9ff8-48b0-a230-83f629fb9d37", "comment": "Malware payload (AgentTesla)", "value": "10fbec3608285f591c1432e5bbf7d21520568981ccf9ebf2fa4d3eb3c7923f0d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245823, "uuid": "4184240e-df8f-4ac0-a323-834e8b2525ea", "comment": "Malware payload (AgentTesla)", "value": "507d2fce2bb1b01d628fab0917e2dab96982b92e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245823, "uuid": "e94a3b81-6184-4b7c-acc4-e7a75d5cbbf3", "comment": "Malware payload (AgentTesla)", "value": "442903842560ef2585292d735c80c52d47a56933842c2d89b58c6afbee80d934ed20dea44c3c198707c1936955794c8c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245823, "uuid": "35dad3f8-7722-4b4c-927c-5b9ba02e71bf", "value": "T1B054129FA3C9496EDACCCAF7C9BC07F91CE2C4C4144F140CA5919E263E79CA15C9A4B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245823, "uuid": "634ca510-099c-401f-9265-ebc56aff7b6c", "value": "6144:CMoLEu4SyHUY4kQRuFL5elkdp0YZRI1uuP6Kazd3VQGCO0XjzZirSyYQa+z1:CMowuYUYiqLkYZW1NC3z8O0Tztj+1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245823, "uuid": "eac1b6ee-d91b-4986-9648-372cba3a732a", "value": 297466, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245823, "uuid": "0ff641ec-782b-4cdd-ab99-9b3b8724c5d3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245823, "uuid": "df4cc93e-b85f-4d2c-b93c-d459d160295d", "value": "WHL050C538369.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7838c70e-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (PrivateLoader)", "timestamp": 1687267763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267763, "uuid": "cd8c3122-8165-4240-b75b-a6c07d6edfcb", "comment": "Malware payload (PrivateLoader)", "value": "ecc46431a85be3c505b78a9a7094ee57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267763, "uuid": "b68e4fab-c385-4655-a34b-58957dbbcbd2", "comment": "Malware payload (PrivateLoader)", "value": "123425329463e7801a5bc7e808ea9e481a3f95add643506e4a7a1264a1dcc5a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267763, "uuid": "2a994d47-5145-4fac-8991-d463d46e237b", "comment": "Malware payload (PrivateLoader)", "value": "822dcc4f8902f219653749004324b36c8293315d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267763, "uuid": "9f2fb47e-937c-45d5-8713-81c38d549772", "comment": "Malware payload (PrivateLoader)", "value": "c36b433366fb9b9cc56b51201fc883b7a3298d4f29d275fe4c972ea83fe30c1b4ee6b23a35146dafbe8531b6b263613a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267763, "uuid": "cd624172-a51a-45c2-b99f-49ed2f13cd0f", "value": "T1517623E336CA289EF009A1B34DFA9525C61BFDF843171A2A502FB6BB173150C5FA2571", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267763, "uuid": "2f21ac57-9829-48b4-b3b6-e0cd607bad1b", "value": "ba3ea39d60738fb7434713804e1666fa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267763, "uuid": "d1640550-3795-40e8-9315-f0051a96f55b", "value": "196608:4W5WN4O7NADtV6v+JLirrumMkaps5cNVX1UsdU:4W870Lira1kI9LQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267763, "uuid": "ad39fa69-cf6e-495c-b60c-a550fd7fcfb4", "value": 7279120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267763, "uuid": "a30bbcb8-e35a-4d0a-9cf4-3da000413217", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267763, "uuid": "10ccb7db-63f3-444b-9754-0c2cdb3293f7", "value": "xiaong.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "beeb60fa-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687242112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242112, "uuid": "cdc3d866-d4cb-4e94-90ba-ada73cbdb41b", "comment": "Malware payload (RemcosRAT)", "value": "45d32ec123fa76d35390467ec6883325", "object_relation": "md5", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242112, "uuid": "1e83bcf9-0be9-4ca9-9f06-4c181d06dc58", "comment": "Malware payload (RemcosRAT)", "value": "1297278ef746096841eeadfbd09a124e044a52bee1be093b4484f95af475c2b3", "object_relation": "sha256", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242112, "uuid": "d20cdbc1-eed1-42a6-8efa-f62858dd3f5f", "comment": "Malware payload (RemcosRAT)", "value": "fd11abc40a98b0b636152be0a85cd9bfb7b7c1ff", "object_relation": "sha1", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242112, "uuid": "d4358332-4d37-4fda-80c9-81873619e799", "comment": "Malware payload (RemcosRAT)", "value": "e07dc38be49d152a7f7d48a5c07eedabc6da0c7790a665c156c4be25aef83df925f45480aeb0065560115274d1653b99", "object_relation": "sha3-384", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242112, "uuid": "7a02ada9-db0f-4afe-9853-bf33a21d9223", "value": "T135E44E197E9F40FCE13ABD5A5BECAA9C0F5FB305453EA1092148454B4B87DC28E91FA3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242112, "uuid": "c734dc26-308a-403d-bea9-4ee8dde25027", "value": "1536:aQvgYcpa5U+ogsUJW4Wrle/PhG+/kery+bGMvbEQEkqkM5Lyi9LYHIdtUogy6Gip:9gYcpl+og0S7TbEQEkqkMWsgw9Zqem", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242112, "uuid": "3776cfed-ecc7-4b30-bec8-a29ccdec8e52", "value": 684746, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242112, "uuid": "8d73de28-1b71-41cb-aad4-6b44caa886a4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242112, "uuid": "3747ef9c-053c-4b92-ad9e-8fe5cc82def4", "value": "lukas.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4df17b75-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687243640, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243640, "uuid": "c5c29d2e-5771-4ca6-87f6-b9093915582c", "comment": "Malware payload (GCleaner)", "value": "6615aa0abe60e6936e7ebdb0a360e3c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243640, "uuid": "f0d521b1-3a48-457c-a9aa-f1e85ac177b7", "comment": "Malware payload (GCleaner)", "value": "12a30c24bb134a67991020d063ae6dd5ec4c941d14d53fb8e0df13ecbe20ab8a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243640, "uuid": "6849ecc9-5334-4ca3-838c-7bb5d3276b7f", "comment": "Malware payload (GCleaner)", "value": "bb22997490d7a1a77bf8c02c46bb53edf6187d5b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243640, "uuid": "7f62d949-f87b-48cd-b893-fe181b1f0666", "comment": "Malware payload (GCleaner)", "value": "0b2ccc2a396b5ce0a106170cf8f396a1d966a3e95abe3ce014891b8bddc9f52d3d7d920d1093bc6419ef37ef6198510c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243640, "uuid": "087dce64-75bc-4dbb-bdbf-d7f22efe57d6", "value": "T1D884188382E13D94F9278B73AF2FC6E8764DF2508F497B6911199A2F04B11B6C1B3B51", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243640, "uuid": "901ba47b-ecff-4cc6-9887-f1a49fa3e66a", "value": "2678d64d9aab251c39f4a926feb15079", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243640, "uuid": "dd0959f8-56a8-4a8b-b080-1daf7ab2eaae", "value": "6144:ZN584CunwyVR85xMS9GmDNVMY4Gyt2zHAluOp:J84Cuw2R85x/LuYX2F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243640, "uuid": "8e76980e-f500-49b6-bce1-631dd34c31b2", "value": 379392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243640, "uuid": "7664f75d-973a-44cb-8432-b8eb7e54fc99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243640, "uuid": "d5103b87-d580-4f98-ad0f-3ca4b116712f", "value": "6615aa0abe60e6936e7ebdb0a360e3c7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4616a80f-0f90-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687282282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282282, "uuid": "43d38362-46ad-4046-a370-910260c68e5b", "comment": "Malware payload (RemcosRAT)", "value": "72a9e3f9225cdc10380731b93fd875f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282282, "uuid": "b2015950-d9d7-41cb-909f-79b17ad1e2f1", "comment": "Malware payload (RemcosRAT)", "value": "12eb9e0af8b7e3b90436a78fd09aed23c6f4eef1f9bc7761a83469e4310c93b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282282, "uuid": "a71729f8-9f36-49cf-b14f-3a455c7af8d4", "comment": "Malware payload (RemcosRAT)", "value": "602ceb816e4f2fde4f5c223d5a09e0e91cbb3bb8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282282, "uuid": "09a7442b-d302-4f38-aab2-4814bb73a800", "comment": "Malware payload (RemcosRAT)", "value": "0f5d9d7815501b04deb402c6aad1c2875c94f1c0c6b1c5737f69547320afe724b6d10141d79b1fb3cc791ba39581e1db", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282282, "uuid": "83eaba64-d97e-484f-bc88-a55423d69317", "value": "T10745020022B84F27E17E8BFD4060273087B96A57742AD34A8DC3B4DF6FA5FD2065A957", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282282, "uuid": "29accc2c-507c-4c8a-90f7-c7d095a4233d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282282, "uuid": "b287640f-6743-47da-9a19-25c3044e6ca4", "value": "24576:BSzu4CZdODslGvNzXWXmZ/HLSDejekPko3:8z6ZYuGvNTgKmVkPko3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687282282, "uuid": "3173322b-000d-43c6-8267-72b9736906e1", "value": 1166848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687282282, "uuid": "d84316a4-89a4-4550-8d5b-a4af0fa703b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282282, "uuid": "958c4c15-13fb-4d5f-a344-c29897ae2866", "value": "SecuriteInfo.com.Trojan.PWS.Siggen3.30166.12918.23838", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0150f622-0f69-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687265416, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265416, "uuid": "be130e7e-eab0-42e1-bcf5-436cddecf0b5", "comment": "Malware payload (Mirai)", "value": "157bc96cbb6f25e240c1d0410c9b29cc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265416, "uuid": "d4c54a65-c38b-421b-98a3-5b1387283a6d", "comment": "Malware payload (Mirai)", "value": "1386ea28fdf3e9861b52627572431bb792ba669f52a6958344b07df72ee5ee63", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265416, "uuid": "382abb03-9336-4658-ac41-92fce22a4db3", "comment": "Malware payload (Mirai)", "value": "bc87d2188d8dbee82348caead205d3479062dc31", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265416, "uuid": "907ef763-7e1c-42e4-90be-d85f6fd7d00b", "comment": "Malware payload (Mirai)", "value": "bdd38805978fde63695741f0ea6db975ce4a04f3d93a657a2aa2818d55c6b1dcbedec6b1a6e65d36325cb4ad87738ecd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265416, "uuid": "03bd17b6-0b2b-4d3a-be89-f8f4a4188cad", "value": "T1B5B39CDBF24701A0C8624AF007CB4BED3E2723815F27C5E72C6A657969791CF8905F96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265416, "uuid": "3f39c187-5174-40f1-a0ca-001596a09e8d", "value": "1536:Fu27gBY9FSSpj3z5Qxw6YaWWgg1p/LWy:c9sSyzz36YaWWgg1pq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687265416, "uuid": "6719615b-c958-4bd6-943d-c994284933e0", "value": 107800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687265416, "uuid": "b6eb1c94-86d5-4b37-ba36-00ec50ccc153", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265416, "uuid": "54955703-d041-4ed4-8f85-98225a2302a5", "value": "157bc96cbb6f25e240c1d0410c9b29cc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16a34ebc-0f05-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687222502, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222502, "uuid": "aa441722-07c5-48f4-adc6-d9e1addabf1d", "comment": "Malware payload (RedLineStealer)", "value": "837a6228cd1b5f8de082cc89f9325e65", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222502, "uuid": "12053b60-206c-4551-8719-25b76c5a0c91", "comment": "Malware payload (RedLineStealer)", "value": "146ba9f41fa5df4ea395897c82cdf473edb747fa681c10d856265eaa013a3fb1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222502, "uuid": "e3ddd95b-0e78-4249-8261-42f0f24ff774", "comment": "Malware payload (RedLineStealer)", "value": "1eb9cd4482c0ced6a381bcc966036b2edbe8c0a4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222502, "uuid": "7e51b728-376d-4c99-91bf-430af0b64ced", "comment": "Malware payload (RedLineStealer)", "value": "d8c4d50c4af45586b730e48f63d247f8fcac58fd8a59052fb459594238a260bce4e507735878dca28b1e9ce8c60ec249", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222502, "uuid": "c19d43f1-798a-49f0-b40b-b2782d53caa7", "value": "T1F7F41250F4C8B634DE320631AC6A79836D2CF8A15F6088AF3F94771E4B615E0B9B562D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222502, "uuid": "b0cbfc43-8d37-40ec-bfc3-f55eb4c5bafa", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222502, "uuid": "396af919-16de-43c5-a47d-e0540f0b685d", "value": "12288:YQRS3Rlv7fWlu+T/IIw7aabox3REadbkeL2/4RuiE3hksmcLjqO+Y3sX6jWZgV:YrRx7fIuz/5adYeL2/4RuxkSEaWZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687222502, "uuid": "e46489ce-44d7-49cc-b4f3-a575f9db4bce", "value": 760832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687222502, "uuid": "cb1f8bdf-525f-4062-8403-2e502a745ad8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222502, "uuid": "d428d5b0-2b10-404b-b579-dc3cedd6d6a2", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31056eb5-0f99-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687286112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687286112, "uuid": "a5e0ce74-7d52-440c-91cf-82845cad3978", "comment": "Malware payload (RedLineStealer)", "value": "be65fda215b4ae51930028a743042998", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687286112, "uuid": "ab0d6188-c7a9-4fbe-a65c-1fbf73235c56", "comment": "Malware payload (RedLineStealer)", "value": "14782d7a1d24ea4bfd979515a5514ec4efc57dc86099c6d9269650393c124cad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687286112, "uuid": "3ede6e54-3bb9-4e54-a378-dbbab0901100", "comment": "Malware payload (RedLineStealer)", "value": "3815baf35f8020fda410ac3cf7ed3d2bc531f676", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687286112, "uuid": "4788e049-7a40-4d12-8150-b8ce210b327d", "comment": "Malware payload (RedLineStealer)", "value": "bd4229a378777136a878746cb1f36cfd2a707d03061831784b7b765324b17354a850d78ba3958af14ed550818dd4fddd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687286112, "uuid": "f04454a4-2984-43f0-9397-45fbc40a409d", "value": "T1F1C417553480806BE976DBB324507BF7494AE4616B4D0AB73E44C7F189E0DAFFA9083B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687286112, "uuid": "b5b46bfd-5de2-4edf-bd65-53f8ab5aac38", "value": "2fe73b1edf18bd6736d0f71d5f78f29c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687286112, "uuid": "7ea38755-bf2f-4227-9266-65c134402f55", "value": "6144:ibov37S4OHn8MDEYeCpf/bgIvect0t9cNeC7KTI:iUv37SybCpfdJ0t99iKT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687286112, "uuid": "c392e075-7773-4dca-8729-ed694a47cd5c", "value": 588800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687286112, "uuid": "d088be50-ca24-48ff-aaa6-9fa14e0cd935", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687286112, "uuid": "d9ee4107-2900-428d-bfff-5f911a53cf1c", "value": "be65fda215b4ae51930028a743042998.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e40de50b-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1687288130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288130, "uuid": "5fb7da2f-77e4-44ec-b49a-6a87835edfbb", "comment": "Malware payload (NanoCore)", "value": "1cbb726aada6d392c55f2a52113d05eb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288130, "uuid": "00e64dad-f836-4353-b672-0a1b23974d61", "comment": "Malware payload (NanoCore)", "value": "1480f8c6b0fba994c00375e833b1c7aa0399e8aa92f00a41d3038f851d64ff9e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288130, "uuid": "d4fc4d14-c802-4ba2-979c-5caf76be4cd7", "comment": "Malware payload (NanoCore)", "value": "d2297ca38687a26521224c9ddca495d55e46bc65", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288130, "uuid": "de3d7a09-af5c-4714-b5ba-2a046508549f", "comment": "Malware payload (NanoCore)", "value": "ac79f98afbd8db4ddd5a8a482bf7c7c63aca2756107ffd8d8b2d63a373a9465ad566f7e7cd32987e8562b290176077e7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288130, "uuid": "974b3a35-6c73-477e-b365-694bf9e05897", "value": "T1B8352391B6C0C0B2C5F7003590D5C9395E7574B29BBA56D3BBAC6FBB6E203D062352CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288130, "uuid": "32beab0f-ed30-4e63-8075-6024efbdd564", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288130, "uuid": "c24171cf-8c84-49ae-ad21-d78523e5d938", "value": "24576:gk70Trcj+4W2stXjtM4p9Khb4tDF6rR2Go6CPdXJ6W:gkQTAj+oste4pW4F4R2GOd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288130, "uuid": "e4b20166-4333-484c-8c11-165834c7e105", "value": 1076224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288130, "uuid": "e3bbce92-bb73-4dcb-8cc0-05cef1452e76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288130, "uuid": "a47f29f7-eae1-4c2a-942c-1036430574e3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea1a939c-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1687288140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288140, "uuid": "cf12da4c-f10b-4b49-8cf8-4e24c2c42f61", "comment": "Malware payload (Smoke Loader)", "value": "f50c7021faf8880c50cb092669bccf9b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288140, "uuid": "9d46d3e1-110f-463f-9b78-508c02bfbbf9", "comment": "Malware payload (Smoke Loader)", "value": "14a81d39c1a2260f7dde336245ab276a3416319e8bea2740107f8da6b5baecc2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288140, "uuid": "e9dbfb24-c443-4dc5-916c-22c3cff48d6c", "comment": "Malware payload (Smoke Loader)", "value": "302d730bad4222d1748a863da3f8bf2368b88e65", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288140, "uuid": "80f3ff47-7704-422d-8a76-b15997fb9fd3", "comment": "Malware payload (Smoke Loader)", "value": "7fe703c550a763cb314b0cf68b2fd2fa0579d784c9dca0f44c46caf7aacc1ebf0cb1e2dbf1a6871e16cf2769993007b9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288140, "uuid": "9efbe91a-31ae-4b20-83a4-bf43acae77fd", "value": "T1DD04BF1272E0E471E5B75B314DB9CAE06A7EF9010F705BCB23581A2F0E722E1DA76356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288140, "uuid": "9e8b18cd-ab1f-4b8b-a074-54d9b3b353c0", "value": "048976e84d2108e3492c4c483eff983e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288140, "uuid": "c35a634e-9f59-4d96-aa97-05f7de9f740d", "value": "3072:MtaBjZDS2BKsgTnZOXefxHgndnmBT7bZTDhYqgxAnLY:MgBNDfBKbZOXepHg9mBX9XhY5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288140, "uuid": "12d7a998-b2c4-43ae-bb98-15a5b10917a5", "value": 189440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288140, "uuid": "a74713da-1a5e-4a52-9bae-bfffe517e0be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288140, "uuid": "e2f61c54-4b3a-47ed-b759-ce8cf680592e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "efa90f1c-0f6f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687268393, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268393, "uuid": "f8475fea-2107-4446-bf9a-6b0e185b9fbb", "comment": "Malware payload (RedLineStealer)", "value": "02e3ce5f9cff3521b4e443a7a98955ab", "object_relation": "md5", "Tag": [ { "name": "bin", "colour": "#618E3F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268393, "uuid": "cedc29b6-1086-4ca2-a3e0-1ccc2da8e4fe", "comment": "Malware payload (RedLineStealer)", "value": "1551371a8c26e90e3ce229fd4f68351373e6bafcd7cfbe51e4892605bda772d0", "object_relation": "sha256", "Tag": [ { "name": "bin", "colour": "#618E3F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268393, "uuid": "d874e751-82e9-4708-98da-1fe69d818f1e", "comment": "Malware payload (RedLineStealer)", "value": "d022344ccf678b0d70f29770e54f836fb20eb737", "object_relation": "sha1", "Tag": [ { "name": "bin", "colour": "#618E3F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268393, "uuid": "6eb83ee9-b847-401e-9189-4618662dd668", "comment": "Malware payload (RedLineStealer)", "value": "4daa8ffadfdddd723cadf26f089825dab8b7746cbf9bf90d3fe0cbd5e65fbffbe05f77fd5360102e9fac5a6bdbe78270", "object_relation": "sha3-384", "Tag": [ { "name": "bin", "colour": "#618E3F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268393, "uuid": "99e5a4fa-d2d9-43b6-a0e9-012eb831feac", "value": "T1FE55D011B5D1C072C872253209F4EB759A7EF9200B6599EF67E81F6E4F303C19B32A96", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268393, "uuid": "62648748-e261-483e-a00f-769cdc337806", "value": "6f3eb99ede26190ebb4d18e0266260bb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268393, "uuid": "d4569743-cd26-4618-b025-7ef142bc54a6", "value": "6144:SBsloyGJpqpn9PZZiQ3/0tAOVfuuJR+BnuonkENk6C8ZmMxonUMFO/NogCP2:S6XGJpqdNctbfpInuokWk6leQ2P2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268393, "uuid": "c1d5326b-390c-45c0-a50b-ee109fb409fc", "value": 1310720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268393, "uuid": "2fbad0cf-f167-422c-9c40-64a5fe4a81d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268393, "uuid": "11bcef5d-f8e8-472e-b842-27318928c775", "value": "02e3ce5f9cff3521b4e443a7a98955ab.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6009712b-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687268581, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268581, "uuid": "73ad9ec4-0aa3-42bd-9170-762464122a3c", "comment": "Malware payload (AgentTesla)", "value": "3b4a07d01b4b688ee18dfaf356879a54", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268581, "uuid": "70df4cc5-d3c7-4f59-a62e-285e0f1b686a", "comment": "Malware payload (AgentTesla)", "value": "1580f27edd71ba547c83ae5c7cf5c2f888bcc4ba72feeb571b770270b313ac2c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268581, "uuid": "d3eb87fa-2e34-4910-9f07-06a5d3a00e69", "comment": "Malware payload (AgentTesla)", "value": "0368bac0d8fa8fe7153938efa4720c8f4042e10a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268581, "uuid": "9112f4f5-002a-49b0-bec4-909a8b0c8ec6", "comment": "Malware payload (AgentTesla)", "value": "52ed9c0b66cf8807867abfd0bc09e662c7f331aa1ea4893b461ac866163bc812661f8ad9fbbed4cb6f7875a443cfb2a4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268581, "uuid": "aaf7a0ea-d66f-43da-8d28-774efa476242", "value": "T19505F10022B84F5BE17E8BFD1460227083F9AB5A706ED70ACDC7B4DE5E91FD10649A5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268581, "uuid": "663c60ea-639e-43ad-88f7-01dabb2787c6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268581, "uuid": "be895bd0-3eb1-4f70-9331-e708b497a71a", "value": "12288:z2qlHVwPM7q6bpw4dcZda/ig14uNmfzO/waa8IculxGysKb2KsJ0gPPCiMS6+Rz:bjzu4CZdO1J2OPa8HGx9ctnxrB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268581, "uuid": "962676b0-7c0e-4344-9705-694e11885539", "value": 851968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268581, "uuid": "573b0d5d-7bd7-4a70-a007-cdade90c1691", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268581, "uuid": "93eb2187-44a4-47b7-a6cc-3c9e9a26fa10", "value": "DHL - OVERDUE ACCOUNT NOTICE - 7419493674_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2182134-0f43-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687249365, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249365, "uuid": "66cd42f0-bc9c-448c-85c2-fc045676c9c8", "comment": "Malware payload (RedLineStealer)", "value": "a967431e4bd182fd74ee1dde34886f02", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249365, "uuid": "641db469-e071-48f3-8d4e-f9e53473f731", "comment": "Malware payload (RedLineStealer)", "value": "162ae0d2cd94c3256c9b426b6a625951de54f3ebb4ccbdd12c075854b404fe63", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249365, "uuid": "e5eafb1a-3b5a-41cc-b596-a3d021306b99", "comment": "Malware payload (RedLineStealer)", "value": "ba6131cbede66467a24cf5c34edc8e27e5f73f06", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249365, "uuid": "4ce4c5ff-851c-453e-aab1-43a546a81184", "comment": "Malware payload (RedLineStealer)", "value": "0dc070c2a5d7d2351e418b896770f83d0b0a28030cf70affc096d6b7cea883167ea7d8432e395f05892a09a0175ecbd1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249365, "uuid": "f3530977-1123-4708-a54d-5a11bf6b57c0", "value": "T117E4120270C4B538D9360631982A7AA37D7CF8908E60CDAF3F68731D86B29D175F665E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249365, "uuid": "77fbe9cd-fe44-4f0a-a557-e806cdfd4461", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249365, "uuid": "75fc19df-cb63-4ff6-9daa-a3daa5807d3f", "value": "12288:d75RKwRZv7fWlu+T/v5M3N8KGDKh1MuEuCK5ZLRuwxfXZGSHJNPu5sec:dlRl7fIux989GMupn5ZLR9yxD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249365, "uuid": "9b3c68c3-36c2-4b61-bee6-5689aecaa138", "value": 718848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249365, "uuid": "2ca7c5f8-6237-4af5-924c-fe03946e7b85", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249365, "uuid": "7bdbe54f-a624-4685-b71a-b5355947a7a8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7818b351-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687243711, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243711, "uuid": "f7bce69c-5378-40fa-834d-1ecc79bbcaa4", "comment": "Malware payload (Formbook)", "value": "1b42e6f5910be7fda6183c44ea3ba81e", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243711, "uuid": "68cbbdde-fb63-47f3-8543-a7ce10b6e844", "comment": "Malware payload (Formbook)", "value": "165e050ef68b85b320a21c9bdb1a19a2c1731cad752b9b99e718694318dddb4d", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243711, "uuid": "00791a7c-58b2-4ec7-84f0-6286feba6da0", "comment": "Malware payload (Formbook)", "value": "3d9431877ec864b80194d881af057e748a18385f", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243711, "uuid": "91f7fc03-fe04-4fa6-a9ad-55fd3242ac9b", "comment": "Malware payload (Formbook)", "value": "b2dab2aa396196ba34324db2cd8289fe0a758c9a3414799c856af7dbd2b48034edc810cd127e99f9ec03e14133c23415", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243711, "uuid": "30ffcd0b-dc33-45cf-8483-0bcd243773a5", "value": "T1EFE43322D1FFADA88CF9AF0254234D1511EA39D88B2CCE3C13E9177B78D4FE64466649", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243711, "uuid": "081e66c2-5d3c-4d54-b3a7-affbec4fad23", "value": "12288:rhnoJfEjGc+vv/4mMJvCzKvT++KXmu1JKp3N86I5QUQM7Ep2:dnoZEjGhvZMJqzKvTUXmu3O8ZdQML", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243711, "uuid": "c2f50356-68ad-42cc-b016-6a320250e72e", "value": 715771, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243711, "uuid": "4763dfcf-86d8-4f4f-843b-a9f9a3407ea9", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243711, "uuid": "74d51aad-74c7-4fbf-b414-780104f42b46", "value": "PRINTED COPY.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b31a78f9-0f90-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687282464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282464, "uuid": "9efc4f1b-a2a4-4b64-8545-3990fefc9a31", "comment": "Malware payload (RemcosRAT)", "value": "93435c818fb82a864f4ac877c6837c90", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282464, "uuid": "b034c9e4-e4ac-423b-a866-aa211d6a9703", "comment": "Malware payload (RemcosRAT)", "value": "174d5f46552f24006402aae0f33f3e066831dee51dd03357d38bb632b6c81ea0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282464, "uuid": "3e02ec19-57da-4451-94f7-5afcf2fa9e04", "comment": "Malware payload (RemcosRAT)", "value": "6fe8f4983282998de9a2d480787ba5720abc69ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282464, "uuid": "fd25c2f1-6dba-4e46-bf0a-0bfbe9eac0bd", "comment": "Malware payload (RemcosRAT)", "value": "cd09fba548ff1279c0ad6a4931f6cc83e61dc013e354aa0c2d8124158643cd2bd52f2e8795aefe906c4972bbe9cc86bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282464, "uuid": "07464aa1-4484-420c-ab9a-c964aa2a1fc7", "value": "T148A4BF01B9C1C072D57261300D2AF775DAB9BD212926497BB3DA1D9BFE30190B63A7B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282464, "uuid": "b8f6c209-14ee-4d73-93e9-d26d17c08c0e", "value": "3f3d4ba55ce3e8f736704310c56bf5aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282464, "uuid": "c12e1d1d-1b36-4c77-af07-79036ed182e2", "value": "6144:01EwL0xQk9VdeLuVnQs8QLgt8cBvnkCX/3Rde+A+DdsAOZZiXXPcNE22OhX:01EZT90uNQzYgScBvnn/XpTs/Zi/OhX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687282464, "uuid": "8990eea4-8400-4d45-9189-283e91823082", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687282464, "uuid": "ec199335-ce5b-4b5f-9f69-0c8c6dd7fc50", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282464, "uuid": "715f53f2-8dd3-481c-9c26-36f6628daded", "value": "xU46fZdhQ7Kg.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15767e7f-0f83-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687276617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276617, "uuid": "19d77193-39ed-457c-8bab-32aa85a18501", "comment": "Malware payload", "value": "c2bbda930bd6045f9dc8e05718bd611e", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276617, "uuid": "b45562f0-26bb-4161-8912-9dfda3e97e67", "comment": "Malware payload", "value": "177f5acee22eef32f884dd7c6a0fcfb22cc5c2d61c193939181c05953aee9976", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276617, "uuid": "95e2ccd1-2c17-4f2d-b327-728e05dcd5f9", "comment": "Malware payload", "value": "17a8deb592c009618c3b9ea0dc6609842ca99d74", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276617, "uuid": "50f5d31c-bf81-4660-b496-0135f298e49e", "comment": "Malware payload", "value": "8b517c60fb4931753965847f944e5fcfce0c2b36f63b6497a2360c83ae29b837099f4799177682226344b90e7a1917e0", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276617, "uuid": "6bd2e03f-1b9e-4d43-a884-3e6386fd8c74", "value": "T134D4D1C657D65884B4A757312361E670E0329E85B2C10CC8F22C7A71FFA96407ABFDAD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276617, "uuid": "6d67261e-edc1-44ee-825a-adad44c99c22", "value": "12288:lzJ2tQuoE1y4V/gUAdMAdQjOna+vVxP7AKRIJzKwYYFVBuo+VF:1jGAdMAdQjOnlVxP7AKRIJz/Vg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687276617, "uuid": "8c214acd-78b3-4e2e-a3b9-25868b2f4663", "value": 607587, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687276617, "uuid": "49657dff-a5db-4fe1-97f0-14adbd0f42a8", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276617, "uuid": "db0b8959-a02a-48cd-bae9-c3f110c14a8a", "value": "Rl.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c19390b9-0f48-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687251565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251565, "uuid": "78361144-658e-4fd0-ba94-71dcf2af8b95", "comment": "Malware payload (RedLineStealer)", "value": "ab46f0850185ed0cb2f711917a128d38", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251565, "uuid": "630aff0c-5225-43e8-b850-22ecc7448a6f", "comment": "Malware payload (RedLineStealer)", "value": "17bc7c441bdc92356a3b2a8e95edd796773a081e311f6c5115a4b43ce170800a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251565, "uuid": "b6b10e19-6f20-4e44-b277-1377e7af9ff5", "comment": "Malware payload (RedLineStealer)", "value": "d64cecb2b54b1e25e7ea4108b75ebb493f415089", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251565, "uuid": "06f8364d-7cec-484f-a101-688aea02819b", "comment": "Malware payload (RedLineStealer)", "value": "6940608433063c559317c376e620f7f543cd7fd3e1b73e3585e3b2c090af4f6e231c8f160db26897bc3eb9731deb2c20", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251565, "uuid": "5e06d312-9bdf-4629-8bc6-e76ded9e314f", "value": "T1FAE41241B4C4B230D97602315C2AB993ADADF8918FA4DD6F3F14332E9A325D078F566E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251565, "uuid": "5aa06dc5-201e-4b15-8962-9f5a8457ec88", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251565, "uuid": "9bef1d2a-0f94-4d88-afe7-cf9dc3a4e8fb", "value": "12288:MpfFRR1v7fWlu+T/Gmmb5iabxu6N2GML0TwrVDFw6XGOkMjPxWZaVdtCvhZ:MJRh7fIuY5absQPMLF1W6PkSx0Sti", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687251565, "uuid": "d83cb12a-572b-4b96-9167-60a4c43900fd", "value": 718848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687251565, "uuid": "21cc9b2e-a391-428d-98e1-18504b8cdd65", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251565, "uuid": "e221abab-0321-4d6a-b339-ea80a93788dd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c299b818-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687242118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242118, "uuid": "f0526659-f7b3-488b-bbc0-622551ff4180", "comment": "Malware payload (RemcosRAT)", "value": "04158a549e08bbe11e46367772c03965", "object_relation": "md5", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242118, "uuid": "16acd0b4-6b0e-46de-9672-1449e9e64e0d", "comment": "Malware payload (RemcosRAT)", "value": "19d950b878e737ae460d86a723a31b651d9130001b9f1b24b178affa9ceff606", "object_relation": "sha256", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242118, "uuid": "77727ffe-da53-4696-bfa2-1040281fbe14", "comment": "Malware payload (RemcosRAT)", "value": "f41b66f27c794ad1bfcf0a1284ff0c92ad9d5a07", "object_relation": "sha1", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242118, "uuid": "4e8d912e-0af7-4d2d-8d3e-bfdbdb508992", "comment": "Malware payload (RemcosRAT)", "value": "4a730c44eed6e576af8be468c803917f9ac1ca65f37a850e41f534b34cef846c5371fb8ac8c222f1c8ee734eab4c26fa", "object_relation": "sha3-384", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242118, "uuid": "f2180153-1476-4c1d-903f-0e19f03941bc", "value": "T121E47D829FDF60E8F1A32A474BDD16E98F576826353BE05D64481B0753ABC931882F73", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242118, "uuid": "64fa7afc-dab6-452f-98d9-de225938f3a4", "value": "3072:9gYcpl+og0S7BOwbkwEEqEs2sAQcAAAAAlAAaAAXAAAAA2AAAAARZqem:NbkDLAQvZqZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242118, "uuid": "52138c27-1595-4987-b347-4f3918e8220b", "value": 692654, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242118, "uuid": "ca415e4e-d81b-4a6d-8241-cf607558bc6a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242118, "uuid": "30353bc0-81b2-428f-bbf4-3142bdce3aad", "value": "PO.20230620.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc73d2f0-0fa6-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687292036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687292036, "uuid": "e580eaa4-f7e1-4e7d-8bef-ab2d12169541", "comment": "Malware payload", "value": "a339f11e79bdece724cb127c0f657b56", "object_relation": "md5", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687292036, "uuid": "2af487b8-1f37-4f5c-8a99-4f5fe9fce517", "comment": "Malware payload", "value": "1a7ac50da5e32d2f9f3f9c4722ff68a2c415702624aaf9bc4639dc42ca7dfde3", "object_relation": "sha256", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687292036, "uuid": "733daf14-dcff-4b5e-91b5-92c12e0686e6", "comment": "Malware payload", "value": "a645233c613f12e88bb42fe1334cb376d42cb88d", "object_relation": "sha1", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687292036, "uuid": "b71d4877-4e81-4276-9f83-e404dd5f801b", "comment": "Malware payload", "value": "9c4c1470832d5fd43ac3e35c36ab1409879fd078d6da915949935f09e13a2d198fe4b9689475fa097319e851924da1dc", "object_relation": "sha3-384", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687292036, "uuid": "9cf247a3-ea77-4e76-8943-fa6c72d7e93b", "value": "T19411DDF65F1E4012C9B5CB421D4B625ECFA041A264C40B11B8FE0E61DE39127A39FACD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687292036, "uuid": "c0aa9c13-182b-4f76-9c82-4ba118cbff73", "value": "24:DOVtyCiOwEBsFTxnswvpdPNuR71q2z8JAh/:DOVtyCiXEBsFXFMqcr/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687292036, "uuid": "703e268e-098f-4c53-bd5f-0ef366d78bf3", "value": 1065, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687292036, "uuid": "9467863d-8ef5-428a-8127-6b5040ca509c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687292036, "uuid": "8848ac7f-c584-4787-98e8-a792863bc325", "value": "DfG4bEWq.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "176bc231-0f47-11ee-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1687250850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250850, "uuid": "c245a197-04bb-4a9c-a0cf-a59a0f1758b8", "comment": "Malware payload (CoinMiner)", "value": "fd40511ecd431369390326d44b30d725", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250850, "uuid": "baf107ae-e56d-4ad2-b5a3-3ffdb0d5a819", "comment": "Malware payload (CoinMiner)", "value": "1a7b7cfd46f546967b060a7a004c1bb44a03a53b663d682fbf52c54a985e1f7d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250850, "uuid": "29e2c1f5-807b-4180-ace8-b0f306418637", "comment": "Malware payload (CoinMiner)", "value": "b5939d71bf618c70d78375f88185b3476b6ccb3f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250850, "uuid": "ea7f13ad-5ba7-4033-8ad8-f287d9109a4e", "comment": "Malware payload (CoinMiner)", "value": "add809c03ecdae3e899dd018c98eca8a5ce85eb87b15e31e47ceafa1b72936714242ae5f1f8c028227bbbd8018c8d13f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250850, "uuid": "0841f3fa-f270-421a-bca8-6a714ab6ca0d", "value": "T198F56BD5E214E0A2DD65E33E309A8B59E9D0CCB5758F865FA2C43C9D9DFBC801B04BA4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250850, "uuid": "91056e79-3cc8-46d0-beaf-399c891a7ee0", "value": "d3bef53bd3b1af06f068902986513bdf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250850, "uuid": "888959cc-6cb9-4c42-90e3-74e9558982f4", "value": "98304:IRHnC//eSo8pQS39MyAIDCBTD2rjqBKopb0Bzv4gtgtvsUz6p:I1oFQWeyOBW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687250850, "uuid": "9e50c64b-e5ce-4c39-bff7-d4b310541127", "value": 3343288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687250850, "uuid": "79e18e98-83b5-4851-9859-6e4ff34f7778", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250850, "uuid": "2c2c2011-8cd5-4629-ac7d-30f5b69fbacb", "value": "fd40511ecd431369390326d44b30d725", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b7b63a2-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687243341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243341, "uuid": "454bf520-c112-46de-99cf-e42840bb5991", "comment": "Malware payload (AgentTesla)", "value": "0ec05501d79478bd8b519f6dec069d5a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243341, "uuid": "46b3c57e-07d5-4618-bcf1-7f8dfa9b0acc", "comment": "Malware payload (AgentTesla)", "value": "1acb529b2915329dcc9d5176d1f6986f6453629761843194e53c8bb5d70633c2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243341, "uuid": "a24bd560-3187-458d-825a-2e659f1e93d8", "comment": "Malware payload (AgentTesla)", "value": "3e483a96fdeabc6f62f630c4f558940df9f18ea2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243341, "uuid": "35a70279-4fb8-4b41-8a5a-2369c05f5fe3", "comment": "Malware payload (AgentTesla)", "value": "240a09f6a3d0dae092eefa12621b57b14b40cd46d27b1428dd3c1f52527b33b6186330cd92b1fd77b41fbe184e7762eb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243341, "uuid": "9c3b9cfe-10d6-414d-94fe-4a2cebf96d19", "value": "T147F4330102850B6083FDA9EAB60B5708911D7A8154E796DEB93B3471DE8EC8BDF2F1D3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243341, "uuid": "8bc39ab2-8e67-4c70-9962-0266dd737de6", "value": "12288:HPmXm98xxSuUUk92VJM+dQPSQeECb5ywg7RXILzqnM6J8L+tB6Jhh7N7AcX:vz8zSl0JbQPSQeECbYwURDnf6Jhh7r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243341, "uuid": "7fafb78d-d0e5-4c9f-99ee-0a553f9f4417", "value": 729892, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243341, "uuid": "8344bd0e-74d6-4378-b0d6-fb7a879350ae", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243341, "uuid": "45c8606f-1fae-4f0e-b0a6-794a2941f3cc", "value": "Order 6189.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e59a5d74-0f66-11ee-b3cf-42010a9c0076", "comment": "Malware payload (BankBot)", "timestamp": 1687264510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264510, "uuid": "2b2ac791-3642-4664-82ae-e2d8a571108d", "comment": "Malware payload (BankBot)", "value": "6ee3ce7f67d88d9fd51b3342d872912c", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "BankBot", "colour": "#7BC738", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "fis", "colour": "#D39754", "exportable": true, "hide_tag": false }, { "name": "hqwar", "colour": "#5B0387", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264510, "uuid": "b0dc7c0b-3562-4129-afab-0cf43910fc9b", "comment": "Malware payload (BankBot)", "value": "1bdb7b83f3964b84d03694bbbc66a02f5a270043b8ac635932d9de12b81b172e", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "BankBot", "colour": "#7BC738", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "fis", "colour": "#D39754", "exportable": true, "hide_tag": false }, { "name": "hqwar", "colour": "#5B0387", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264510, "uuid": "f5ed755e-360c-47ea-87c4-46ad99d3e32e", "comment": "Malware payload (BankBot)", "value": "0867aa81c1cd5edd768caa6843ab0a7ef6b03a42", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "BankBot", "colour": "#7BC738", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "fis", "colour": "#D39754", "exportable": true, "hide_tag": false }, { "name": "hqwar", "colour": "#5B0387", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264510, "uuid": "ba07d3ce-a593-4742-817d-c18f5134f8f3", "comment": "Malware payload (BankBot)", "value": "a2bcac2fe898b5043bbc2b703f5f08ceb626d12cce5905ce75e7aed0f523923872110d3e2db7e39bf935c0e0a53b176e", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "BankBot", "colour": "#7BC738", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "fis", "colour": "#D39754", "exportable": true, "hide_tag": false }, { "name": "hqwar", "colour": "#5B0387", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264510, "uuid": "69359c8d-bfc4-4e38-a256-68626eba8bd4", "value": "T168F533C3AAA2B48DECD989B0F52A5443D61189C56978F3EE312D4A50C807361DF27E7F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264510, "uuid": "e8c59e9c-5f46-4b79-96d1-3beb78a7c5d9", "value": "98304:ieErtZDhPCabIqyOqds64/56yQ8YmCaXyW:ie4jPCZcqdgDQ8YmCq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687264510, "uuid": "274e5b1d-d0f2-4269-9d9a-c261ec6b1d6d", "value": 3616948, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687264510, "uuid": "f7346589-84fa-42e7-8073-b28c96e65250", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264510, "uuid": "3e0042b9-413f-46b7-9bd0-df72f4ec669a", "value": "Flashiplayer.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf23eac5-0f34-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242971, "uuid": "8fae80f8-d9d7-47d1-8d07-8f1ff86fed77", "comment": "Malware payload (AgentTesla)", "value": "0a2dd97891e40954cc5b8295ec4e9652", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242971, "uuid": "3b1e3aa2-4b51-4980-9927-6d8dd518bdae", "comment": "Malware payload (AgentTesla)", "value": "1c00f77a3803b2be72bdcb629f2acfa10a604c9f4958e0304c2b1fd73a85a6f4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242971, "uuid": "72d22a21-a47e-469f-b735-89a91fe13831", "comment": "Malware payload (AgentTesla)", "value": "1803a62e3b692cb364749959b8d53fe2967c6375", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242971, "uuid": "c9d531e6-8dc9-4706-880f-c616ec689012", "comment": "Malware payload (AgentTesla)", "value": "f1e8c8b31fef253e878aad310a20c0563e4b47f3510914212222cfbb98a3f4a6e4157f25a2ddf0b36fe11caf596885ae", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242971, "uuid": "d39e8308-3b23-4542-99bb-eb55a64893cc", "value": "T124F34C29A3899D12E3ED0178C8B101590AF3A1439E77E75D0DA1ADF63E067C3772ECA5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242971, "uuid": "221ef65d-2e79-4a1f-89e9-07cedbd63ee8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242971, "uuid": "7d82287f-55e9-4991-b1c8-002ddfc6a80e", "value": "3072:WUn9osyWoPdsTx3xh1jhIL4/m3PkRalUbaHTNNBt:WMoMusTxhjqmalUW7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242971, "uuid": "11a153d7-7e84-4016-9f05-cd9e9c7946fb", "value": 171008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242971, "uuid": "e53ef7c8-9a71-4c14-825d-69862c8b9041", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242971, "uuid": "3b73f43f-2136-4f5c-8cca-57ba9e8668c0", "value": "1687242970f421a5d618cca615bb551bf60b38cc72b6f49ea7610782699ce081ef57fc0b77317.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47a91496-0f71-11ee-b3cf-42010a9c0076", "comment": "Malware payload (QuasarRAT)", "timestamp": 1687268970, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268970, "uuid": "f1da8fce-1fa4-48c0-8d81-3da349d3780b", "comment": "Malware payload (QuasarRAT)", "value": "f9bbc48fa75a646f11a8771c5eadfc91", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268970, "uuid": "682ec591-a33e-4635-b2d7-77bdc090e229", "comment": "Malware payload (QuasarRAT)", "value": "1c300da55b692124f8efeda5305d86d4e280bbb785ea87cff49239dc026a7c55", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268970, "uuid": "51ab740b-11d6-4d39-95ce-9c9699393d9a", "comment": "Malware payload (QuasarRAT)", "value": "903f73ec625e3a8ca291f369c5e0efe1e24e3e72", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268970, "uuid": "616af77c-4698-4abe-af0b-b3963551c096", "comment": "Malware payload (QuasarRAT)", "value": "62aeb25999d94818a3fc35836ab35d56343371c2a83a40aba07c4a7df3a47a34300509940e51d1fbfab6089ee1f4b94a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268970, "uuid": "6c08c526-09ee-435a-8350-8b5b4b359968", "value": "T17A353A14F7F855A5F06E7F32747158050A38FE07697DDB4B2B96A1980A6A380CCB2F63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268970, "uuid": "7fb6a205-8a35-4a2a-96b7-694ec1e5996f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268970, "uuid": "5e793fce-8948-45e4-a352-6c32ecb680ef", "value": "24576:1Cynkc1ZzBvtrZHFjMKY29kpj4elz781eHGp:wynkc1ZzBvtrZHFjMKY2G4el3VH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268970, "uuid": "6fc3ca37-5b38-46cb-a9ab-ceaf1702a6da", "value": 1085952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268970, "uuid": "ae24800b-3e0f-44b8-9edb-dbb098be9ee7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268970, "uuid": "e429e19c-bc22-43f0-b610-2336aa8c8f86", "value": "xg6hsb6VyKuk.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fbe0713-0f65-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687263964, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263964, "uuid": "7a11979d-ee27-433a-b53e-4dc46ee983a9", "comment": "Malware payload (RedLineStealer)", "value": "ec1a36b30d1146aad1ae8470bad7114e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263964, "uuid": "34a2d151-56d6-4d15-8812-02bcd53d8b3f", "comment": "Malware payload (RedLineStealer)", "value": "1c5c8058cb97bc9d884c1062f5e550b5370738f96950a6a747fd545ba80792b9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263964, "uuid": "3f80b6f5-b73f-48a1-a928-925fccad11bd", "comment": "Malware payload (RedLineStealer)", "value": "fc032b0d435817097c8d776af7510c6790a646af", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263964, "uuid": "e8107311-0b2c-41aa-9cf0-dd9f97663e8b", "comment": "Malware payload (RedLineStealer)", "value": "a0c61ca8e903aa0201012287e8871ba7857c334b96b17682bd48a0551e348358897ad5e71adf4c6266b458df2a505d38", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263964, "uuid": "d19380ff-5622-49cb-9877-8b6081583e64", "value": "T1E784F50382A23D85EA658F739E1F87F8760EF2508F497B75221CAB6B10B41B3D167B11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263964, "uuid": "70e327f8-4b06-404b-8da8-cc35b84b494d", "value": "7240fa76536531357d99f937a15ee51c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263964, "uuid": "62497757-484b-450e-8f1d-c9e2c14521d2", "value": "6144:hqOnd2gk4qtigBZBUeKOeoQoWD+ZlXW0xXx:VnEgk5eeKOeorWD+Lr/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687263964, "uuid": "1bd0d6ff-9025-470d-a6af-d8f9267160c6", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687263964, "uuid": "959d4a78-53c0-4e63-8de9-6dac8679ea66", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263964, "uuid": "5d4d3f7a-f916-479b-81a6-bf6236feb4f3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba18241f-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687243821, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243821, "uuid": "8ac0bede-c4c2-437b-ae24-e95c23814062", "comment": "Malware payload (GCleaner)", "value": "33bbf60952da13ac774f1508298d8ec3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243821, "uuid": "d2be9791-b7a9-4d99-8e75-dbfb1183bb8e", "comment": "Malware payload (GCleaner)", "value": "1c821e8b3af28342dd4b32a281cdf1c9f08531ea85811ff82e44e5a23b2414a2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243821, "uuid": "28370dfb-a03d-45a9-a1cd-7937cf5330c7", "comment": "Malware payload (GCleaner)", "value": "2eb4b0601ace67c2d1846eceb97e708a809e1612", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243821, "uuid": "428e0525-2b06-46cd-8f6b-60befbb58f0d", "comment": "Malware payload (GCleaner)", "value": "9880dfa28b49a0eb3b60ad965448a4db34b869548e2c96cffe7b03db522a33e8b6971e006c1f0916d1ffdfeedf8ccb9f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243821, "uuid": "fc0f2054-0723-413f-adb1-bb48cea7b686", "value": "T1FAD523554BACD551C0FD8CF9FFE133D8B134A0202AB601EA69BB663BE8A564D1E3B144", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243821, "uuid": "e5fc6afe-63b5-48a9-b196-bd4496340813", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243821, "uuid": "c20873f9-ae3b-4da6-8bb7-fbbc2f21da11", "value": "49152:2GagILkCNuHrU+nKmCQQwJTuJDvjfwDER2Y/cSGaC3wF9VgSpyGapaYXZWXuN:fagZC2fnjVmjfwDERP/jGf3o9VgSRapX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243821, "uuid": "6345fb66-253e-4cc3-998f-6b0f586ab2e4", "value": 2755961, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243821, "uuid": "061b966f-3bdf-4bb3-b2e4-47ec06c8d23b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243821, "uuid": "a3bdac7d-1518-4e9b-a9a3-39c0ffb6fb12", "value": "33bbf60952da13ac774f1508298d8ec3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f1b8750-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687267774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267774, "uuid": "340c640a-daa2-4ef6-98a8-00033bcb1275", "comment": "Malware payload", "value": "d8d563417d69f9f465dd4778ec76f034", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267774, "uuid": "4c956878-75f5-4329-a2e0-969ac96ddc05", "comment": "Malware payload", "value": "1c96a8cb243e4d43a3629be03dbdbb72dcf5658934d549a68984fb7556af4689", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267774, "uuid": "a0ddc33e-583a-4f89-963e-797c659af458", "comment": "Malware payload", "value": "54deb575bf3795f74b8bf9ee01e0bc85f92a82ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267774, "uuid": "741d36e0-f861-4ed4-b72d-f4743ff67be4", "comment": "Malware payload", "value": "a46f66324b6c3fead2b5600955271030aed9d33b19c71595baa8708c5f7a018ac29d61eb8499a77eb480f8ca0d5ef6d3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267774, "uuid": "520564bb-09ab-4faa-aa78-ed8144858408", "value": "T143F5B0217F99447AC4633431C99EA379E26AFD706F35027721503E3EBA717825D2CA2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267774, "uuid": "8703d7af-dd43-4d2a-949a-d0955d986509", "value": "3a59fbae3953db98547eca04b6e84810", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267774, "uuid": "a2bd3fa2-7b92-4552-93c3-03c0f05bfea6", "value": "98304:8cPw9r0d3+iHJIEYAonjvM/WtaerABKPGD0RT9vyJoj9ghi1RebMIg9Cbk/V8:EYdRJerA/WtaGGD0RAJojDIg9Cbk/V8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267774, "uuid": "791c71f8-f1df-4771-861f-95fc5a9dc3df", "value": 3394560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267774, "uuid": "ef09ce94-3f7a-4504-8ed3-6bc686414bd5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267774, "uuid": "a0771e39-4660-4efe-a61b-d0535ab6eddb", "value": "24.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9932c696-0f95-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687284568, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284568, "uuid": "9af93a0f-ec0f-4b3d-ae1d-e3942a064e51", "comment": "Malware payload", "value": "d4a2783da50cc9ce373f3c8dbee0af2d", "object_relation": "md5", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284568, "uuid": "afa0af14-1cb4-417f-b79b-0c465bf8d8b0", "comment": "Malware payload", "value": "1cb66cb304e12f9693de6b138d32e2d0ad2050fb6d66c1229d3e73ca66937ad3", "object_relation": "sha256", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284568, "uuid": "f8ab772e-5087-4033-9fdc-190d25f5034d", "comment": "Malware payload", "value": "4a8899e9c7a3f7006d5b1dffe745df57085b58ae", "object_relation": "sha1", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284568, "uuid": "76f3cd82-a093-44f3-a975-6910527ed985", "comment": "Malware payload", "value": "e112d8ea0c9b9211d11b33b8f135934d4ab8ad8081960a7942aec99efa4c3f6a92c2623dfe75a3c4c57e55fb1a98fc34", "object_relation": "sha3-384", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284568, "uuid": "f0b34b8b-be7a-4551-b24a-02df592f80fd", "value": "T15475E00363DE83A1C7B29173B956B701AEBB7C2906B5F19B2FD5093DFA60121421E673", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284568, "uuid": "ae1cce65-89fc-48ca-94b5-ad88aee3d347", "value": "fc35a0089284ff9c7c45866438ea8a25", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284568, "uuid": "c7cbabb9-e65d-486d-8f7a-c92975aac666", "value": "24576:d4lavt0LkLL9IMixoEiUdzx0FomOReGh1kLbkZEFK0gmJBphnYf0sD:0kwkn9IM1UdzYkek1kH2EFK0gsBDf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687284568, "uuid": "d727d0f9-3611-44b3-88c9-4bc82c4395a5", "value": 1576960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687284568, "uuid": "6b70a973-c37a-4285-80e9-9989acecfe8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284568, "uuid": "71b030f6-8e17-4fcc-b574-031eeca4fb5d", "value": "3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0311fb5-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stealc)", "timestamp": 1687241282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241282, "uuid": "f73254e0-20c4-4faf-9aac-43e113b5f586", "comment": "Malware payload (Stealc)", "value": "482df2c11dc09fe2bdafae64e2edec32", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241282, "uuid": "333d9628-e633-4e7b-96a9-4bec82bb090f", "comment": "Malware payload (Stealc)", "value": "1d6d41fb0bba9acdace2dcd8063da1ade5fae6696d2d34c403df7a352540b415", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241282, "uuid": "b191f1c2-3f1a-4b42-9193-3329b057266e", "comment": "Malware payload (Stealc)", "value": "d026e4cc599be17cdf355f63d0af12ac52355525", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241282, "uuid": "250b151a-fcd9-426c-a189-f97c8a79d275", "comment": "Malware payload (Stealc)", "value": "36d29db2ce0061281bbd9b3c782c8e798acad78a2bbdd20b92988fa02cda50add34779628f0e2fb9160804709fef0011", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241282, "uuid": "de09e7a7-0aad-4963-9d1c-0537732bcef7", "value": "T1E714BF53A7D88072D8F52BB058F703931F36BCA19974831B2795A95E4DB3AC0A93533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241282, "uuid": "c1743b07-8674-40bf-95e1-39c514e5c740", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241282, "uuid": "0440f7fa-136a-4fe4-9e11-b4a511661aec", "value": "3072:cOhX0N7+f1J5GWp1icKAArDZz4N9GhbkrNEk1WhhOmt+g0RGTt2L5meWF7r:RhEN7+Jp0yN90QEJTOlgKGx2NmJFr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241282, "uuid": "bf8ba7a3-3046-4e58-9ac2-5b796a18b27c", "value": 190976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241282, "uuid": "7d8db50a-94dd-4e89-917f-8e991f4fbfd3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241282, "uuid": "d6c34945-9a98-4fce-96ea-4a692709c1e9", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f597eef-0f5b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259668, "uuid": "5b78e62d-482f-465d-a54a-3fe75e634576", "comment": "Malware payload (Mirai)", "value": "365b498f2362397794648d50de3d8135", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259668, "uuid": "9cc7c9b2-678f-4cd6-b15a-0eeefbc37e8b", "comment": "Malware payload (Mirai)", "value": "1e44580f0d0a0b6dc808d26515783bff730138efeb794abbbec6df7582ccbc3a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259668, "uuid": "9a02241c-5607-44d4-ae54-33531e194406", "comment": "Malware payload (Mirai)", "value": "8da88c6447daf9b2f876b266b63e12eca5975c8d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259668, "uuid": "29615446-3135-433c-afeb-5d2aa35afa75", "comment": "Malware payload (Mirai)", "value": "effa34c0c26219db3c1e2feda8f7b9a1462debac794479dae706485d6cba7724b3ac3d6e763151543b14f8e726f2ceeb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259668, "uuid": "6c9d871a-990f-42ce-b879-222f8b8b002b", "value": "T18EA3F972E642CA72C44306F102A79A6B0D21BE7B0A3A5E86F31C3DB49F334C97555F59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259668, "uuid": "e48e792d-132d-4ba2-89bc-c8cad76ce1f7", "value": "3072:SOGAEtZoGZKWl6u4YTnbHXbimmFVcqq0G27ZT:SqEtZ755nbHXbimmFVcqq0G27ZT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259668, "uuid": "d5084575-086d-46b8-aa45-50b22167ad00", "value": 104139, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259668, "uuid": "7795763a-fc08-4080-ba6d-e167f4ab721f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259668, "uuid": "e039c09e-ebf4-4c8f-b228-d44caeb2f8a9", "value": "365b498f2362397794648d50de3d8135", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a19a566-0f95-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687284570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284570, "uuid": "675a4134-91ec-4f8e-9b8a-b8d5eb0a22df", "comment": "Malware payload", "value": "dac91eff355343434fe003d4b3939821", "object_relation": "md5", "Tag": [ { "name": "bjkataraedu-in", "colour": "#23A69F", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tryag", "colour": "#F6A303", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284570, "uuid": "403899b8-c4cf-4664-9ee5-387e03ee9d33", "comment": "Malware payload", "value": "1e4885a57bb9cafe0506339d60aca8c41083a7e09778230fa97123579f0d263f", "object_relation": "sha256", "Tag": [ { "name": "bjkataraedu-in", "colour": "#23A69F", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tryag", "colour": "#F6A303", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284570, "uuid": "e99e5920-8439-4cab-8e96-8c62b14b8c07", "comment": "Malware payload", "value": "0c904db5254b61a9e40b8863cd033674d438c772", "object_relation": "sha1", "Tag": [ { "name": "bjkataraedu-in", "colour": "#23A69F", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tryag", "colour": "#F6A303", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284570, "uuid": "951dfb98-5c65-45bb-9505-d3a78a540103", "comment": "Malware payload", "value": "ac75e14e7ea3223741c1639f86592bad86e6faa67c0534d4ff59ff3d20b2083b402aeb8c42c519386eeadd085442399f", "object_relation": "sha3-384", "Tag": [ { "name": "bjkataraedu-in", "colour": "#23A69F", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tryag", "colour": "#F6A303", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284570, "uuid": "13e7bf60-f931-4ac0-b8d8-bed1b8b245ae", "value": "T19E3523578C8FACC6F05D613134169A630E2A7D0F4A6B47D022A8BFEDF7A7411A5E3D21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284570, "uuid": "3a893750-5dd7-49af-8728-56de6a80787c", "value": "b9083dd82a429a49d949568d3647ca0d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284570, "uuid": "7179b514-64ea-4155-b60a-4e25dbe7d30b", "value": "24576:PhloDX0XOf4lLZPs0dx0JHCQ9EfYOjI4duYa5OKdVZnpaRA:PhloJf6FFdu7gj7dm3b/+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687284570, "uuid": "a2826c68-d636-4279-a2da-1cdefbbf331f", "value": 1095168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687284570, "uuid": "cd5be8db-a224-432a-8ebe-65ed998d3565", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284570, "uuid": "ff92db7a-9cca-411c-ade5-a85b5f9c71cd", "value": "Acrobat.Pro.2023.x64.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4552b64c-0f3b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687245773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245773, "uuid": "5b33fea0-e00b-4abd-b02e-b7049d7d9948", "comment": "Malware payload (AgentTesla)", "value": "6f3b6d75a2edd02f982d264ad26fe26c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245773, "uuid": "40d35644-9d31-430a-94a7-a6c124e36029", "comment": "Malware payload (AgentTesla)", "value": "1e78015efee2b6e94749afd35ae539a88520ff959e06ca20683c6d0d7218b4c2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245773, "uuid": "d562aae5-95f4-40af-8722-b240418ab282", "comment": "Malware payload (AgentTesla)", "value": "b8d909c4e2e84ed34136040ee39c1f06315248b5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245773, "uuid": "12e5b90d-7f43-47f4-bea2-842f1eef3ca0", "comment": "Malware payload (AgentTesla)", "value": "8a6d04ef138f16459ccbf94901abdd87a2fb9af8beb9ec746a2c9d1101b6e81a443721d5892cea663bd66049164918b6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245773, "uuid": "c39ecbd6-8d59-421b-8d20-7db2cac98f07", "value": "T16005E19C7651B19FC413CE718914AD70D52468AB730BD38798872DEFBA0E9DB8F301A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245773, "uuid": "a02a60e3-11cb-4902-a757-784a5bbc3551", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245773, "uuid": "91b98743-179b-46be-a254-0803b5bd9168", "value": "24576:V5tpZLzu4CZdOOqOcxPXKkHpkGd3UTgoZ:VtZz6ZYO9cJKIpkuBoZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245773, "uuid": "ed73ed78-c37a-4f9d-9758-d1ee22d5c89d", "value": 826368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245773, "uuid": "8c34b514-6c5e-438e-b7cc-d2a20e70e3fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245773, "uuid": "018d40b9-941f-4d71-98e5-d0036cb52479", "value": "Invoice To Be Reviewed.GZ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9014423-0f3d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687246880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246880, "uuid": "1b4966ba-9b62-436e-a588-0d19da80cee1", "comment": "Malware payload (RedLineStealer)", "value": "ba0005912d72e763d5e269dd0b203951", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246880, "uuid": "c9791f84-ca48-4387-ba53-5d05397ba25f", "comment": "Malware payload (RedLineStealer)", "value": "1e86ba19a1c4464b3d7d7158b36a4715eabc87c281373535069ecf534c0e6d3f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246880, "uuid": "b31bf19c-c0a4-4008-bdc7-bfb94cd6e189", "comment": "Malware payload (RedLineStealer)", "value": "bff6b1834d085d511ea4969bb8ffc096c13fbb72", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246880, "uuid": "0e12c70b-4c8d-452f-aa4d-30b31935ecd9", "comment": "Malware payload (RedLineStealer)", "value": "31a5120806c05d6f6a40c42a85e3eb845e0000b3e67bab2fe64ed122806c930c204583f9662ea9783fc6f101589826ca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246880, "uuid": "6f3a2f44-7b7b-49ee-9b83-5261ebfa9323", "value": "T1BBF41292B0C4B134EA710630AC6A78927CBDF4A14F248DAF7F94732E4B755E0B9B412D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246880, "uuid": "e8feb168-22c3-4c6f-bb86-ad7204acc23d", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246880, "uuid": "dc707eaa-4fa9-47de-8fe0-4dccf4ca5cef", "value": "12288:ytgGRxv7fWlu+T/2oJBoYaR7wbQHI591gCeCGOYTmu/Fn:CRd7fIulkhaEMq0LFTZ/F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687246880, "uuid": "53f28073-677e-462d-ae0f-294a21a6e108", "value": 761344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687246880, "uuid": "b489a78e-878a-41c8-adc1-fdc558a05cf3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246880, "uuid": "b01609aa-b674-4647-ae8b-cb866fd91c0c", "value": "ba0005912d72e763d5e269dd0b203951.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "960bebd5-0f8b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687280268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280268, "uuid": "276a035b-740c-48d3-8b19-072c13d8df0e", "comment": "Malware payload (RedLineStealer)", "value": "2f95c6c65128e91b48661aa5e717e2ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280268, "uuid": "78e5cc7f-6fdb-4b9f-b4d9-555e01a764b9", "comment": "Malware payload (RedLineStealer)", "value": "1f01a5e39f97eaba82c33369fe7334787a263becd53d7a21077f9ba657fc0905", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280268, "uuid": "e11be32b-c12d-4fe1-ab32-f231f2e2b972", "comment": "Malware payload (RedLineStealer)", "value": "5769220681c2cf785ace577066c6ae282f19dfdb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280268, "uuid": "9308c317-dd73-4fec-bb12-2555f097e74c", "comment": "Malware payload (RedLineStealer)", "value": "652be92dda491d22b1c6d69caa73c83d8ec69d33a4998efbf8ab90acf5094b132093eed0b7e220185a5d0202c63a571b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280268, "uuid": "1fcd351c-fba7-4f59-bbcf-76742704f78d", "value": "T1F615F20171C28473E46715324BFDA969DA3DB9B007AAA6EB63D48D6ECF30ED0FA31415", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280268, "uuid": "6a05ace7-2923-4bb6-a410-91a1d9acb3a6", "value": "9af3e93e35221a2c8c04a3cc05e589b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280268, "uuid": "86b26a0f-5143-439c-b326-be02adb4618a", "value": "12288:4Z9qjyk5ADBOAMwAphBWHxzntzDUHTvEHA6rFfsbaCwqH36pa3laUIxfC/bO506j:juDBkatfCLIjFFXqqpa7IRq/6LxhB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687280268, "uuid": "10682b30-412a-4d2e-875c-84135283f84b", "value": 914432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687280268, "uuid": "b5166fc5-cfb0-47ab-a74f-f34b85175a99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280268, "uuid": "e0ccb349-35c7-47fc-9662-22b288124217", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ea4fb64-0f25-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687236420, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236420, "uuid": "068da8c1-4aa8-48d5-a2d1-39fa3882237f", "comment": "Malware payload (Formbook)", "value": "fa24b7c4c3dc0c6d0b942eb96e4f18a0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236420, "uuid": "f538c77e-7506-435e-9cbb-37225d6dedef", "comment": "Malware payload (Formbook)", "value": "1fcaaed1008bcb79bbfac57a3927a03a8364ab00fce3080b2ea581116a6e8ba6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236420, "uuid": "c2d9de4d-0e8a-4393-b86a-9a24c1fb0c34", "comment": "Malware payload (Formbook)", "value": "37be005b43001e4a3cd0bf922c3c5092b711ecaf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236420, "uuid": "22ad7f43-cddc-4e56-8667-8f398d2e3f28", "comment": "Malware payload (Formbook)", "value": "ebd7768723e312fdfbbb5c802f75432290a1f4014b383b9335622bc3068020104dfb67aa2ee222951d2510cb9e59d521", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236420, "uuid": "962a1304-b8b1-4be4-bf75-733d8672c8b9", "value": "T19B44124C6AB1CACBDC722733777C17FAAE65953164FC164F47705B28B920BA1E81A342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236420, "uuid": "148a10d6-d3dc-4bd7-b409-9ee060db0c09", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236420, "uuid": "081f07da-cd05-4ab6-8d80-84ea218220e1", "value": "6144:/Ya6Id9xfmNNjisQm9E/WtwQ4OBXLY/GOwq6q1IDgFhfaoew3:/Y+3xfmN2sQUKQDXL0q8ICB3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687236420, "uuid": "a51c16ee-0595-49c2-9e43-5665fe76876d", "value": 272284, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687236420, "uuid": "10d81961-8798-499e-ba03-2591480d7bdc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236420, "uuid": "2dd3b798-3dd6-4baf-9bc9-a6fb8eecb8a7", "value": "fa24b7c4c3dc0c6d0b942eb96e4f18a0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6fa9d1e-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (YoungLotus)", "timestamp": 1687288135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288135, "uuid": "e1247001-f9d5-4137-9505-bc88b5f54f82", "comment": "Malware payload (YoungLotus)", "value": "c3335fb82a1157305584745f00eaac60", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "younglotus", "colour": "#8CB710", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288135, "uuid": "e41d2792-f206-4b59-a145-3f9a1c221313", "comment": "Malware payload (YoungLotus)", "value": "2057eecca1d0993e8d613a34f47a147109517e5bd7d1db80d2d87db3a82e3cec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "younglotus", "colour": "#8CB710", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288135, "uuid": "ff70e399-d484-438c-8693-49ffa7795939", "comment": "Malware payload (YoungLotus)", "value": "17e436d4e4b2050e90841d253cf2fccb0452a8a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "younglotus", "colour": "#8CB710", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288135, "uuid": "02e0ba39-7b42-4d3a-b204-af882d1763fa", "comment": "Malware payload (YoungLotus)", "value": "9592ac911998f8eb662a163e40207b2bfec58ddb435afbe1cdca32ae2221a0719e1ab9909c0f959fa6dfb308b1219626", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "younglotus", "colour": "#8CB710", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288135, "uuid": "f834d53e-78bc-47ab-b143-d03791c703fa", "value": "T17BD301A4781A8674E4930F748967A62FEF60AE0347054F0B77DDB62EBC326506E613B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288135, "uuid": "8a43b497-eaed-4bba-9fe7-01a53aecabc2", "value": "e5945fc8c5728f57eeafb213e3bacf33", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288135, "uuid": "1abfb164-63a7-42b9-9033-d0ef5e79239d", "value": "3072:wP0DcAUOeyFbi08sprRp0z75EXvXBWoz:afOeyA0jp0z7mXQ8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288135, "uuid": "5bc898aa-7491-4a53-9848-d7c7612a9c3e", "value": 131072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288135, "uuid": "c3dedf44-3d80-4e1b-84af-a7fdb81af99e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288135, "uuid": "be751bac-57c1-4c7b-873a-835a823eff71", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bc1a366-0f05-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687222591, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222591, "uuid": "91d1f995-442e-41bb-ac6a-cad244d8dfb6", "comment": "Malware payload (Amadey)", "value": "2ef52604e25795af18d262d1dee33739", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222591, "uuid": "89e5e980-245d-48bb-8ef1-5193455ecfdc", "comment": "Malware payload (Amadey)", "value": "20720467748d05be1ab69c778a39903853055c152611ad382598289fbb477c14", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222591, "uuid": "ea1eb1a5-e18c-453b-84b0-057fa97ba238", "comment": "Malware payload (Amadey)", "value": "4ffaaa63d05fe0736a704461b6b98bf62a80f59f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222591, "uuid": "a72f7e6a-22a0-43a0-8092-e1712d8d7318", "comment": "Malware payload (Amadey)", "value": "ef0fea1bcc8b5e616a1c96b7d54d90803a4de1d9cfcbeba8bf6ef41acea4fa6023ac5b338353c358d5bfe088b1cbac4e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222591, "uuid": "610aa670-c46c-4421-9431-5895ded1602e", "value": "T1B2F41280B4D4B134E9614930AC7A79C3ADADF8950F358CAF3F94331E8A655E0BAF452D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222591, "uuid": "3f91a3b6-9660-4a89-b928-792b05c13c9c", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222591, "uuid": "0aa0a473-6a00-46a9-bce1-558e20cf2cb5", "value": "12288:zTGU1XRJv7fWlu+T/gu8aa1Hg0pijZ1yVYLR7jRZ9u1O3GxP/E88dg4t0:zTZR17fIuwva1A0p61yGRwqGp/i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687222591, "uuid": "9f1e790c-fb38-4576-8c4b-35371e20adae", "value": 760832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687222591, "uuid": "d6f4eb5b-6c25-4fe4-9274-14c1aab31ffa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222591, "uuid": "4cd7da93-b908-4987-9d76-b64748c7d954", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da3e8a55-0f5a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1687259337, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259337, "uuid": "a21f6915-bed2-41ba-9cd3-96500d6de519", "comment": "Malware payload (GuLoader)", "value": "aba95d32ceb459d5fc7f82d3f3ad0d37", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259337, "uuid": "507b158f-83dc-43ce-9668-0a39b0011461", "comment": "Malware payload (GuLoader)", "value": "209521dc08b1186e9ac56e1d4fe3b30e20bd5f818b9391b779affd531258a100", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259337, "uuid": "051c93d3-ee6e-4d15-8a0c-6b26a01c4b1d", "comment": "Malware payload (GuLoader)", "value": "fd47a4c2eb8dfa6bee052c991d837b3244758bf9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259337, "uuid": "f053f680-251a-4cd2-b611-8ac3c625a509", "comment": "Malware payload (GuLoader)", "value": "93db3860168b0ebadd77f378ab9814eb16d85fcf4263786d499170e8f3b12b27ef9313e559e987c3acb4b2d61752ba9a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259337, "uuid": "15c781f1-acb5-4d48-b104-0500e822f504", "value": "T1DE7423031725C437FE839E705F7A6B234E76989018B0454717CA2ACEBEB2352EB1B741", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259337, "uuid": "1cbc5210-059e-45e8-84bb-7868b60949dc", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259337, "uuid": "728e491b-f264-4fb5-8d7f-32dcb06d7b61", "value": "6144:x3hqLWglOGTPpahHFPPezSBXeqWoib0z85Nl7l36/jB1nJ39tXsl:x3HglNTPpahFPDoqWoib0Qn7I/jB1J3k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259337, "uuid": "b0ba0aaa-a090-4fc7-ae57-3682754d6990", "value": 370872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259337, "uuid": "2d634c01-1c11-496f-872f-4034504028ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259337, "uuid": "d82950b9-b2e5-4197-b0dd-1ddc67424d0a", "value": "Aresphe - RFQ20230620-Bill of Quantity.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aeb2b10b-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (BumbleBee)", "timestamp": 1687243802, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243802, "uuid": "935760b9-2046-4064-887e-208f44d91bb2", "comment": "Malware payload (BumbleBee)", "value": "1fb0c8b5d8ef25661fb0f89d676e2e49", "object_relation": "md5", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243802, "uuid": "3282e0cb-60ce-4bab-8f50-8f46772ec27c", "comment": "Malware payload (BumbleBee)", "value": "212bddfe0446f5f5037d8452bb9f4fad2823502917546811a97d6b4c555d5ad6", "object_relation": "sha256", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243802, "uuid": "f592062a-6eb8-4844-a42d-2e3d4b12789e", "comment": "Malware payload (BumbleBee)", "value": "1b284a2b2ab3c733603a702320d9c55c3b74bd91", "object_relation": "sha1", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243802, "uuid": "0e45b1c7-726c-4997-ad22-bd03164c19fd", "comment": "Malware payload (BumbleBee)", "value": "3c50f31127cf0a99b1c31c157349169a15201f4064cd8333c0ae43f1bc768c5df4b0c7c352b0c4d9efaf9be565d1d855", "object_relation": "sha3-384", "Tag": [ { "name": "BUMBLEBEE", "colour": "#0D37AF", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243802, "uuid": "a34c0b0f-68ab-42ad-8c56-f36f96c7b3e2", "value": "T1BA45E011E6921FE8D4B39176819B352BBB307E184324D3B7ABC0D6377D937E05B1AA60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243802, "uuid": "d7430cf6-7927-4cf9-9f4d-81f4e76a5681", "value": "47e01530ad43ec939d1c47709a80a5c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243802, "uuid": "ff5b3e29-661f-48bb-b65d-f5593f52fe1f", "value": "24576:V88Kjwqgo6dmg6XKZz0AUfOwZbB2aBnRLI151E/BgXRzyCF7z7vb:u7+ZU3TODE/CdPb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243802, "uuid": "99d2207b-6704-4398-a92f-e3c44a308e02", "value": 1222663, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243802, "uuid": "cdc5ba13-e468-42fb-b3f4-5c1bb75d5f57", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243802, "uuid": "52f38466-4ee6-434d-9022-2d1d25ca03f7", "value": "1fb0c8b5d8ef25661fb0f89d676e2e49.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c9ad8b2-0f37-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687244040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244040, "uuid": "51577103-4ac0-4b27-9a15-74286c4d62f8", "comment": "Malware payload (AgentTesla)", "value": "e8f344422865d7fde6617bfb38364f01", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244040, "uuid": "8f5bc439-185d-4f3b-b8ca-6a370e877172", "comment": "Malware payload (AgentTesla)", "value": "216e8743347dc86b61953a60917a48669dd6d039fdcbff99ea2893959f311a23", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244040, "uuid": "ef80e470-8e6f-4670-a6db-990ccbd40db6", "comment": "Malware payload (AgentTesla)", "value": "71cec9339d3e21934e43ab7ad214209ac0c8feea", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244040, "uuid": "0560d370-cc56-4ba1-8eda-7d698a2ea9fc", "comment": "Malware payload (AgentTesla)", "value": "4e65a8ebc9df270c1e1dbc3cc97ba3b1c12ad32fa57f11a52ff5a561e8b20e0e72d5b705fc1f5c567bdbe9540876c4bd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244040, "uuid": "22fb2781-82de-4f37-bf77-da2fa7bd3f33", "value": "T162F412149A96972BD05B4FB85810E374813D6DC97621DAEF0ECF7CDB7E527CA023860A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244040, "uuid": "97c15e6d-efa8-4ed0-b419-c43ca9ecbd14", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244040, "uuid": "8e6c0e21-8110-4aa6-9b9e-9a27a3792c22", "value": "12288:yb903YPXuPM7q6bpw4dcZda/igJso5McBF/1uQjO8iX4TEFMUSZCQqQqfU3Fsf+R:yb903Y9zu4CZdO6oMAVzniXpFC/l3Ac9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687244040, "uuid": "da5ceabc-3b91-42dc-b057-dd76a2e1538a", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687244040, "uuid": "bf3b03bc-a03f-4cf7-9e4a-9b7e48f157ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244040, "uuid": "9cfe6ac2-f48a-43cc-9255-ac8779083484", "value": "rfq#5644700.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f01d148-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1687243615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243615, "uuid": "3d821ec4-2069-415a-8282-161b792df70f", "comment": "Malware payload (NetSupport)", "value": "138b99ece8e9d4b970b65b9b0dae44b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243615, "uuid": "4e3d724b-0c32-4f0c-a7c5-a1b3a57731ce", "comment": "Malware payload (NetSupport)", "value": "2174b4c58eb43aac8e5e0061ff0bc45125f4cb64404d552fe25ea6ac1777113d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243615, "uuid": "3cc43118-675e-4014-b37d-93eefa36bca5", "comment": "Malware payload (NetSupport)", "value": "172668b1539028e1025f1176c9127aba692f65ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243615, "uuid": "eba8ba33-dcab-438d-b5ed-b87d7f3e0a6c", "comment": "Malware payload (NetSupport)", "value": "61a2a3e2618725fc1e479e387ee9b818a6e640f5d46077467456583ded70ba570adab4868c04959728ae75011e08dfcb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243615, "uuid": "90f3ead9-2c5d-46a8-a48c-ce2fa23e7204", "value": "T172656D22F2C2847FC4723A7C9C5BB699D8157D102E28A84A7FE45E8C0E397433D699D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243615, "uuid": "0639eeb8-4ce3-42f9-864d-0a22b7df4ccd", "value": "78c9e2c31285b4ac9148c2d16bffeed7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243615, "uuid": "dc05104d-865c-4aab-bf8a-82f0c278d98b", "value": "24576:yPmGZnLfQgqiWuvffICxlBs0Smags9ViRlv/lr/xbshp:mP1qfaBsFmNs9+pbs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243615, "uuid": "4a8eb572-78d7-4e97-9a7b-6fa7acd2d65d", "value": 1431040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243615, "uuid": "7afff71c-1019-4ad8-b44f-46b80e22e517", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243615, "uuid": "5d4dc46b-debe-4bb4-8736-b3eed97de44d", "value": "138b99ece8e9d4b970b65b9b0dae44b2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb446d77-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687243394, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243394, "uuid": "0b692eb7-85fd-4253-813d-1f1eeaed2450", "comment": "Malware payload", "value": "6ca6f96b623b83fc57058d5457e0376f", "object_relation": "md5", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243394, "uuid": "727334d3-947a-4ead-a6ea-0680e6440202", "comment": "Malware payload", "value": "2184033d7ec56ba7ace3dcb48d10e47874a638d8a7c01e0ed321c79d2e9e576f", "object_relation": "sha256", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243394, "uuid": "1cd266f4-1ff8-4f93-ac61-df1d602cde2b", "comment": "Malware payload", "value": "308bef625be5f30e28d97e47f16fafbe8d00d9d1", "object_relation": "sha1", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243394, "uuid": "35d6a70c-ca01-4506-abc1-72437b1b6c1f", "comment": "Malware payload", "value": "f5da79f5cf592332a409b15243db99d1b42b7a121a259d30d7dfc13617ff55477e9a5f07b4eabc66f1498f8340377a2c", "object_relation": "sha3-384", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243394, "uuid": "2b86106c-851f-46f5-9662-1c179b7c902e", "value": "T166E5AE06BA9ADE6AD3D62B3EA01741189A31DA137703BB2F1F7D11753D933B019423DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243394, "uuid": "7263c886-76a2-480d-91c3-18bfddc5cdc9", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243394, "uuid": "1e917a0c-93e3-41b6-81af-d0e856458b4c", "value": "49152:Y3KIL5dXdQ93ZWWkeBj8LgHSEFJGJfxlQJ61EvYMl:Y13HG8LgyTZfErl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243394, "uuid": "0644ff10-5d75-4cc8-ae4a-44915316f35f", "value": 3253248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243394, "uuid": "bde9f790-bf96-45bc-8c44-80b07d423d6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243394, "uuid": "c29a75d9-ede0-4428-9f59-106fde213cf7", "value": "168724339234e936a1fedc6121e0c7393abb37605efb0eecabd32c8efc8a76d907fc8d438b758.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a546e97d-0f66-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687264402, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264402, "uuid": "339f584f-104c-448d-a929-8172a5c1c87f", "comment": "Malware payload (AgentTesla)", "value": "c66932da943096a4aa2b70712139d561", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264402, "uuid": "e20dc4f5-e999-45dc-9169-04444aaf6c99", "comment": "Malware payload (AgentTesla)", "value": "21ea63d0aac1cb7fe26cc9693ba53b931f227bd26c333a622355ab218059fc58", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264402, "uuid": "6996dd19-c523-4e1b-a127-7c56492485e9", "comment": "Malware payload (AgentTesla)", "value": "cdececcbbbc1c63115a1eeadc0213dc2512c5632", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264402, "uuid": "0ea2d23c-d967-458d-abc3-f14c7e721988", "comment": "Malware payload (AgentTesla)", "value": "d16f523c96b337d9b82c502314408d697fd31ea81d521cdb8d6e9dffdda564ed511b64e1d747b1a7e44f75ad106476a9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264402, "uuid": "4ac8eeaa-3acb-422d-8e73-8024cc2e573a", "value": "T188F4122816A3462BE1671F785450F374A1BCAED9B712D7DB4DCB7CD33A227D90A3060A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264402, "uuid": "6daa79a4-6f3e-4537-8014-266dbee89a9d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264402, "uuid": "1c4903ad-4c5d-4cb2-a126-4dd691b6dc7b", "value": "12288:kb903Y/quPM7q6bpw4dcZda/igJvmQxoJlxRFlCWNsjcJ3IkQ4r1wiitzw:kb903YSzu4CZdOYgEoWWcFIkQ4r0t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687264402, "uuid": "9959d0ad-6d0f-47ed-a424-c4f5e2627ffd", "value": 745472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687264402, "uuid": "ad7838df-f24e-452a-884d-c504f05c868a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264402, "uuid": "28cbfbb7-d82b-42ba-aae4-272d8f25812e", "value": "ES00922-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61a731aa-0f2e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687240237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240237, "uuid": "6f6e446e-48d4-4899-ba5d-b2baaf840e95", "comment": "Malware payload (RedLineStealer)", "value": "27aabc5d03d835330e443cff9a4627a9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240237, "uuid": "54180499-e4dd-4039-9bd9-f58fd7030b0e", "comment": "Malware payload (RedLineStealer)", "value": "21fad8616890cf4f837256c1f08a7253eb2c635eda856b4bf0bdcf757fe11df8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240237, "uuid": "c0312c9a-a9ff-4a7f-8ac7-89980f23ab98", "comment": "Malware payload (RedLineStealer)", "value": "507a35deb9cea04a366bfd3d4a05cccce0cdeb11", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240237, "uuid": "6c7224e5-1cc1-4a63-a851-eac734c675b7", "comment": "Malware payload (RedLineStealer)", "value": "de342b8b1f6a85f9bd1b0554e04037bc1fda86407645341ba41c85411fa489ca7b730162f1de311c4a8b06165a2acd96", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240237, "uuid": "ce4ec600-72d4-49bf-9080-8918a42bf779", "value": "T1B7F40181B8C8B234D9310931BC2EBA926D7CF4D44E60D96F3FA4331E8A655E0B5F965C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240237, "uuid": "5bfbe83d-6f71-43e4-b80d-32fd4a093904", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240237, "uuid": "3c740c2b-4658-4f95-9d9a-2756c3fa278d", "value": "12288:OgzMNRwv7fWlu+T/wKxMaf8FY7YBXJ0YoKDoHWu3WjjYy6DYGeRhT:uR87fIuPKx4FY7Y9iYoKDU33ygY3Rh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240237, "uuid": "d493e670-0c8b-4c04-afa4-e056b8d6a2b5", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240237, "uuid": "bc91cf7b-8239-497f-b9e1-a6eb270f04f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240237, "uuid": "f20a2923-110a-4701-b1d0-a7314f980c57", "value": "27aabc5d03d835330e443cff9a4627a9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fa0e101-0f41-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687248394, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248394, "uuid": "05c2f8ba-1947-4b35-aa14-5092c2aad1d8", "comment": "Malware payload (GCleaner)", "value": "e6a3c316f26733d57b4dbcc037cf6e36", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248394, "uuid": "a752ed98-b32d-4749-985e-66983b7004ca", "comment": "Malware payload (GCleaner)", "value": "23774c27f7f1f462299c731005ee008aca92884625a97dbf6ae8cca78448dd2d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248394, "uuid": "7ff96f0b-36cc-4b23-9082-9c80a15dc30e", "comment": "Malware payload (GCleaner)", "value": "4e42330c33cec10ec1ffd617aa2441b50222779a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248394, "uuid": "ac23f4b6-1321-47a4-9e79-fd82eebb7f2c", "comment": "Malware payload (GCleaner)", "value": "fffb0c9aa3e8be8840af6c29419857173e57d20439cc528938d833bf08cf2354946a96033fd5f6f5ce72dd92901b4162", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248394, "uuid": "7f2d6c3d-ae76-41ab-b850-dd88bbc6a923", "value": "T129D523525BFCE440D0AC84F9FFE133D4B134A5641EBA42E658B7A63FE4AA5991E3F100", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248394, "uuid": "f85ded30-bb92-4ce5-9312-bc6fa35c5469", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248394, "uuid": "0a5083d4-bd24-4b04-8f73-2868e4827abf", "value": "49152:2GagP6opRR4nB4L1eW1I+mt1bx/oaUfEEuq1NFWKYylmJBWXuN:fagS9B4gTv1XqEEtInfHN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687248394, "uuid": "77bd7fb0-46c4-4e17-a8b6-26cebaaa2a74", "value": 2772778, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687248394, "uuid": "596e2c82-a254-4249-a0f6-f637ddc02de4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248394, "uuid": "6b9881fa-a91b-434d-8ef5-4a1de0c9c607", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3073f36d-0f59-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687258623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258623, "uuid": "33a858bc-5768-4b21-bd49-ad5d37c96a45", "comment": "Malware payload (Gafgyt)", "value": "9158535f73e78d064c3e70b8a23eed85", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258623, "uuid": "c14b2b73-e781-4ce3-a935-59ff27349f30", "comment": "Malware payload (Gafgyt)", "value": "23c0bc351fd9536c46cbac7709f15105064ac26a345be0c3d57b9e305fc28d54", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258623, "uuid": "3fef075d-b7dd-45da-bec2-9a30cde0793e", "comment": "Malware payload (Gafgyt)", "value": "007288cb3e264feeeaa4652927a23e3bab0b3750", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258623, "uuid": "d4c1d6bf-59be-4b3d-bbba-6e41ef9c3cd2", "comment": "Malware payload (Gafgyt)", "value": "8de56da3b6051fc249619c1cf87deb3c9c9d53cbc36e093c63376277c444ffa6e9ca97a6d87a8724a419a91477047abe", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258623, "uuid": "4dd1837e-6dd0-4eba-9f72-a1970fda67e7", "value": "T10FF33A486665C5F3D5930FB511A76B980B37FC391ABFEE41F328BCB04AB1098B919718", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258623, "uuid": "05228c8c-5c2c-4853-acf4-60c1224625bc", "value": "3072:jWmkeQPcKVg/Y/SSjKJYoeqS4QmZeLCj/PYpXE/THBe5:f1Qjd2Jdm4QmZeLCj/PYpXE/THBe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258623, "uuid": "77c915e5-49df-42e0-93f9-b20075100319", "value": 165732, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258623, "uuid": "13df3cdf-2fbf-4bf2-a487-d51b051d1080", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258623, "uuid": "29d65288-0fb4-4a35-8e27-974ce68aeb63", "value": "DFhxdhdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a228d978-0f74-11ee-b3cf-42010a9c0076", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1687270410, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270410, "uuid": "9a66baa7-4367-4d35-a3c6-76562aeb372e", "comment": "Malware payload (YellowCockatoo)", "value": "f2586b77da8b083581c7104c4d776df1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270410, "uuid": "b55d88d9-3593-40c2-a641-383cc72a00a8", "comment": "Malware payload (YellowCockatoo)", "value": "2441b36a1fad681dee37e652f34aa3ee5c0668a54c2023324508385def8c01f2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270410, "uuid": "09675481-577a-4272-8527-86680472f169", "comment": "Malware payload (YellowCockatoo)", "value": "1446e669a16704ede2995e465c16dde7e4b5139a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270410, "uuid": "827adbbd-85ce-40dd-a854-3140ae89ec48", "comment": "Malware payload (YellowCockatoo)", "value": "7754cee44adcff2d37c9cb0bc27cf2a88f44712b5939630af56234d378530aca5fe15a25f5374dcc585d2758a536d09c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270410, "uuid": "c1ede7bd-19e6-48e8-a087-b7c4114c739b", "value": "T135F42240FFA7CB21AB7C56E83A9BB7175B25A6FBD0D6DF1A03B7903418A993530811C1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270410, "uuid": "8515b999-c17e-46b9-a3c5-d69092b95154", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270410, "uuid": "a6e2c543-e681-4831-89a6-0c738fe69f45", "value": "12288:ncRCbV/TpMGZS7WaCmTGON6Grb/LNtI4detY6koXa:HbPTlmTV6G3vI4deR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687270410, "uuid": "ee179e0e-d425-48d3-8ad6-e6cc3d01d3da", "value": 728064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687270410, "uuid": "8f2d45be-475c-4a75-9abd-987072b8b0e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270410, "uuid": "b71c2124-d113-45f3-9091-5ed64ba02577", "value": "1446e669a16704ede2995e465c16dde7e4b5139a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fbdb782-0f43-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687249280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249280, "uuid": "9cdbf3d0-1699-49f3-be30-8e5cc8457663", "comment": "Malware payload (Amadey)", "value": "5d2a159077ee811139077c6b771759e4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249280, "uuid": "a7f70531-5a0a-4ae5-b0a9-5d675e30adc6", "comment": "Malware payload (Amadey)", "value": "24856252455774497eb59baff612ce107ec6c65c50cb62c76f4950b7b565b00d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249280, "uuid": "0cf1ac10-40ff-4dcf-888e-773b692f8b84", "comment": "Malware payload (Amadey)", "value": "75e8d32321fd55741d1e97d3fd5454e3d3c7db9d", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249280, "uuid": "46435342-10f3-4ce9-abf2-948e630b8e88", "comment": "Malware payload (Amadey)", "value": "a625205220120cee1db80478c01cbfb8f9202b095d97e4f0f23286db8e20f8952a234bda8a57e9151fb3730d1c71f75a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249280, "uuid": "df4c3f70-1989-4f49-8164-b83006555c62", "value": "T1D4F41240F8C9B138D8610532AC6A3A82BD6EF8A48F64D97F3F5437198F715D0B5B162E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249280, "uuid": "289e8d98-8295-4d3a-b181-cef9ec6c3259", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249280, "uuid": "89ce9792-0087-4bdd-8c7f-f11661977ad1", "value": "12288:eZ8MRev7fWlu+T//oYihawENESSXMqvZtyXF/rVea6/SPO2kGk:cR27fIuodihawEN8XFvyVjka6/Smok", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249280, "uuid": "69cbf4c8-0e60-4bff-a7b1-9e8a90469141", "value": 728064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249280, "uuid": "b6038f49-a06b-4f9e-a6f0-b9c0720d450f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249280, "uuid": "665cb064-be4c-453f-80d6-02b88b36eff6", "value": "5d2a159077ee811139077c6b771759e4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b302283f-0f39-11ee-b3cf-42010a9c0076", "comment": "Malware payload (FormBook)", "timestamp": 1687245098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245098, "uuid": "180ec3d6-6d12-40b4-9e7f-9a9585c98803", "comment": "Malware payload (FormBook)", "value": "9639674b0e08cf8e16c763c8c2af8902", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245098, "uuid": "a91c3bed-c3c4-4e8b-b6dc-dbc86ff13d00", "comment": "Malware payload (FormBook)", "value": "25da2c6d964a1a9116334b3f27a1ec30a81512dbd766b85ca112f53bb18738ce", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245098, "uuid": "5da6e704-fdcd-4e2b-802f-2139c221d986", "comment": "Malware payload (FormBook)", "value": "fe8ade0056edadb5b35f9ea6022cc2fb3a7a57f3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245098, "uuid": "dde1b03e-4f40-477e-912f-47f1043d44a0", "comment": "Malware payload (FormBook)", "value": "08060fa4ec79f63c861eec853ab411736d1c99e14f553775b77461c6768eba5d0c137f200614c10e0c1a4fb9aec50270", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245098, "uuid": "887b95b5-35d7-4e3a-94ff-eb57e0a7b09e", "value": "T16A1501B55695CB32C76D97B8D8D2212183F6450BE163E209ACCC1AF54F273E0EA117AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245098, "uuid": "c8bd9515-ea8d-4dec-9480-df8d5f13003a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245098, "uuid": "291f1553-6876-4d11-aa1d-cecfdd45d3e5", "value": "12288:OFC7teCv1hhBPBbBfvuyf7qErG2FiqpCOxMiApkfNPi+7w++FYOJaQ0zyLfgNNRo:FAO5FuC77l7xfHVsSOJaJzyLgYaP5i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245098, "uuid": "eafd8ee4-99df-499d-a98e-cc232f43e582", "value": 941056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245098, "uuid": "7f6a6f2b-461d-48f9-b3fc-d28e7a104a9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245098, "uuid": "3135d3da-6cbc-4aac-af22-d1489e60c4a2", "value": "9639674b0e08cf8e16c763c8c2af8902", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5a58b63-0f8d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687281207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281207, "uuid": "fe97a049-86e6-4e33-bc06-956de25850f6", "comment": "Malware payload", "value": "bbc10b3e69f75fd888ee4a8b4768aa62", "object_relation": "md5", "Tag": [ { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281207, "uuid": "21b1565f-8cb2-462a-9a26-c40c79326494", "comment": "Malware payload", "value": "2656f782429413a1ec8af4a3ec6834374b1e9b8fd2269c6f7fbe43841e01ba42", "object_relation": "sha256", "Tag": [ { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281207, "uuid": "91e97b09-850d-4866-adeb-41a53b5251cb", "comment": "Malware payload", "value": "5acff353b134ed64270ea380803e44ce2942a392", "object_relation": "sha1", "Tag": [ { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281207, "uuid": "a1f72606-370a-44d1-9215-0a9fc8bc3e24", "comment": "Malware payload", "value": "0a0e92c72bc6192f34504128bbb4ce9dd1a87343632e79ec661aba97daf70ac80e400a9587729ba53647ded4c501aa2e", "object_relation": "sha3-384", "Tag": [ { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281207, "uuid": "f9c4b919-3661-4fc3-bc12-40ff3bbe0d1d", "value": "T118B37C6CA88CD588C979EBF2FB52F4CAA54D732B4ECA94B571AF0FD61243C15E943801", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281207, "uuid": "672308f2-df81-4389-865f-3cc9136d3c90", "value": "1536:+BNcsSQcsaUpcssqcs+pcsLmm2DBYRLYm3RR3MSLVMXLHtSR1GWBZD7p8VbLi6Ce:+B4/GBELhMeVoHtSXGml6nide", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687281207, "uuid": "9783f4fd-4f83-46e3-8bbf-d13e7a8b949e", "value": 116321, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687281207, "uuid": "fab9379e-b299-4abe-8ba2-7eeaa934dad3", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281207, "uuid": "08f5723e-273f-4b78-b5c5-e895516665d9", "value": "REJ-1337-Jun_20.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41dce61a-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241472, "uuid": "f484b8ec-d2c8-457c-98c5-a23191c19a1a", "comment": "Malware payload (Amadey)", "value": "a2bebcd4a03b239c7db2847e742a754a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241472, "uuid": "14bbddb6-b7c5-4107-ab19-321488dbee9e", "comment": "Malware payload (Amadey)", "value": "26e492550e4476fd83347c42aad2a01a9aa9a016bb2d4f5b4fa52590bff80725", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241472, "uuid": "27bc09b2-325d-4824-8ef5-4a8fbec9b808", "comment": "Malware payload (Amadey)", "value": "8d3555a7f3bef47a7b50cd7d3a0d38a6eca376f3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241472, "uuid": "fdcacabd-0c65-41f7-b2a7-6040a248e919", "comment": "Malware payload (Amadey)", "value": "53cb891c5fb5b537abcf75da0a786033dcd2b8949356e080d79daa448a0dc179b584982d4cb1b3f835e2b7701479cdc2", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241472, "uuid": "7745d4c0-8ea6-4c86-bbb7-bc95e1020db9", "value": "T1B8F40281B0C4F124DA710531EC6ABA927DBCF8A84E24D86F3F64731E4A755E0B5F162E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241472, "uuid": "05016416-79f7-4100-8194-76adae7182fb", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241472, "uuid": "6b1c14bd-3bf1-4f37-9232-31842abd008a", "value": "12288:AoIrR+4v7fWlu+T/9oYIpIEduXMC8fwIeZN72thDKyQP2q78FG6eMbqoAl:2R+k7fIuMoYS26fwIKZyxF5e6q7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241472, "uuid": "7b42082a-e897-4fa8-904b-33453d7a4318", "value": 728576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241472, "uuid": "6604dc89-9563-4dee-abaa-3dacdcc0c7e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241472, "uuid": "78a423f9-8444-4bc0-99e4-6be9437bcce4", "value": "a2bebcd4a03b239c7db2847e742a754a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4498a7e-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1687242147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242147, "uuid": "10fb3a58-97ec-45b5-8d6e-b00fd96b996d", "comment": "Malware payload (SnakeKeylogger)", "value": "7a627b0acf82baa88bfc039ddc7e5451", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242147, "uuid": "be5f4162-212c-4286-9961-3ed78191ff78", "comment": "Malware payload (SnakeKeylogger)", "value": "274d96f9a20fe5aa1e9795a62ba3cbaa5ad8f593aa6b188710a7b4e9177446be", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242147, "uuid": "67375cd6-d172-4573-b1a4-9a4d62a7363c", "comment": "Malware payload (SnakeKeylogger)", "value": "63aa44c325ca2ccb5511d9d45c6554af58552150", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242147, "uuid": "492596b6-4dee-4f57-b573-d2986719fbd7", "comment": "Malware payload (SnakeKeylogger)", "value": "c064e85fa0dd2cc7bc7800a14d8498608a52352ce46881235a981bfe67c84b208f612cc1b4ce634f9b9f34732acc6f10", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242147, "uuid": "1f3dc282-734c-4c93-bfe9-b9875fb636ac", "value": "T16E341200A1DDC02FE4E646779E3E122162D699362878074F5360DBADFE31692CBAF3D1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242147, "uuid": "9352ac40-7550-4873-9f3a-d5f4e1c375b6", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242147, "uuid": "e2607084-3937-4c70-9c12-6ef910de2135", "value": "6144:/Ya6kH3Gpk2igubO+3E4zdR8jWoa4E/WczxG9f8nhbO:/YiHWk2ic+3EwD4MzafUO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242147, "uuid": "30bc36f4-fb6b-422c-af2b-3aa92ab3e9b0", "value": 243364, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242147, "uuid": "2fdcdd37-4468-4dc5-8265-53ebd7582575", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242147, "uuid": "6d26d7c7-f492-4f62-a307-42caf5700be6", "value": "swift copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73012eee-0f55-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687257017, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257017, "uuid": "8fa1d49b-2227-4c44-8b26-6b2c543d708e", "comment": "Malware payload (RedLineStealer)", "value": "a9f7d6b41ef9398f5b8fa1ca03d02b04", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257017, "uuid": "c1bdfe6c-5d1e-48fe-b2ac-b276dc381ea4", "comment": "Malware payload (RedLineStealer)", "value": "2767d4128fc88d587b6681fcff44a8694833e95da510eca60750540e42f2e418", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257017, "uuid": "ba230927-08a2-4a30-8284-0052ea3cfba7", "comment": "Malware payload (RedLineStealer)", "value": "c6381d564909b24e6d44906c87542476c89cbb91", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257017, "uuid": "b044db83-39f0-4633-a84f-22972987af11", "comment": "Malware payload (RedLineStealer)", "value": "95d57212228ef98d07736fe904b508f053cfb01992e07c768e89af9536f77f8d98c0ed575faa01208748dcf6e9fc1342", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257017, "uuid": "a9fc66b9-5b1c-494e-917e-2da6f2e191e2", "value": "T1C9446C1339B08FA8FCD792701D5C9AAF5E79F5A11940A14EA2939DEF87D41A0C53232F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257017, "uuid": "6fbb52a3-f19b-450c-88fa-c0384073ab33", "value": "d7603d1b17202cdd1d003c27d46c04c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257017, "uuid": "007b7607-7af3-411b-8868-e9ca3db2c034", "value": "6144:WfIZHZETEmZuxEuE6ClwwSxZ7p4RhRyTUVeRl:VYTEmZulEgY2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687257017, "uuid": "b40f12e0-e98b-4008-b06c-3d9a9ddc8f15", "value": 261240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687257017, "uuid": "2aa1d853-64d3-4e34-b791-0d652f905721", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257017, "uuid": "491c7067-060c-42b2-be79-1d29dca1f90b", "value": "a9f7d6b41ef9398f5b8fa1ca03d02b04.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14d94739-0f51-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1687255141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255141, "uuid": "7550ede6-f828-489b-b6af-0a3ee6671aae", "comment": "Malware payload (AveMariaRAT)", "value": "fd3e2fd5f56c3c9ac4f9fba88faf149e", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255141, "uuid": "0af8a4dd-6466-47b1-85dd-77c74fa920f3", "comment": "Malware payload (AveMariaRAT)", "value": "280f496ca58dc38705871bce43803a623ae40ec1f47fd52d0eb50d49740a0725", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255141, "uuid": "18c966bf-a960-4346-ba99-1dd1530894d1", "comment": "Malware payload (AveMariaRAT)", "value": "524d9ae31fe5fb3568b4b607d319f99968369335", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255141, "uuid": "22ba4036-b708-4076-a9fd-ef6d51ba2060", "comment": "Malware payload (AveMariaRAT)", "value": "186bdcd3fcfbaddda401cdb4d022e77b7c0a968354163394c080cbbfc9e8d37d622f7b2babfc0db52fbe0b2f28658916", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255141, "uuid": "bbd762c3-ceef-42b2-b9bd-cb18e304dc33", "value": "T1DCE4121456C29667C0271F785850B3B9A13C5EDA7622DA9F8ECB7CC7BE12BC9023164F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255141, "uuid": "16091ddd-ff84-4a39-809f-5af135cba596", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255141, "uuid": "303a71f4-40db-4d5a-a325-9da843610942", "value": "12288:6b903YocuPM7q6bpw4dcZda/igJGcyDpM/AfBKFF+TWN2ho8ylRWzAeu+FQU0:6b903YDzu4CZdOWW/AUFFe/bylRi+U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687255141, "uuid": "e94b063a-a96d-4fb1-a748-b6e05b4257fd", "value": 713216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687255141, "uuid": "f18a39c3-2c1e-436e-a1be-699c78861583", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255141, "uuid": "528528bb-9bbb-4f70-8067-5e5030488765", "value": "New Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c2812ae-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687268575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268575, "uuid": "7573c5c4-39d3-465b-8d46-e1008ad61c8e", "comment": "Malware payload (Formbook)", "value": "369677713cdb2db6bb77d98db5cec9d8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268575, "uuid": "68e89d98-50c3-4093-b330-4a3824bf4ccf", "comment": "Malware payload (Formbook)", "value": "2818ae5c4fb98d4ac50ce7055d3ff9688dedb6b0e5344a14a341f4c151a36522", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268575, "uuid": "9980ea83-174a-4e17-baf2-844abccf8ed3", "comment": "Malware payload (Formbook)", "value": "372c3aab7abb29ac250bcc4aaffbd716d46dcf22", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268575, "uuid": "9b443c9f-4a30-49d0-8404-390d48ffd537", "comment": "Malware payload (Formbook)", "value": "646c33593bbcc2f5e41fe24ffda9263b5310043e2bc7543ce5d583b36fef96c261a9128312c2fe10912de42fc17e2b6a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268575, "uuid": "23c8775f-f9ba-4b87-aa73-39f764648105", "value": "T184F412205BD7965BD12A4BB84060E3B4827C4EDA7722D2DF4DCB7DC7BA52BC9063160B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268575, "uuid": "de998ac5-2dd9-4bc1-b74f-035048a92087", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268575, "uuid": "5e321ffb-cd9e-4fe0-968f-f59ffdcc799f", "value": "12288:Jb903YzuuPM7q6bpw4dcZda/igJ7bYK5B+64ExpLsFKHxh6hHBjJU:Jb903Yazu4CZdOpMKEmpQUxYhHpJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268575, "uuid": "a8b4a5b1-2121-4a0a-af8a-05ca0c048ad9", "value": 776192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268575, "uuid": "a16b7207-b4bf-4e67-bf4a-a6f09f1fb0b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268575, "uuid": "e64f3dfe-defe-4023-872c-0e8e64c5a2b7", "value": "OUTSTANDING SETTLEMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fe3d15c-0f3b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687245764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245764, "uuid": "3ea384a3-c2ef-40f9-838b-cb4b23ee967e", "comment": "Malware payload (AgentTesla)", "value": "dc5d2307ff52692085fd9db72d754bcf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245764, "uuid": "602c088b-f5a0-4334-a0da-f0190c0cce11", "comment": "Malware payload (AgentTesla)", "value": "28532fb98b5dce92ee4866eafc1c66f10208238a19c198db43e2839af9c33c36", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245764, "uuid": "8018faf5-832f-438c-8428-13c3633d9673", "comment": "Malware payload (AgentTesla)", "value": "12327a3c21b802566bf7a7a89e5951612378c8f0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245764, "uuid": "c1f95565-ae25-4958-a3b6-edb9bbe73b77", "comment": "Malware payload (AgentTesla)", "value": "91925b0da64a1f22c8e55b688fa98b3b0e1bd55f6734260794fae99376be08f8b24a506a6169d2b7c5a8e13887f58882", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245764, "uuid": "e3bfdeb3-7f3a-4416-b8a0-2b695b63ce79", "value": "T1A8E423DB243FCB7157822F569B34EA34E72C2C6E22ECD89E4811F36763868E4564464F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245764, "uuid": "ac502812-d62c-4167-88bf-23752eda1900", "value": "12288:DYTu8FEP0WK2eSlYanhQpSIyVVapDy3pWY3nPedTeLAUBgoAKraxIPrFhUs2D:DD8kK2VlYanhESIWVah4WC+T3UBgoN9i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245764, "uuid": "5e8704b5-854a-483e-8bf5-ac58b31a2323", "value": 706145, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245764, "uuid": "19ff7b32-a252-4fe4-a797-eeabb111d07a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245764, "uuid": "e2d77cfa-d3fd-44a6-aac0-243f7355392e", "value": "Invoice To Be Reviewed.GZ.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a6d7694-0f4d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1687253405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253405, "uuid": "60134b5e-0c3f-47a1-9dab-f37a7f7883b2", "comment": "Malware payload (Loki)", "value": "1560de54fb06f712d48e236bf0f9d552", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253405, "uuid": "87c847c1-b1ce-436c-9f2c-7257239b6901", "comment": "Malware payload (Loki)", "value": "2860a549ef6a90f4fd4a829571131238b2303a8a51bf021017ab7a47f85e6f33", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253405, "uuid": "21f2c890-3856-4f56-abe9-ee93d23e1fb7", "comment": "Malware payload (Loki)", "value": "22662d56dae5115618f2de3f2abb3681e002af6a", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253405, "uuid": "cf463fd6-37d4-488d-959d-20c4f3fff04d", "comment": "Malware payload (Loki)", "value": "e1b7c452473c3ee2581d645da8092e9580d069ce51f1f6368c00a2cdf874e4251421d59da8283bc65af3047e250f4673", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253405, "uuid": "b28b8e42-a392-417e-bea5-2ccf4eab2503", "value": "T15373B52EE74F0525DF5597BB430A4E894ABCB23DB38540B139AC573437AD83E46229BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253405, "uuid": "2b3f2716-05a7-4321-8741-364957e5128e", "value": "1536:nf0Xvx3EMZ2W0ivF0rMCy+bO2W/3+MQRAmh4aXJVNSVxyh3+RhD8844yKBptPzwb:nsXvKMl0ivF0rMr+bO2/EmhjXJV4xyhH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253405, "uuid": "3efbefc5-06da-4085-95b2-a8eb2dfc6f36", "value": 79283, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253405, "uuid": "410d2fd5-935a-41aa-9972-37ce226715d8", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253405, "uuid": "57a79912-45a9-4ff7-8492-008d17b3ec37", "value": "statement of account.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cac66b7d-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240843, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240843, "uuid": "384f9609-fb5e-4915-b5de-6aaa73fde757", "comment": "Malware payload (Amadey)", "value": "08e8494ab1975bf9b69bc8b262bbe3fc", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240843, "uuid": "a38eb4db-6cc1-44ee-a5e1-a21a151360e3", "comment": "Malware payload (Amadey)", "value": "2887281c3d63a325fbce29baf2743229245d8c3d60c2f35c58e811c047d3a445", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240843, "uuid": "ffd2d916-4171-476f-9dc8-ec94116ef43c", "comment": "Malware payload (Amadey)", "value": "67548f981e6278a1718980a289e8343e11b67697", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240843, "uuid": "a23d4d8d-42ee-4177-982d-619f2d9f2a65", "comment": "Malware payload (Amadey)", "value": "5b3f62a2f5aed33998e63cb03ed1d84b4159dbec98f24683345890729544a0969bce4d937e6eec86b6f85cedd843f645", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240843, "uuid": "192a101c-5815-45c3-a643-32a6215f54e3", "value": "T1ACF4124170C5F134E9720A31BC69B9933D6CF8A18F61DCEF3E90371E8AB56D0A4A561E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240843, "uuid": "4cce7157-4a8a-4a10-b649-c02b86152c03", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240843, "uuid": "2e78cd74-cf42-45fa-ac81-b3ceef749af8", "value": "12288:Y15Do/LKxdYZafiY9PB7D9zUgE8A7o5OcmUC0l5Hpmc4UJRQv7fWlu+T/+UCwwVp:Y15Do/LKxdYZafiY9PB7D9zUgE8A7o5a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240843, "uuid": "065ce665-1b11-4bb7-90ac-e726c3ac4da2", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240843, "uuid": "db0691b2-5add-417e-84f4-23987c5baa41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240843, "uuid": "780b30a4-9330-486b-9b19-c785cb88f82a", "value": "08e8494ab1975bf9b69bc8b262bbe3fc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c89f25b5-0f82-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687276488, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276488, "uuid": "4a43a345-c22a-46f5-8b45-57c98c4e33b2", "comment": "Malware payload", "value": "f7e7f9eb3ef22cbb88ea047ff2911a53", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276488, "uuid": "ba4ad847-cd27-48ab-9838-df8dd720ec10", "comment": "Malware payload", "value": "28ce2f27b955e8b3308a441d8108f0e9babc971675d6fa96393053cb4f9de190", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276488, "uuid": "f6573adf-23b4-4de2-a1ab-d574e1eb0706", "comment": "Malware payload", "value": "3a38aa3a4920d7ac5a3e016d83d7aa614143bab2", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276488, "uuid": "0bf042df-ec4f-44f8-b575-44710607b8c0", "comment": "Malware payload", "value": "def92d2c11ccc06dbf75d8f5edfc59089a7c1f404321330b78c9c1909dbf6c6fe772e56dddd6ab27c3aa557ef78a33e7", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276488, "uuid": "26ec5394-2449-4b80-8c24-0be49f11a4e6", "value": "T1CF77337CC0A1679B1D7B6831B5F1A0DBC86681F18A435E2792BDA633DBCF3D19178089", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276488, "uuid": "64354734-2c0b-4fea-b7bd-5f9c4488fdb7", "value": "786432:vfTPmBTW7E0YaoUO/pmrW9twEvaWH36l96t+eOhWYPOzw:7CTqzYxQKh36mZYcw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687276488, "uuid": "bcef8218-63cd-4d2d-a761-d8cd501f536b", "value": 33219419, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687276488, "uuid": "05deab80-3783-4106-8b19-6b05bb8ec06e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276488, "uuid": "93cc20d3-a991-42dc-811f-ebdf641bd311", "value": "f7e7f9eb3ef22cbb88ea047ff2911a53", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "833bb785-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Lu0Bot)", "timestamp": 1687241152, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241152, "uuid": "5a17e7cd-07bd-4601-a463-9079124915ee", "comment": "Malware payload (Lu0Bot)", "value": "95ca2d5c4466b235b59193ddbccd9166", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Lu0Bot", "colour": "#3E1A2A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241152, "uuid": "acef5caf-c9fc-4785-b149-1f9b7bff3be3", "comment": "Malware payload (Lu0Bot)", "value": "28eb3941dee1a78351ee18596be6445d4fb10332d002f85aee675f672cf2fd1c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Lu0Bot", "colour": "#3E1A2A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241152, "uuid": "5d32f0ba-a5c9-4272-88d2-dbea667c3733", "comment": "Malware payload (Lu0Bot)", "value": "dce67bf20b81c1c26e27b4c6e98fd4a3635a0bc7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Lu0Bot", "colour": "#3E1A2A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241152, "uuid": "e7aa9a55-83dc-4da1-abed-69aac6a9d26e", "comment": "Malware payload (Lu0Bot)", "value": "42c6558845be43de51cc6e90ffb9baed3d66e8b9c2181eb9fcf689fa2556b2396fbeb618029d85ae06228c241acd51c6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Lu0Bot", "colour": "#3E1A2A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241152, "uuid": "9db84c77-6a0e-4003-a7ba-65c98816da5e", "value": "T112C5331AA3F910FBCD61133048FF01A716347D9266B56A1B1953648F0C739E4BA39BAF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241152, "uuid": "bb6608e4-0b9b-4c35-9fcd-edd4332679b8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241152, "uuid": "12ba1628-1e70-4ec0-bee4-dc94a4b8885b", "value": "49152:63zJVxwtN9oNSzWmDjfs4DI0gAF9xvCw/snQfbJAz8naQGPtNJ:OJVk3DT5g2UQzOz8JOtNJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241152, "uuid": "bf9f56a1-8f2f-480a-94dd-689876d8d318", "value": 2649768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241152, "uuid": "28c99e0a-e509-4aeb-9d54-90b31ff735b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241152, "uuid": "e8f4eae8-00af-4e70-9c50-ff280576130c", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ba2aecd-0f3f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687247555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247555, "uuid": "3996905b-a6b1-4f48-9cad-e89e56cf8748", "comment": "Malware payload", "value": "a63f29743ed1c1aedc6bf07cdae282e1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247555, "uuid": "9c5e9c8a-5568-40c4-aa65-81e8986393cc", "comment": "Malware payload", "value": "29a8f1139b4e5e98348306d430856a393191c6b9e4e300f0a669f5a1577063f2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247555, "uuid": "993a072e-f009-42b6-b132-d551fdf19daa", "comment": "Malware payload", "value": "14aca630db545d764ef3a793a1cf275c49a3cc2d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247555, "uuid": "63fb2743-9f87-4c45-bef5-d7c7831097ae", "comment": "Malware payload", "value": "0f624bb377f22e7099644fff07e8560784d9ca73e4f481b8c39c6be019e0c68fd531bfb3d1bac786f111ed8f1fc8a043", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247555, "uuid": "45eeddb5-7a62-4846-b002-9dda479e13e7", "value": "T15A46239629C550F9C6C20D309227FECB3FF36566CF404C6AA9C65D45B823FF2607A5A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247555, "uuid": "2de3de4a-ae47-49f2-9f66-f9880eeadf4f", "value": "e168b9d4131706bae4420b007e9cc65c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247555, "uuid": "72e3f8bd-c746-43ff-bf31-e39747404715", "value": "98304:ec8qhIlwNMZs0cFTxI0N8ZmPYNr/sgBvinNdrCn5:erUIuNMCTxI8QmgNXBvE7E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687247555, "uuid": "e8136aa0-6e33-438e-b637-dc81b97759e7", "value": 5615616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687247555, "uuid": "4a88cd94-12eb-4362-b694-5830e8836281", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247555, "uuid": "a67e5826-d33a-45c9-8a82-35f99bb8ec9c", "value": "a63f29743ed1c1aedc6bf07cdae282e1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "889b2bad-0f69-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687265643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265643, "uuid": "1bdde5c8-f6a7-4a4c-a640-fb36288fa670", "comment": "Malware payload (AgentTesla)", "value": "a9d1d2e7b51a8a1ee2e491527a97f554", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265643, "uuid": "44df7c1b-4a87-4e80-9b9c-fa718f1ecbd4", "comment": "Malware payload (AgentTesla)", "value": "2bedf6146e10b201a174c336c351ccb7dc8433c6f69854879cd1be37845be32c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265643, "uuid": "4f2fd741-da7d-4436-bbe0-2850456838c5", "comment": "Malware payload (AgentTesla)", "value": "d1784d5a57197e7e1754f0c56f786aeb142846be", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265643, "uuid": "7144d260-b9c0-4dcb-be66-56a88da49efd", "comment": "Malware payload (AgentTesla)", "value": "9b06450d24eb492a20e38c98a88f4d7fc1aefad9a6cc8dc58d9c58280b86a3e0f8610c6e46921a240505409bd0f7ca2b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265643, "uuid": "65380734-03fe-4554-a9f5-4c2db820bb51", "value": "T1B7E423CB551BD33C1DCC5C98E17B9D83BC98E3B1262CB85DD6B69F01C2E502CEAA4248", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265643, "uuid": "ac9ddc08-1cac-4c60-95c4-a3330d0d99a5", "value": "12288:Hw5RYjG88a2jvlST8h2siceDc/wErtzMo3epdRSpul/AqZiKLlAxFp:Q5GC88a0llh2siBqwetzMTP+WAYBAp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687265643, "uuid": "9e2ffdae-53e0-413c-bcd8-0079d2c689a3", "value": 694206, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687265643, "uuid": "ca6b6ffb-4fcd-4b4d-8848-56eb44a47df0", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265643, "uuid": "aa89ca8b-8c69-4849-96a9-9fd85929f6a9", "value": "Proforma Invoice.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4c819bf-0f51-11ee-b3cf-42010a9c0076", "comment": "Malware payload (LaplasClipper)", "timestamp": 1687255516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255516, "uuid": "c745fd58-d04f-4d65-812d-270434b1e6c3", "comment": "Malware payload (LaplasClipper)", "value": "d076c4b5f5c42b44d583c534f78adbe7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255516, "uuid": "857448be-6a6a-4aa0-abd1-55495ca3ea54", "comment": "Malware payload (LaplasClipper)", "value": "2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255516, "uuid": "bf4d99af-8ed8-4213-933d-23cb4f9211c7", "comment": "Malware payload (LaplasClipper)", "value": "c35478e67d490145520be73277cd72cd4e837090", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255516, "uuid": "0cafed55-60fb-4b28-8f34-4f5789b06a7e", "comment": "Malware payload (LaplasClipper)", "value": "7e410d16e02a99a4d3da79f31171cc0aa0e5d0b19863858455bd54366e8e156178bf25bb11f595a9aa910078c2154c2c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255516, "uuid": "e323b422-bda4-41f2-9140-72aba147b21e", "value": "T17D162A43F88145E5C0AED130CA659253BA717C886B3027D33BA1F7B82B77BD46A7A354", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255516, "uuid": "915454d0-ddf6-468b-a281-0b110ecd22b1", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255516, "uuid": "64a0f698-8fb3-4fbd-bf51-7d3ef24769fd", "value": "49152:hGXwGFfpgG2Gv0l1YzzsYvbQaWfG85EIUFiqeb0/B1:MFaTGsgB4ENiqe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687255516, "uuid": "8fd2e0cd-0120-49fc-9b05-bf9d637144f5", "value": 4212224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687255516, "uuid": "a4f4db36-95d4-42d5-af08-ac91217c2fbe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255516, "uuid": "94a426f5-ad9a-4192-b4d1-6ca2f06fe6ac", "value": "2c63c61e0adaaf669c9c674edfc9081d415c05b834611.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d39e92b3-0f74-11ee-b3cf-42010a9c0076", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1687270493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270493, "uuid": "be7de2e6-ac3e-4418-bd01-27bf1cdb938f", "comment": "Malware payload (YellowCockatoo)", "value": "57378ef65c6a82f2d33a10c829f29485", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270493, "uuid": "8f293a34-7046-4835-9143-95635c74e840", "comment": "Malware payload (YellowCockatoo)", "value": "2d2b9eec049a7ebe31bc04913643b5a489691985364f69a3e676b7bb866825ba", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270493, "uuid": "8b9fa5b4-ddaa-4aec-93ec-8a194d7e6a25", "comment": "Malware payload (YellowCockatoo)", "value": "d5244d04dc2d6b663b0c23b5da198f9d07599ecf", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270493, "uuid": "fc68f7a9-f53e-4013-9423-8c9905f1358d", "comment": "Malware payload (YellowCockatoo)", "value": "7484f9a4436fdd2a71551256fc4bd592701c35e0a003e0fb2dd8df9ca7040e4858c6d163635aaca61e535e14b8aa773e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270493, "uuid": "a11a4695-943f-45bb-8fd9-b42a465e6813", "value": "T195D48911FFA3CB60CB3D66F9B99BB3278B2512F3D5C6DF1162B38135889A9A074811D1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270493, "uuid": "4e41d179-4a5e-4dfb-a8ba-c8a49e72ffa8", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270493, "uuid": "9d9b5042-65ad-4f67-81ab-4446ed8c00c7", "value": "12288:VVRooLM5t0qBCzKjsZXv5EPbkIIqAPVQS2vQO8fM7T8RtmNNm:nRooTqBk1wb/IqAqtQ3+NN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687270493, "uuid": "45aa9c24-e4ab-419f-a833-0a0a29ec4925", "value": 652800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687270493, "uuid": "5a5e96f4-941c-46d2-b053-c5cf578a774f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270493, "uuid": "ca44d033-49df-4bdb-8c71-4df936b329b3", "value": "d5244d04dc2d6b663b0c23b5da198f9d07599ecf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ea62dee-0f43-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687249278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249278, "uuid": "15ce9611-714f-4cea-b0f5-2c0644a7f6e8", "comment": "Malware payload (Amadey)", "value": "e60ff532d9b8ca03b276d07c0b540cc9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249278, "uuid": "12839714-74c9-4a16-afd4-48d394238559", "comment": "Malware payload (Amadey)", "value": "2e099f91bdd21e0dc7b0bb33c5fa86da707c173436b955f0963af5bb44abab17", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249278, "uuid": "c444e9fc-5aab-48fb-bcda-4201d7307ab6", "comment": "Malware payload (Amadey)", "value": "076342f98954afbb8cc0e63cd9e13350942c6d27", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249278, "uuid": "a9a564c4-3c76-4da6-9aa6-462c2e69918c", "comment": "Malware payload (Amadey)", "value": "541622cd20b272a575370d342781d8bd65ebd6eb3cb34626b5d99e22d95016a66a9c156662f5e0f219bc50f746a1d13d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249278, "uuid": "6b6a6cb6-5c26-480b-81b4-d813c0605a35", "value": "T187E40291B4C87035E93101329C2ABD927E7DF8E04FA0AD6F3B54731D86B65E074B562E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249278, "uuid": "3d43772f-54d2-4f21-bbb6-6914691cd1d5", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249278, "uuid": "61049f6b-bd82-4a42-b911-8428077eb303", "value": "12288:QhJNRZv7fWlu+T/4tAXmlPNQNvzmCqldDkDrsRhWVwGeL3i34owHLLWE9Nx/:uRl7fIuWXmRNQVzmCC1kPsR1h3wcLLWO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249278, "uuid": "816ae6e1-66b2-494b-bbe7-3dce65f7a022", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249278, "uuid": "64ca768c-a516-4e02-8cb0-1e20ca736180", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249278, "uuid": "f81a6939-25a9-4f42-a7a1-3b182ef03f48", "value": "e60ff532d9b8ca03b276d07c0b540cc9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "144a4375-0f6b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687266307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266307, "uuid": "dc2c9f48-f6b8-4e27-969b-5af71698bff4", "comment": "Malware payload (Amadey)", "value": "8ca2e9d25cfc5ad5fc6530385bc0a831", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266307, "uuid": "fd6f7665-be22-4c3c-9c66-824301fc2f1b", "comment": "Malware payload (Amadey)", "value": "2e0a87bad886f18f58837a2a39a8ef709d54d1e6cda8e87d925efa9caafd2dd9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266307, "uuid": "d74e304e-2113-4f34-8c1a-6342476af8f1", "comment": "Malware payload (Amadey)", "value": "cec99808713154b4b9628eaeac7eecb6a8b62206", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266307, "uuid": "e38e4c87-b5f3-4515-ab7a-39ae414599d9", "comment": "Malware payload (Amadey)", "value": "746466cb2a3c46d2e9ce4762ec0ecbeb51ef60ab54315897006f12d7a482c65f4dba9af0455703fb9186dfb9d1dc1249", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266307, "uuid": "98bc8bd7-dbb0-4b56-9c16-29d4be6b53fa", "value": "T19815F10170C28477E4A315328BFDA9699B3DB8B107E9A9DB67D49D2E8F30DC0FA31951", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266307, "uuid": "ec14e101-5aee-45f4-8e8f-ff8ce0ad75a6", "value": "208ec8107de205d4d859fc797045aa02", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266307, "uuid": "0434520d-212f-433c-bd88-cacf91a7b6fb", "value": "24576:k+Cr0UeVbGKVMFLuXUOlYma5B8tU8KqpX:k+Cr0UeVajFL4l3/tU8Kqh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687266307, "uuid": "8c8ca599-fdb8-4645-9016-ed18080ddc5a", "value": 910336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687266307, "uuid": "bc46579d-c89f-40ea-abeb-2d9c8f098237", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266307, "uuid": "684f0b0d-2ff5-40ed-be25-08796499026b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4437a336-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241476, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241476, "uuid": "27d0faf1-c0f5-48ab-a833-5a1a13df303f", "comment": "Malware payload (RedLineStealer)", "value": "ef23129002063a1cc2da9f018aefe6ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241476, "uuid": "74c3347e-bc44-4a49-a4b5-0b02b11589a1", "comment": "Malware payload (RedLineStealer)", "value": "2f54b9ea94d211852401680c81e26ebfa9175c882d21a06d6fbc9b29ecafadd8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241476, "uuid": "c87282e7-8033-44f1-9812-205748923fff", "comment": "Malware payload (RedLineStealer)", "value": "636fec105083e06a5a1613f0bb9333d7e45f4138", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241476, "uuid": "cff3c7b8-d29a-4623-9861-336005132fa0", "comment": "Malware payload (RedLineStealer)", "value": "8b7487a7e22e32e7cf8cceb856cc4901353c4c1e9f42df949457ff284e0a58f8ca5d2d82294b1ad91ed723315ca4f213", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241476, "uuid": "b0987076-a62c-4b72-925c-e9b5754a623d", "value": "T108F41201B4C4B274E96546319D2A7A93BEACF4D00F20D9AF3F58732D8BB54D1B9B042E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241476, "uuid": "818715ac-270f-45c6-b16a-86b050a65c33", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241476, "uuid": "7897b3d7-ca41-4ceb-bf36-084acf77738b", "value": "12288:0n5liR/v7fWlu+T/LbvYSv6HbEynRzGQOLPJoQLIqoNUPTMlv1e:02RH7fIui7YImbEynRCjJZVm1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241476, "uuid": "f7e3991a-1170-4b03-9372-4fde46a380a8", "value": 760320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241476, "uuid": "83a7b070-69e3-421d-ac27-d2a9487b25e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241476, "uuid": "d4de9ece-5c63-4f77-94a5-6f6e4695e50e", "value": "ef23129002063a1cc2da9f018aefe6ab.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97d6da8e-0f95-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687284566, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284566, "uuid": "6402d3bd-2eec-4a33-b170-314112259120", "comment": "Malware payload", "value": "8f95d0998711aec6849def9399a207b4", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284566, "uuid": "f6859a6c-7bdf-4a25-934e-36052d1368f8", "comment": "Malware payload", "value": "2f961e182117567999a0abeb14913fd4f8abb913c88fd44a2e43c5c8a67ed68d", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284566, "uuid": "18a8b4c7-a802-417e-92ec-1eccc55f3c40", "comment": "Malware payload", "value": "4869ec4fde42a60fc0dbe0b6ab04fe4fc759cd32", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284566, "uuid": "77089793-9970-4651-81ff-dcb462345ac5", "comment": "Malware payload", "value": "26a37c5fd4b55baea78083deb713f6872a39cb7d2de306bd8f6d3224392eb7e5854219bdae18346ae92e929da061b4c7", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284566, "uuid": "8718f96d-7a09-4e35-96ff-b594ee3ac540", "value": "T11DF0963CD7A1D9D1F3BBB0E8146C3E4B6596C3677D544D18DD440933C62462FAE5A10C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284566, "uuid": "7f018d77-f0dd-42a9-b19f-a5aba4121e83", "value": "12:HsugpapuNv5TVDYpNANURIcqTVDB5EJzknqXBP5hE1TKcPiXBPa:zgIpuriWURIcqr5vG5kQa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687284566, "uuid": "ccf30b73-cddb-4d8f-8380-9e3f2fd44555", "value": 561, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687284566, "uuid": "b6dbca48-e475-49b6-90d6-21e6ac56e72b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284566, "uuid": "1881dae6-ebfd-4ec6-8503-66f0125477a0", "value": "Activation.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "481dabd0-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687243630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243630, "uuid": "9f2e5397-4781-455a-a0ae-e049da9e4fd9", "comment": "Malware payload (GCleaner)", "value": "885c2b805c8ecc54e3f72e3c94d1663e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243630, "uuid": "277fc19a-83eb-43ce-a57d-7035f52b2160", "comment": "Malware payload (GCleaner)", "value": "3112968176d3ff222e088f73201a2499c60b5fed2b7529d769717fc60c3d6345", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243630, "uuid": "029d9e42-3c14-4428-bc35-8825f2158b12", "comment": "Malware payload (GCleaner)", "value": "9f98e6b1ae89fa354503165d7c100fd86af0edf0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243630, "uuid": "59403c06-87eb-4eb9-b8c3-58c5678b1bd4", "comment": "Malware payload (GCleaner)", "value": "04d498faafeb95ee9cd40805e2cc6a8911f7a581c7b4b0904fc884d256421915f49dbe21e66452791d43db1b182f1bc1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243630, "uuid": "dafce49e-f215-4fe5-b7bc-455e2d5332ba", "value": "T1B964BF1362E07C31D92E8B72CE3EC6E47B9EB6100F597BAA12385B1F19B11B1D5B2315", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243630, "uuid": "a51d35ef-ad07-4340-afa5-984b4bbff8f3", "value": "9b2989d99e2629f49acf09b8f648e077", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243630, "uuid": "03cd54ff-c71d-414f-9785-eb7e702a87d0", "value": "6144:qwqXpOtFcX0L6bt4OuLXt1hIisPetDj0loQ8WWn:ZeotWXI8t4fLXZ8edg2n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243630, "uuid": "c45d6716-8e7a-4181-b397-b4092ab30cfc", "value": 307712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243630, "uuid": "686e0ac8-e9e8-41b2-8aa9-6a6efaccceb4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243630, "uuid": "f4c1c81f-f5ef-436e-b2d6-ccb1f1d4a2f2", "value": "885c2b805c8ecc54e3f72e3c94d1663e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9b8c4ef-0f4d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687253807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253807, "uuid": "d371aed2-b429-4dc3-bc3f-0665c6e69d40", "comment": "Malware payload (Gafgyt)", "value": "777b09c9a1813bbd29d6feb79372cbb1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253807, "uuid": "420dcc99-e311-4002-89fc-a5e9e64185ba", "comment": "Malware payload (Gafgyt)", "value": "313d0166a4046067804db0756515dd924ad0df358ac18b605cdc5c6480991238", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253807, "uuid": "e353ee1e-1d1e-41ee-87e1-986ee1ecdc10", "comment": "Malware payload (Gafgyt)", "value": "cea9fd7e0fd4b9f0037411f930b6ed1be8a1a777", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253807, "uuid": "92e05a23-a335-4ad1-a3f5-db7781ab79fd", "comment": "Malware payload (Gafgyt)", "value": "f86478831e887c2b8bc2113fd255cb8c33e4a67f28aa28298951ebba5c5aeb292a4f20344f24712fbb650e6ecae98fa8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253807, "uuid": "eae0967c-548f-4503-b801-079ead55a467", "value": "T1D2A35B8AD743C2B3CC530AB2124BA66A4621FD3B092E9F49F7197DB09F374C97125B51", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253807, "uuid": "5108cf92-9e96-43ea-9519-65023ec30b88", "value": "3072:4WCjQrLpnr85EdT9Oa8vqbVr7h/CEgmqAgcVyZIcBI:4f5EdTbpr7hWmqAgcVyZIcBI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253807, "uuid": "a5b9b69f-daf0-4ce7-89b9-3c71d7515c44", "value": 99084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253807, "uuid": "50b95a4f-26bf-4ff9-a0ce-edd05301826a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253807, "uuid": "47fbd1f6-9b8d-4f5a-ba14-dd0f7b77ba41", "value": "777b09c9a1813bbd29d6feb79372cbb1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a91e8c2-0f44-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687249755, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249755, "uuid": "787039b6-3b86-4cbe-a06a-d34caecabec8", "comment": "Malware payload (AgentTesla)", "value": "220ae3beaa972d1c628c99d5c91733e3", "object_relation": "md5", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249755, "uuid": "8641f0d4-339f-40ee-9a4e-6849d13f0861", "comment": "Malware payload (AgentTesla)", "value": "31b6f05eee65ea53c4997a84252e01a8614ac69e4ad1d7f3dd3f2ddcd46136b7", "object_relation": "sha256", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249755, "uuid": "978e6271-89e8-47c0-a76e-eac7d18f5a42", "comment": "Malware payload (AgentTesla)", "value": "9e6f901945cefcc946344db7d24ee8734af0a687", "object_relation": "sha1", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249755, "uuid": "a922a7d3-10d2-4b48-9139-0a5d7f459f0e", "comment": "Malware payload (AgentTesla)", "value": "830b992aeab1fbc22fa3d8b0ac9c6e997a1d6c0c50da4e133fc0bed094c4b4f117033d5de2dce495b08bbeadffe2992c", "object_relation": "sha3-384", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249755, "uuid": "96595a9e-f86d-494a-b377-ac33db8ea83d", "value": "T1AAE423E81876509E29D9F1C9FE3A1D2B31825C078CD159C0471EBFBE952E6480AF53BE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249755, "uuid": "9521839f-a018-4698-97aa-9896cac7828e", "value": "12288:jwJRNNgxsD1ovzNgZzSjXT376w/KURSiYnPj1erzrq3X0wUBnKCqKEs/:0gW1yzNgZ8Xz76MKbiwBer3+yFKCXX/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249755, "uuid": "99f50abb-0979-4c5f-92be-f08dfa1937cd", "value": 694238, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249755, "uuid": "3e62b0cf-3232-4f70-8901-5d7b9ed3b2cb", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249755, "uuid": "badb93f5-3e02-4dc9-9870-bd46397e325d", "value": "QUOTE TKHA-A88160011B.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f06498d-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (PrivateLoader)", "timestamp": 1687267721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267721, "uuid": "661cc472-679a-40a8-8005-f6426ff2868a", "comment": "Malware payload (PrivateLoader)", "value": "d4892fda216a89a1aa8482ed1726c67a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267721, "uuid": "ab54dd61-25f6-4196-bc4a-61db7536e4e1", "comment": "Malware payload (PrivateLoader)", "value": "31c29f02579c857bfb6fdce8e217157f31f66b373f31723a6e99baa3de1a33b6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267721, "uuid": "24e43609-a404-47e7-978c-195f82c42efa", "comment": "Malware payload (PrivateLoader)", "value": "8920265d34b2d2e95e1e3507d1505ad3fe08860f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267721, "uuid": "ca865df8-5664-449f-bd1d-57f1f0acf396", "comment": "Malware payload (PrivateLoader)", "value": "d1a55b440a41a44477d2c102e7588715323af6fc8606a0dbc11de76f082e1fe61d08e26bc9d7c90ce79f1549396f81b3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267721, "uuid": "2e1018b9-a8d2-49f1-aa51-49fd41c7954d", "value": "T13A83191075ED8031D4F7427E4664E25246BF3D769EB68E8E7FCC4C8D0BB8482A7257A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267721, "uuid": "8a33b01a-86d0-403f-81a7-b56cbccbf864", "value": "0c1e00e433c9acd3255adc197126fbbd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267721, "uuid": "54e5a8f1-f8de-437f-ac51-ae4e71e65932", "value": "1536:UVbaU+ws0sjQf0xF7+YsuPDoFhEe99hZFLDX8:euSVf037+CDqES9hzX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267721, "uuid": "567e5307-954d-4c9a-98e9-9e4f3f8dbfaa", "value": 88064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267721, "uuid": "84ba85a2-a4a4-4586-a86a-e2f4a6c934fe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267721, "uuid": "71e9bb44-9874-4df8-b87e-2b81ff5628f4", "value": "SecuriteInfo.com.Win32.PWSX-gen.29645.17920", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6826afa3-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (PrivateLoader)", "timestamp": 1687267736, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267736, "uuid": "f75a8a3e-3f42-439d-bbe4-bb068138e7db", "comment": "Malware payload (PrivateLoader)", "value": "d225c39eeb9ebf65323503a9c1cf6ade", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267736, "uuid": "61dbb191-94f2-4b4f-b3f7-b3d86a51d6c5", "comment": "Malware payload (PrivateLoader)", "value": "31d770ce91c346c551794ced49a772e7f39320b5f37ccf5271f37a4b8318030c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267736, "uuid": "10fbda55-b362-4932-892a-2f17c8546a9f", "comment": "Malware payload (PrivateLoader)", "value": "73725c574d489821faf4f452d925eeeb50ee7ff1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267736, "uuid": "0bcd89ef-2cdc-4b3e-af79-67b5fa01fdf1", "comment": "Malware payload (PrivateLoader)", "value": "b1540435770617c9083267743cfd1f0157a42916206310eacf21e9c1bbc2483de30469d94186b64e9c7beb5661ac5eab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267736, "uuid": "968892e5-e2d4-47e7-9c78-9cfda1e88b85", "value": "T1BB658E21B2018036F8F701F59AFD5569A93CBA60175890F753C41EFD9A34AE1BE3236B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267736, "uuid": "5a63769b-bbae-43ab-92b8-ade74e93b785", "value": "f37ebcb807770527e64f09a726dd0ffe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267736, "uuid": "4dad6348-6224-4c8e-b294-2ec74f00b7c4", "value": "24576:L+9NFdYGeh/Vb6nTc4sWSasoodIqJkjeyEp6G5ydYeiCX+b:edwN6T2WSasoodwjREp6XX+b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267736, "uuid": "aa38e54a-3d4c-41bb-865f-6f189dc85a49", "value": 1543272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267736, "uuid": "5b188c24-4af4-4064-b982-32d7c34524b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267736, "uuid": "d4458d25-de30-4e64-be7a-3d0f59163910", "value": "2023\u51cf\u514d\u4f01\u4e1a\u53ca\u4e2a\u4eba\u6240\u5f97\u7a0e\u6700\u8fd1\u7248\u7eb3\u7a0e#j.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75b1db74-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (ModiLoader)", "timestamp": 1687241130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241130, "uuid": "5fb1cece-b9a3-4477-abab-5f0481d059b6", "comment": "Malware payload (ModiLoader)", "value": "e5d280126390518473146d3a8b7818e1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241130, "uuid": "cc523e1d-0c24-47f4-b59a-09cd8e789c8f", "comment": "Malware payload (ModiLoader)", "value": "323dc9de135c89b75b7a42b2c5a6327e09acafe52c035464316e170f3f55b6ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241130, "uuid": "472d2b01-c652-4f75-8a4b-5c0c4f86806e", "comment": "Malware payload (ModiLoader)", "value": "3af84d1a32b1a834e9d74ad8743d835ab00b3702", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241130, "uuid": "ff45933e-0b6d-454c-b329-58c329854296", "comment": "Malware payload (ModiLoader)", "value": "d4a4414ba33020e96ced51a6457bf5715d4a3ff7420ad995e2d1fb54149abdd7a515825e0de50647e852d03340848e8c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241130, "uuid": "99de6258-f9db-4ce5-a6de-91486e8dc540", "value": "T190F49F3290B45473EC1A2D7D4876C7A81815BD722E34744BFAE63EE8DE3A182F4162D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241130, "uuid": "37900204-a27c-4bb4-8e1c-f1cd3038849d", "value": "f580d797d5fbc3df79105c3246aad078", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241130, "uuid": "e033abd8-d787-455b-8c3f-4779ee0ec1d2", "value": "12288:NEdx8epMpDHeLp0ewAKOXCcfPHEl20/WAN9PuCCJQppO70an:NIdytHe1hFzfPHAxPa7b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241130, "uuid": "e822f7f1-675d-4548-9393-efe422c37ace", "value": 783872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241130, "uuid": "0c5b96e1-3723-4725-8451-bee588fcc189", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241130, "uuid": "3d0ff205-c33e-4a85-822a-43e5bd01a9ae", "value": "emir PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9570937f-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241183, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241183, "uuid": "123df2c4-219a-482f-9cd8-371b2accd937", "comment": "Malware payload (RedLineStealer)", "value": "8cd9f296511f67a383b8c5c088a6b2cb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241183, "uuid": "a5c2ff90-57cc-425d-9db2-7d883e3076ed", "comment": "Malware payload (RedLineStealer)", "value": "329b6335303bf937b9b77a5602eaa3f9f1b828b10d719134ea001cf8ffd4bae8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241183, "uuid": "31bb644e-2047-41ea-ac33-0cfc18b58c96", "comment": "Malware payload (RedLineStealer)", "value": "ae544c25d7ac8eb9ccef51e35cba11cc5f8729f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241183, "uuid": "5ffcd26d-2c40-4c50-bee1-da483167eec7", "comment": "Malware payload (RedLineStealer)", "value": "16baca5b98c6948d9cbadf02c612e3977792ae11dac0d9ae2a7844e4003ec3cbef6c9c841951d049e1db4616f3e4b9d8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241183, "uuid": "7210a320-0b43-4270-91c1-a01a5d18e3c2", "value": "T110543A0FB6C50336E471103D27B02956ECEDAC910D34EDB73A6CC369156ABE3A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241183, "uuid": "a225e71e-1dba-4de3-b2df-e7e4493f6157", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241183, "uuid": "37764bbc-9c76-4aff-ab8d-6051af966880", "value": "6144:0LqJBOV2mQ0FKHgKNRBH13TLxNP9T0x+SRMe:lOVQzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241183, "uuid": "0254ba7e-4c3b-4333-873f-7c0f3c288ca0", "value": 279557, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241183, "uuid": "72af8d78-fbb6-4cc7-8c78-9c5e049ec8de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241183, "uuid": "94c39ef0-bf00-4f0d-8387-982b0adabf41", "value": "8cd9f296511f67a383b8c5c088a6b2cb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3057d13-0f5d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687260560, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260560, "uuid": "cec9953f-3203-437d-9581-30642cb3d338", "comment": "Malware payload (RedLineStealer)", "value": "2ed5b805f94bcc4d5c7ad118747f2d19", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260560, "uuid": "357aefae-bdbd-4e05-8ff2-b5834a806c2f", "comment": "Malware payload (RedLineStealer)", "value": "32e243c0cbc0b35f04ce16f414a5d4164839ee162263fac9d7804e9b3889a438", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260560, "uuid": "ba208f76-8f24-48c0-9d6d-d483dab6d2d6", "comment": "Malware payload (RedLineStealer)", "value": "dbf9cd13337085dfd2b61e6abbd8538e7b4a596e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260560, "uuid": "ea253f54-6a5a-4bd3-8a20-7fa5663d04a9", "comment": "Malware payload (RedLineStealer)", "value": "1e6bfb8974cdfd984a9b7dd0c8556faff6921a49a82373802aa44dfe5475a33d3f01485431ab46a1c4cc4a441436ccc8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260560, "uuid": "d2b9e814-69ee-444b-a94e-b09a37507d3b", "value": "T110E40281B8C4F134EA3216309C5ABA937D2DF8A18E219DAF3F14731D0AB19E1B5B475D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260560, "uuid": "dae8ef3f-5f18-4519-92d6-55ff82e30818", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260560, "uuid": "dc3e0c4c-f051-4fba-9542-f36403ba156f", "value": "12288:ARrqCRGv7fWlu+T/mupAN/A3fcB5SX38Caw0+u/T+cF149yom:A9Re7fIuAuWkkl0zHLIm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687260560, "uuid": "81f5e55f-b24a-4d84-a538-a3bea85712e2", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687260560, "uuid": "ae7036b5-a8e0-4e5b-a360-f1783a856919", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260560, "uuid": "7d229bd0-09e2-4e33-8d64-06163b9f3fe3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb42c251-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1687243823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243823, "uuid": "b500c09b-de46-44f8-bc5a-03a637ac4c11", "comment": "Malware payload (Loki)", "value": "f6fc198a841a5ffa50f8f37602d7f78a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243823, "uuid": "fe9049b4-68e0-45f7-b0cc-f34222828e27", "comment": "Malware payload (Loki)", "value": "3342faecba3c55165e62240c1f66b76f96364883ec078643b6a17d0700b9ef61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243823, "uuid": "8b27c92e-8be5-44ef-93b7-9924f992368b", "comment": "Malware payload (Loki)", "value": "a859d2bc2bbc9f72387ac3ca675fe06bb960dad3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243823, "uuid": "a877c75c-c1cf-4433-85a7-10a43386cd2b", "comment": "Malware payload (Loki)", "value": "aea421861debc3cef63eadd32fd984b9ee4712046d1df74594372bff758803762b709f88ee98917989cec80445615c05", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243823, "uuid": "661e3349-9a06-407c-8a4e-731ee1e13fb9", "value": "T1A1E4011867C7862BC01B0F785420E775927C6D8AB712D6EB6ECB7CCB7A663C9093414B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243823, "uuid": "18f1ffe9-c7ad-457a-b19e-fbca5b9f5187", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243823, "uuid": "028c55a2-c0c5-4f04-b945-b3702ff174dd", "value": "12288:Gb903YnHHsHHlHHTHHHH9huPM7q6bpw4dcZda/igJypOlyz03aNIGF0CL+H9Oxq5:Gb903YnHHsHHlHHTHHHHVzu4CZdOspjC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243823, "uuid": "7871ae14-ab7c-4cae-acb8-823136ad72f6", "value": 672768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243823, "uuid": "1da47351-2d5e-4dbf-8908-5b09be115470", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243823, "uuid": "7b4cabb9-78ab-4484-8735-0fc0774699d2", "value": "f6fc198a841a5ffa50f8f37602d7f78a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d944f7d-0f69-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687265651, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265651, "uuid": "3c3889ae-107f-4174-9777-6c1f47e81f33", "comment": "Malware payload (AgentTesla)", "value": "8ad6b210723894734d654ba76605b8b8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265651, "uuid": "329efed0-8865-4244-a8ce-c8f060451247", "comment": "Malware payload (AgentTesla)", "value": "339ae2cba0f3ce8bf4b3098daf78d5e4bfadeeae26762c697bdb63788927ee77", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265651, "uuid": "9f4f7540-afda-4215-bf52-cc0f5ab176ad", "comment": "Malware payload (AgentTesla)", "value": "7becac332e34078e04501a407a24c7948f3c6a66", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265651, "uuid": "1393798a-2cce-4a74-a641-61b13cbc374b", "comment": "Malware payload (AgentTesla)", "value": "e93ee6855e46b025916fdef1cc726072218c4cb65f2684f571b0713677699511769b2b5bd6d655f9c999dd944a336dfa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265651, "uuid": "2c140fd5-9858-49ba-bc5b-814ac4517318", "value": "T18405F10123784F6BE13E8BFC5460267093F8665B701AE74ACDC7B4CE6E95FC14A5AA07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265651, "uuid": "409f8102-5862-4e7f-ae58-ac935b43b230", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265651, "uuid": "0adc9605-fde3-496c-b909-317ccadce915", "value": "24576:buzu4CZdOlikKT6bLW/0GHPARTLFQsls:Sz6ZYllKT2JG4Hls", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687265651, "uuid": "9f438453-ddce-4b4d-b687-d8f4d5e99f52", "value": 852480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687265651, "uuid": "33893330-c54e-4c1e-91a1-b95cc47b5aad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265651, "uuid": "172bbe4a-3ab5-4567-bee3-ef9abfe3fcf0", "value": "pOatakYsZfzqkaR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ccf7025c-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240847, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240847, "uuid": "b2d3c81f-3d4e-47bd-b59c-c36242a36339", "comment": "Malware payload (Amadey)", "value": "033a7e5aadf7253c2ea98734bb001fe2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240847, "uuid": "f16dc03d-5dbd-4f8f-83fb-5247ff9196f9", "comment": "Malware payload (Amadey)", "value": "33a88fe6766c7690af6348f7ab5799eba539586cadede6b4e85ed16594aaf236", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240847, "uuid": "5c6ea654-8edc-46bc-baac-cd09b7a3b743", "comment": "Malware payload (Amadey)", "value": "1f3b5c85c52003f9ef90e944ee9f6ed99653403f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240847, "uuid": "5bca9f03-a125-4ddb-ae87-840986fe22c6", "comment": "Malware payload (Amadey)", "value": "fc91a3010392cf388d54a44ad05f1ceb9e85e90ad8647a282907d4c9716895290d8490df2eb39ebe7530c912ddb054a4", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240847, "uuid": "814dd0d9-e485-4de5-af69-ca8d77e7b183", "value": "T1D2F41241B0C4B234E9710831EC6ABA537DBCF8C48E70E9AF3F54731A4AA59E075B465E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240847, "uuid": "163c9a6b-d653-4c8b-8d55-a1939a01603e", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240847, "uuid": "0210ef8b-6cb2-433d-bb18-f97ae62aa33b", "value": "12288:qhpJREv7fWlu+T/LLjB5IIBK2Fr3G0GcEeKTlkTcUgRI:YRg7fIueLjH3s2hAcEeO+aI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240847, "uuid": "42d9bddd-ef60-4279-b1b9-23b3af8f2195", "value": 728576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240847, "uuid": "6e2f234f-b7fe-465b-8b4c-4891fd3768a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240847, "uuid": "a5b0c7ff-901a-4eff-977c-0dca17ed2628", "value": "033a7e5aadf7253c2ea98734bb001fe2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db4fe6b6-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687288115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288115, "uuid": "91772830-a5c2-4629-94ed-55c3250f47f4", "comment": "Malware payload", "value": "691985a3a3c98aaca42fa55fa44c77bb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288115, "uuid": "17f2d8e9-b7d0-421d-b256-bff4e2ba8921", "comment": "Malware payload", "value": "33eaa690bbcef2d27b89c30b2defda586e213b0dde5629397bac7636e030235e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288115, "uuid": "08e6762a-8731-4a8b-a100-d75bde32a36e", "comment": "Malware payload", "value": "7359bb0647ccef4d267049784a2ff8c922f1debf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288115, "uuid": "deda0a6b-6855-4c07-823e-894e580c35ea", "comment": "Malware payload", "value": "e6cbb4feb533a738ef8ce3105064e1e3843e1cc031f5600c3b6650bf51c69a9e687c915b0c7c0476c2a7f478044a1599", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288115, "uuid": "077d84ed-b132-4598-9651-f56bdcf4ef41", "value": "T1F1347D00B4C0C472D5B314738AB99AA9DE3DBD600B656AEF67E40E6FCF70AD0B670915", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288115, "uuid": "0e2b345f-d71a-4bac-a8b5-8c305048aa03", "value": "9af3e93e35221a2c8c04a3cc05e589b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288115, "uuid": "d633f8f4-74a6-46ac-9ceb-e1057f43479c", "value": "6144:VKJE90TMllAGihX+t2XkqfFFeKAOOZ0/:VKy9CMvAGihXKKv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288115, "uuid": "4df26f17-5a12-44f0-a086-0af07ae31407", "value": 246786, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288115, "uuid": "a5b6e2d9-30e5-43a2-9445-5a059a114772", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288115, "uuid": "91a76802-d974-48d5-a0e5-b2e91602a1e0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "441bafc9-0f96-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687284855, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284855, "uuid": "956b38a2-28da-4309-aca7-512032ba31bd", "comment": "Malware payload", "value": "00e6c3cdd3a1bfa1772abcf183a8d6c7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284855, "uuid": "f0d4fd0e-1467-4820-bb68-eaf78039bb41", "comment": "Malware payload", "value": "3422e6c626c056814b08024fce0ada186ea01d61d66fea72bd688967b61785e3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284855, "uuid": "6574d2fa-d06b-4e9b-a9de-fa56fcfbf58d", "comment": "Malware payload", "value": "f86535f16cb22dbc2e92f34f800a7459aa90e3b0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284855, "uuid": "018a9ae4-a96d-47f5-ad03-1761ae9fe7b5", "comment": "Malware payload", "value": "edcdcfe3592d66b929448e030e1ad8ac26b90568b769bf24bf990d51a1e78aa2983be5eaf09620116b9a15897bf67016", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284855, "uuid": "26ee816b-2072-41b0-a101-b4bb08a07b7b", "value": "T1E3956D33BA40C23BD5E05076896D593B202DDC250768A1C3B28A1B2A3E779D35F7679F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284855, "uuid": "21cea22e-40a7-4b80-8d57-e79d11d509a8", "value": "879cbe3308eb2bcc0ac7823fb46c53ab", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284855, "uuid": "fef788d1-fd06-49ba-9468-7c12b0eb71a9", "value": "24576:SA2fv3u6Bi9VqNOso4wIfgDmn6mYMy2pMDz/HrCPpTyk:SA2H3li98M14jZYMyt3rCIk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687284855, "uuid": "aa284d6a-ea0e-45c9-8490-f5cc83f4c4f0", "value": 1929216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687284855, "uuid": "8a46e8d7-b3c1-4658-aaad-2aa680d72984", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284855, "uuid": "4c2f26c5-119b-4b9b-a935-30eecb7448a5", "value": "00e6c3cdd3a1bfa1772abcf183a8d6c7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5a4309a-0f3d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687246874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246874, "uuid": "5adcaec7-dcdb-44b8-ae51-8183087d90bc", "comment": "Malware payload (RedLineStealer)", "value": "962c69debc346cef516f89ad187bc777", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246874, "uuid": "6629ad4f-82bc-4598-9df1-31b67a31b81d", "comment": "Malware payload (RedLineStealer)", "value": "34b36492ce022c7e552d06271b2f80f4a7ec16165485a99d66a72e9520953c98", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246874, "uuid": "6d51d031-b966-42e4-b210-7d48c7aa675e", "comment": "Malware payload (RedLineStealer)", "value": "cc4df764e3a711487e4fe4636408aa3d01dcca03", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246874, "uuid": "13dfcdbb-75a8-42d8-ba06-d329299c0abb", "comment": "Malware payload (RedLineStealer)", "value": "eee3c47127a4518a821538a327cb2c2e1b7da963936d144b9aa88b418cc7f348f5ed89804e9211315da71d3c53de2ef5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246874, "uuid": "da7ac0a8-c581-4c05-a480-7cfa5023dee0", "value": "T104F41251F4C0B125D93216316C6ABA833D7EF9A04E24DC6F3F54331A4AB26E0B9E1A5D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246874, "uuid": "6e3def62-c242-4953-a0c9-c4f4e729dfe3", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246874, "uuid": "4b59099d-a153-427d-a986-c62b42132521", "value": "12288:xoRWPRBv7fWlu+T/ZxowFXjfKxPVtSKfr03U6b4ltS1p+ALuS:xrRN7fIuExoEjfKNVtnAMltmp+K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687246874, "uuid": "0f452a11-b290-4473-940b-ee013c3451dd", "value": 759808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687246874, "uuid": "5ee442bc-e3ed-4677-8875-2541793f46b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246874, "uuid": "d5c30135-4161-476c-957b-3ceda54ac9e9", "value": "962c69debc346cef516f89ad187bc777.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4df3a2b-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241773, "uuid": "881d060d-f2e1-413c-914f-50dc89cbb0a2", "comment": "Malware payload (Amadey)", "value": "c3a385642a5f3f29752c3eb2e43a84cd", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241773, "uuid": "d8c7967f-71d7-4b85-8823-5be3a39c73aa", "comment": "Malware payload (Amadey)", "value": "34e275132ad3a5734f4f00dd79d3f3cb6c828daa578901ca0805ab261070a1dc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241773, "uuid": "03fa58b0-9212-4d18-be9e-0c440e9fe316", "comment": "Malware payload (Amadey)", "value": "891307266452bf5b586e0b9645dc6c6961a0fe3a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241773, "uuid": "cde5faea-0338-4c14-9da1-525dec93eeeb", "comment": "Malware payload (Amadey)", "value": "190ac2842a970d892d06b4d727f1231d9f75d63ea8235afb9a7692bfed07fb4bb0750048a23c001815d2edfabe676c82", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241773, "uuid": "d8b2d678-845a-469d-a114-801a6617585a", "value": "T121F41240B4C4B230D9311531AC6ABA837DBEF8A14E65DDAF3F58234E8A721D1F9B541E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241773, "uuid": "80f9e8bc-dd18-4e00-8b7a-3102fa537c92", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241773, "uuid": "e584f518-16a9-497d-b205-df8760925549", "value": "12288:HzMmVlRhv7fWlu+T/pxEKmBqiqjFtdEBo6I5h7ubuuNuKpAPVN:RRt7fIuosg+B3IjI3j+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241773, "uuid": "e1f8e27c-b013-4c8f-8f65-31b436056b42", "value": 761344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241773, "uuid": "487e49c5-bdfa-4f20-ae92-010749557133", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241773, "uuid": "f3b45b8a-2aa6-4fb8-a8e1-882067a209a2", "value": "c3a385642a5f3f29752c3eb2e43a84cd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0ec12c0-0f5a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1687259375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259375, "uuid": "106e01b8-e644-4b55-85dd-7a8d629cec97", "comment": "Malware payload (CoinMiner)", "value": "eaca64d4830fdeacaa58080f4271c333", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259375, "uuid": "8f45c5ea-3b8b-4474-a923-739daa96fa44", "comment": "Malware payload (CoinMiner)", "value": "35b70fc462fe02d507a58c2b5a33ddd5e26aadc7ac8fe3beae2a82666c8b17c6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259375, "uuid": "5bfd19c5-50a4-4e37-8ac3-f477d1f872cc", "comment": "Malware payload (CoinMiner)", "value": "68c814b3e64a904dda1453fe374060b96d7320a3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259375, "uuid": "225ac020-b2b8-41ce-a12f-344fcbb82d8e", "comment": "Malware payload (CoinMiner)", "value": "01b4e9b951282e6014e6d6cfa99ce15098136a182eb7a40181fbe5d5dc94eff108b98cd9d5880deed51922baaa547cdd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259375, "uuid": "334ad891-0ca1-47c6-a83c-2369423476a4", "value": "T158C533CB37D2D0BBCC95C23C89BC1A7946F425B5DB2442CBBF88150196B4ADD8738E56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259375, "uuid": "7fa4bda6-d02f-4714-b487-f1f2e9ae627d", "value": "f6baa5eaa8231d4fe8e922a2e6d240ea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259375, "uuid": "7da18541-f2ee-4127-ba4b-cf791c75c2e3", "value": "49152:1A5DSK3yiF7i9NfjQYMTLVovyYYscetTuO9CvYv9dY1wH/o+IlF:1A5nCcWNfjQYMoOscqH4vaYU/oD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259375, "uuid": "55ff61c0-a9c0-441e-a0b2-4cf1e936d5f4", "value": 2654392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259375, "uuid": "ea99c7d9-2f48-4b5f-814c-227919654c39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259375, "uuid": "3b359736-7a65-4850-907c-ffb246cfc986", "value": "eaca64d4830fdeacaa58080f4271c333", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27d0b1e4-0f59-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687258608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258608, "uuid": "f7b6135f-0bfd-4512-a10d-667feb971e96", "comment": "Malware payload (Gafgyt)", "value": "2e2685a3ce699abefef343c39e3512d5", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258608, "uuid": "781475e1-f3fe-4a4e-b3d2-be2557d0a67f", "comment": "Malware payload (Gafgyt)", "value": "3623283f8435e36e2fe809d72eab894f9023b01352d4e56b69f2c5611b2889ee", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258608, "uuid": "6a373332-e5ad-4a19-897f-72247bd0f718", "comment": "Malware payload (Gafgyt)", "value": "83d3313794dc3803e60abedfa0f8ec9f64543592", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258608, "uuid": "22677dba-8af0-429f-b5fc-eb2423b395a3", "comment": "Malware payload (Gafgyt)", "value": "f71050a7cb548bf5d948c33a0175419318790b312ce7e2384d5eb2354f264c7bfe570b5a735bcd8aa0dab4507a83305b", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258608, "uuid": "b6a9be7c-97b3-4085-9d56-f0e177a101a1", "value": "T149142B93FD01DFA3F40A9A3609D70B246631FF660B421D36731BB9699A7A2C47417F0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258608, "uuid": "6393889e-d4b8-4087-a073-b6737b89ba56", "value": "6144:1V0DpdR3hTKtJgQL3yXAH9cvv2migLYC/fE8sf/OH3eT:1GDpk1m2migLYC/fE8sf/OH3eT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258608, "uuid": "9ed4e432-2829-4013-bb40-08d6b5686d3b", "value": 208676, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258608, "uuid": "0628829a-0e37-49c8-8056-077aca398644", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258608, "uuid": "3fffabde-4fdf-4ab4-8a8e-2258640b9740", "value": "FDFDHFC", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d2265e1-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241464, "uuid": "9e021313-34b4-4d49-aad6-e880ede4965f", "comment": "Malware payload (Amadey)", "value": "89d9aff302dd8530417a8101cf2ef319", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241464, "uuid": "d545b833-84c6-4f18-9c54-277f98a43e04", "comment": "Malware payload (Amadey)", "value": "366fba5c072eee8008ce61faa34698959fe78d89060614eb091542172ab09224", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241464, "uuid": "dfebc169-1198-455a-86f3-3d6b242463fc", "comment": "Malware payload (Amadey)", "value": "3382a3a647bdfe77e1fa8917614ebca8182f9d01", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241464, "uuid": "91ccef34-dd8d-4e84-9661-98ffa55d3dca", "comment": "Malware payload (Amadey)", "value": "dc232ae36a959876f7354b32a2b9cc92b6be0f56760fc0a28eea99a8104b6982b86a467df4995434056abbcf77f6f6ca", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241464, "uuid": "2f9be28f-b8ad-464c-9ffc-2b44b376291a", "value": "T12FF41281B0C8F135E9721631AD29BA467DADF8D08B618CAF3F54331D8775AD0B6B062D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241464, "uuid": "3337ad65-96a4-4a28-abe9-879bdeeb664f", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241464, "uuid": "d6bfd732-728c-493b-8f14-b2994b082d0c", "value": "12288:kk3FZU5Rqv7fWlu+T/PjykpCCIiqSPUS3GpHkV70K8lAP0n1zpjBQQ:kOSRS7fIuiyaPUsGpEV8mqt9Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241464, "uuid": "eba88f6b-d63d-466f-9496-184d1e6eaeed", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241464, "uuid": "a6c7bf62-6219-46b6-9347-dddb75fe8c84", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241464, "uuid": "f17a9c60-c8a0-48d2-aca8-55b319bf29b5", "value": "89d9aff302dd8530417a8101cf2ef319.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9983b053-0f5b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259658, "uuid": "0b566363-279c-403f-9df8-6e88bb821b4c", "comment": "Malware payload (Mirai)", "value": "d6324c4a03924b9e7231db423f1dbae6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259658, "uuid": "a4f2142e-92ad-46a8-ac4c-5ed0d33d157c", "comment": "Malware payload (Mirai)", "value": "377f0460bc8b3b8656e64bd05a5a1972fb1166d34626400df04929f3a9bf99b7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259658, "uuid": "5c91f21d-5e34-450f-9137-19ac4da008f0", "comment": "Malware payload (Mirai)", "value": "b8c31ef02bc53e2fc563e0ea4a6b2847a5311cf0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259658, "uuid": "9f52b716-f6c4-4c3c-b27f-c61453477624", "comment": "Malware payload (Mirai)", "value": "1cf8d9b52daf2428496ec25a2f72b229343fe8f23ecb149d20c6fa38eb1b2730c48451af6588c779c51cc0a506be7e22", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259658, "uuid": "a9b1d72d-6ef2-4bd7-8e31-74dac588e3dc", "value": "T1F1331895B8C19A17C1D413BBFA2E41CD332563B8E2DF32039D256F14778A82F0EA7695", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259658, "uuid": "35803a61-3f33-460a-a036-d6ac2338372e", "value": "1536:YqWvCEvs5Fx1nzYaZdoTcawt5hMBA0z/:YqWvCE8FvRnbhMBA0z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259658, "uuid": "3d2c2a08-bc20-455f-85b0-a8cf8e4f737d", "value": 52912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259658, "uuid": "f0c5f7b0-c55e-4507-9f49-9c587141c0ea", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259658, "uuid": "caeaa766-ebf2-43e0-9f71-3f66cc02059c", "value": "d6324c4a03924b9e7231db423f1dbae6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fb29531-0f3a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687245388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245388, "uuid": "a2729fe5-e340-4d08-84e8-84be4ff12e33", "comment": "Malware payload (AgentTesla)", "value": "9b2d50990e152d46b478ca2453728d11", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245388, "uuid": "9537b7be-6bc1-48a8-a3d2-cbb69bd21c3e", "comment": "Malware payload (AgentTesla)", "value": "37a3df3f3e43cf82060890197d96d5ad5e0b84b0995f1cd70709f96899fe2994", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245388, "uuid": "d3e27f3c-a913-4275-83b2-e66b47cef3ea", "comment": "Malware payload (AgentTesla)", "value": "657982f510d52778ceda185938ad82b2a9799d56", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245388, "uuid": "b3ba2701-00f4-4e79-8521-24c44dbff451", "comment": "Malware payload (AgentTesla)", "value": "9d355ef2ef9c04ae7273df6e5c7ecd03822d5436900c39efd11d9a2758a55a6ba1b3b3976da3b9179cf3a2ecd8052e83", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245388, "uuid": "5a9b7232-1070-4a6e-a466-3d541e2bd666", "value": "T15F15B4BD69D026B7D535D572C16234CAF63F6322B2534D6821D2DEC7866288E37EC80E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245388, "uuid": "a83b6b86-022d-4eed-a2bb-e2c08bff3684", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245388, "uuid": "c13053b5-fccf-4a28-acfe-a0ebb40210f7", "value": "12288:UV3NUvXFsMPzI/Z8NeMvnWQbT7LsbPx+p2m0bCH1dAXf1papcH:QKLI/aeMvnWiTPYxfCH1dMScH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245388, "uuid": "fea6f2ec-9ea1-4db4-b86c-61ec612e224e", "value": 935424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245388, "uuid": "8b3ff548-352a-4b86-8a91-129248f469b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245388, "uuid": "56578688-82bf-4586-a77d-6061c6db6268", "value": "9b2d50990e152d46b478ca2453728d11", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "baf174b2-0f44-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687249836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249836, "uuid": "bd7d230f-a8ad-4386-ada2-10b4577bd6da", "comment": "Malware payload", "value": "9b3da5bac2a6fa890a628527d85ba7f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249836, "uuid": "313e6ffe-7e8f-43ea-bc2a-d5efe181f424", "comment": "Malware payload", "value": "37c369f9a9cac898af2668b1287dea34c753119071a1c447b0bfecd171709340", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249836, "uuid": "fe6c13b2-17c1-4130-9857-a3947e481a24", "comment": "Malware payload", "value": "2f5aa0c4910e717537ff4323a6043484872e8464", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249836, "uuid": "de971edb-2a39-4a26-b27c-2294b2d08f76", "comment": "Malware payload", "value": "ce861b13cdb4f11b3d246de630d4f1a89acfdbb240339feaa02ec2b19771009f050a63361a556165d5ab91572b41777e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249836, "uuid": "45ab940e-0a36-4463-a222-46fcc2215252", "value": "T1C0D49E6E67A811D2E0B7C13EC9D58B99EA71BC150720A7CB01D041693E23BF85E7F726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249836, "uuid": "1821381d-f774-4c66-b12d-034cfc2a5067", "value": "b768962993683b5493d8263e34168d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249836, "uuid": "3da8e240-16e8-4f8c-b309-ca058be9fba8", "value": "12288:NFJrNMbTczmMre4HKIxNCaD7SHlWYM7ByeqyLMhPpowHagDl:BxLmdggD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249836, "uuid": "ffaed67b-1616-48bc-a582-7994df42ef25", "value": 652800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249836, "uuid": "614c4e3e-ef62-44ea-a7a8-c4c5ddf6ca2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249836, "uuid": "689a1e5c-2fef-461c-af79-2cc0ab1017a6", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e04346a0-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Neshta)", "timestamp": 1687240879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240879, "uuid": "482dcbb3-bed6-44c7-b4a2-f1419c5ca1dc", "comment": "Malware payload (Neshta)", "value": "edc5875efb7cdf0275748fe179393fcf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240879, "uuid": "c7f9f1f1-c2f1-4c69-ab62-008e1a6ce3f1", "comment": "Malware payload (Neshta)", "value": "37dc167da39f0b4322d8936d32185c2c99931b63284cc9edb230abd513dffbf1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240879, "uuid": "b1e327ef-7ab3-4625-9322-ac9ff395e49d", "comment": "Malware payload (Neshta)", "value": "0eb5fbf3449bafbb9bdd11fa6643fd6ba5fe9caa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240879, "uuid": "6d6b3b14-a101-4b25-be7a-6abeeedfbaba", "comment": "Malware payload (Neshta)", "value": "cc4657d66e40b060641696340061d2341d730e06f27acc6de240025049f6be2bce783ad73512a2cf45dc4a544f5aa980", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240879, "uuid": "375b3140-8d4e-425a-8dce-244124ff5572", "value": "T1172522609A9A8A17C1470FB4A530E334627C8EDA7761D7DB1DCB3DCBBE25BC9043458A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240879, "uuid": "41ec30db-23ec-450e-9197-deb0914a7f17", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240879, "uuid": "a7f7d8b3-d3d5-4a1e-8654-a7bb7b56e97d", "value": "24576:qb903YAzu4CZdOwKuCtRn+WYANJUsQW9Ehpm47D9EfZoOyg5xPe:1z6ZYwB6RHYO0/hNxELzPe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240879, "uuid": "57286158-fc38-4ee3-b024-71def7bcb85d", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240879, "uuid": "3f2d23a4-6129-4569-b0de-a4fdab521c1e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240879, "uuid": "1e94918f-ed76-4c7d-bd36-c0feef9fdff4", "value": "UPDATED STATEMENT OF ACCOUNT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fca56419-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687288171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288171, "uuid": "9fdab98c-9a9b-4b97-b711-6db14fdec6ca", "comment": "Malware payload", "value": "f7984f51abb9e21f64b31da78da0b7bd", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288171, "uuid": "4f392a74-cd80-4af6-a027-bad6d9eed9b3", "comment": "Malware payload", "value": "37efec4c9df42e2a53f73a9923a8e9a1154a790dc5316ec875b5b7640f27d294", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288171, "uuid": "84ec55f6-81e7-4ec6-bd84-7175e9572d6b", "comment": "Malware payload", "value": "3ee9d66bbddad9ce902083997014b4f414f91785", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288171, "uuid": "8d7b01ee-a360-4bd6-9c60-d96c04809c2d", "comment": "Malware payload", "value": "0e17f2d0ea39f0b69de4f9947c2b60d4b3ea78365d2e2dfec8b7a060ac2c216c01712673751d0d7ee6d1976548c3f4c9", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288171, "uuid": "ee0fc419-046d-40ac-9bf2-c38dab506305", "value": "T1E96518D132A80549F4BE0A75D6332CE147317E6A9ABDCB4E0C9674DE21F37818917B2B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288171, "uuid": "d5388bbb-9091-4b1c-9f56-0d640ec08983", "value": "24576:KzzzWAeW1Wo1pQCfvUkEGDw3V9mWXa0erMzzzzz9zzzzzzzzzzzzzzzzzzzzzzzs:KzzzWAeWzpQGvUykyWqPrMzzzzz9zzzc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288171, "uuid": "de2e2bb3-33f6-4a43-b590-3651646e5833", "value": 1498624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288171, "uuid": "4203ba18-10c1-4582-9d60-b5db040318dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288171, "uuid": "44c90c07-072b-47be-954a-c2dac86dd2e3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40aeccfd-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687243618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243618, "uuid": "af152228-8ebc-417f-b80d-0c849caafd29", "comment": "Malware payload (GCleaner)", "value": "eb4b93a607dc8d2d28c0b9486b9acafe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243618, "uuid": "97549275-6e1a-4774-bd70-8e50721a7532", "comment": "Malware payload (GCleaner)", "value": "37f76018264bccc9fc48df733f90f737aa2152693fec4667bd9eed26b2538290", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243618, "uuid": "fa0c0d10-b704-4315-a7a6-af8817e1c112", "comment": "Malware payload (GCleaner)", "value": "0237256d822e528f7f403400355f355023afe487", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243618, "uuid": "1f8cde6f-7cc4-4463-aa58-808b07162426", "comment": "Malware payload (GCleaner)", "value": "aabf174beac36d71d7c8a559b450e17ece62a481972a176acd800509719b9f60b8ce6a4b5c436945746bc54d2ce08de4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243618, "uuid": "975cbd2d-8dd5-4e88-86bb-2ea444232444", "value": "T18964B02262A07D34D92E9B73CD3EC6E47A9DF9408E1937A722386F2F09B11B1C572751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243618, "uuid": "b8a03f3e-7573-44cb-8d79-a161fc65f76e", "value": "c1947b9846baf229e0c776cadd6d408b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243618, "uuid": "af682539-3b8c-4374-9e2a-f36c9b47ea0b", "value": "6144:XD2JIOcUiPyEHZE6jSDnMpL0CPJbsLWcexraWE:XCpctvHPjSbCLXSyxr9E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243618, "uuid": "c1190795-0a33-4c28-8a1e-ab7b1f6a469f", "value": 317440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243618, "uuid": "67c97e47-4da2-44b5-ab9f-6fa9b6d3f76d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243618, "uuid": "2db20393-529f-4467-89ff-ebbf9869ab83", "value": "eb4b93a607dc8d2d28c0b9486b9acafe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "454e29f0-0f1a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1687231600, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231600, "uuid": "5a7aeb90-0c9d-4678-8da4-df0082e16ddd", "comment": "Malware payload (Loki)", "value": "61c3e6deac7a7b5e75f4e8fb033035f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231600, "uuid": "cb3e1ad3-c29a-4c89-9418-4142da4ad45b", "comment": "Malware payload (Loki)", "value": "38a9f881eb28d8f75c2c21a9cb4de15e472866346c747c480e8e6ec485982067", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231600, "uuid": "e86565a3-e1a4-4752-83e2-c973ae72d47e", "comment": "Malware payload (Loki)", "value": "19b6e137141eb86449829302cee9bcdae54c01b7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231600, "uuid": "8d95aeed-eb24-4d3c-bf17-e759c6c832f0", "comment": "Malware payload (Loki)", "value": "93dacb5e61ae5f91105f44b39ccca922fdec873a32d39fb6821c8fc00941246a899e017b701035704831b8592f3f9da2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687231600, "uuid": "33b94602-a48f-4e8c-b8e1-921dda40488e", "value": "T13FE41218AA835A2BC01B4B790410E3B0637C9D897362D6EB1DCBBDD77EA53C9163461B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687231600, "uuid": "09b192ac-bb23-4885-9ef3-cde86050e3e9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687231600, "uuid": "5d09e311-1ea5-42a6-8dd5-e953ecf24c94", "value": "12288:Nb903YrauPM7q6bpw4dcZda/igJFIDKW6gS4ahWw2gYKIK40jO:Nb903Yezu4CZdOkKWEXIP0j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687231600, "uuid": "f54d174d-d14e-4f50-9333-86f2d69e5f31", "value": 674304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687231600, "uuid": "0d841c42-653c-4903-8258-7efd1864453f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687231600, "uuid": "809c179a-f5a9-4b09-b635-7c286e7733b5", "value": "SecuriteInfo.com.Win32.RATX-gen.12308.15641", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45e94008-0f1a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687231601, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231601, "uuid": "28b9bd1d-96c6-4592-af42-542701b078a5", "comment": "Malware payload (Mirai)", "value": "29b4d331ae35e6acf0d15a43f6aa72db", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231601, "uuid": "74d7946d-cd4c-4d50-82d2-78b80de78593", "comment": "Malware payload (Mirai)", "value": "393cf41c840bfb5ccd52ac0f3e79794de53630cef37b567194006198e05ce451", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231601, "uuid": "396b8629-20ca-4a4c-af4b-2562830ca7ef", "comment": "Malware payload (Mirai)", "value": "5f8edefc825b74e9ada68c41b00a67f2ca9b9a47", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231601, "uuid": "ecda0aa8-0671-416b-b3da-48485c46e9ea", "comment": "Malware payload (Mirai)", "value": "63f22b658ad0e3041c54f5984b08438ec6726fc031b49851f1d7068556999e948ee8547dccafe93595e490f3b6c4047f", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687231601, "uuid": "a366bfce-7a1d-49d7-98fa-ef52a4e1931d", "value": "T1EAF2E1A1F8C1C130C5960438FAEE52116BE67F7DC99AB22262D4639754C2942FD7B50F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687231601, "uuid": "e653438b-453d-43dc-b008-d730e303e3cf", "value": "768:rxgepM3T0t7SHLsbyWHolwEH+ORIrmRWoi4b5ZZhH1Enw+q3UIHs:lgepiybvolLRkwZiwzjH2nwRM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687231601, "uuid": "7f935735-367a-4937-92fc-1b8ebf6bd1f1", "value": 37188, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687231601, "uuid": "0c5d1252-eb8e-4b0f-ae93-19d7f5df0e97", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687231601, "uuid": "7b8230e2-3d7a-44dd-95c2-6c4a28a85cf4", "value": "SecuriteInfo.com.Trojan.Linux.Mirai.1.4101.16248", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a644370-0f34-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687242802, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242802, "uuid": "59ff8d7f-b601-43be-a198-ea62d808de1a", "comment": "Malware payload (RedLineStealer)", "value": "a46969aaa5b428a72399615aeeffd6db", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242802, "uuid": "98dbf8c6-c770-44c4-a06e-1db934d3f67d", "comment": "Malware payload (RedLineStealer)", "value": "39dc1fdfe79cc270951e35e534b38bbb260671d6b8c3e25ba9cc2b03618a4615", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242802, "uuid": "16688b9e-e057-46a4-a71b-cfe2c23cbaa5", "comment": "Malware payload (RedLineStealer)", "value": "03a9e542c07bfeee88e1d62d643339bd465380e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242802, "uuid": "459b34b2-7975-455c-943e-6edc1ab2080d", "comment": "Malware payload (RedLineStealer)", "value": "a40ab81c408cb501dac1835a6906c795b50a46d1ef680cdbc13743c018b241125b5c26422ef353a00fe692279c1ee837", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242802, "uuid": "af860c1f-3385-4980-8f49-296b4e7953ea", "value": "T117E40280B0C4B174E87116306D69B682BDBDF8E08E64ACBF3F54371E4A725E1B5B851E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242802, "uuid": "186ec77d-0540-4a1e-944c-01fe6037df0e", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242802, "uuid": "98d12a07-25c8-4675-a604-a84ee678ad15", "value": "12288:ywkqKRDv7fWlu+T/dAkGND/xjapnOBAq5/Mbf3JtdY04wLPzD1cXHLUWLK:yhRL7fIumAkGNDBgnzq5/MD3Jt1LPVZW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242802, "uuid": "725ea027-e262-4c42-ad25-a236b3d59a09", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242802, "uuid": "08887cac-a4f4-4c3b-97b8-71ecd89f0306", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242802, "uuid": "27608b85-b4c7-42c2-992a-def3910c8a98", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d65f41c-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241411, "uuid": "2321adc1-a117-4316-9f4d-e537c485dd2f", "comment": "Malware payload (RedLineStealer)", "value": "f5516a848d02c4d46321418201aac2aa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241411, "uuid": "aec0760b-480d-465e-a477-37b1095530e5", "comment": "Malware payload (RedLineStealer)", "value": "3b4325850452c160b6b685330e8749b457b99a0334d8ceb0c91b867148e89b33", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241411, "uuid": "5866c17d-aafb-4e54-a5e9-00a4286057d7", "comment": "Malware payload (RedLineStealer)", "value": "529fe872ef79aab79f0fd98909d7d8c6a3247820", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241411, "uuid": "40d6f482-5c35-43ef-98d4-1ad972cfc4f9", "comment": "Malware payload (RedLineStealer)", "value": "0d9f325922fad8847a59472dc2afe4ce84cf6b959506cfd3f36dcd147de42e576f2a66cbb857da0c677b17447ea839c2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241411, "uuid": "f1e9be18-598d-461d-97b4-68714ece9382", "value": "T1CA14AE1A63E420B6E4BA577488F202835A31BCB15B7582FF26C5D97E5E336C0A532F17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241411, "uuid": "13be56a5-cfc1-47d0-b22b-126161d207db", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241411, "uuid": "b0fc3821-943e-4009-8374-78cb49a20895", "value": "3072:YahKyd2n3165GWp1icKAArDZz4N9GhbkrNEk1xylk8lrgX2oT:YahOip0yN90QEAyl5ymU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241411, "uuid": "cb245575-d021-42da-af0a-ec1c90e52f53", "value": 190464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241411, "uuid": "7865f74e-e58c-4700-9536-29a2699f0cf0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241411, "uuid": "d7bdfb5e-6fd2-414a-993a-cbe0fc194461", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c583468-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1687242483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242483, "uuid": "b19186fa-98e2-4ae6-b7e5-e28e48a9b281", "comment": "Malware payload (GuLoader)", "value": "736e8629d2b6598ae64d3dabf4c6d8a6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242483, "uuid": "fe84efa1-d017-43f6-8295-1dc01daf6c13", "comment": "Malware payload (GuLoader)", "value": "3b7786d5f8215882a038af81539716933ddd90d4ff9f9f233c5d9473d61d962b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242483, "uuid": "bc2774cc-87a8-41c6-bbb6-a8c51a3ece7e", "comment": "Malware payload (GuLoader)", "value": "b9adcef9122735777121d52cb0e2658dba175d11", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242483, "uuid": "b998afba-1e01-4bb4-a834-4c45a060ef25", "comment": "Malware payload (GuLoader)", "value": "f417b79349ee51f12d6a5d454362700d6af58e9f705134745ad8c97bbf35b4e279966939e71bbca5b8954a0674218c9e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242483, "uuid": "549a0279-c5fb-4d25-947b-c9c4f3df4180", "value": "T10994DF22DB3D5D07EC1475B5A97396736AA49D244ABC490371EAFC3BF828362BE0D10D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242483, "uuid": "46e56381-dc06-4904-aa2e-ce4bd03c85de", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242483, "uuid": "84af28c7-874c-4a58-8540-ca9fef647ab2", "value": "6144:WpkXGhfZ2DXQfQDz+uImr8SbCyNdAtS55UedAgpdq94jnnFCRLEhJXqgia4wclys:vqugI2VOoy3AYlpd/nJnElye4HbFT8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242483, "uuid": "2a2f814d-5eb4-4ec4-8b1c-9639b73a4d1d", "value": 420416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242483, "uuid": "2b4a391a-fa6f-4fb3-a685-444b43eceef2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242483, "uuid": "7bc94b66-1f9f-42d1-b25e-5d1a6642aa64", "value": "Arival Notice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d768f28-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687268577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268577, "uuid": "77189c29-1cca-473b-9fc4-57fe89641672", "comment": "Malware payload (AgentTesla)", "value": "23cd9bca5c2fafca8be289192e132868", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268577, "uuid": "e06999c8-1ca1-4371-8c2b-853a91b99394", "comment": "Malware payload (AgentTesla)", "value": "3be752d12bfef05ebb3fdd132ac61a8b68ce444e761abfcde841a02522328ec4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268577, "uuid": "04a3e1a9-64f8-478b-a852-0d99587abd08", "comment": "Malware payload (AgentTesla)", "value": "aca0007403cc0163ee0a6b85d714a0f4b7d2dcfe", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268577, "uuid": "795b0c4e-0446-4333-9506-e8eb6b490314", "comment": "Malware payload (AgentTesla)", "value": "a706480b94791e3268691a611fffc50e4b3496eddfc2add8541e7dd06ce346954c7862a823c5a391414ab8c6d3c8cb58", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268577, "uuid": "46ac8155-5561-410e-aeac-6aa5a74ba04b", "value": "T18105F10122A80F57E13E87FC4450237097FD6A5A706BD74ACEC3B0DE6EA5FC24A59A17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268577, "uuid": "55087619-9da3-4f29-b10e-c8f3e02c1d30", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268577, "uuid": "b81cd0ad-0a6f-489f-a033-676f316ba889", "value": "12288:i2qlTQcqPM7q6bpw4dcZda/igw9wwDxxsTJF8L0m7R/01sIIBghpIpIKUkIU/:TcJzu4CZdOkwWsTX8wm1/qNIBg3IlBj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268577, "uuid": "44e4829e-6acc-45d7-94a6-f3b84785b71f", "value": 850432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268577, "uuid": "1152243b-eae3-468b-b5e8-cd3242ee4ff8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268577, "uuid": "9c23abf9-3659-44a8-8f5e-8b15ffe5e382", "value": "e-dekont_html.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5d9ca63-0f88-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687279140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279140, "uuid": "e07fa89c-c876-4e45-aa94-a95411ad1303", "comment": "Malware payload", "value": "8a873d4463884ad87edc0f1da16a0766", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279140, "uuid": "2e68b887-93c4-4e8d-bd2e-fc7b8ed74bc9", "comment": "Malware payload", "value": "3ceeb6a49ab38a27049739b089d4e19da59e27a59906573ee684d6e52b6978ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279140, "uuid": "6414dcb8-9490-4ae7-ba23-28cbf3e91a18", "comment": "Malware payload", "value": "76e9bc8df8afd2dfd0fbf3fee782ac129a3c4270", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279140, "uuid": "dd6de8bb-26a9-4669-94ba-bdb34eaf80ad", "comment": "Malware payload", "value": "7d2828e7a0515a77a6beca4f6b21b22d1bd7ee99564e670846e9bbf0e442d8be81095e5c31d75dfe39013cdf1d88336f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279140, "uuid": "a8a1feaa-9ced-49d6-8086-54f3ef55a903", "value": "T1001633037BD148B2E1A7143699A0AB2061FDBD702F158AEF63E56B3EC5114D0C972FB6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279140, "uuid": "792b5832-c0da-4594-8502-a672f2b23514", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279140, "uuid": "1ecf6696-a061-41ae-88e9-ca6e0ee935f9", "value": "98304:yWrDX5owcTbvZuqtYgllSkUrzCeSEqE3cQcC6FgHx:1ZEbvZuq7lJUvD33NcCUEx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687279140, "uuid": "3f2d1765-d4aa-46ae-9248-a32fffa4e56c", "value": 4227974, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687279140, "uuid": "2f55e632-1bd8-47ea-888f-ff6606cc13de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279140, "uuid": "836c5f47-da55-479f-9bbb-6851a889a3fc", "value": "net7.0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd5e4b4c-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687242216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242216, "uuid": "91270509-d8d4-47c7-af18-cf93f12b8a72", "comment": "Malware payload", "value": "8fe8392d6754f24f3ad0f232d858b830", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242216, "uuid": "8ea229c9-075e-43d1-bd92-101b6b32ac83", "comment": "Malware payload", "value": "3d85c2571969b2a54f61f766f8b4ec4e167048d9b28b63ef742e7c0114d4f575", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242216, "uuid": "d2e19b7d-64de-48c3-ae3b-f56bcb4ddf2a", "comment": "Malware payload", "value": "1ea06da8f6c63a5f33c011b4be030c38cd87372e", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242216, "uuid": "3bb1e6e6-daf4-4f7f-a2d0-1f325e076c4b", "comment": "Malware payload", "value": "7ad8d4e3c2277708012973f5038b7321f16aa0ae65e4e33fdd1d669302a04ec2d77d8cc1cb0bd847411a09d156203568", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242216, "uuid": "5ab63c75-952f-4981-98ed-d380da1b0edd", "value": "T1D9524C1EE3E8C2A6DDDF4731549312400339B7B65B139B5B69C860693A33364A693BF2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242216, "uuid": "cf2fea7f-d7f2-4097-8e70-76897b8e36d8", "value": "192:1L0RnBFb6666JSWENTvA/xiiZdBCJu7D3ss4c2lebnSXckylBELs3nKuI0Z3o2BK:1wTV6c/xiqBC4sswebnSsf33VBdBDoDH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242216, "uuid": "ad2660cf-b942-4520-a41d-51147ffd54a0", "value": 13312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242216, "uuid": "4e361772-3e7b-4b7c-b94a-7246c060a104", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242216, "uuid": "9e28c2e1-cb85-4f29-bf94-199e85732f84", "value": "8fe8392d6754f24f3ad0f232d858b830", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea08fc7c-0f51-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Neshta)", "timestamp": 1687255498, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255498, "uuid": "f0722d7c-47a0-4168-8f7d-45da706168f4", "comment": "Malware payload (Neshta)", "value": "cc35658ab7f1fd1537d17730ff26e9aa", "object_relation": "md5", "Tag": [ { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255498, "uuid": "57cc5c14-97a9-4f9b-95bd-a23080f26374", "comment": "Malware payload (Neshta)", "value": "3da3a8dbe48585d8e2f6d5da9f7c0e74058b914ff498ba1bd70839a8582656d5", "object_relation": "sha256", "Tag": [ { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255498, "uuid": "29a078be-0628-4a36-8bff-0964883586d6", "comment": "Malware payload (Neshta)", "value": "38177b792531b1e60c7feb915fbd5a39deb62cc3", "object_relation": "sha1", "Tag": [ { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255498, "uuid": "99244498-c9e0-480d-8756-bdc0d43fac1d", "comment": "Malware payload (Neshta)", "value": "f04c95de45b83a0b5d54786d887ff9afdf0832e623f8d588d7bd5cdf4b24b02aabd295975d0b7bebd4e06a30c3d7095c", "object_relation": "sha3-384", "Tag": [ { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255498, "uuid": "8b604643-1c28-4313-9b09-6f113885ebad", "value": "T1D5153305FC693D4B95D341E31E7CFE97B94C4E3C0728A5968AA4C60A7C488CDB8275EB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255498, "uuid": "e885dd0a-ebdc-4330-97af-e0a44b78c1b7", "value": "24576:YAao6QWYR0ijjM2/rVixeIp37zY/Sv5HURKUgv4:9N6gR0ZHY/o5HWKU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687255498, "uuid": "dd667c41-5a41-42c6-b8af-c4ddda63fda9", "value": 933069, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687255498, "uuid": "02e56629-ea36-49f6-820c-19a28e2bcbe2", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255498, "uuid": "27b853db-997d-4612-ad82-6ba88e11d88a", "value": "Doc 132023.r17.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6d48890-0f3d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687246876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246876, "uuid": "4d76acdb-ef46-42aa-bdfe-f420caaf9942", "comment": "Malware payload (RedLineStealer)", "value": "5d083f6420c7a43b154561a8d42b84c9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246876, "uuid": "3c28e3ef-a7a9-418d-a4ae-ddec023daf06", "comment": "Malware payload (RedLineStealer)", "value": "3dfb2451acd0b0e7c776236032e82d35129ad04f64df4f4b2df12ce2c8f3a87b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246876, "uuid": "08128f03-58d0-4d42-ae7b-18038ee19228", "comment": "Malware payload (RedLineStealer)", "value": "4046a05b36e2a041a9bdc7c0fd7ff227dea5b325", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246876, "uuid": "603cfff3-bc3c-4ac5-a0a0-d5ec02f896be", "comment": "Malware payload (RedLineStealer)", "value": "521f4591a648ef63f2f9d3e058c8205bed5c36bd9f2ffd40e8360796ec4dc276f5a8f99eee512c456f63d1641924a61a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246876, "uuid": "c980be18-c920-44f6-baf8-00e56bbbaab2", "value": "T136051206D5E89033EDB10BB08DF642A31F3EBCA15CA0636B3345589F0D72AD565367AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246876, "uuid": "aad26799-1a38-4d44-a21c-45b8dd410994", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246876, "uuid": "e52d409e-7893-4508-a3e9-b0e17c19a0c2", "value": "12288:0MrIy90+JWm7vkcEh6eo/fTQ/OdNWsjPXkQKrU0HgagYa7g6YJx96SZgxY4iu+QC:Uypl/fddosj81FgHStZ9wm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687246876, "uuid": "6fc1fbf6-5bf0-4bac-801b-d727fe4d1817", "value": 824832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687246876, "uuid": "b5f3e3eb-a5ae-406f-b2af-6e57228caf07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246876, "uuid": "19bf99ea-0d0b-4148-b32e-c75d17ab29f3", "value": "5d083f6420c7a43b154561a8d42b84c9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "465d6ed0-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687243627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243627, "uuid": "d5156e5e-492f-4f2e-a86c-1376f6ca07e8", "comment": "Malware payload (AgentTesla)", "value": "afdb536d27ca2869377edc08042c6f73", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243627, "uuid": "771af7db-7145-48e7-80e2-610a9c1b1a6e", "comment": "Malware payload (AgentTesla)", "value": "3e662af14166453349e6d55b62e72a381074653c4ae2146b2859973da532f511", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243627, "uuid": "83a069a3-4fc6-46cd-a5f8-2645726fa975", "comment": "Malware payload (AgentTesla)", "value": "2355722cf49a6ed5225e4c2a3acaa7a7cb5dce9f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243627, "uuid": "c347bfac-bb27-4411-958c-29778405c8db", "comment": "Malware payload (AgentTesla)", "value": "2ab2b702d9a7dd6d236cdb58f81cf5a5da75ed97ad9fc201a0bdd834a6f749b4931e39b60cf470a6da46657bc612307b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243627, "uuid": "f7535659-6480-4137-8c91-fe45973021ad", "value": "T1C2E423D0F54DE5B665FB0EF3A47A499C3BB50CCE19BF619C4F21BA916A03C098092369", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243627, "uuid": "4d93bd6e-0676-49b7-bd60-69f5739376b7", "value": "12288:xBRSNXQxlHafkNeobPvq9eaksk9QCeria2WfCj+ixHX9/3vpcy4kwrLCjiyuL+A2:xBRSNXIHaMNPbvsk9QC+fQ+Ytn2/kwvE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243627, "uuid": "4e3fd8f3-f833-45de-b53e-8f0a06e307b9", "value": 702640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243627, "uuid": "ab37e02c-54a3-498c-ac77-a9571692f487", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243627, "uuid": "4c5fc1a2-be93-4d94-ac24-948e49977c2e", "value": "Modis list.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac32cd16-0f6b-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687266561, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266561, "uuid": "973e7b31-6c70-4182-b468-a6763f4e9299", "comment": "Malware payload", "value": "f395a01d904fc03098a26bea1e84111f", "object_relation": "md5", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266561, "uuid": "f9bd8ec0-7496-43e8-bd10-9d44483c84db", "comment": "Malware payload", "value": "3e71e3cd25afc388b26a1f2c24b3dc9810476fd015fffca1da584b4f98438d2f", "object_relation": "sha256", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266561, "uuid": "42b6f234-596f-40a5-8410-afbc17bbe028", "comment": "Malware payload", "value": "b91a782553de810ce26bec6aaa7780ab0a729ff1", "object_relation": "sha1", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266561, "uuid": "e2181847-1c98-4917-8a76-56cf5217e1ec", "comment": "Malware payload", "value": "7a975d510d294383eee24a979a2c441bf3b6169e16a5f3fb0048dca4f9dc4ef3f14f08f8f23d7ea77963a50b0bc94bb9", "object_relation": "sha3-384", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266561, "uuid": "a9f63800-9e0e-4248-a3ee-23288c611426", "value": "T18AE5AD5AB696DE67E3D8BB3AA05351288731C2223326BB1F1F7D11753D933B409423DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266561, "uuid": "65138ebf-a1a0-4383-b58d-0639fdd9037f", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266561, "uuid": "efe26f99-ac35-4c0c-9371-e29d9f7450aa", "value": "49152:O/lXB+9MnW6mg//Q13/XYjC742n/76JHPETVjLi6rd:ClRsXPYjC74S7aHPETNWQd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687266561, "uuid": "9a576455-1121-44bc-9286-089addbb4b42", "value": 3247104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687266561, "uuid": "de3f56c3-6506-40fc-b6e9-529cb59c5960", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266561, "uuid": "72cf9589-8d7c-43f0-a3cd-4a68eb9047dd", "value": "168726655815eef30c6670d40d3dc1f56247396b33fe35af8aa4c9dde8b89cd08d9b40f594470.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f126f63f-0f4e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (IRATA)", "timestamp": 1687254222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254222, "uuid": "888dc77a-7f1b-4159-a5a0-49d99e7377c0", "comment": "Malware payload (IRATA)", "value": "76ef4599885054a50f4d8d7c03668dd3", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254222, "uuid": "194f2df2-6252-4fe7-827b-0bc8413c559c", "comment": "Malware payload (IRATA)", "value": "3f49356f80e909ec2e45028cbdd634656379b4b1d3a198cb271cc67180658b60", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254222, "uuid": "37fcc2ec-bfd0-4d02-a42a-113abb1c5e85", "comment": "Malware payload (IRATA)", "value": "e79d22e334f426613a4d4ed19e7f2fe75eed2448", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254222, "uuid": "a18bd1e1-4553-4f56-95c2-89720e106fac", "comment": "Malware payload (IRATA)", "value": "e5fd1f10c7161bd5597adb4f19fa60ed3bd30d1e330e85afc906b9c8992a98a79d2905d333d63fc951bc80ff2d1480cf", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254222, "uuid": "288e04c7-5128-47d4-adb9-e219578be978", "value": "T109D52213F769A827CDF2C33220702335517B5D06CB47AB8A6D59B3BD28BB9E84B855D0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254222, "uuid": "09a0b1cc-c333-4281-a3c6-5c9bd0d0dab8", "value": "49152:3/brIaZrOFWBkytLVNUU1JvMsNgvWGy2ek+YMM2MY8PLvG6GNLTLa6wUIi0giSXA:vb8nWBkyt5+U1JvBlyMjOLONapi0/SXA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687254222, "uuid": "79fa8543-973a-428d-9f95-b83c5de23a13", "value": 2852567, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687254222, "uuid": "54f9f061-cd5d-4f6b-8948-efd71a5a9603", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254222, "uuid": "5d2b38bf-440c-4de1-ad30-f6e35d8a7f42", "value": "eblagh.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84bf2806-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241155, "uuid": "4bfaf036-d823-4bcb-86ee-0a863aa7ea98", "comment": "Malware payload (RedLineStealer)", "value": "83803a3756ed41b4081f5714154e552d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241155, "uuid": "8fda9fde-5e12-4923-82da-7223afa25a00", "comment": "Malware payload (RedLineStealer)", "value": "3f8cc86cb6a92b2702ae54f8c712a84968b821ff922bd6e0f236afe288d72809", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241155, "uuid": "9b0b53b7-c830-4c4c-98de-0ad79d422c4b", "comment": "Malware payload (RedLineStealer)", "value": "a7ac0a5b88be95d0a1d430abb512de4e9efbe31e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241155, "uuid": "671fb4ad-b57b-4cc3-b40b-4094668dc14c", "comment": "Malware payload (RedLineStealer)", "value": "f72dc54f91073470c072477241883b174af97ebed96ec7a76d1c5149ff946d48b6743c51fc60ad3af033c30c245c42ab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241155, "uuid": "a39ee74b-c7c3-4a6b-bf1a-d32f2e253b2a", "value": "T107543B0FB5C50336E471103D2BB06956ECEDBC910D34EDB73A6CC329156ABE2A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241155, "uuid": "92d08d51-5a1a-4ca4-868f-aebd08b3126c", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241155, "uuid": "b73dc29c-8b0e-436f-bea6-e22a8ee2a6d1", "value": "6144:qJDzY+r2zQ0FKHgKNRBH13TLxNP9T0x+SRMN:YQ+yQzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241155, "uuid": "3adbb054-a4a6-4492-884d-545501aa67dd", "value": 279563, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241155, "uuid": "7084893e-95b9-4376-86c2-7f376ed15a62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241155, "uuid": "8cca69c3-328f-444b-a2a4-35618eac2876", "value": "83803a3756ed41b4081f5714154e552d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf72efc0-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240851, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240851, "uuid": "80a8389a-8917-4d23-b38c-5a622ce3a6c1", "comment": "Malware payload (Amadey)", "value": "01431d2e32743345aac5b305b50371f1", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240851, "uuid": "c05de21b-123a-420f-8ad9-ae51ab5c26c2", "comment": "Malware payload (Amadey)", "value": "40904e129f4f24f277e69da389cfef0820f0d05869acb82855cb98f9b319c7b0", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240851, "uuid": "19e78988-45b5-4510-8adf-b79f4a5f6682", "comment": "Malware payload (Amadey)", "value": "1a278fad3f9f04f2a49c6455816351a4f8e7882f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240851, "uuid": "db23b7f7-24e9-400b-a9e5-1734ec618224", "comment": "Malware payload (Amadey)", "value": "c965d846ae9488340644939c7049d62af8dcdaff541c21a6f1433510c90ece5f6d38d825ebe4fe99f080554d13733d9b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240851, "uuid": "a7d445e7-1ba0-4bb0-96a4-8fc69a129d6b", "value": "T143F41240B8C0B235E9725531AC2A7B837E6DF4D64E24DCAF3B50331E8A712E1B1B565E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240851, "uuid": "d6a157dd-c0e1-4f4e-99c7-4d48e8668ab5", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240851, "uuid": "d6e633ec-73eb-49cd-8c78-c162062f30fd", "value": "12288:3fNLj9Rmv7fWlu+T/l8FSZQCeClm6ranBzPzTTQ18VbKlJxqrEvdA:3pZR+7fIuRFSVeCl9ranBDznQKKlDqrV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240851, "uuid": "9a8c1ce3-b87a-42ce-b8d3-00af870f9128", "value": 727552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240851, "uuid": "aa201c75-9c32-4798-9a43-ac438e38d24d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240851, "uuid": "dba20f01-2c19-43ea-8c29-4a6359eeaafb", "value": "01431d2e32743345aac5b305b50371f1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9b25d89-0f34-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242962, "uuid": "6a1a14cd-fa12-4285-8524-cb5e84b21c07", "comment": "Malware payload (AgentTesla)", "value": "d3dcfe569cd263020b1916e811c97a7c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242962, "uuid": "85e36c46-7894-429c-8d33-24aaa816770f", "comment": "Malware payload (AgentTesla)", "value": "40951f5b1a5b9001b7b9119af529ed70262d2148a9eebac859dab54a9d014bef", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242962, "uuid": "1ec1a628-4522-40a8-801a-7d11cb2ad409", "comment": "Malware payload (AgentTesla)", "value": "b776e936e819c3c9ff69887b7d85a71831dfd407", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242962, "uuid": "09f02eee-6186-414d-9448-ab9294dc75d2", "comment": "Malware payload (AgentTesla)", "value": "00fdd66cc1d0032ea32016d3731ed68be3d46956f19fa7a80950cf082c4438cdb89b3a822ac4129da6a8318ecdf05242", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242962, "uuid": "9ceccf45-2977-4bf9-b18b-42fe815c4018", "value": "T1F9457C1033795709F43B87F504365480A3FB3A1ABA1DD79D6D8622CE3E72B528B11E6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242962, "uuid": "12f04b44-d32c-4e11-a370-2dae037684fb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242962, "uuid": "df183c3a-d5aa-4776-bde7-18d18f54b0c3", "value": "12288:IVVCKICLQw/oZCFI3fd8zKCI8OIfWgvStSC+vlffgPsMcr:IVgKIpWoZwI3fd8uSOIf/StSjvlfo50", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242962, "uuid": "719fb0fb-1db7-413b-86cd-72c1c7baf614", "value": 1172992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242962, "uuid": "6abffa6c-779d-4e13-8b60-04ff8ee3e7ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242962, "uuid": "5ba79843-c97b-4df7-b9c7-61e886112a04", "value": "IMG-Scan_PO_#KRMU-TUTICORIN _YMHG7th PO#QSB-8927393,QSB-94_2023 &\u00a0QSB-95_2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3bd8500-0f53-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687256374, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256374, "uuid": "05406e49-8030-40a7-a1e9-616e07084423", "comment": "Malware payload (Mirai)", "value": "26701ff9ffe18fdf9d1d24e2937a465a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256374, "uuid": "99000080-e2e8-448a-8f74-dca3c8e0a65c", "comment": "Malware payload (Mirai)", "value": "40f8be79003d9fe2ac0e0f6890958c731bf5869e0f52c869c061e88a80cc09a2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256374, "uuid": "804093ee-9b59-4313-af09-c8506a6dda89", "comment": "Malware payload (Mirai)", "value": "f2958f9e5386d36e64a8c9b710e18434d2cdc69e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256374, "uuid": "634d2c1f-13db-422e-a42b-cc100aea8503", "comment": "Malware payload (Mirai)", "value": "82d9621ccedda865ead06d6a93f3cba9c19a1fd760ad480b6c424faf69bdf69fe7b4192a1bd34824c9fb8ec03911dde6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256374, "uuid": "67e8a685-ac1e-4445-a305-23177dea0970", "value": "T1EBE30946F8819B11D5D112BAFE1E128E33131B78E2DE73129D246F747B8A9BB0E3B505", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256374, "uuid": "b09034ad-b6e3-46d2-8a87-44fe0b7bc095", "value": "3072:PQ2U4FU0tT9AX6oEO3qSa5mXERKRn0d6f4:PQyF3XAXDEOpamTn0dm4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256374, "uuid": "3eedb3c3-098f-424b-b11d-db0bce43ca1f", "value": 146748, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256374, "uuid": "aed8940a-5cb1-49a4-bffb-56051d8e4206", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256374, "uuid": "631daf95-fb6d-4b12-af0d-1375cf796ff1", "value": "26701ff9ffe18fdf9d1d24e2937a465a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1689ce7-0f68-11ee-b3cf-42010a9c0076", "comment": "Malware payload (QuasarRAT)", "timestamp": 1687265362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265362, "uuid": "c9465084-f889-4727-beb3-51362614ce5c", "comment": "Malware payload (QuasarRAT)", "value": "e4ad5f57a0da97e2af8761cc1f1d5ca1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265362, "uuid": "a066672b-20b6-48e1-89de-d7fa96f9039b", "comment": "Malware payload (QuasarRAT)", "value": "40f93888414cd5eb808e66a0abb9a207f5d070b569e9d30c3e56d24d5a05cc6e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265362, "uuid": "cceae3f8-3cad-4081-aac9-331db5db1f32", "comment": "Malware payload (QuasarRAT)", "value": "2c9b00f5a5a34ae317be4cd07f6ba14b775d14f7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265362, "uuid": "f055edde-5eb8-4f5c-ae31-3b8eab9d6b72", "comment": "Malware payload (QuasarRAT)", "value": "2dc16f4f3c88eba1bfcc51aaf80a3b1b75848da2b79aba1c0b5be9306a153778ceb28837610929920879b85a3b9e8401", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265362, "uuid": "2378a744-5663-45ad-a96f-2d5f4427a7c9", "value": "T117747C1377E4EA7BD1FE173AE03206154BB4D60BB616E38B5A5C95F82D123868D843B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265362, "uuid": "e984c039-7254-4f19-8b72-cf6c17d324c4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265362, "uuid": "dc018ec5-c11a-445e-afe4-9d367503dd45", "value": "6144:I2NHXf500Me24JUAJOEbIkHMhodwj8Z2:Xd50cl+nVkshodS8Z2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687265362, "uuid": "7eaf6037-91a9-4661-acf5-95558d4eb8f1", "value": 356352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687265362, "uuid": "c545d7b0-500e-477f-83e6-15f834d363b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265362, "uuid": "340d3f6b-8363-442e-bd22-f4e3be407b04", "value": "x3FX9UTlWbOL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc2d2019-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687243422, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243422, "uuid": "5ba30b96-8226-4842-8809-a5a04c8bf7f1", "comment": "Malware payload (Formbook)", "value": "1e929b17bd7ac1171ba1fc87a0782742", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243422, "uuid": "ec3ea5df-c368-408d-8af9-507a88eb01a6", "comment": "Malware payload (Formbook)", "value": "412579100295d7887dbd3013df55d96b228fea0c0ab76b0d3c69511bcd723cb9", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243422, "uuid": "0408c361-d02d-427b-b40a-5a3a516c1dcc", "comment": "Malware payload (Formbook)", "value": "d5795f43b6548aee86bac00d16b04ba8e4b74489", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243422, "uuid": "b5fd81c6-9eb8-4915-89fd-67964c5fa491", "comment": "Malware payload (Formbook)", "value": "6de48398b3e1eb1d9a0016b86095af620807f00905ce0fefc2c5208f249b85a05f46fcc5a1d117657769b140ee9dfebd", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243422, "uuid": "2283ff26-43b9-437a-952e-d7c2d8df664d", "value": "T12DF433F1D2FE2DC8971131783AD51A8C57E927AA50ABB9F3A06FD4A325C8F05D4C09E1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243422, "uuid": "d49238e6-86b2-4a75-b19b-1b955e7e85bb", "value": "12288:eR4y6/LQfitmM2ZiJoCudDQ2u8jIyQW92JgyH42h6vuoyF0JpM:em+iUM2IQ17jIyb92Jgu4han", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243422, "uuid": "a5e725b0-a75f-45b2-9db8-75786f160722", "value": 762540, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243422, "uuid": "c9e77bd6-9e35-474f-adae-db96710a824c", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243422, "uuid": "d0b41551-c6b5-40a3-8841-8753d6c445eb", "value": "Confirm revised invoice to proceed with payment ASAP.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffba1ec4-0f05-11ee-b3cf-42010a9c0076", "comment": "Malware payload (OrcusRAT)", "timestamp": 1687222893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222893, "uuid": "cf2dd42e-22e7-4d0d-922b-a4141570044c", "comment": "Malware payload (OrcusRAT)", "value": "404278b7f19981365a0b2728920421cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222893, "uuid": "1d103c21-9846-4b65-b2c4-1343d8623598", "comment": "Malware payload (OrcusRAT)", "value": "41696b71527c3212389a2bf5e651bb7a0792c13751e6ab3cc3d734aa81fb5a10", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222893, "uuid": "7c63243b-beb9-4167-81a8-c2d25d47c809", "comment": "Malware payload (OrcusRAT)", "value": "c79beed349a6e2d84e745c431d8c46c2ace35072", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222893, "uuid": "aed7889c-9f9d-46fd-8f97-eb6d4bf35fe1", "comment": "Malware payload (OrcusRAT)", "value": "7154646c85a4b9bb59a75fa6e6d4f8532985995efd75a64fbb8f03d858ea00c31415444239f76f617cb8460be3439f2c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222893, "uuid": "a98b88b6-be03-4f59-b98e-34702f3b5481", "value": "T1C3350238C931F8D4835C723C656536153A69E93343B8AA6CEB034867DC6E771DB4AD8C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222893, "uuid": "b6444107-da44-4b71-8e4d-dbd7329b648a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222893, "uuid": "770dadce-25bc-492e-833e-42471d28cb21", "value": "24576:EHJsH0UmW21Bi+jo3H8niRBStgrZiCStrAB0HXOo:ELU2Tjo3c0kft", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687222893, "uuid": "b28da885-a18f-424c-8e3d-f4d5cec1aef5", "value": 1160568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687222893, "uuid": "a6a9922f-d759-4e03-93e8-a0820dadcd3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222893, "uuid": "ea204a1d-4da1-4a3f-b1b9-cdee545270dd", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffabb93f-0f89-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687279586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279586, "uuid": "17d6d287-a0b7-46d1-8424-e85c16fdcb19", "comment": "Malware payload", "value": "fa8ef538b32177658a0c3e7f70bc3e5c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279586, "uuid": "23c45295-63f1-451d-8674-0a8168f93cd0", "comment": "Malware payload", "value": "419ef4d6fb66b2dc8a09a4797fc0ebb77b38234b6b798dd7aea4eba540b0c3b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279586, "uuid": "e41e4b46-f521-4134-a5a7-26ec21becdf6", "comment": "Malware payload", "value": "c01add84457f155d3d1f0a897761d8618f7c9134", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279586, "uuid": "90aa4f34-6051-43ee-8973-506ecc234bb1", "comment": "Malware payload", "value": "e0f510cdb822edcae79babde1ebad4a88587b114f7bc1c2c5fcbeb294e50ff587e3e3ea971614442d87b54884aa5258d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279586, "uuid": "d28d51d2-b267-400b-9a84-f07ff28a01a2", "value": "T1E7263365F4809031E03A143A14F988F2B07CBC719725968BB3AD2E755E343D9267EE9F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279586, "uuid": "08847e5e-9313-463d-9fd5-2bee87e3173a", "value": "91ae93ed3ff0d6f8a4f22d2edd30a58e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279586, "uuid": "e5c43ab6-8853-4b16-ae48-6ab178ecdb52", "value": "98304:RLVSThOfTCiFBXmfFs+JMHpCVoR8oMEOJ6Te:HBfTCiUswVSLOJge", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687279586, "uuid": "74d8c430-82fe-4793-a2e9-3a22b82c3795", "value": 4599808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687279586, "uuid": "7d299349-467c-4051-b14e-8b89cfac1daa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279586, "uuid": "92642c74-640a-431a-8a7e-7d0194696533", "value": "Video.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "955dbd57-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1687242471, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242471, "uuid": "0a1f513c-652f-4f63-bc97-6c43bfe10e3f", "comment": "Malware payload (NetSupport)", "value": "3221fe4bb3e02d4a03166e83db5fafa2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242471, "uuid": "6445a0aa-f6e4-4793-bd97-ec7cce6d5c48", "comment": "Malware payload (NetSupport)", "value": "428b05b5e7b7afddd15ea63fde166cf2e30fede6afc3bc2cd40910ee198920e6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242471, "uuid": "7590901d-23d5-4d64-9a09-0771283809a9", "comment": "Malware payload (NetSupport)", "value": "76151ccf49ae5024b2308cc65965de98a091747e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242471, "uuid": "e9d8d0df-ac82-4009-8e1f-39923ea6910c", "comment": "Malware payload (NetSupport)", "value": "eaf96701ce7c04891945c974f3c22f5e853384d9a759c656ec8cb0d06e0456af0c3c35bc4e3204a7dd6aee30bf3d69df", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242471, "uuid": "a5cfad21-bbd7-48f7-89ce-1666856ce75b", "value": "T126657D22F2C1843FC4723A7C9C5BB659D8267D112E28A44A7BE45F4C0E39B433D699E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242471, "uuid": "1aed1fc7-6801-4122-8676-c972c5f08256", "value": "78c9e2c31285b4ac9148c2d16bffeed7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242471, "uuid": "9fa5d618-f398-45f9-b9ed-8495c486bf87", "value": "24576:AUiyKZ0BdB81j2s7vF2/nmCX6j1xHyT4Kbshp:/IIdi116msnbs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242471, "uuid": "fdc18f99-2349-4b13-afee-4c893dec8643", "value": 1426432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242471, "uuid": "035ee8c4-557c-4416-b6d7-355532aad05d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242471, "uuid": "e15d7ab9-e469-4e0d-b0a5-109f61f4dbcd", "value": "3221fe4bb3e02d4a03166e83db5fafa2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96864a44-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1687242473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242473, "uuid": "546bed3b-2c15-4b6f-88d1-93c15f2a93f1", "comment": "Malware payload (GuLoader)", "value": "697a99e700479786e84a0b8e0193fa35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242473, "uuid": "f0cc8401-730d-437d-9e49-8d45a9fc3d8a", "comment": "Malware payload (GuLoader)", "value": "430040057985d6ebb9f1582f2b3dc27c8b91ab1109d7e87ebbbc09231cad6d86", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242473, "uuid": "ac3c4d1e-0653-41cf-a4e6-ddfbd4bf1361", "comment": "Malware payload (GuLoader)", "value": "94a40beca2fcd5cfad2bab9c8ba3b5da3eda4968", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242473, "uuid": "eab1ff51-0766-4f78-a4df-eda28c76faa5", "comment": "Malware payload (GuLoader)", "value": "b83d99430128e2f3826f2e05d1b1cb23f8b5b695c8f533ee2e8c0e15a07ddf31bf4b0338674d51075cf7b42e68d20a35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242473, "uuid": "d6eb23d9-7c53-4130-824e-8476a5dbfb8a", "value": "T10EF4233263A9C0A7D0B282B05CFF47142AA8363114B5EB5D97450E4CAEB35A65D1FFE3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242473, "uuid": "740867d6-6f66-43fa-9190-3dd779531827", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242473, "uuid": "6afbcfe0-9745-4a3d-8035-b6b0cbac9f1d", "value": "12288:gMwRSpbONq9DIcsOub0zIPefHjhT5g3lyHKSE8polAF6ekcyyyGGZYnFzLV:gMwRSpbONsnsDoI+1G4HKWpoaFKcqJGv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242473, "uuid": "add44e8e-bb17-4971-b905-c6f1042f2805", "value": 743798, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242473, "uuid": "70bbbd63-9f9d-42d9-bb44-4aa274393299", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242473, "uuid": "528bd4cb-2b21-4226-b183-e24b2f6e06c7", "value": "LC-2257ITVA230619.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84929639-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687241155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241155, "uuid": "be606a3d-5b14-4697-9047-e0cf16c564fc", "comment": "Malware payload (AgentTesla)", "value": "7a8c2d8b240900dab36bf612d92adca4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241155, "uuid": "ef2cbd8b-4261-446c-b6c1-1d381a015204", "comment": "Malware payload (AgentTesla)", "value": "43557cdba8055a9e23e86189db098e5d5925004865c789d2878301a076d11745", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241155, "uuid": "df7817bf-09c6-42a3-81c7-de3c02f0a3fd", "comment": "Malware payload (AgentTesla)", "value": "7be3e54bbc4a86a9f8b9d999e9e50e54e1c5b98e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241155, "uuid": "5b7fba95-7b4a-4109-8a2d-5e2465c13e02", "comment": "Malware payload (AgentTesla)", "value": "33ccaa0d8f0b650879de1c2b1e04de991b55974e5c423331049b3d838f85c10419f385e7d83204fb47c3fb7cd694a9b6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241155, "uuid": "30536d1b-ebce-43fd-b4cf-c4be8896a16e", "value": "T15315017807D2DA22C35897B8E4D2253283FA568BD161E344FCD858F14E573E4AA523BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241155, "uuid": "fbdb32b7-cb56-445b-b504-dd6d6439b3c6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241155, "uuid": "226dbd1a-95b6-4d20-b792-3e7d7398973f", "value": "24576:LN0zDQuYuU6FYUgPZ1ECcTL1oCWWGj3KA34yH2OR:pg/U66hPkDNoCWaU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241155, "uuid": "bc28e58a-d183-42b7-b20e-9715bc77702a", "value": 951360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241155, "uuid": "87436355-fbae-45f3-b235-b97ef1c1466b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241155, "uuid": "16e3d64b-f0fc-4b34-9db4-f8df527ad684", "value": "ANM101793.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "802abfc0-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241147, "uuid": "e96e98cf-c110-41b1-a513-80dc2deb18e9", "comment": "Malware payload (RedLineStealer)", "value": "4adbd4c0bf3987020fc8f1eb627d1bac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241147, "uuid": "8a63d588-af23-47df-b2ad-dd17101388f0", "comment": "Malware payload (RedLineStealer)", "value": "44297e31db8598d724a76064ce203e321b5bcbd053e8a3672c40cf21bd59dae1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241147, "uuid": "e9e8abb6-442a-41e3-aebb-644cd03a65a4", "comment": "Malware payload (RedLineStealer)", "value": "5187d5283d4d042751babdb0ba23c8478f0241bc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241147, "uuid": "501b1cc5-b5dd-419f-bf09-57bc4c08e6df", "comment": "Malware payload (RedLineStealer)", "value": "c58799f135724088c628ab9b4a3e87b952599d412f7a82ec26228c4eef3f7cf9fdeff158bece60ca8902ff1a9f4d06a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241147, "uuid": "55acbf33-84eb-4d03-8b10-6aa822acb764", "value": "T150051203BACC5933DDB40734A8F646831B327D724DB8C3672B59BC495833A856875BAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241147, "uuid": "6566471b-003f-4419-8f97-450a963be761", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241147, "uuid": "a53e2c03-bd84-4d1d-9f14-d6ebda567ee7", "value": "12288:xMrmy90uf5PXyQrxdfqDAkV4tLHe5yfRU94ggmUz3U66PdIAjn5KDfH78V+kaFbF:Xyrf5K4dyDnGgMfRAw6b5LwFb3V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241147, "uuid": "b34b05e8-0a24-4ee8-8d00-42d37b067a80", "value": 824832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241147, "uuid": "303803d7-6d9f-4ced-a9e2-af56149e6dea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241147, "uuid": "311c8d39-1334-4847-b553-f3faed7db1d6", "value": "4adbd4c0bf3987020fc8f1eb627d1bac.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a371375-0f58-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Pikabot)", "timestamp": 1687258129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258129, "uuid": "2f01ead6-b697-4acc-9137-fa266413c610", "comment": "Malware payload (Pikabot)", "value": "e4fa3fe4b5ff9ce7c5832cd9702e6034", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258129, "uuid": "096b0bc7-94f1-4341-b95c-ae64209bd2ef", "comment": "Malware payload (Pikabot)", "value": "4429f30c4f2fc57d02f971ff78941ac06f3bf3c34dfdbe7eeaf1ab2221321260", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258129, "uuid": "9bcdeb0f-f391-488d-b72e-0a4f186f1d0a", "comment": "Malware payload (Pikabot)", "value": "3d57d8e175cf60ad834b6c1ccca9b6b76da139a8", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258129, "uuid": "e624efe1-20cb-43e5-a58d-2f719adc74aa", "comment": "Malware payload (Pikabot)", "value": "69f6530590d0baf79c269af7f399f35a412ca33ca6acc707bac8aba9551462e261ceb56c5073bf2255348b91927f5f84", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258129, "uuid": "ef7f4f12-737a-42de-8870-8ed0bc157c60", "value": "T1779401C1CB54D8D511AB2323BFB941E0D7694D6E30C09A6BFA1CA6B1AF9D424B173DB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258129, "uuid": "f20e6128-e388-4242-95f6-5a164ce6c3cc", "value": "12288:zzh2tuuoE1y4V/gjAdwAd58Xh/ACDMy4Jl0K7NeTQggxVe:fx9AdwAd5wh/1My4Jl0MNqQggq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258129, "uuid": "3a2e91e2-27a4-4bb5-a56f-5975e3dfd82d", "value": 409584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258129, "uuid": "059d56ad-5f8c-45d5-8f22-e51be67b9c1c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258129, "uuid": "288984e8-da84-4c40-9a5f-663c6dc5a476", "value": "Ib.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abaf521b-0f54-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687256682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256682, "uuid": "ae0530e6-588b-4dd4-aa23-b2410359da9d", "comment": "Malware payload (Mirai)", "value": "e028fc37d818e296a38d517939bffc92", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256682, "uuid": "a0944582-549f-48e8-bd22-92e7cc624cd6", "comment": "Malware payload (Mirai)", "value": "446bf64f576f3ee1e3fa130005e6cea27ec4acfd8af7dd067d39367159ebee62", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256682, "uuid": "00f120ec-56c7-46ab-a3aa-247c5eaeb8db", "comment": "Malware payload (Mirai)", "value": "e5ad4e0860918ebd882154f7b52ced8038bcd1e8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256682, "uuid": "27b645ac-6d8b-4764-9f68-4800874babb3", "comment": "Malware payload (Mirai)", "value": "ee2c157f42fe72783cadaf7d03d67f3ee1d780e1e5a2d34e8a966071349d0edb40a04d463db0089fa9e37096297c4cbf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256682, "uuid": "5cdfcd38-e068-4010-a9d6-ab1f93742091", "value": "T15D04C606AF610FBBDCAFDD3706E90B1135CCA50722A93B763674D528F54A50B4AE3C68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256682, "uuid": "954c966a-8964-4ec9-a6ca-316d7ea24ef8", "value": "1536:OmXooIzeMORPSO7fDSVSQsxjX+8VqTP+YHPoZz0FOy4//tx8MzI2N8/0jXA6ca:OmXooIzO9Swm5mYvoWWtuMImXF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256682, "uuid": "dba97c9d-bfa1-4895-9819-c1d7eae139d7", "value": 182072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256682, "uuid": "c6c33945-0f67-4a63-aa7c-1153b57ab8c8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256682, "uuid": "378e79d6-d1cb-47a3-9519-afa6da5742ed", "value": "e028fc37d818e296a38d517939bffc92", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a06d393-0f9c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687287388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687287388, "uuid": "4a7616ce-580a-44e2-a200-0eb3eda39499", "comment": "Malware payload (AgentTesla)", "value": "e1552cd55b63cf711186f4e39ebb64f8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687287388, "uuid": "aee872d5-dfbf-4575-af06-262d617a8a3f", "comment": "Malware payload (AgentTesla)", "value": "4575f52d6dc0ce07e65e72a0a40007a6eb4c3676d87306dddf5e64d4efc6cc7d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687287388, "uuid": "f424cb9c-7199-4cb5-82cc-825029b04246", "comment": "Malware payload (AgentTesla)", "value": "c60d1d7beb93c0bdc93167b123a67bb39f2fb991", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687287388, "uuid": "6d5ef7ad-fd00-4cf5-8ff7-03f3409279d7", "comment": "Malware payload (AgentTesla)", "value": "6ecbff8c652bfcd298fe9de791a20cd62541b6a7c494f2a6701765d3b09f26ed72a7ae77c8b9f3a3e4b70b96ea17a7e7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687287388, "uuid": "b8c5e265-a4ca-442f-8482-90a7697a7ded", "value": "T1EC05E09C765175AFC417CE3288546DB0A62468A7730BD35394873D9BBA0EACBCF311E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687287388, "uuid": "4e994aad-7b47-4f6f-a8fc-48cb5cac2b10", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687287388, "uuid": "deae1f3b-9ccb-4383-ad88-2c21275cd1fe", "value": "24576:kuROzu4CZdOHE4ZFUP7UYKQXAzgsxtdp:Ez6ZYdTUPAraAd7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687287388, "uuid": "d9d0501d-d2c5-45a0-a46a-fd831ea286be", "value": 826880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687287388, "uuid": "15711471-60f4-4a64-a795-433848c24c16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687287388, "uuid": "866f8beb-16ba-4fef-9b62-d49502aff8fd", "value": "Shipping documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0e1113d-0f6f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687268314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268314, "uuid": "b6712328-f0dd-466e-9cd5-1903a06869c6", "comment": "Malware payload (AgentTesla)", "value": "ca4b92702280212da8932ff596182683", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268314, "uuid": "d5ba416c-4031-47c0-88ff-6bad16eb64c8", "comment": "Malware payload (AgentTesla)", "value": "45e42d2b33ab14110170565f964d48f19571206f7fbe61c1f222603e0fec2015", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268314, "uuid": "b63e851a-5e14-4f4f-9e86-60c70da1b963", "comment": "Malware payload (AgentTesla)", "value": "83c9ab8577b57161c321ca5826c9060e97192f6b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268314, "uuid": "6186d28e-f69e-468e-96ae-f6a4973176ab", "comment": "Malware payload (AgentTesla)", "value": "2893d52632b5e3ab2944ce1fa0ac3f4365f27f339fc32f549c59925ae6b0aa66cc1278b01f8153835e83ca2677c5a7e8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268314, "uuid": "ca3a0ace-8944-46a1-8d01-5a8b7e518dc5", "value": "T1E905F10023A84F67E13E8BFC1424267083F9579A302AE74ACEC7B4DE6F65FD1455AA47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268314, "uuid": "f6c98742-9b02-4e30-b3f0-68aec6948d2b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268314, "uuid": "6c45467a-b536-434f-bd4d-3c611d7647f4", "value": "12288:W2qlk5nPM7q6bpw4dcZda/ig4RLQrc6NdGLpEXOv2rtZsDdePxoAdCSdT6ZpxgV0:tGzu4CZdO4ircROOv7vU6Fp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268314, "uuid": "fea44b66-d584-437b-98b0-3c994fe89c71", "value": 852992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268314, "uuid": "d1b5fb41-d107-4a5f-874c-c37cdb2fa151", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268314, "uuid": "7861d316-b1e8-4e49-8ca0-f74cf2b9a7a5", "value": "onderlight2.1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4c2c3da-0f4d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687253798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253798, "uuid": "3a43b334-4c1e-40f9-bbd8-4fc658314733", "comment": "Malware payload (Gafgyt)", "value": "8662cb666639c6978bc76bda46c3cfa5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253798, "uuid": "6f56fce2-3338-4e82-9997-29fe661b946f", "comment": "Malware payload (Gafgyt)", "value": "4627601a3f015312e4d5fd53244ec80ff3ff682d0f9b1e47b386c13647000460", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253798, "uuid": "db229ca3-d3d6-45e0-bdb1-3cfa9ecfe624", "comment": "Malware payload (Gafgyt)", "value": "c61f8f82b401231076a91fc1e96b40c5220f4eeb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253798, "uuid": "dd792c61-7bdd-4c2d-be2a-2ba37c70ea44", "comment": "Malware payload (Gafgyt)", "value": "cd4c8d0a902d38b9f3285673d8637f7d3686485115c76a8496fbda352e560f03081715c52445ba0782bcf88c58028f7c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253798, "uuid": "9e67f8b4-3221-4952-ad89-e9d308a130dd", "value": "T1EDC30A44F901475BC3E327BAE78E038C77355E6857DB33156A38BDB42BE1B982D29260", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253798, "uuid": "c76d691e-86cc-4ab6-b6d9-77a704146389", "value": "3072:H63VpNeuWDGeQf8sRCHt3DxkS2YmyVUQuiXfQd6W:OSuWQEcCHt3ZmyVUQuiXfQd6W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253798, "uuid": "5fd84704-6f10-4643-9a97-db15bc5666f4", "value": 127723, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253798, "uuid": "7af1aaba-7045-4295-8677-e34fe01d53a9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253798, "uuid": "6c9c623c-6630-473e-a415-51878e524480", "value": "8662cb666639c6978bc76bda46c3cfa5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "008b2c6d-0f3c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687246087, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246087, "uuid": "89009616-a3cf-4fa4-bba8-3864f9b438a5", "comment": "Malware payload (AgentTesla)", "value": "fe9eb0a61c84d246e65d708e5a94b013", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246087, "uuid": "2bf0cd91-e5c1-4f29-b68b-09aafbe2fbdd", "comment": "Malware payload (AgentTesla)", "value": "488dc41983f808ac8168b0a1e760590f8f18bebb06a31f8898da69a2de14c205", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246087, "uuid": "833195af-4b04-45fa-9f9e-3354b0002ef0", "comment": "Malware payload (AgentTesla)", "value": "387580a44fab6eef4f565d5c7a6b09ea86a9a97e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246087, "uuid": "a1014e68-7c2d-4c44-b484-7ca3c2005927", "comment": "Malware payload (AgentTesla)", "value": "5cf054a07d0de2e2b7503b90a841845f664da9e11825165b17e5d20902bec00e9755244c0656cd4d8fa8ca3fea2fc0a3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246087, "uuid": "406f5a34-277f-4d8d-823d-33ec0d8df1ee", "value": "T167E42390DC1373EDF34016898E5BEB037013BE61F24E1856E8B1D6998DC0667E8B2F66", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246087, "uuid": "43ea89ee-cc25-4f6f-945c-5ad3dbb887c9", "value": "12288:L1nGs9hEnnJAj2QrVj0HVvMWrYGgV1hC3v1YbZKN7Obu18hziZvEX:L1nN9Ii2Q58d792bZKtO618yEX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687246087, "uuid": "c6411ac2-04d5-49ed-b863-90a91380c67e", "value": 664347, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687246087, "uuid": "2e49c509-d414-438b-9d3d-84dc5d9c4033", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246087, "uuid": "b7a62565-4506-486f-a2f5-d812a7ca33a0", "value": "INVOICE 327762.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3819244d-0f39-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Vidar)", "timestamp": 1687244892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244892, "uuid": "b2b67606-19f2-4ae8-9086-ccb03dca1142", "comment": "Malware payload (Vidar)", "value": "b1623efc1d478a55f79990a23e27dbea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244892, "uuid": "94d6d2f2-0cf7-4722-94c9-a76c565ded0c", "comment": "Malware payload (Vidar)", "value": "48b7d39b9c19b0e6131928830add88e9c43e01e8218db17877abca9a65d14a5d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244892, "uuid": "109bd34d-8df4-4d31-b5a6-4f0ff83f949d", "comment": "Malware payload (Vidar)", "value": "b3aa95230dbc3ffd18a532f8c13baa4b8a565c94", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244892, "uuid": "6f9e42a9-dc9d-4f45-9939-63fe0ead4b9f", "comment": "Malware payload (Vidar)", "value": "5a68c15d202b1261c0dd66ca74cd003334fe562ddcf14bd52b8a45a45f870375cb2b15313e2da154f32b4b0aebca0f87", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244892, "uuid": "637c0abf-51aa-4d71-acfa-ff65f552a263", "value": "T1CBF51216780EB48BEB1E387659E3D79D28B56D22AD9349B5723EF76C45B43020E0F60C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244892, "uuid": "3c5650e4-a83c-4374-83e8-048776dc7c4e", "value": "959ac495c4ad8c6ffc4e570f9dbd3af4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244892, "uuid": "24619057-2544-430e-96dd-4d9c2d1c1e89", "value": "49152:lFt5YhneerItQhs+DUOtHCEv8GagIXW/2EexBoXHNW5dXgsSkGg9yrwps3P3f6:l/onMctHdveHbFKwDXgs4His3P3f6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687244892, "uuid": "6ad15e8c-517e-490e-be55-75ba332c27b0", "value": 3600384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687244892, "uuid": "774bd188-f6d7-40b1-90a2-63da22523404", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244892, "uuid": "5b09454f-de30-4f32-b570-e2abac1aee8b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6b2238c-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687243789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243789, "uuid": "68ef0ea3-b6d5-472d-9d71-1b0d8fde4edc", "comment": "Malware payload (AgentTesla)", "value": "ed388224c156fa0cb5805c36f5b96002", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243789, "uuid": "17641e4f-1168-4d50-96d7-00b1c5530349", "comment": "Malware payload (AgentTesla)", "value": "49616361d5edc0be388697e60e15e66bc29aa5b2bc9e78e9890a87c4202c0f54", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243789, "uuid": "0e5a8a5c-a4be-4839-8ffd-a5ba6648da97", "comment": "Malware payload (AgentTesla)", "value": "a4f46cc980a0e3169836f19238dfd426614cf084", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243789, "uuid": "4758e173-2367-4905-ba2c-b4606cb2b6ee", "comment": "Malware payload (AgentTesla)", "value": "d8414da2edd4f065c1ca5acd9f6ecb22722786906f988ca909cbdbbe6d04f2ddd479425866f2b9c20bae1fcd960dff24", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243789, "uuid": "0da6c9a3-dfa6-4025-a0f6-b9f331c317f2", "value": "T1075423B0B66223D9A61D061C991DAFB1C883407D35574927E4FE2CEE76BF2F00BA5D08", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243789, "uuid": "e1fc92db-4095-4223-8846-7b67c63ecc04", "value": "6144:9MW3vYo3J5B8O31XM9ymAC8UrLH5c4y1APuzhkIyzefHF6K2s0EX1NY+3uEm9:9MW3R3Jn3BMIm/LZc4y1o8guHFUBEX1Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243789, "uuid": "af4fdafc-036d-49c1-8f77-aed28fd8eecf", "value": 292797, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243789, "uuid": "d4126c5b-67d5-44fb-9464-b4ee4dc254c8", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243789, "uuid": "76f9df02-8b05-44d3-b8ea-735ab57db942", "value": "PO-096554.PDF.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c60d75d-0fa6-11ee-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1687291661, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291661, "uuid": "963b3aa4-09f6-47cb-bf19-f3a586d367b6", "comment": "Malware payload (njrat)", "value": "9ce1950dfc8ff2a85cab06957e28d7ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291661, "uuid": "4233207e-2841-440e-97a1-e194d48b594e", "comment": "Malware payload (njrat)", "value": "497aab76298a6bd2bb31f37a6a555cc88b417cd6905d2fd9585ba715afdcec7d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291661, "uuid": "9673b3e7-d2ff-491c-8b20-2b7439630ab8", "comment": "Malware payload (njrat)", "value": "067569ed3673172d5ecd56e0e243598c0bfb0596", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291661, "uuid": "78e268eb-892b-49cb-a4a2-cf14802c842c", "comment": "Malware payload (njrat)", "value": "eea26a4155b75fa7b377f5ad6ae7531500ce81db51d58814430dd01a1e967b00f9750a1488cffdcd8354f21877805c42", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687291661, "uuid": "55b28383-c54e-4a7d-92c2-3b46bc00b78c", "value": "T103E2074677A58229C6BC5BFC8CB313110772E3438532EB6F5CDC88CA5B67AD00245AFA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687291661, "uuid": "c780f076-da4e-44bd-abd3-6fb09132b1e5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687291661, "uuid": "63951665-2226-4471-ab00-f38e4eb850ac", "value": "384:A0bUe5XB4e0X1pOjfmiaXLilpknD9WTFtTUFQqz9o6Obb0WT:lT9BuijtaXWlR1Zb0WT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687291661, "uuid": "2b539868-8c2a-45a7-9825-6e93fe0bf937", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687291661, "uuid": "ae820faa-e217-4562-a5fc-2b55f5b641be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687291661, "uuid": "e50c9962-3e74-435d-9efe-b056d71b44b8", "value": "bNDO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8340ec1-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240866, "uuid": "ea4ed930-0d03-46cb-85dc-e642934cba43", "comment": "Malware payload (Amadey)", "value": "4db6e652481177590277afdd0099f850", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240866, "uuid": "ab53b2db-5e6a-4b30-b4cc-bfb742eceb43", "comment": "Malware payload (Amadey)", "value": "4ac8b7478cf954c40b4d8c886e88dfb3342a96828ff547327310684daca98f08", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240866, "uuid": "4745866f-4045-4f40-bc58-f38842231337", "comment": "Malware payload (Amadey)", "value": "f5929cdc361ed0920d4d5b5c9a850b72c387b16c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240866, "uuid": "7400498a-4403-4f66-8d9f-fbcb4f363381", "comment": "Malware payload (Amadey)", "value": "091b6cc598f4354b0f698326837f52b0474aeb0c16188006149a79a9f9b87389ccc6e77d91e901bdb956b477fc063f0e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240866, "uuid": "5a94b960-f4d4-4a77-8667-87ba532ad718", "value": "T181F41241F4C8B035D9320632BC2578D37DADF8814B2089AF7F94331A8A765E2B9F566D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240866, "uuid": "ac73e870-b321-45ed-a747-aae46884222d", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240866, "uuid": "383fca7f-099d-47c0-8891-16fc780a2924", "value": "12288:4YlWYbzPRCv7fWlu+T/qZqWL7KvkJiT2h3dxY4SCKCbq3tSeEY9rbX+W0mR:bbLRq7fIu1qW6n2ddxY4S24h9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240866, "uuid": "856264a1-6f63-4260-9596-e6b4a97a7720", "value": 727040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240866, "uuid": "eaab76c6-b3b1-431a-bb54-bd58f767f856", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240866, "uuid": "218f75f2-a867-4f05-a324-330ba50c5488", "value": "4db6e652481177590277afdd0099f850.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f69c4a3-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242461, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242461, "uuid": "c9f162a6-15ad-492b-84dd-e9fe51388abe", "comment": "Malware payload (AgentTesla)", "value": "d39584dc7f129d2393d435c566c008c8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242461, "uuid": "3757a506-dd81-45b8-a68b-f68cdd09d24f", "comment": "Malware payload (AgentTesla)", "value": "4afc813a3653c61125093a1be3af978e112cdb889971d44810cb1b1b52a5dfb1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242461, "uuid": "7cc83379-2c87-4076-8f0d-65d533a87eb1", "comment": "Malware payload (AgentTesla)", "value": "31cb063d7b2fb995c20ddd31781f9ba4840cee95", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242461, "uuid": "1607a108-ae33-474c-b8da-86ca5409afe0", "comment": "Malware payload (AgentTesla)", "value": "b3928658cffddbb2a6ae3514d466903eb5359eec6cca6fecf72de255ef1f83b766f8ae8a2baa4048f4d01fd08de83b30", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242461, "uuid": "1a46c9e4-cb4a-40ca-a69d-0fb1208e1d3b", "value": "T180F412181ADA862BD4270F786460F370923D5FD97622D79F1DC7BC87BA127CC0A3561A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242461, "uuid": "479fb90a-e340-4b05-b50d-91af20ff71f0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242461, "uuid": "12d14763-08f3-4ee1-bc11-89207034bb8e", "value": "12288:jb903Y5HHJHHlHHTHHHH9UuPM7q6bpw4dcZda/igJXRf0osjxEc+304qD89kuKBl:jb903Y5HHJHHlHHTHHHHyzu4CZdO/fHP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242461, "uuid": "a739d9bb-0208-4d83-84ff-ef8b71ed10db", "value": 747008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242461, "uuid": "37ad5d8c-3c22-4c6e-adc7-038085eb5367", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242461, "uuid": "0965c352-8d88-41b2-997e-599a1b6c0d64", "value": "BL00CN.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d710c1c9-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687240864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240864, "uuid": "f7470615-b4ad-4e2c-a88e-260fa7a1b8cd", "comment": "Malware payload (RedLineStealer)", "value": "4cac236d2777984625375815a4c3c2a4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240864, "uuid": "620ed355-b0cc-4ea8-bad0-0b276fbcd572", "comment": "Malware payload (RedLineStealer)", "value": "4b032af1233f0d1317a7a0a9599fe706e565c0120f7ca9765ae01e464f56d11c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240864, "uuid": "d52c52b7-d85c-4b1d-9208-7ffd3f84f4ed", "comment": "Malware payload (RedLineStealer)", "value": "650b8ac8ed8ccc89a9a1465a022fd9a874031d9a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240864, "uuid": "68de084e-13a6-4cc6-a830-395bc5fa95f8", "comment": "Malware payload (RedLineStealer)", "value": "75f36b7f7e133166c9989214f80ba33d48c604f2796b146d53d486c00b80d7bc4e583d8a8795f190c4375e20a5144d7c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240864, "uuid": "0951026d-1e94-473c-b26f-f737a284a9fd", "value": "T1C1E41251B8C47274DA3109319C65BA923CBCF8E58E25DCAF3F54330E8A711E179B866E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240864, "uuid": "878e5330-3ec0-43a1-b598-99aa08ad8fb7", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240864, "uuid": "4b7e8c66-d7c0-44eb-996e-ad69e72c8fa5", "value": "12288:DOsWRTv7fWlu+T/k/JA1GNzQ7RFVtlFjiO70xRw+3/XfkWEud7/gn4WHa:OR77fIuWGNzYRFVLti7y0/r/pIn7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240864, "uuid": "ed8e81b7-61e9-44f5-a6ea-78f73ca04a53", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240864, "uuid": "2b803f06-2461-4b3b-bdb3-1c76bf683930", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240864, "uuid": "5bfeed8b-1b9d-4d2c-91ab-d519828ec12f", "value": "4cac236d2777984625375815a4c3c2a4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c83a4d25-0f8d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687281211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281211, "uuid": "320611c9-6a25-4967-9fdf-77612875578c", "comment": "Malware payload", "value": "a6b2dd45db50e842426a5d8bbac8ae5b", "object_relation": "md5", "Tag": [ { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281211, "uuid": "2ab2ef44-7487-484f-9bc2-194b9fdcf004", "comment": "Malware payload", "value": "4bb6c64c22b16df223fb7cef822e8cf820f3eb7dbcb88e5242c18a1b5abc3f2a", "object_relation": "sha256", "Tag": [ { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281211, "uuid": "c45b9789-9081-424b-8544-8f26a8cf3d6d", "comment": "Malware payload", "value": "82dd8daf91e054f3f1c38f488fe07234303f51d7", "object_relation": "sha1", "Tag": [ { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281211, "uuid": "218db2dd-834d-49b3-9fde-295f3d2baa30", "comment": "Malware payload", "value": "5eeb7af61244cb3724af3e57c902d631079092b63450f27c390656092a637a11dc9e1c055f6898134cf71fd7a31b951f", "object_relation": "sha3-384", "Tag": [ { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281211, "uuid": "037bde00-7abb-41e6-9149-8217fcd0e511", "value": "T1B5A31300D366D059731FCAF389E6A9E82DECDF9974C1E648917C8B385054BD933AB836", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281211, "uuid": "93452418-a6de-4295-adbf-27da5686b566", "value": "3072:4lqWlS0bchcSZyJYmPR+zv3BDKQZLvzfsJiPVY:elu7ZGYOR+D0Qlji", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687281211, "uuid": "0c066153-26b4-413b-af89-30e78c595604", "value": 105325, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687281211, "uuid": "b6996824-1598-49d3-9c7d-79c16d49bcdb", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281211, "uuid": "b9b8eccb-49c0-4eed-bd9a-c268496e21ba", "value": "1N27ZFqW0quhb8.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "490c1a74-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241484, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241484, "uuid": "4c000b24-614b-4cbc-b138-6ecaab3c7865", "comment": "Malware payload (RedLineStealer)", "value": "f7d19163ae6f5a7d8de51f7a85a075dc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241484, "uuid": "cee5f66b-baa6-4b6c-bf9d-4d8470facf4c", "comment": "Malware payload (RedLineStealer)", "value": "4c0d2a24687dffc2482e0c1f8615073a8b98b2a138435b9118677eabed5394fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241484, "uuid": "7ba854b0-3255-433b-8a2b-b840ac74aa54", "comment": "Malware payload (RedLineStealer)", "value": "ad417c57bda0b765e7eaf5a6b3459fa692ef34fa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241484, "uuid": "af047db6-270e-4627-a982-1f568b97082e", "comment": "Malware payload (RedLineStealer)", "value": "150408198ad4321e514ac2543a4e0d46149a5dbaeeebec34ce2baaf35a3f820a8f402c2a8e0025b8f4699924e6b4c5bc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241484, "uuid": "6065c6a8-e108-440a-8b2c-f9a91857c183", "value": "T1DCF41280B0C4B130D9314931AD667A467EBDF8A19E649CAF3FA4331E4BB55E0B5B052F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241484, "uuid": "5b690c7e-6c9b-4866-bc78-86fd1c569e71", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241484, "uuid": "ed9db38a-e386-4433-ac5e-e141574af1a5", "value": "12288:HBrh4X5nOgt6RL/IYvpgx/RjEID1ddCyGdL0KOHMtf3amyRfv7fWlu+T/E9nFYB5:HBrh4X5nOgt6RL/IYvpgx/RjEID1ddCY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241484, "uuid": "d3809656-0742-4a44-afe9-2c3b2e52b8c6", "value": 761344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241484, "uuid": "9e8db0b8-0bd9-4037-b47f-7e3dfdcfc5d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241484, "uuid": "18cd203c-16a5-4957-abda-71ee5a36ffae", "value": "f7d19163ae6f5a7d8de51f7a85a075dc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4821265-0f3d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687246872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246872, "uuid": "1780bd47-5b07-4095-b827-07c8245ff164", "comment": "Malware payload (RedLineStealer)", "value": "71b88e5c6e315f2b6a6ea6d0df73b653", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246872, "uuid": "d6050011-71d8-44c8-bfd5-b2a5cd22d916", "comment": "Malware payload (RedLineStealer)", "value": "4cee2daed5ef22cdad5648d34a17fb0eccd80d0a9904f94a611885558ad0ab79", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246872, "uuid": "e6f80282-16b7-49f1-9102-5e1fe919004a", "comment": "Malware payload (RedLineStealer)", "value": "43496ecdde5e13ac9029edc7e6d4094a7217f341", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246872, "uuid": "035113d1-35ec-4df2-93d9-619e1e1dddea", "comment": "Malware payload (RedLineStealer)", "value": "f53b4f73ec504fd301857b618efacb2025052c82b4f726e29393a190f064df199842bb1f18724f8ab8aefcf2a152a4f5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246872, "uuid": "97f8b4a8-6d81-49ea-a223-0742f757a516", "value": "T14E444B0FB6C50336E471103D27B02956ECEDBC910D34EDB73A6CC369156ABE2A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246872, "uuid": "49ed2050-c4ec-41de-89bd-0ed31e748eb5", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246872, "uuid": "521cc21d-f640-4f63-a6ba-a5d5ac03802b", "value": "6144:4mTh1H2lWcQ0FKHgKNRBH13TLxNP9T0x+SRMs:D14WcQzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687246872, "uuid": "714ca337-6866-4431-942c-d3da36680f15", "value": 278531, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687246872, "uuid": "42b87b4e-ce8b-4613-a900-5d09ae7661bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246872, "uuid": "f9ccc79e-6717-423b-852c-d5f68364fbb3", "value": "71b88e5c6e315f2b6a6ea6d0df73b653.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c97df8d-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241168, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241168, "uuid": "5207b023-a092-4383-a77a-cf3a7bd431dd", "comment": "Malware payload (Amadey)", "value": "6310a33b2a766678b01312e1f0ba1af7", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241168, "uuid": "bd336a8b-a67b-41e6-9daa-db876f5d792b", "comment": "Malware payload (Amadey)", "value": "4d26059fa0bf8b4f665f15a2a48c96545ae60e53d5725f926c4ee031fa0db54c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241168, "uuid": "b31d916a-4fec-4092-9384-f85a650558ea", "comment": "Malware payload (Amadey)", "value": "c1dbbd07f4443b22c3c520be050eb68efbf2b077", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241168, "uuid": "31cc9949-44b0-4309-8e9b-a9fdacca7838", "comment": "Malware payload (Amadey)", "value": "ed162fdf483a4b3952ec39c0d09a49f0a1c9601b6d093ff19dcfb2ccdebd005ffe96abc16ea5f315fc34614bc6d9a960", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241168, "uuid": "4708b0cb-68c3-406c-b0c1-86401723d198", "value": "T120F40242B0C0B231DD621A31ACBA75937EBDF4E44F20CCAF3B9433594A665C2B5B166D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241168, "uuid": "0c91145d-6b92-4e8f-b69b-5c8200340693", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241168, "uuid": "589b264e-2b74-4c8f-a449-3f0153bd7fe9", "value": "12288:tOMtRWv7fWlu+T/CanUGp3Br4n8GHBZ0H/7UejndH0tPANVO6969TtT6:fRO7fIuvrGpRnGhZ0HzVdUtPcn96N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241168, "uuid": "cca29445-30e4-47f4-96a2-512353676401", "value": 728576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241168, "uuid": "cec60130-ae6e-40ac-b064-bd1818038bc5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241168, "uuid": "22e26591-c29c-4dcf-9a9a-26ff16e54d4b", "value": "6310a33b2a766678b01312e1f0ba1af7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8803fc0c-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241160, "uuid": "4a2985b1-98cc-4200-a8a1-a980577bcb67", "comment": "Malware payload (RedLineStealer)", "value": "c55ab39128746f1c4791e0a6dba89adf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241160, "uuid": "6e98f688-d98f-4c61-9b07-fe2f182e8936", "comment": "Malware payload (RedLineStealer)", "value": "4d81c008321f374d09d1e03536ee3c267dd76941e38c6cf4d89648eb247d22b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241160, "uuid": "8ebf6c23-5368-40df-91b8-108cb5c11721", "comment": "Malware payload (RedLineStealer)", "value": "e6e1ccc3e238b802869b062651b11468dba2178b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241160, "uuid": "53932905-9e0b-4e6a-8ba2-9a9864620761", "comment": "Malware payload (RedLineStealer)", "value": "74b8384955871070582a417b7b8c6c50a639364d8841b2bd1a124b92574902105e6b01474ac184d97e2e23bf08884273", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241160, "uuid": "567ae357-2fd2-4984-a122-3d7be46d9935", "value": "T174543A0FB5C50336E471103D27B02956ECEDBC910D34EDB73A6CC369156ABE2A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241160, "uuid": "08a38624-378e-4e64-b90b-844fa69a6221", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241160, "uuid": "e0a97dad-b430-4ed0-8420-dbf6618fe38c", "value": "6144:uXariX2WQ0FKHgKNRBH13TLxNP9T0x+SRMk:u6iTQzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241160, "uuid": "f5895e91-1cf0-4f07-b8bb-f25d544bd17f", "value": 279046, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241160, "uuid": "01918947-4dea-4d9c-9e38-fd5323e1991d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241160, "uuid": "a58a23c1-ab1f-4d06-b8c1-8df82849bef2", "value": "c55ab39128746f1c4791e0a6dba89adf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90ebb89e-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241175, "uuid": "ad97e8e9-a5d1-427c-a83c-7003783c1439", "comment": "Malware payload (RedLineStealer)", "value": "c08147a571dfc8924219c4c7bc0cb153", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241175, "uuid": "ad65e3b7-396d-40e1-918a-db766e3843be", "comment": "Malware payload (RedLineStealer)", "value": "4e5ce65dd777571d3ec827d72ff0c1e203b6ab5e09902fe1ea81493d3742957c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241175, "uuid": "cefd5437-2202-4fc5-8a7f-18fcab4319ae", "comment": "Malware payload (RedLineStealer)", "value": "c5f2c6126050ec70fe706f838bb38e31c0d059f7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241175, "uuid": "6a79d4ee-5bbd-40a3-8a06-ca93d3f616ad", "comment": "Malware payload (RedLineStealer)", "value": "3ff3be06cedee2a18fc5ac80a1f8c13a5efebd240cd0a831d5575847b2dfd36b52b936c6db063e866d42ce66df2231d3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241175, "uuid": "ab08f2db-a018-4501-83b8-77f7aef9f1c2", "value": "T17BF41251B4C4B135DC361931BC5AB8936DBCF8A54F20DDAF3F98331E466A8E0B9B1429", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241175, "uuid": "cb021fed-2547-4a0a-8073-72c311f48333", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241175, "uuid": "f950746e-ef9d-4be4-8871-95e7862c6f52", "value": "12288:T+YdpR5v7fWlu+T/4FD/0JczUM9PVFMms513YkUhG20BNGkkyPsQmhir0I8qaODi:BRF7fIu7FDcCIM985Gy20BNG73QJr0Iq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241175, "uuid": "18c8907e-b576-4c56-a20c-b57a5bb0453d", "value": 759808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241175, "uuid": "3a9fbf9b-db02-4357-b64e-1684ac8f46ff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241175, "uuid": "57c18aeb-8b92-4ac0-a626-7da29a21f890", "value": "c08147a571dfc8924219c4c7bc0cb153.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0656091d-0f49-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687251680, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251680, "uuid": "68a9505f-4444-4d9c-ac0b-d42fad82c53e", "comment": "Malware payload (RedLineStealer)", "value": "2c65cc17272be101c72cb406e8dfb37c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251680, "uuid": "204561a2-36e1-4755-a981-db0be95d0cb9", "comment": "Malware payload (RedLineStealer)", "value": "4e9984008a77c2ced3cb4d3377a1fd34b4fbae0b646af780ca6894f93d0e9ce7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251680, "uuid": "9effd4e2-3b77-44fb-bbee-ef20d8c0cb9e", "comment": "Malware payload (RedLineStealer)", "value": "f39e24e5a7ab58b8037b3950b6f91f00874f4a93", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251680, "uuid": "4a994170-bd62-4466-b1e9-b043d13f09f4", "comment": "Malware payload (RedLineStealer)", "value": "9f6a366b015ce4d88740725cba8321f0037d7ca27514da835b25feaf20af33040eeb75e037b2bdf4c72cb5c0c19047ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251680, "uuid": "e1dcdf03-e628-4ae1-8049-f68d0401a8f5", "value": "T162F41241B0C87274D93242316C5A7992BEBDF8E00E24DDAF3F90321D89B95E0B5F565E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251680, "uuid": "9174293c-7d2c-4cdc-ae70-ed96495816e9", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251680, "uuid": "f570e31a-4687-492e-b7ba-2c4931bfa3f3", "value": "12288:m+6sRDv7fWlu+T/cvtKe0X53wNoBIP/0Jo27psDw/zhUbkGGZ+i+GWQD:TRL7fIuRvtR0X5gKBIPcDFEmGIGGZ+i+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687251680, "uuid": "8363d898-3cea-4324-a326-69337288ad64", "value": 760320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687251680, "uuid": "0274d1fd-c36c-4298-9b2d-16b3f0a3cc96", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251680, "uuid": "3f5e40aa-8bc1-4bd1-95ad-e23c4b9a15be", "value": "2c65cc17272be101c72cb406e8dfb37c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22028abc-0f26-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1687236694, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236694, "uuid": "476dbd41-79e8-4d07-92a0-4133586a82bc", "comment": "Malware payload (GuLoader)", "value": "ad85442ee6ba3f66771fbc0adf5de628", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236694, "uuid": "ad17bbdc-0518-4cf0-a72f-4329014c5508", "comment": "Malware payload (GuLoader)", "value": "4f9b11af442f37c160f98dd09d12ee0c138d1dcdb1350fc16b8bc6191bbe4aea", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236694, "uuid": "3a367052-66e9-494d-a3f4-a6ee6734ce4b", "comment": "Malware payload (GuLoader)", "value": "91e91bde708cdd2ba711127ed3c34d37256e3f43", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236694, "uuid": "1cbd8e14-d8ba-46b6-b40c-2cebb188b3f3", "comment": "Malware payload (GuLoader)", "value": "80de5fd0685358eedbac11f8953576f3621986b5f8d1bbe30b21b854ae8e808f98b28581034997eb91e28b5caafc7b87", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236694, "uuid": "59549ccf-e3bc-49e7-beae-e75d461d8ef9", "value": "T172D48C23DE1A81DAE8A831F21423580B11BD6CBD65A67466717FF62A4C7B213CD0F53E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236694, "uuid": "83cb01ae-9964-4d1d-bb7f-4cc17d4c4bc3", "value": "ced282d9b261d1462772017fe2f6972b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236694, "uuid": "03f442db-2e05-4fb7-8453-972eb4d2ef1c", "value": "6144:69X0GSN2TRZV13cWT6MyjVRjmdStA21cogHwT3bRojTdQFVvDa7KAZJn+cfCsdGr:M0uph02zzfGBh1VhJ4O++NYi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687236694, "uuid": "db5f9753-c657-4bdf-832f-7e64cceca7ea", "value": 622056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687236694, "uuid": "f7f5d9c7-69fb-49d9-8ca9-66a163fe1343", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236694, "uuid": "dbbed50c-5658-47c3-91cd-57fabfb407ee", "value": "ad85442ee6ba3f66771fbc0adf5de628", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c93ca201-0f92-11ee-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1687283361, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687283361, "uuid": "3bc2e799-c0a5-4d9f-9a39-1fff92c9f93b", "comment": "Malware payload (njrat)", "value": "5dd69a51646306945717f649eb619848", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687283361, "uuid": "cb64bc76-1030-4ceb-8a47-bfe64726678a", "comment": "Malware payload (njrat)", "value": "4ff26c33acd36d630642aa440db79eec25d2092ae9bf3e09088d8836bcf5b3ef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687283361, "uuid": "8f2318a9-ebff-4f93-9dea-744614a20c21", "comment": "Malware payload (njrat)", "value": "39fdc6fd352b481cf4f3f21368e0d0e980b0d04d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687283361, "uuid": "790e0fae-d8e7-42b7-925d-84a801d5edfe", "comment": "Malware payload (njrat)", "value": "809217f58a6e2e6ec8d686e08db4545e6ef6697d3f75862be4a60be86aeff808c06ee037d1741d2ccb6213195b1285e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687283361, "uuid": "5f2a9420-efae-4d52-9bdc-3b75e95aaa1c", "value": "T1F2E208067BE98215D6BD1AFC8CB313214772E3438532EB6F5CDC88CA4B676D04255EE9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687283361, "uuid": "b3b93627-f383-4041-ae0b-5ae679675adf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687283361, "uuid": "ade69bd4-3f35-41f5-bceb-eabc4cee7b07", "value": "384:90bUe5XB4e0XGOPnw0Q0mS03AWTxtTUFQqzF+Obbh:uT9BuVI55dMbh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687283361, "uuid": "65f7acdf-1e95-4eec-928b-c75db94a593f", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687283361, "uuid": "09b8f011-7dee-418e-9916-f5f28507fc64", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687283361, "uuid": "52a637bb-4ace-4ad7-b861-e46138c32422", "value": "xiO7TwKR9MYx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2494858-0f4d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687253794, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253794, "uuid": "a9022ba7-b6fe-4899-a9e6-52a5cc851e5d", "comment": "Malware payload (Gafgyt)", "value": "c9baa1f0db4e6f487e293ab7690a51e8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253794, "uuid": "ba41a9a9-c75c-4784-809d-7031ade64818", "comment": "Malware payload (Gafgyt)", "value": "501868397080782c593c74ff53935bec1519b95c3592f649305b83efe526d2e3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253794, "uuid": "9d5363e7-394d-4aa9-9a0e-1b716a447184", "comment": "Malware payload (Gafgyt)", "value": "49280f0372b3f0b3c1115fb44dd526de59e1f26d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253794, "uuid": "ae621a59-d668-4dfd-bd5a-cc6b19947153", "comment": "Malware payload (Gafgyt)", "value": "b7359fa7e240720d1d5205a2586a2aa44471f48168b3635df4da64b97f433abc19c69f7d15a79d1824747f29f02ac2f2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253794, "uuid": "29a0ca94-5c9f-40b7-a981-6f3e14503a11", "value": "T107E38366BB619EB7D80FCE7309A64501118CDD4642D93FAFB2A0E51CE76B84F08E3E54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253794, "uuid": "cc27e2ea-577b-49f1-b21e-5107b691a50d", "value": "1536:bVeTpqCVvWRYx0O9vPBysZgvsgxqAz/0ufMytVipLtaoLAImlP+s4zWfOodW:byvWmBx+sK/PflQgImlWs4zWfOodW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253794, "uuid": "7eaca7bc-6e0a-4364-82e8-3df0cb5589a5", "value": 152201, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253794, "uuid": "61992cfe-6187-4089-9250-07b432101028", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253794, "uuid": "e8da8f05-4b95-4564-94af-2aa7c16404ea", "value": "c9baa1f0db4e6f487e293ab7690a51e8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31e633e8-0f78-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687271940, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271940, "uuid": "a75d11c0-f519-4c48-8886-9b2cb0e91255", "comment": "Malware payload (Formbook)", "value": "c4e3ece1ce6b0850680eb3d859521136", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271940, "uuid": "b7e4ce32-6937-4086-b427-a27fd08e93e0", "comment": "Malware payload (Formbook)", "value": "5069d4603ed9201d98988deb46e1e5627d622f47a498b3decb96ae1b02da3496", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271940, "uuid": "8dcd2b39-614e-45b8-a5ce-e306d75365dc", "comment": "Malware payload (Formbook)", "value": "25409e91e8c5791a521b9c99796b47542a8aa94f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271940, "uuid": "9479c081-00c1-4bd3-8aa8-b9ea5e7a8bdb", "comment": "Malware payload (Formbook)", "value": "a2fd751b47aafb4c3042cc0f7120674039d1fcd4f6346f43a7c615023af52cf0af1c9b6132953b9d9507f5036b8753d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271940, "uuid": "e52a2cd7-c628-4784-b470-62a2460e311a", "value": "T1F825CF23E1BA4877D137DA3D8D0797641F597D201828780AABE6BDCC9E3B58978163C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271940, "uuid": "d29fb736-6256-48e8-9c60-3eec79df3c66", "value": "1cbcb4b65955c8d081a194028529bada", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271940, "uuid": "781927f3-570b-4186-b5e2-7fe88ee978a3", "value": "12288:a3zVPhzWUzASXFle5g4Rhxo77LovTJ7bCy8bkXk8oH40q+jUushoLGyfZo2:aDrW6G2PnQd7Oy8eOlnYWo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687271940, "uuid": "16573609-5dde-41b6-b584-5f7d219ab627", "value": 1014272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687271940, "uuid": "9b8bac4d-0fad-46c8-aad9-3f5cd2175916", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271940, "uuid": "7be2ae7b-e76d-43d4-96ff-d83e564d9ac3", "value": "Cmbwwkcevcglau.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddf5011d-0f65-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687264068, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264068, "uuid": "f03183c9-5f90-4ab5-8957-4d281793031b", "comment": "Malware payload", "value": "fa67bfeae75f3cdc5f63f565e85ea921", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264068, "uuid": "217681e1-5b0b-4419-80b4-be347d14466a", "comment": "Malware payload", "value": "50fde6137a1024c2a5915963acbe117e619247acceda6b1a78344126fec3b556", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264068, "uuid": "ea8a9f6a-7ba2-45a0-b6f8-ed478fcddf4b", "comment": "Malware payload", "value": "dd85f4065f2091f9c584ed11d14076d8d712a796", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264068, "uuid": "869dd65d-06c3-45db-b583-2c69b638f714", "comment": "Malware payload", "value": "d8f9f29e025abd5ef1adc1b99a60fc242ab11cc943d9805e726afb9377a8558ab565c91789423c687e6b6597b0e55c06", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264068, "uuid": "3839e987-460e-49be-9dd1-c7859ada5ac5", "value": "T1B383191075ED8031D4F7427E4664E25246BF3D769EB68E8E7FCC4C8D0BB8482A7257A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264068, "uuid": "7d90ca82-b347-4216-985c-cff6353c6b42", "value": "0c1e00e433c9acd3255adc197126fbbd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264068, "uuid": "132b915e-b887-4c69-9346-6314350fa7d9", "value": "1536:XVbeU+ws0sjQf0xF7+YsuPDoFxEe99hZFgDX8:laSVf037+CDKES9heX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687264068, "uuid": "3e95e0cd-4b40-4dd7-8a0e-e36696e633ab", "value": 88064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687264068, "uuid": "a98ec159-0a26-46a1-9739-14fe43f9073a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264068, "uuid": "ea4918ef-6eac-498b-865e-52a64cee1a8e", "value": "SecuriteInfo.com.Win32.PWSX-gen.12398.27704", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5782c45-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687242176, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242176, "uuid": "9a267349-92ab-4bf8-a7b6-98b88f519505", "comment": "Malware payload", "value": "21b0b9766caeb61344aa31ebac111d56", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242176, "uuid": "1ce3433f-2714-4d55-becf-a2f4a6f7eaaa", "comment": "Malware payload", "value": "513307acdc3194cc5fb26ef2e07c0b463704176f1e4447f6b23d6973a624f6d2", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242176, "uuid": "cd76902b-9644-4561-bcee-f0f1351f3e32", "comment": "Malware payload", "value": "c684f355c250fa246fc7ae5f08e4dc9c86d3a0c5", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242176, "uuid": "bc4017ac-810c-48cd-9e3e-b6cd7d1e4a7b", "comment": "Malware payload", "value": "a5ab547193291cb553d17a9a8e98db8396fe6e0bfbfb797d325b0499b45b6f0351a43e8309610f5ea51de88d4455306b", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242176, "uuid": "8fcb7816-52eb-4118-864a-16e27d47073e", "value": "T1A7A51211E081957DFD0A06746AC381A6824CBD767C0EDC4A779E372F2673BA2DC6768C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242176, "uuid": "a9bf5a85-cda2-4c2f-822e-d74a641ca302", "value": "49152:muHftIS6AuSPubwdtIS6AuSARE3dfFlOEjdq/qW:mct5TPxdt5TARSddkE5Iq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242176, "uuid": "f2dc1bab-ab1b-4a0d-82ad-c95c9c2581ed", "value": 2099200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242176, "uuid": "fec7b18f-2bc6-4c9a-991f-6a3308bb720c", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242176, "uuid": "29679ebf-bd0b-4c2a-8cde-c0fab8f224d9", "value": "PO20230619.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c770350-0f5b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259663, "uuid": "f2409c1b-a95f-48a3-9328-d9163e09e21c", "comment": "Malware payload (Mirai)", "value": "348b739b71952ff49ddedf7829937679", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259663, "uuid": "9b2d1ac2-4e60-4c41-9aa5-3a2d1da74c18", "comment": "Malware payload (Mirai)", "value": "53e172bff67731fa051aead408c007e9a8b9443e3be633d54c6ede8e8d17ab9e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259663, "uuid": "a08447ec-fab8-4a56-adef-9566aec0ab73", "comment": "Malware payload (Mirai)", "value": "c788579cdc4827b0e7a4d546086abc4f218b174f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259663, "uuid": "aa939917-d3e9-494f-b9ba-32025e8d9e48", "comment": "Malware payload (Mirai)", "value": "b5479bfecdb998319c429075a6bd9c19ecdf704e04add76a1b3bad327a8bf1e73ae8f9e68b0bf351f7b3125953322e4d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259663, "uuid": "ec60cc6f-e095-4327-85a2-5c6eb6debb5e", "value": "T1B4B31877A4515FB3C045A5F125BA99320F12AC931B1F1A84763CBAB44B3B4CEB84EF58", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259663, "uuid": "fd2bf086-14a9-4194-a48b-6edf4b503b45", "value": "3072:OwNUWqpCgYXlrSyWUfMNrMmH1cuEgv26uN/:OwNjqpC/G8fMNrMmH1cuEgv26uN/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259663, "uuid": "05430829-f944-49c6-9669-c13ddbdf3469", "value": 112634, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259663, "uuid": "479997d0-9c57-4bca-a9db-90e03e95f8ab", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259663, "uuid": "3ad65d75-c368-4389-9702-44c0adb5b010", "value": "348b739b71952ff49ddedf7829937679", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fbea9c2-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687243348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243348, "uuid": "f26bb901-36af-457b-be98-0423ed16441f", "comment": "Malware payload (AgentTesla)", "value": "87313d2f55ddd9b329bfd39f148e4d16", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243348, "uuid": "69a45000-78c4-4a02-84c2-00a8e3354620", "comment": "Malware payload (AgentTesla)", "value": "545a4e3b7985223b2edb4f9a3a776d0c6cba118ebce4a22de8c0c07c6b67d2cf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243348, "uuid": "6223b069-863d-49c9-b5c6-29f62ea71c5d", "comment": "Malware payload (AgentTesla)", "value": "366a3a414b29de954c1e5885be4dcbb02b2918ba", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243348, "uuid": "14ecf3fe-b78b-4036-b340-a30b605a5d37", "comment": "Malware payload (AgentTesla)", "value": "2ceebe3a52b9933f7afdd99d87d2b94a6a129a724b33b87948b5f5093f8d08da466c19070bed35791693813f8e5f83c5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243348, "uuid": "6676d5b6-9bee-473e-8c24-9ff3fe35120a", "value": "T16315E02036B90F56D17997F90042A23107BEAA6A783ED7585ED3F0DB1A62F450E52F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243348, "uuid": "9e8f100b-0744-4445-a210-79e41e62f136", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243348, "uuid": "b2f986d3-6615-4dd5-a2a9-5c1702d65b1e", "value": "12288:vNcalYtYq7J3At5iHOq+ZQ8HV/2Z//yI191XILz0vM6J0d0tX806JBHjFMY:DQYqtm8OqK3V+lqwv3Bd806J1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243348, "uuid": "20f27276-9e64-4cf7-b416-8fccd92d78e4", "value": 879616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243348, "uuid": "80d1c683-3e26-4009-afc3-08b3d5732125", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243348, "uuid": "0c7ccb46-d4d3-4a31-be7c-1eaf7374ed3e", "value": "Order 6189.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70e38cf5-0f43-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687249282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249282, "uuid": "2d44d441-a93b-4253-9346-8a0ece847b88", "comment": "Malware payload (RedLineStealer)", "value": "ff9d039e21d657da9b1a171a3f15f5d7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249282, "uuid": "6e9628a9-95ab-47c6-b709-ebc6e6aac05a", "comment": "Malware payload (RedLineStealer)", "value": "55965f5482025dd4e8200a33e0cba04dc57b8e2728de594f19ce9586da25db2a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249282, "uuid": "d4d6c80a-3487-4707-a8bb-fa2bdfa5f97e", "comment": "Malware payload (RedLineStealer)", "value": "c04f65f1562d5a0215c5a601afbddcb07b30614b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249282, "uuid": "5ec52468-7ca7-4095-9e60-faea26d006cb", "comment": "Malware payload (RedLineStealer)", "value": "b690cea72948d9f1be552ada0f26860f51ff03fdbe92c92e0580ab52db78ea336b6030fd79e00b12cab13a80ddb61614", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249282, "uuid": "1536264b-d4e1-4683-94a8-070a57ca7a73", "value": "T1F6051212FAC85037D8781F714CF74BA316357CA25C6C86272652AD8F0DB3688D8B672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249282, "uuid": "776e43fa-4043-4a13-9639-60c427aaed8f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249282, "uuid": "e751a8b0-e8f8-476d-afdd-a93d13c3f366", "value": "24576:Uyr6hIqLw+Y1GYeGiVXo4sQ7szcMTNnYqX5:j++qLXYe7LdwzThYI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249282, "uuid": "9fd33dff-3562-40b3-9b12-f046357ee95e", "value": 824320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249282, "uuid": "ef74c772-9a3f-4411-9334-452677bfe53b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249282, "uuid": "fc6af212-b72a-4ef9-b71c-9e93da54747a", "value": "ff9d039e21d657da9b1a171a3f15f5d7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b46d374e-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687242523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242523, "uuid": "0bddc53a-73a2-4521-a6fb-3e5a548d0360", "comment": "Malware payload", "value": "b5ae7691c80bb35a01bbe44bba30bb18", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242523, "uuid": "7f453d55-9302-40ad-8ccd-0c83dc93a78f", "comment": "Malware payload", "value": "55dbf937cc7df15e2c5c886e4d47796d42a9225861bfb98a99c9c9d74fafe7f1", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242523, "uuid": "a50f26c5-545c-4223-9e3d-beb02b1fbe33", "comment": "Malware payload", "value": "a43bb7c9cd27cbf35e4bbab2bd60ff8faa1885f2", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242523, "uuid": "81519822-ed85-49a2-a72d-14bb69baf7b3", "comment": "Malware payload", "value": "44af544fee4ddac7345c55ba78d3f72db57f18dca6270ee0402627fb894920f5e838a8bce704fa728b496905e00e4a67", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242523, "uuid": "f1f92fb3-0f1a-4162-a6cd-a43e82e34c6f", "value": "T16D11FAF593790DBBD8B22675CC34AC4C89B68CB30E8ED0AED9233544C5255901FA4729", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242523, "uuid": "26739def-53ef-4a04-a0af-f1047163da96", "value": "12:8D28OByN6/1fMHkG2seaTASQqVTVILqVTVUaVuRZqVTVIz87KZIx4qV3qVGqV+YW:8FN41UHkATfVAmca8U240u9UFCNWTFg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242523, "uuid": "9e9227c6-3a8e-4610-8b01-e113451dfa55", "value": 1059, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242523, "uuid": "aff97451-c0e3-4ef2-aed7-cde375671058", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242523, "uuid": "15c9ece9-a02d-41f1-bbbe-636c0df81cd2", "value": "Webwhats575276350446319.769417.86869.lNk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1040a4e4-0f51-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1687255133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255133, "uuid": "ce80b552-52fa-4f8b-b0fe-291b6bdad8d7", "comment": "Malware payload (AveMariaRAT)", "value": "8206d5dc14ec15986d22ca54ddb9eac9", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255133, "uuid": "98f1bedb-aaa7-4a7d-82a7-7a4211705516", "comment": "Malware payload (AveMariaRAT)", "value": "55f49dfa80b26108a857ebec18c20c5ccdd2741b7274894a7a27dcd01a2a308b", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255133, "uuid": "ec18b618-be04-4013-ba58-99c2b763bc81", "comment": "Malware payload (AveMariaRAT)", "value": "23b26314f56dd14396600dec2adecc2196743fb9", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255133, "uuid": "2c01fcee-fd7f-4488-97c4-1bd56027dcac", "comment": "Malware payload (AveMariaRAT)", "value": "1c56997f5f3c6f16d31ad1a4e19d5cccb564dfb1f77a2f401b2817bd07131298d017b4158d6e902241238ee1deeca6cc", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255133, "uuid": "e76cfcf0-1be8-498f-99eb-7704c1d331c2", "value": "T13BD43387F255BAF2E360777994DB205D997ACF493048BC18C7038579CA217B981C2BAB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255133, "uuid": "f4d0fee6-60eb-45b6-ae0f-16c16c2f51ad", "value": "12288:b8uv09W16CGXYyDv9EODAOp+OjJ/d8N2hYV6ERRWzSe+6mh6+aat+:bjEAqnrJDAOoOjJ/dBNERRSlmhTE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687255133, "uuid": "95a281c3-d8bc-4c82-9514-ee612a26a981", "value": 637200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687255133, "uuid": "a7baa4f6-07e6-4755-8143-377b43e0a0e4", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255133, "uuid": "4b6e3d46-927d-47a5-a193-76a8f41c764f", "value": "New Order.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0400874c-0f58-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687258119, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258119, "uuid": "54f2baf2-cbca-42b8-9886-27a76852739c", "comment": "Malware payload", "value": "0dffc0a91b762bc1ca71c90a54da3d6b", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258119, "uuid": "a0b451a1-043e-4882-bfaf-60affad01482", "comment": "Malware payload", "value": "55fe13a55d845db01652408fdc854676e2b612b8fa77be570e103953f2c6552a", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258119, "uuid": "5d2780b3-1211-4d47-8d27-66065229c48d", "comment": "Malware payload", "value": "c2097f783ab8a67228ff18a9d3bcb9a2ea3c7135", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258119, "uuid": "1ae7d4c0-8063-4cfc-865b-10a032a1f5c4", "comment": "Malware payload", "value": "f534ed2f9df86308fdabf06b2a282d924e1b0de868004c725f5e826dd81e097c31f7caaba796a9429138a9a6bbf1e66b", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258119, "uuid": "e9cf64ba-cbba-4b88-9adb-bb53bdbefc1e", "value": "T10C74FBC69B92C99014EFB72ADF5690D4D7120E0132C085A9F25DB3B4EF1C89936BBDB4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258119, "uuid": "c660f019-c4cc-44e8-ab03-45fa1c100e3c", "value": "6144:mzu2tIuoE1y4V/gaAdYAdEvQXwF3PJiaOuWSH5WV29H3R2TpZcIBIVt:mzu2tIuoE1y4V/gaAdYAdK6k3kBQ2OVt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258119, "uuid": "dc2e8a14-1829-4617-bfb0-23e81edb232a", "value": 351241, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258119, "uuid": "37c67454-44bd-45cc-b199-b937653c7620", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258119, "uuid": "a1e0f3fc-8992-4176-bc46-33f3341b901f", "value": "Edno.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1668066-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241767, "uuid": "813b0554-1b8b-4c13-9f18-3426b40991ed", "comment": "Malware payload (Amadey)", "value": "1d132e0eced6e357e510f21aa544c05b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241767, "uuid": "50ae297a-bd12-46ce-a59b-8cacb3b9ac75", "comment": "Malware payload (Amadey)", "value": "578ad0360f121d1259108e0d78f80316884f7a96e5db48d5effda67c174f3512", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241767, "uuid": "2a1c3a71-e5f9-417c-a1da-9882272eb812", "comment": "Malware payload (Amadey)", "value": "1f5493fd2c7829290e064eba0069e871a3672776", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241767, "uuid": "04e6b062-0456-404d-bfab-c4ce701c7bdb", "comment": "Malware payload (Amadey)", "value": "aab3b83c3401ae7f3c63bb5525dc040ba1b9f529e050bb71c200a4233d1e73ac7d2ced37d09c08d0a1abcc57e852f7f3", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241767, "uuid": "c6ebd82c-555e-4597-9400-b1736bb27591", "value": "T193F40241B4C4B234D8321A32BD6E7A937E7DF4988E64DD6F3F80330A4AB55D079A452E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241767, "uuid": "5eebcffc-9d9c-4d9f-8ad3-243d981ee524", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241767, "uuid": "c6c472e7-cb18-4d17-bea5-b28ae6898378", "value": "12288:8Y9xRRyv7fWlu+T/1YDuY4Sj5hGm268lT//b0t3bENcvvnNdrsfcsifCIr7:8yR67fIuHPGm2R7bmwyNdic", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241767, "uuid": "86aa6bb5-07a6-4ea5-9c92-0f6e823cff5f", "value": 728576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241767, "uuid": "43054ea0-a016-4608-9a42-a6dca53dbe99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241767, "uuid": "bd567495-a375-4623-ace7-7ba62a2bf24c", "value": "1d132e0eced6e357e510f21aa544c05b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7105dba4-0f1f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1687233820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233820, "uuid": "263c426c-cfee-4d5d-82a3-9e77459ab6da", "comment": "Malware payload (Smoke Loader)", "value": "93be7e759817c74ce326933f39fd6171", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233820, "uuid": "a377552b-a866-472a-a162-56887305396a", "comment": "Malware payload (Smoke Loader)", "value": "57c2cea33c310ad66d76c408ba1437f59f2172e77a96f353f568fa9ec8854a35", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233820, "uuid": "8070ae80-8fee-4c5b-b24a-7314cf3db79c", "comment": "Malware payload (Smoke Loader)", "value": "8d2afae4bfe851e25ce2e6f35b5602cf282a280e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233820, "uuid": "f8970752-0826-43da-8fa3-d4da5e4b9779", "comment": "Malware payload (Smoke Loader)", "value": "d44f9802e5da785fe4c254dd9911c3a4cd06f92c63accf3bd26ad7556692fc072e50a14e4604464136e61cd7768ecce6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233820, "uuid": "f1931100-ad33-484c-9536-f34976d5a2f1", "value": "T11F248D2362A17C70D92E4B72DE2EC6E47A9DF6508F2937B612385B2F09B11A1C5B3354", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233820, "uuid": "4d7002c3-bda9-4688-8d58-f510b9d14aa3", "value": "9b2989d99e2629f49acf09b8f648e077", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233820, "uuid": "3a007038-02a6-4b4e-973c-3a7d744c6bed", "value": "3072:qxp8zNLBJeOsU5ocniSErKAVqeGSHiC/dEOhTK+TWMyFkjAs1E4:qxY1beOsU5oZeTeQCHRjWy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687233820, "uuid": "d2c626bb-7edb-49f2-a59a-68908ad65bd8", "value": 224256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687233820, "uuid": "17fd533a-80d1-4828-99f7-9d2d5e3b7b4d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233820, "uuid": "09fd5975-1777-46b3-9951-a377d754bd8e", "value": "93be7e759817c74ce326933f39fd6171", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf7d9c82-0f34-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687242972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242972, "uuid": "77d10138-c8d7-4a85-bf93-c810b95e91c9", "comment": "Malware payload (Amadey)", "value": "b9de2db002e7c0bf4e4cd0a371ccef74", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242972, "uuid": "59db430a-fec5-483e-807a-826cd070ec97", "comment": "Malware payload (Amadey)", "value": "59af3449d2019272c9f5f3936d22e5c161d843dc2cb2f3ab336ada5e3515a2ee", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242972, "uuid": "66f3e507-710b-4cde-83b8-3f4d1a882478", "comment": "Malware payload (Amadey)", "value": "51f34c7b9fb6b78dab3bfb1196ef04a3b0a8ab85", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242972, "uuid": "05a8a865-563f-4f3a-8916-3350f610f147", "comment": "Malware payload (Amadey)", "value": "4fb77fbe9f3bfe34a41e10415389c89dc7763dc7a03f47d5f3a70a4f550cd76028403f651adb32c8e6023c8096d76b4e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242972, "uuid": "24284a87-6888-4123-bd09-da18d088415b", "value": "T18BE41241B0C47074D9720632A92AB9A27DACF4A54F35DDAF3F94330E8A721D176F422E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242972, "uuid": "e190e1af-5039-48b9-b8cc-4a856a52fd18", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242972, "uuid": "b2c4c1ff-b490-4cae-a8f2-fb72632d8c8e", "value": "12288:JGEJhgRLv7fWlu+T/gSkR1P/wzrBOw5HNSKZHahjUG5wLMC/HJaK+uYR584:JG3RT7fIudzP4zrMOHNSiHaoLvH8zDd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242972, "uuid": "63cc78d8-c43b-4038-9f7d-4869a340285c", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242972, "uuid": "8aa3e104-0685-489a-b6e5-cdd8bc1d8983", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242972, "uuid": "1d65c5f1-b821-4177-9a7f-fd1a62a92722", "value": "b9de2db002e7c0bf4e4cd0a371ccef74.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12976368-0f76-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687271028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271028, "uuid": "662927b9-09ea-47c7-9036-d5b3ff1fad20", "comment": "Malware payload (AgentTesla)", "value": "2d8cdf3b19f42ca059d7b02eea23ee17", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271028, "uuid": "9c6d1d14-6ead-4c42-be0e-cd85d88258ea", "comment": "Malware payload (AgentTesla)", "value": "5b4088a7d3cf3bf2c69376a6c71caf4931f117ac8078d287ad2aa6ce3108e296", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271028, "uuid": "03c6b4a7-9db7-47f4-a81a-fe4e7d541a72", "comment": "Malware payload (AgentTesla)", "value": "cddb0dd6cfb3206aba95438a5f62918cc09f5534", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271028, "uuid": "e1024226-5a67-459b-95f7-187349df6a87", "comment": "Malware payload (AgentTesla)", "value": "c3d99ad1e55c2fdfba81354e7d2377669d34c150eccf416475a53288fb55f89cec7ff51c47bebef2e8118e23424db219", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271028, "uuid": "d9b99fc7-1651-4921-acf8-cae113a7edcf", "value": "T126642332A181C17BE8A211B20D74930E5AA7D4132CA6CF2713756F1EFA76B92E35F705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271028, "uuid": "343236d7-133f-4d7c-abb1-ba4fb6662568", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271028, "uuid": "1e17bd1a-5b6d-451f-a02f-164639882f9f", "value": "6144:/Ya6Mu1jatiubNYCVEYpPHGnXQLE5f87gzpfZdUbC4MyOtX+Gcdrse2M:/Y6u1jaBbtEgP6X95f8spnUbC4Mbfctt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687271028, "uuid": "bb27d7b4-4e2f-49ec-9985-0b4358f5c8e5", "value": 308122, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687271028, "uuid": "38ace535-198b-4607-98c9-a7db02541a12", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271028, "uuid": "747db951-83ba-4ead-98c8-979147e4f151", "value": "2d8cdf3b19f42ca059d7b02eea23ee17", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73102164-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687243273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243273, "uuid": "89a7cda0-7e73-4457-a59a-42bccdfcd554", "comment": "Malware payload (RedLineStealer)", "value": "a6d35b2048570a70235bdb1832e4902a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243273, "uuid": "2bac45a0-b5ea-4cec-bf3b-2f4f6be0a2ab", "comment": "Malware payload (RedLineStealer)", "value": "5b53f29e62c6e358671913c03e96e4c6e9c01f63c8344e552f54bb8b5141ca34", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243273, "uuid": "8111fc79-6533-4992-b605-38c13d9fd768", "comment": "Malware payload (RedLineStealer)", "value": "18cdf4736f0b59841c98e1c6e901ec91fd502b96", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243273, "uuid": "144b41d2-de84-493d-9a0a-0b9a766bfe64", "comment": "Malware payload (RedLineStealer)", "value": "9160d6fcabb7b65609c5f03d453829dbc99dd5436fc0cfff451132a4b639dda1ee9502f15c3992afd966616525ff403d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243273, "uuid": "569d9f2e-625f-4b15-b87a-f557639c75f8", "value": "T103F41242F4C4B124E9318630AC29BA977DBDF4A04A60DC6F3B64630D8BF15E1B5F5A1E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243273, "uuid": "519c0c22-09e7-48e5-8f6b-571d61ac9a60", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243273, "uuid": "e6a2aa5b-c43f-4380-8d14-c626656afb51", "value": "12288:LCERqROv7fWlu+T/wSpoo2YXuwLC5nYzPtXCnxu1oSlQESt/Y+0/:LURG7fIuOlewO5YzYI1jlQESt/Y+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243273, "uuid": "c24add9f-db46-4f17-8928-ca8b2fd8cedf", "value": 728576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243273, "uuid": "67a78975-8a36-44f8-8e33-aeb0abab69a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243273, "uuid": "87722b35-301c-4a5c-afee-a0633a9a2d4f", "value": "a6d35b2048570a70235bdb1832e4902a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e1c506b-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687268444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268444, "uuid": "23afb597-5616-4d00-9b5d-0eed8fa00543", "comment": "Malware payload (RemcosRAT)", "value": "b081c03600ad63f4b7a27bddbd2bfe47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268444, "uuid": "df5ec335-b648-495d-91f5-05caf3d52484", "comment": "Malware payload (RemcosRAT)", "value": "5b71ca8477aec239a3024551bfadd54156121e3cb394509d0642241048fc2b83", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268444, "uuid": "d418ae26-42e5-48b8-badb-055feb4d7d44", "comment": "Malware payload (RemcosRAT)", "value": "a1209968f241486b2fa92c803090a593eb1f3088", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268444, "uuid": "bb10c9cd-99a4-4d4f-9722-00c16e936bfd", "comment": "Malware payload (RemcosRAT)", "value": "337a38691e2f2c98c258d899df6d81bbbfcde30c7cf9b0b7bac2034b31194c7ff2d7f8f755a2f207092a362d1178f92a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268444, "uuid": "daea2bdc-ce58-49cc-bef7-7d6d5ce47b23", "value": "T145C415E2E54D821ECED97EB0B7A650F95BFCBD200501AD0613EFB6C8CA3E142A54E175", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268444, "uuid": "dcb020ce-51b1-4fa5-b97c-778ddb63bd40", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268444, "uuid": "c69d74f1-d514-476c-9d0d-1c6cce9d6bd1", "value": "6144:klgvTRHyTFYITyHsoh9/GTJlu0Qk/QLaocdMZvh/0bjze8j5vdN:c24Zq/GXu0radYMZ5CHJjZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268444, "uuid": "f893b565-cf48-4b9b-bd8f-b96090544944", "value": 592864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268444, "uuid": "2d243ea1-2fbf-4958-b761-2e5aba8f4246", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268444, "uuid": "54990c6a-83a9-419a-aaeb-9fea7a8e7cae", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82ee7c84-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687242440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242440, "uuid": "6e15a5fa-1244-4ac6-bca9-ed077f999c13", "comment": "Malware payload (Formbook)", "value": "274e2b4fda83156c3bb3df88fd0fa9ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242440, "uuid": "f5ea2c5b-45db-4705-a74c-a141c61d8495", "comment": "Malware payload (Formbook)", "value": "5beccb2435d3933d532afbe6c4f432dc6329c280c0d9fa8a849dcd797d542cc9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242440, "uuid": "f05da087-31a0-4f50-baae-f70e8282190d", "comment": "Malware payload (Formbook)", "value": "41ae5b9e790443c36c3e83497884932323ac2aea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242440, "uuid": "414a4056-f139-4a66-8ff3-229f9f657dd0", "comment": "Malware payload (Formbook)", "value": "3d4f5f832d449759f27825945e4c50bf1b4fdcb5d6f1715d930b2da559a9c1531b19e08b3de1abd119b2a3669f49d7e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242440, "uuid": "6b76f40c-10b1-4ced-b7a1-5f9b31a274db", "value": "T1A915E04D9360428BF0152B74DA6D7F3903205C7C7992E7D8BDA1B25BFDA1BA6183312B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242440, "uuid": "dfa144e8-273d-4ce9-934a-2e95aed288bc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242440, "uuid": "33079645-a778-4982-b38d-91f3fc3a9b2c", "value": "12288:WcXOLyaTB4SOLFJLOc3SncI/xocXrotYq7J3At5iHOq+ZQ:W+ayaTB4DJLOc3hI/xR0Yqtm8OqK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242440, "uuid": "2a1ea6d6-6b2b-4bea-be32-7d2fc002d2f4", "value": 879616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242440, "uuid": "c0a2307a-1582-4548-acc8-5a6289dfbd16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242440, "uuid": "8fade2b1-dc30-4efe-b99b-fbbc3165729a", "value": "Pending bookings.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83d0a337-0f49-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687251891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251891, "uuid": "a2d32e56-b04d-409d-8b93-3494a6a12272", "comment": "Malware payload (RedLineStealer)", "value": "29f851d54e8b8f277783fbc14160fb1f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251891, "uuid": "0efe9a36-a8b4-4478-89a6-b53736248cab", "comment": "Malware payload (RedLineStealer)", "value": "5c0c666009b90021a2241d53e29c8709897c33d9addf60e87c38879ac511bb57", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251891, "uuid": "fce0785c-581f-4df5-acd0-bff91ec27642", "comment": "Malware payload (RedLineStealer)", "value": "d7966baf489530256077d28e557d65a0c2d61492", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251891, "uuid": "5c6a31e5-b206-4525-8995-40a6a9919ef3", "comment": "Malware payload (RedLineStealer)", "value": "e3ad03975659517ad8867bbd0d45226b30704aa6e3fa2c78d40e441460883032be414ae70808ff172ad116a19ef415b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251891, "uuid": "e072a63c-b325-4bb3-9c69-00e48b58c7fe", "value": "T17F84088382E13DD4E9278B73AF1FC6E8768DF2508F497B7911189A2F04B11B6C1A7B50", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251891, "uuid": "e53f60c8-ea26-4222-a920-b9058ceeea02", "value": "b1a5bdbc77a4868d9509a53571fbe8fe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251891, "uuid": "a8a33eec-9f52-4f23-9d63-9bbaca8403d9", "value": "6144:ofPAyAlrezjLIpzo3jcMs4v63OsNL696:EAyOq0dy6OCOsNm8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687251891, "uuid": "8c0836db-ced9-4db5-9094-b50661dbbccc", "value": 395776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687251891, "uuid": "ca10f8b3-e585-4480-9ce3-536d9839581a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251891, "uuid": "e795a03d-bfd1-415c-8f8a-4ec90da8ca1b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a53c8842-0f5b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259678, "uuid": "9fe90335-7b16-4bc3-9a91-76d416e1262d", "comment": "Malware payload (Mirai)", "value": "21659d5ce82c84da060c87eaeebb0753", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259678, "uuid": "12835e07-5a60-4323-80e5-3f161aedb301", "comment": "Malware payload (Mirai)", "value": "5c3b1288ecd6afb2c05fb54c152081a5750804a573fa90b47e52300fbbfa6157", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259678, "uuid": "70e918ac-58ed-43d0-ab84-e44e2a016f6d", "comment": "Malware payload (Mirai)", "value": "28fdebebd3237dd062b635dc4fe5f2dbe10c43b2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259678, "uuid": "a41ca63c-8aad-45d6-ba94-2a8f9d40f14f", "comment": "Malware payload (Mirai)", "value": "f3a22ef1827377b4324c6c7df4a3857d5d34357f1cf1506c2f3b2fad294d2e959899a6121fefd3012403a1bbf3e88899", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259678, "uuid": "ae140b79-cdd9-4a76-889a-153beb177325", "value": "T183C3E731E8044B2BC2D223F6E79A829E3F351E9797973311573879B02FF27991E29524", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259678, "uuid": "6f3093bd-11e3-43b4-8885-64445c4923b6", "value": "3072:FDcYVLWKlAQTv+mYDbpl2m7/L7QsvmGugiNb:WYVxlAk9YDbH2m7/L7QsvmGugiNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259678, "uuid": "d37a4d56-bb7d-4e3b-b484-e7c574a71825", "value": 125009, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259678, "uuid": "bb9fda6d-e516-493e-9474-040a1b06dd78", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259678, "uuid": "c31ad0b3-cc21-495e-b44e-1a6a9203e0a5", "value": "21659d5ce82c84da060c87eaeebb0753", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df1ee6f2-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687288122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288122, "uuid": "c32b341f-75e1-4aa1-b02a-98dc6a541994", "comment": "Malware payload", "value": "731ed24011df3a33fe5d3765bf424b0c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288122, "uuid": "d25d41aa-c808-4ade-a5dc-27568f895965", "comment": "Malware payload", "value": "5c737e8e5e7cedf0c061e62f4fb7cc2fdf06ce0e79877cc0a6563395fd37ce57", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288122, "uuid": "160aa55b-2e5b-411e-bc58-53b943f2bcaa", "comment": "Malware payload", "value": "104daf0b26d10ff8a79f77116c0532f0ec3c3320", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288122, "uuid": "924f23cc-5b99-44ac-9533-34acd53df54e", "comment": "Malware payload", "value": "3fbd10748e845fce7098fe997dfef1dc93b8bfa7badd0aa2b3a07887801c9a5b4dab08249be6895665467a02feac4031", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288122, "uuid": "60435fe4-2477-4b9a-8885-f8ee8c747d44", "value": "T12B653397A93314A7DB1D53B33F381425D89E813808EAE7CE17B89DCF5A1D0722364A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288122, "uuid": "e84101e9-0c14-4c8e-9749-fd1e0729a2ed", "value": "6ed4f5f04d62b18d96b26d6db7c18840", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288122, "uuid": "d3db4026-802b-4822-981e-d5041369a527", "value": "24576:ovWcnspIzGr8fbPRnAr2Du37vuYX7ubaZWqbaX2T2qsm5oTFM6wwtPQV2LWgyjYh:oEnAf9Ar2i37uILZQGqTFMC6V2LPUYvI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288122, "uuid": "37fbcdf8-63a8-490f-ada1-2bec97a9ff79", "value": 1528832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288122, "uuid": "8ef42fdb-93a5-408d-b2e6-91d8a9c5084f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288122, "uuid": "73f0f7ee-f31f-40f0-8b7d-18f7e6788b3e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97a3409e-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241187, "uuid": "7192d9a1-1e84-43bd-ac7a-c677107087e2", "comment": "Malware payload (RedLineStealer)", "value": "ca05e03a37d5f044596d34a2bf257c64", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241187, "uuid": "4d2f1839-85f4-4fc2-b813-1028611f3137", "comment": "Malware payload (RedLineStealer)", "value": "5d1ea79f462cd6911edbefad7b4d4402de61ab88b408764fa9d25b9d17fbb651", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241187, "uuid": "e657a5b2-f286-4634-ba6f-585868ee49b7", "comment": "Malware payload (RedLineStealer)", "value": "e717c1518cd4fa8a6540676e16bd0f1c58ab1eff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241187, "uuid": "e81b8478-0950-4b40-8089-4259bc26d160", "comment": "Malware payload (RedLineStealer)", "value": "f8c81ea8076037d64862a306bde998c6540d5e9c07391e394f32658efdfc4bfeca8b48fb021a7fe855b2b894fc9c3d23", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241187, "uuid": "8f8e9554-1b23-4736-a4dc-cd6f8b0a38ab", "value": "T170E41201B4C4B134D97209316D2AB983BD7DF8919F24ECAF3B94372E46726D0B0B566E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241187, "uuid": "92acfb4a-b08d-4547-8e89-9cdf1dc75a6a", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241187, "uuid": "d379e90a-d0ce-4790-8af4-3c5c1cd50b98", "value": "12288:VcejRBv7fWlu+T/v5SMDEMPBxjku3xBbK7V5Ni8UHTd8I+MDwggmYMkA:RRN7fIuoPTh3y75i8UzSnMsgL5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241187, "uuid": "4f9763c3-6a2a-4bc2-9d69-17f07babff66", "value": 719872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241187, "uuid": "b235a73e-1878-4316-8778-91e951d62694", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241187, "uuid": "0a61babe-0849-4977-8626-d8a3513c00b4", "value": "ca05e03a37d5f044596d34a2bf257c64.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fbf18ea-0f9e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1687288203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288203, "uuid": "f6bafb55-6c94-4d7f-bc88-470db51f693a", "comment": "Malware payload (NanoCore)", "value": "253e1a1c0adc27865a30a66de4b55b45", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288203, "uuid": "9d628b26-3294-43e0-93a8-faebac793073", "comment": "Malware payload (NanoCore)", "value": "5de3a484499acad5fcd8f4a4521ecb35312a29fb8214271c7c62ad86ded59ba5", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288203, "uuid": "f04e0390-d1a4-4219-b22c-013d46e67529", "comment": "Malware payload (NanoCore)", "value": "16a7af85767ad9c0978ac03b03c131290aec2704", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288203, "uuid": "f7d113d5-920f-46dd-b694-3af75deb765c", "comment": "Malware payload (NanoCore)", "value": "d38c4bb350ecc42d64c66d6ccad8438e1e5b846f9bc4bb901e7f75c9f7f622082890f68b81844864a921510a43d2df8a", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288203, "uuid": "273ec676-cd9b-468e-b4b0-d09c1bdb913f", "value": "T18964D0883751729FC42BC975C9EB1C289BA2A6671337C247784312DD8E4D6CBCF946A3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288203, "uuid": "27f89a79-d2a8-4e7e-9b13-4aea3d2f6b2f", "value": "6144:w8QYfh14eC+WszwS20ELx21A9c0khBqjZq2hV73G3BfDLKYn2JPJPK:wS14eC++S2VS0khBq9lSfHKJpK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288203, "uuid": "d4e9410e-8a50-4a40-9ce7-c2194e6b7237", "value": 317440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288203, "uuid": "249a5246-a5dc-4c38-ac4b-7d0e13fbdb15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288203, "uuid": "806b03e2-3458-4b99-ad3f-06817a15d904", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6629aa09-0f3a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1687245399, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245399, "uuid": "79c9d1c8-838f-4050-acad-b6d9f966cd77", "comment": "Malware payload (SnakeKeylogger)", "value": "f7b67b097d979673dcfd3c1e8170e130", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245399, "uuid": "799baa5d-e000-4044-9778-009f7471c4fc", "comment": "Malware payload (SnakeKeylogger)", "value": "5e0bc6f973c1752a54130fdb328a51b7a6694ad4eb8c1d96c60b8ac8cde7392d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245399, "uuid": "ce88577e-1f6b-4b40-9474-30291db8daa2", "comment": "Malware payload (SnakeKeylogger)", "value": "3f0d6bfb5d193dc0b814709a5597d715907c991c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245399, "uuid": "35c2279a-b67a-4af7-9745-1f5dd02375b9", "comment": "Malware payload (SnakeKeylogger)", "value": "876ffbadaff482dfe8ec3dadc56a82c6203cf1cd7f0f76db02f65878daf0df0f89b4a166fbce89e2362aea46af174eac", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245399, "uuid": "58898a08-7788-4373-9995-845888499bb6", "value": "T1B6E412245B86861BC02B1B784860F770A17C9EC9B762D3DF1DCB3C9BBD22BC9093551A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245399, "uuid": "9f0827c8-4d30-4678-b9a6-38e56f879fc3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245399, "uuid": "e8aebb38-1453-41d8-8654-4371bd78858a", "value": "12288:+b903YRtuPM7q6bpw4dcZda/igJeJh61rW/JyliZlWqMrIOFl7ZCGmXbS8Q:+b903Yhzu4CZdOZJuylizWqMr5X/kbS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245399, "uuid": "42efe1d2-4d82-4b10-acbb-250fdd19d8f2", "value": 706048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245399, "uuid": "d66003f0-cefb-45ff-ae8f-0afb123afc72", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245399, "uuid": "deb7a89f-9408-4eb7-91f7-b7f5249ba3bd", "value": "f7b67b097d979673dcfd3c1e8170e130", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97516f17-0fa0-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687289290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687289290, "uuid": "ee40f9a0-9385-4ab7-9f87-2cda33aa27de", "comment": "Malware payload (Formbook)", "value": "f8e7bb1ba1bfc3513e26b25f2ad0f147", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687289290, "uuid": "82492b7a-afa2-46ea-af6e-501c3a4cf599", "comment": "Malware payload (Formbook)", "value": "5e1d57c89f656b297ae6bfec8f8feaa2c6cf1d4d80148ec9eb1644f0a23c7920", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687289290, "uuid": "65d1c2d8-a9c4-4ad0-b5e1-03092f7d7a0b", "comment": "Malware payload (Formbook)", "value": "ea5d1c48488176eea9a89803d85dd2ff5e447f40", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687289290, "uuid": "a516ae66-81dc-428a-8abb-a733e69f6c77", "comment": "Malware payload (Formbook)", "value": "1cd20fd3cb2a4a0565824848376041de6a2009557948141bef2e9f69fa41032071b69937d20f2bd763a1247a95ab23d7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687289290, "uuid": "c971022c-20c2-4665-9af2-73df9d96213e", "value": "T117F4120662395B1BE0635FF8001177B5D7BE89EB7432E34B4C97B4D6BA6AB080A50F17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687289290, "uuid": "1d8ab53a-29ba-4025-b6e4-70f139b18707", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687289290, "uuid": "50be4fdc-c870-4a98-b401-21e0208fc725", "value": "12288:TPM7q6bpw4dcZda/igpSV1Cc7O201gntU2QoPVJ0gZUG6N3sSAiRnTkoz4GhD59:Kzu4CZdOsvNCb1stUvoP8gk37AM7BhX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687289290, "uuid": "4890902c-0ab9-41e6-acf8-613f4bcd6562", "value": 738304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687289290, "uuid": "13e76699-4379-4ac8-8d15-7843ec6c8f8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687289290, "uuid": "3031b838-bf5c-451f-8f86-c0311b75673d", "value": "SecuriteInfo.com.TrojanX-gen.17954.28838", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e69dd903-0f67-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687264942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264942, "uuid": "51e16a30-c363-49db-8663-5e6a21953976", "comment": "Malware payload (RedLineStealer)", "value": "df74be87df2fd5e2ce06fc575b8150d6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264942, "uuid": "ee72f881-b517-43cc-9700-53ceddbc9313", "comment": "Malware payload (RedLineStealer)", "value": "5f232a7eafa840b46af80e7a5b7069c81649a2e2a995846eab90bfa7e8f14ece", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264942, "uuid": "637e1d7f-311f-422d-8983-10404422801c", "comment": "Malware payload (RedLineStealer)", "value": "8f55566e251c0cf40c3e1e0441f95510b667fce0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264942, "uuid": "1df8041a-9a5a-4ad1-b07d-9e1a692f66d3", "comment": "Malware payload (RedLineStealer)", "value": "27a33d3d77fedb0e9389aef0419132b2f9b2c397e33ae1ef001af5dcb01269471b815a9d28b180901b4735ef5d542948", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264942, "uuid": "382513e9-703d-49bd-a8ef-23a8bd4a028a", "value": "T1E784274382E53DC5E9658F739E1FC3E8760FF2508E497B69221CAA6F10B90B2D167B11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264942, "uuid": "29ad18d1-ab32-4e1b-9d31-5786890116d5", "value": "7240fa76536531357d99f937a15ee51c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264942, "uuid": "c34b195d-dc4c-4a78-8fcb-491c134fd7c1", "value": "3072:B4Rzy+VASv7wIYs0crNMj15OTfFjCGWah564zaVnDHeALwfWZ+FycTu3+X3TbE45:I2yPv09cOpQT3dW40BbX+XDbE4kxbW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687264942, "uuid": "4720e555-ea80-43cc-a58f-f11960e2cfdc", "value": 400896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687264942, "uuid": "a04c6e64-7ff9-4e94-a02c-a1e4bcf8ed49", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264942, "uuid": "47bc2cac-4e28-4541-b52a-0c888dab0de1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91101f6f-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687242464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242464, "uuid": "f67d1b33-320d-4840-b9fb-45960ef93af5", "comment": "Malware payload", "value": "91baa6f4cced80ef33fe08ea0600c014", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242464, "uuid": "02daf961-02eb-4623-b1d1-77e18c68e277", "comment": "Malware payload", "value": "5f6b5675c0a82c3bd28e8b29739d6aca046b86f34b914364dad2258085be54d4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242464, "uuid": "780fd28f-de27-4a41-beff-052ab219e4ca", "comment": "Malware payload", "value": "a7ecc27c45c0797b676b05989e80fe880860e32c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242464, "uuid": "a6530519-5cd8-4082-9cc3-10fc45470e2e", "comment": "Malware payload", "value": "62ca5e948bc500d097a0ade5d1a1d43e711227319163702b9517dba85f4b963c33f2cccc9ef4931d15c08b5a7c5c82d3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242464, "uuid": "11b93a0d-c438-401e-a06a-5464751af435", "value": "T17786C09A7ECC11DCD06B8030C817AA0EE3B2BC55273197DF209676E6AFB73615C19B16", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242464, "uuid": "5b8fcf2a-1439-4450-a432-bc66ef592ead", "value": "d4205da5e9e5f5b55a2ef1c5c2ad063f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242464, "uuid": "636a34aa-7624-4a36-8bd7-94a68ad19f64", "value": "196608:sDWvh3zaURonEBZ/08wR6ekwhI+7NAjtVa/u2k:s4hWUunEBdwiwl78", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242464, "uuid": "15b9f492-d8b2-4fce-92af-1980ae72c686", "value": 8399864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242464, "uuid": "1cc513e0-b143-4d6d-a7ab-607b5eba2101", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242464, "uuid": "918271be-4156-49c1-a60b-86021008a347", "value": "91baa6f4cced80ef33fe08ea0600c014.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93e142a4-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242469, "uuid": "8c2f5ab1-8a3d-4814-966a-c314b3eec431", "comment": "Malware payload (AgentTesla)", "value": "d5bce2a60906638c7691228de86aa855", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242469, "uuid": "7aa22a50-216e-45aa-a04d-263542bdb493", "comment": "Malware payload (AgentTesla)", "value": "6171f1157e6d3840397d27a5f484f8595770ad153d5969aa96a058114243cfa8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242469, "uuid": "379f32b7-0d74-4cb8-ab76-1f6309b4d4e5", "comment": "Malware payload (AgentTesla)", "value": "71ea51a08b6ed5c22825088a1953ad70ec756128", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242469, "uuid": "d2757a03-de14-4d1b-9982-720e4dcc4b08", "comment": "Malware payload (AgentTesla)", "value": "b1e04d0cb403b93b26f0f1ddeccbffcb4b60571439389998dca495e86f41b44611c462e759061f2c10fe50c6fd48f4ce", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242469, "uuid": "9d60306d-3f6d-4023-876e-00a59d4e1b80", "value": "T11AF412185A86962BE1270B744460E374927D9ECAB712C6EF4DDBBCDBBE163C9013071B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242469, "uuid": "a925ec38-bbeb-4dc6-918f-c96994b4a702", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242469, "uuid": "0423d479-e767-406a-b094-b88917f0923f", "value": "12288:ub903Y9kk/kkfkkDkkkkObuPM7q6bpw4dcZda/igJZUw2grYywVbrCltKM+rac0I:ub903Y9kk/kkfkkDkkkkizu4CZdOPTX4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242469, "uuid": "2b333567-259d-4bda-ade5-1b400dd63573", "value": 743424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242469, "uuid": "c2610a13-3e52-4c97-a928-575268a33620", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242469, "uuid": "2afa328f-afac-4b5f-b1a8-72ac0d977707", "value": "INVOICE 327762.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a62f47a1-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687243788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243788, "uuid": "f2106ac2-4162-4a80-bb4c-6321b6e8edb1", "comment": "Malware payload (RemcosRAT)", "value": "0a694f7e7d19ea5efd272f95ca764c4b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243788, "uuid": "af846f3e-6b49-4ecc-ac9f-0a9c357f56e2", "comment": "Malware payload (RemcosRAT)", "value": "61dd5ffe6eae5f4bfa7299b37a7c0dea469d76b698200126cafc14a45acc1ba2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243788, "uuid": "804fe765-5ed1-4de6-93fc-262947a70c18", "comment": "Malware payload (RemcosRAT)", "value": "be9a03972e677f87336b749590632863625a6d31", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243788, "uuid": "23c40f21-5d42-489b-a71b-72c19786ec67", "comment": "Malware payload (RemcosRAT)", "value": "f299152d045607839b9c243f54b0df1745e4befaeedb01fdde6e577aa44388a3e83881fb982acd4df2beabc005d1f8e3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243788, "uuid": "0bf2f7ab-258a-4be8-8761-eca4993fc6be", "value": "T14835125882E82A1FD6772775EBA9BBB80F26EF417A37D33A1C51B0E71C117150B21272", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243788, "uuid": "103b433b-c1a2-4923-93c8-20de770b4c85", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243788, "uuid": "25abea48-0f32-4000-a977-703b9d752aa8", "value": "24576:2aqE68GfaAWUF5HnoC5o27VPvY/YhPw4QYqtm8OqKH:2aqb8IlF5How7VPw/71+8O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243788, "uuid": "27c3640c-4511-405c-9654-de6a3cf039fa", "value": 1073152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243788, "uuid": "5af2abca-59de-455c-911e-14e9c9751e7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243788, "uuid": "adf9d01f-75f4-4b0b-86c3-815e707dc8a1", "value": "0a694f7e7d19ea5efd272f95ca764c4b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8283e87f-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241151, "uuid": "ad80b8c2-878c-457b-aaa8-c2232fa767f7", "comment": "Malware payload (Amadey)", "value": "65cb4c0e0a2b2dc69f6676b8d0a8006c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241151, "uuid": "573dfff4-9708-4adb-944d-c009314199cb", "comment": "Malware payload (Amadey)", "value": "623d8ac5fc8baa72797d2c89a1753de8a1d0dfadb8f1de986c76189dd11991bd", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241151, "uuid": "0d69fa65-3a0d-404b-99ab-b222506e7953", "comment": "Malware payload (Amadey)", "value": "4f4b7260601a946102138aae78045c9829928e60", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241151, "uuid": "1940bd96-c783-4d2a-be02-a0e927adeacb", "comment": "Malware payload (Amadey)", "value": "e8526c9168d8f2610cd8ef3f2c9aa57ab0d5511d3c82c581171d94aac9255f204601c1fa76cd78ccbc4f4a56b56288c3", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241151, "uuid": "055cd4ff-4799-4e00-91d3-66a41fb3bf05", "value": "T1E3F41241B4C8B138ED310631AC6979877DBDF4A14F718DAF3F84231D46B1AE0B9B85A9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241151, "uuid": "15312aa2-8ea3-4e44-b3f5-c3d6fc4959fc", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241151, "uuid": "15dcbeb7-e39b-46c9-817f-6dac7f7ab64c", "value": "12288:oeInIRPv7fWlu+T/i8TCd8CvD1rwCvsVY+a1M6CRTTOYzMHcMh:zR37fIuMCyYiCke+X6CxTx0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241151, "uuid": "84f40f55-d1f0-437f-93cc-2070c3112c08", "value": 759808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241151, "uuid": "33fedde8-bb2f-4b07-9c88-1860f9250ea9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241151, "uuid": "9edf255f-f4ad-4b6f-bb42-d43264cdfc32", "value": "65cb4c0e0a2b2dc69f6676b8d0a8006c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc7ff50b-0f85-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687277809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277809, "uuid": "ac216096-a4f5-4c03-a0a2-ef45c4998567", "comment": "Malware payload (Amadey)", "value": "a5c77f0f42f29adde8e26824e831aae4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277809, "uuid": "0ad2f30a-47bf-4007-9769-fb4f4bdd50ce", "comment": "Malware payload (Amadey)", "value": "624ea356cae25207a4602dd4254530c00a32ebb58f77c2fe970a3ec68a031714", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277809, "uuid": "d613cf75-0ed0-44f0-a971-332a6034d5ca", "comment": "Malware payload (Amadey)", "value": "a66c37e122bf1be2250b786fd8e0edd4653b0912", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277809, "uuid": "a7a9f785-3fae-4d52-89e7-ba373ba13182", "comment": "Malware payload (Amadey)", "value": "e3345b2403ba503cc9782917e5ae612111574544bcb2d535ebf64311c127b9d4bffb672df017b917fdb81a8c030a027c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277809, "uuid": "73a47b98-9af6-445e-84d7-a5100d3d8dc1", "value": "T1D064D40382A13D85E9668F779F1FC3E8770EF2508F597B65221CAA6F14B40B2D163B11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277809, "uuid": "9109d94c-7a72-4a99-a969-8881f3997a02", "value": "2e2bff69e94ccbf1f33f60d20c98521f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277809, "uuid": "d3648219-82e0-4829-be02-211804305b99", "value": "3072:Nunm5XoHj3iOlujOJLHl9Ym+Q6M/MKlbtKRS99c1siFdnmfnR3:cnNHj3iguSJ9Ym6KFf9WmiFdn8R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687277809, "uuid": "ffb7d344-1f7c-4580-8df0-bd562da41fae", "value": 319488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687277809, "uuid": "46b046e3-bb1b-4231-b546-863217c17f53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277809, "uuid": "3ca3fffd-6337-4495-84aa-d13266405c27", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90608285-0f04-11ee-b3cf-42010a9c0076", "comment": "Malware payload (CobaltStrike)", "timestamp": 1687222277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222277, "uuid": "0804c961-beb0-4676-9ef5-b95325ca2ce3", "comment": "Malware payload (CobaltStrike)", "value": "0159973912ede7df082efc9ff81eed4d", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222277, "uuid": "5ee34269-f69a-455f-99ba-63049a092ae2", "comment": "Malware payload (CobaltStrike)", "value": "6269b7ab2f3b4469a4a5840ffad0f4ddf0af9f387a25d227ce3aba38992c5c47", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222277, "uuid": "ad5e800c-a584-4e52-a7ca-e3f4c6f490ef", "comment": "Malware payload (CobaltStrike)", "value": "b6d1a0039c8bb1a43a259223cf8e7f085e0db5eb", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222277, "uuid": "8a5d2371-1736-4a25-999d-bb7c7820a899", "comment": "Malware payload (CobaltStrike)", "value": "9044482c2d0ec8b3f3793cf7d0a5e9997059173031ef837c71b64a341acacc86d120a204a25a6a061a4f0085b6fb00a4", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222277, "uuid": "5814ea84-71fe-4646-9425-70d20b8112a1", "value": "T109224E3DCDEC023DD1B3D619D9AA4A03F9527D1B252CEE0E00D2739A9563582F89276F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222277, "uuid": "3339c84e-356e-4c23-97bf-c49b191f6898", "value": "192:qs4CR2qVOVh2UHD0rbFHE2HHhXVWKHNHJisPysHzHbHJLvVHTFEkpC5lpkxQeVP4:54kExSHE2HHx8KHNHJimHHzHbH1tHTFC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687222277, "uuid": "8d458fd2-296c-4236-aff1-532f345205a2", "value": 10860, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687222277, "uuid": "74dfd7d1-8177-4978-bb3b-cbddbf52311b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222277, "uuid": "1466da50-8c50-4730-b939-af5af1474072", "value": "file.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db910341-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687240871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240871, "uuid": "6b0f888c-2725-4929-b8ab-5de2b16b2d6c", "comment": "Malware payload (RedLineStealer)", "value": "7933ee6d6ea5c72575b028d432289b8e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240871, "uuid": "babf03f7-f7d3-4cc5-8d4d-c69d16c1e488", "comment": "Malware payload (RedLineStealer)", "value": "626cbac6d8603826f268fea3c3ba71a6f29f4069ec7c29dfac8183c60c836b4f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240871, "uuid": "afb37565-2572-4060-924e-1de96dc85921", "comment": "Malware payload (RedLineStealer)", "value": "fc95f955b523aedc20918bedc21dd48c791e2e66", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240871, "uuid": "cbeca895-8081-4025-a2b2-e4671e06956c", "comment": "Malware payload (RedLineStealer)", "value": "29e21ffd303c0a848d9de74dcebf95f2dd7ebdd09991a39fece8e3fa0fe9aae6eab1b0b2ac407a0eac251de95f68506d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240871, "uuid": "f7db3691-264f-4370-9cab-1b8159f0dedd", "value": "T194F40250B4C4B220D9320631AC5D79837EBDF8E64E289D6F3F58731E4AA15E1A8F461F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240871, "uuid": "70383f71-46df-42a8-a436-006b81578f52", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240871, "uuid": "877d024a-8fd9-4f99-b904-d26992c626f5", "value": "12288:Of589Ryv7fWlu+T/zZD2XSguAs8Fso+qR92HsWvBYKJhB1JnUtLD9dXtTV:jR67fIu8tdtAs8FslqR8sWvBHpUtLBd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240871, "uuid": "ff2ad39a-e94b-4b54-b099-219c2a7768a5", "value": 729600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240871, "uuid": "f8d7784d-58b7-4fa5-914c-496ac561bbca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240871, "uuid": "fdca62e9-fc5e-4ca5-b6e6-10430930d5e5", "value": "7933ee6d6ea5c72575b028d432289b8e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a01e7a52-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687243778, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243778, "uuid": "3cf65650-0cd1-49bc-a5da-e7c32e7a2578", "comment": "Malware payload", "value": "e2745ca5b5e357391501e518b2d67334", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243778, "uuid": "658d1211-da90-462b-9a79-4cc14cf019b9", "comment": "Malware payload", "value": "62ae590daf5c19f5d107e5e16ee19b9d69c9ba1d4696247695984cd3c2c89d4d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243778, "uuid": "53bf89c4-18cc-45de-bd1b-4950a35da851", "comment": "Malware payload", "value": "c151c2a80121bef1159b7c139ccdaee941c5bd42", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243778, "uuid": "0eafd087-f258-4bcf-b535-0ba38dd1d523", "comment": "Malware payload", "value": "4e612bc8b392ed9ad27fe6d0427f829763d3bfc96d0ed2a6f9fa287915a5074e6e2ff9462db19b027278482f85c23ea6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243778, "uuid": "2fb44c36-f3a2-41fb-82ad-acf3dba9a43a", "value": "T1BFE5F11AB5608C74D5A3D4332015D6A39206D64EBE18CFCF23B01D0ABAF59E78B167ED", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243778, "uuid": "4ee52057-fb6a-4af5-b3dd-b58490b65c15", "value": "c6e51dda1622035b42b177c9afe67c30", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243778, "uuid": "195936e7-3101-49ac-9922-69f560f84153", "value": "49152:B2hq2y8P7KfSNjf5UbCDGT2IZU86ChWlY/NfrGFtNhdkPoAooRC2oley1jmW:Qq21KaNjf5rBIZU86Ch3/NCFBdkPo3Tb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243778, "uuid": "b3a7477e-615b-4ab8-aa90-ea9e1936f9ee", "value": 3027756, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243778, "uuid": "7a34fb9b-1e3d-4a72-8bb3-6e52eaa9de45", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243778, "uuid": "f020ccbf-2df9-401a-ae00-752fc6eaf280", "value": "e2745ca5b5e357391501e518b2d67334.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a322a304-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1687242494, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242494, "uuid": "4f05eecf-d123-425b-9d6d-2fd8a50941c7", "comment": "Malware payload (NetSupport)", "value": "8f25d7be26af6bec127e964d28853384", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242494, "uuid": "079e7007-b3ae-4bae-8862-b6f5109831dc", "comment": "Malware payload (NetSupport)", "value": "634ac4680c24d64b0de470e429352a993ef6d1885577311b1157d36ec8d3419c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242494, "uuid": "a4fec59f-0d5f-4f57-80b2-b5b53635f2b3", "comment": "Malware payload (NetSupport)", "value": "5d76c80dd3168e0246242521eb2333ddd9c7da5e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242494, "uuid": "8b9356f4-2154-4091-8c84-acf3929ff860", "comment": "Malware payload (NetSupport)", "value": "daa30855c468c1dfcaa440a42f59dea8d7eb1cf97ce268bd20bf1b5eaa7dcafc5e8116f6a39b4abde9752ae654777a0e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242494, "uuid": "39c557cd-8357-49ab-b693-c0fec37b0393", "value": "T1B4657E23F2C2C53FC0722A7C9D5BB6A9D8257D102E38A8467BE44E4C1E3574239796E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242494, "uuid": "488a494b-45e2-42e9-a928-c23fc9be1ab9", "value": "ad6274b75a00990cfd4f51a1d6508333", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242494, "uuid": "989f8296-110d-4b34-8a45-9eedd92cc808", "value": "24576:KfAEcs/3crIt5qIi7OtHS1E2oTkABMxrQsEbshp:KIE1rvU7OJwr3c7bs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242494, "uuid": "c206dfdb-3380-4e53-8d93-a970efc6ad53", "value": 1454592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242494, "uuid": "06fd54e7-acf0-40c4-add5-db6e85be61c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242494, "uuid": "71050041-9389-49ee-a394-5eb7d0aadc92", "value": "8f25d7be26af6bec127e964d28853384", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "697e9f68-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687243686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243686, "uuid": "01ecab0c-ac40-4f98-8e87-629d38f3e0e6", "comment": "Malware payload (GCleaner)", "value": "15d7396dbeef90cb42c088ee30d446af", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243686, "uuid": "00100152-90b1-4cde-b1b2-482d513ae02d", "comment": "Malware payload (GCleaner)", "value": "63a9c63d504d9b57650f8a21c6211ba7995287f4bee3297833194501deebdef5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243686, "uuid": "abf74495-24a4-4330-9230-bb1c313b6877", "comment": "Malware payload (GCleaner)", "value": "70ff3bdca7598a6311b72d0b07792fe925e28388", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243686, "uuid": "b77668ea-7408-45cc-a014-c5f5c2d40de2", "comment": "Malware payload (GCleaner)", "value": "a49f04930b3885c835e8a9784a76724335cc8615091aa3d7f63eb0d468380bf0c17b58932979d3585c338bac3d784527", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243686, "uuid": "c37b28c7-e3c8-44d0-9c0c-3ff05ff389fb", "value": "T15964C02362907C31D92E5772CE3EC6D87A9EF9408F197BAA22386B1F09711B1C5B3751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243686, "uuid": "09e1f718-e9f8-49d9-ac30-1f28cd44e871", "value": "68fdcfb9187c8890bc2889c7f70b139c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243686, "uuid": "05871386-6451-414c-b9aa-922fc6c5b38a", "value": "6144:z1UPuMPO3pBpqQlD3skxUmsQRwjSJuaIZGmKWv0hWiN:zKa3vpplDDUPOpJgomK+P6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243686, "uuid": "97d08451-746f-4045-a9f1-7185b37e0577", "value": 316416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243686, "uuid": "c7be1c18-9a50-4ed2-9220-81405f918f32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243686, "uuid": "64980dec-78ce-45d5-a1be-813d715070a8", "value": "15d7396dbeef90cb42c088ee30d446af.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52420143-0f48-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687251378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251378, "uuid": "056daed3-3f89-4ee3-b5cd-065900ebb71e", "comment": "Malware payload (RedLineStealer)", "value": "4805118c4da3a032bd1271440f58b43b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251378, "uuid": "fb134ae2-1c5d-4eb4-89de-d764642b5b48", "comment": "Malware payload (RedLineStealer)", "value": "63d5581ee1f0c07a80d9eaa1d039310ea95b67268fdd81f1b1de0d7dfea4e685", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251378, "uuid": "c31f8cc8-81b5-4d51-b61b-78c4641cb48e", "comment": "Malware payload (RedLineStealer)", "value": "a33051f7e787f56a8de1c47fcdb15398338a167b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251378, "uuid": "e995faa5-9011-446d-81c7-d95070a70f61", "comment": "Malware payload (RedLineStealer)", "value": "05417f3f288791cb5a781284fa0f04536e8cac572fc86b4b4ab71a6badb095a9cc4a066fc2ce1a5faf3c33b3b8a81a79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251378, "uuid": "1848311f-3022-4581-a3ff-03b75704e587", "value": "T19C544B0FB5C50336E471103D27B02956ECEEBC910D34EDB73A6CC369156ABE2A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251378, "uuid": "a77b00fe-4918-4784-9878-2ffcefdd5a17", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251378, "uuid": "ca4f2e81-1179-4c31-957d-f0cb693abe8d", "value": "6144:IUGLePk2oDQ0FKHgKNRBH13TLxNP9T0x+SRM9:1TPMQzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687251378, "uuid": "7d0f3449-5a0a-45c2-8f17-5161a0a14caf", "value": 279041, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687251378, "uuid": "6979c9c6-493c-401f-994a-d3e068ff8ea4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251378, "uuid": "d8224b51-aedb-4de7-8bf7-65841aff8df5", "value": "4805118c4da3a032bd1271440f58b43b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51583501-0f06-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687223030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687223030, "uuid": "c79bd132-3c8a-4317-af5c-adfebcd11c17", "comment": "Malware payload (RedLineStealer)", "value": "946df0eefdeb12551b795abecf7b7242", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687223030, "uuid": "51838778-36b0-4628-9590-46821e2160e9", "comment": "Malware payload (RedLineStealer)", "value": "653ef62d80bcb1f8c65590e138408bd5b84119d7a39cefb82ecd4546a53fa5fc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687223030, "uuid": "a4a3570d-a612-4b09-97fc-6a11b1fa6b70", "comment": "Malware payload (RedLineStealer)", "value": "854b6a82dc69046993ccac7add63fb2475a58bda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687223030, "uuid": "ba63f3b3-ee29-415d-a2b3-6173bcc51560", "comment": "Malware payload (RedLineStealer)", "value": "8478d23ff6b9ad85e5d179781ae48443549dfbce446446847e77825aa2d2e772d4de0b131e08b0ee0af038eff80a2322", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687223030, "uuid": "c6ecb779-c0a2-46c9-a4e9-4dd696225827", "value": "T115743C96EE53621DED227E713C7A9DC6346D6461DD48E2B2B3181F0AD6831C33E7813A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687223030, "uuid": "1913ea08-c18f-4ccd-bf0b-309a04dd85e7", "value": "25880ccf8fbadb8c8d443e4dd707baf9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687223030, "uuid": "1c944349-3a04-480f-8b0e-aec74d7a63f2", "value": "3072:bkzQIy+HdVkJKGXiXyjBbja+w1yH+27RMb7unVfv6Q4F27eAxe:bRbwGyIEp9Q4F4+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687223030, "uuid": "bd724e81-9fc1-40cb-aa41-9b66b3d506ac", "value": 355960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687223030, "uuid": "71f49989-7e79-46ba-bbc8-668fc9c5e64f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687223030, "uuid": "2dc88c4f-a009-4985-b62f-2c0b29261653", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "964a06eb-0f40-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687248056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248056, "uuid": "71989ceb-72d5-4762-b241-f3777b3307b0", "comment": "Malware payload (RedLineStealer)", "value": "3ca82d5294721055fb004b0323b437de", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248056, "uuid": "ba847864-c9a0-4992-88ec-c7f0cae3bf80", "comment": "Malware payload (RedLineStealer)", "value": "6580bca81fc0e6ae298b75482702e412cb0919722d5b1ac5216cb549320712dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248056, "uuid": "3f132612-13eb-48b6-afbc-c765aae66fb7", "comment": "Malware payload (RedLineStealer)", "value": "5888f0e251eca5af6a93fac1671649e45b077d89", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248056, "uuid": "bc54d88c-0cbc-4106-914e-774e5b120600", "comment": "Malware payload (RedLineStealer)", "value": "1fbb6a0b916de9a44eb914dcc868b163137690abe48c62710920fc40c7448b2386677f6652de50e1f916c15d7f4c442c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248056, "uuid": "d820b0ef-ccb7-464d-8752-56d7f7e4d7ab", "value": "T1D3544C0FB5C50336E471103D2BB02956EDEDAC910D34EDBB7A6C8368116BBD3A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248056, "uuid": "2bf897e8-0217-4b22-b3fc-b5e42f62e210", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248056, "uuid": "f1c3b25b-8bc0-446d-b983-140c9b693090", "value": "6144:gADyRgeAdbfgwUoDMAi3JLxKKhTc+dX6M3:g1RsdbEopmLxK4vX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687248056, "uuid": "b92dbe3e-e986-4e0a-a7fd-f6b0d2c22c9d", "value": 279040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687248056, "uuid": "9573d9e4-67b1-4dc5-bf22-6368685c0b5b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248056, "uuid": "51b99099-3e7b-4f4f-b224-c49706665fa3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce0f767f-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687240849, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240849, "uuid": "745a5789-8ba1-4acc-937b-1cf1d90575f5", "comment": "Malware payload (RedLineStealer)", "value": "1d7a77436a998324c961afd99cf17246", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240849, "uuid": "22f07956-b290-40ca-bc2a-cae1cb3c14c0", "comment": "Malware payload (RedLineStealer)", "value": "662988c45c7de7b09da513ba11853dc1cd7c705b19c7fd8c5a7c8e21896e55de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240849, "uuid": "49bf116d-31d5-4975-bfe9-18cde04ebbcf", "comment": "Malware payload (RedLineStealer)", "value": "625619bcb6abf3c337f5290c8686e26dcc1a1e3b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240849, "uuid": "14f1910c-a5e1-454a-9711-c0a984f33f6a", "comment": "Malware payload (RedLineStealer)", "value": "bbf79a67c2c24f9546f49e37ce23756198e4c94d777c1d7f050c5d135df84ea9f52f4f942a8bb64fea9f82e6d3b45df1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240849, "uuid": "25fa276b-65bd-452b-9b77-846ed11563b6", "value": "T15C052242AAD85073D5F06B3095F712831B337CA1DC79836A2B626C4A0DB36D599323BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240849, "uuid": "6274d661-9e47-4563-b8e2-f4f937b0006a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240849, "uuid": "bce1bc76-126a-4a11-89ca-f3cf2a8d7eca", "value": "12288:GMrry902OySo1uJd7NdcT8ca31yWTZuv7CgED8cEQBEH/+321GAuYrQW9VHE7u1:5y8Vlqy31yWG7LBfH/+Gsuvl1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240849, "uuid": "74b4ff74-c001-4abf-9b51-bde0c6843736", "value": 823296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240849, "uuid": "83cc63e2-5019-4365-bcce-e4f84a4cdb37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240849, "uuid": "cbedcfac-3e95-42b2-94ea-d990276d9b9a", "value": "1d7a77436a998324c961afd99cf17246.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc456cc0-0f72-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687269622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687269622, "uuid": "732de52a-b352-49e2-b0e4-f53eacad7635", "comment": "Malware payload (RedLineStealer)", "value": "962615d7989bedfb0bb1533a938363c9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687269622, "uuid": "e46c8de6-cb90-46e9-9bc2-9a78b24ead2d", "comment": "Malware payload (RedLineStealer)", "value": "6635ca34ab470777c24dcc5d415ee9e85baa3b975c5422848f4539985e25fd29", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687269622, "uuid": "9d1dac86-ea50-47f8-8220-751a96d915bc", "comment": "Malware payload (RedLineStealer)", "value": "9d591edfd92a1fd1ade5160846f73882e843683c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687269622, "uuid": "86b81476-97c1-46e7-b42f-337ac3873587", "comment": "Malware payload (RedLineStealer)", "value": "5e1624fdeb6581866e91d5d3e08e089a477faf9ab198f18c343e4d8703137b7194eaaf2f1ac5d3c04a8158dd9ed4bc9f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687269622, "uuid": "485fa7db-131e-4d0d-b129-9e7c91ffadf2", "value": "T14584170382A13D85EA698F739E1FC3F8760EF6508E497B75221CEA6F14B41B2D163B51", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687269622, "uuid": "93d8ae0d-3fce-4032-a9c5-81c1aee452af", "value": "7240fa76536531357d99f937a15ee51c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687269622, "uuid": "b55e3de9-9121-4d35-8d72-99be3420df0d", "value": "6144:UqI5iASwEawuejkA1qes4Pm2lHRxOEbW/n:S5ihwEaw9f119PXZS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687269622, "uuid": "b9403519-a788-4c3e-a76e-3952d0a3a245", "value": 400384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687269622, "uuid": "1f1bc69d-970f-4283-8b65-7d7290f931d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687269622, "uuid": "6c1e16a7-a5fd-4ecf-943d-b1f79b97c5af", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e3c4fd6-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241493, "uuid": "e3cfabad-9daa-4a0b-8b9f-daa2584b179f", "comment": "Malware payload (Amadey)", "value": "dfe5372a19bc007a8d1e9cbc71311810", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241493, "uuid": "be8914e2-0090-49d6-b392-368b38050e34", "comment": "Malware payload (Amadey)", "value": "664e1b758de15337536e9569c0f55c341193a4b3ed41d708978a444b8639f018", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241493, "uuid": "4626de9c-fc13-4800-983c-78a2d3877618", "comment": "Malware payload (Amadey)", "value": "58367aa3746713552f379cfdd6ce3201a0fdb36f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241493, "uuid": "57bba1cc-8207-4581-bc48-49c52fac9287", "comment": "Malware payload (Amadey)", "value": "f15f2fafe1357505721d4f8aa1566e8f0cf5357071915883cff0674939a57b803141da17b096ec81671e550500ece11d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241493, "uuid": "8af5aadb-e5c5-467e-b9c0-3f17644364c2", "value": "T17FE40240B0C4B131ED310A31686AB6967D6CF8E58B61DCAF3F64331E8A761D1BAF461D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241493, "uuid": "8aaea68c-4dce-47ee-95d3-41663679b680", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241493, "uuid": "1115c6f6-4a4e-41bc-9462-2d7b8b77e414", "value": "12288:St+iRjv7fWlu+T/iCagl7fZNZ2vgRxtByPfwJWZjm+8CErsAaU2uZ9:URr7fIu5sZ32vzQgZjxEr/aq9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241493, "uuid": "82e1d50a-ef8b-454e-9758-895ad775de9a", "value": 719872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241493, "uuid": "05bbe8e1-ca54-4076-969a-b4c578e97a77", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241493, "uuid": "2b6b4cd8-a044-46fe-a5ab-2ddd1f41ee56", "value": "dfe5372a19bc007a8d1e9cbc71311810.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e17eeffb-0f1d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687233150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233150, "uuid": "f65bdb57-3d4f-4eb6-a5ce-69e612b50fa0", "comment": "Malware payload (RedLineStealer)", "value": "bb48c3e8cf43b9b8486af3d1df672aee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233150, "uuid": "37b06c6b-0504-4f73-ae6c-1f1c548effde", "comment": "Malware payload (RedLineStealer)", "value": "6681956a8be4651c90ae15f7aef3438abd22912a6f473e57688dbfa9d5d51b9d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233150, "uuid": "8b8e2cf3-7624-46b5-bd6c-b9acfaede6f2", "comment": "Malware payload (RedLineStealer)", "value": "17d07a03d8a46753b43cfb559348980e177c6966", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233150, "uuid": "b4c790bd-d3bb-4fc9-873e-af5ec07d5552", "comment": "Malware payload (RedLineStealer)", "value": "88ba5a59a944758889893711bbdec7a7cc0b286164e202a2abb4d33a9cc9c8025f3b0b51605fb39b9ab9e9f52fa8a709", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233150, "uuid": "b547e412-5719-4b79-8e88-ea1d43f579b9", "value": "T1D7544B0FB5C50336E471103D2BB02956ECEDAC910D34EDBB7A6CC329156BBE269690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233150, "uuid": "e260e498-d15c-435d-a5e0-75ff808848fd", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233150, "uuid": "761fd6eb-1cdc-466b-83f0-db32253fc44a", "value": "6144:XrDNeX24wdAd6HT9eMTO3yLxrITvD+OxxWzCMu:fNeCRTzTtLxUTBxxWz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687233150, "uuid": "6b753d48-c82c-40fd-a618-7567725fa442", "value": 279552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687233150, "uuid": "7d1ff9fd-cb94-446b-9273-113bdf90dabc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233150, "uuid": "3b267830-108c-48a2-995f-52eace02b49d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e90e8fb-0f6a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687266109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266109, "uuid": "09672c80-719a-40b7-b71b-34946a7b5b57", "comment": "Malware payload (Formbook)", "value": "9e8fe4b875f91118d196f192d79f6d04", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266109, "uuid": "6b5dd79e-9d16-4f63-b3c2-c8cfc36e345d", "comment": "Malware payload (Formbook)", "value": "6689c58325956e0d5afe938fc8139589f85d44ff8733a6080c123eac34219e5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266109, "uuid": "05a07ea1-8a17-4a40-b993-466ebf75b589", "comment": "Malware payload (Formbook)", "value": "955de2380f2d100bd2b641eac4dfaeee6e19658f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266109, "uuid": "86fd3f62-be6a-4c54-ab7a-d9d3ed076d85", "comment": "Malware payload (Formbook)", "value": "6af786d1126fc6483aa021d3e308aef151bb6330760e7033f15f5e375e394734c26a9dcc9d2871d5aed509100d8e9cc3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266109, "uuid": "c3ab5909-8114-41d9-969b-774d80ad12c4", "value": "T11015F11023784F27E13E8BFC1411227093B9A79A705EE78ACEC7B4DE5E65FC14619A1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266109, "uuid": "d1b7c25a-7421-44d4-a6ff-0fe23fe14acd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266109, "uuid": "65fd9f42-8294-48ac-8209-61ad4226510d", "value": "12288:y2ql/2SPM7q6bpw4dcZda/igi4w1OVmD6dgjojq2fQuHsSIqUqBdtilvS:xxzu4CZdOi4w4XgjwqKdsSAgOd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687266109, "uuid": "d259b413-cf61-45f5-99a1-b50a41a2d0e7", "value": 875520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687266109, "uuid": "9bdcd405-8b5e-4417-a232-64090ef04dec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266109, "uuid": "d92e3ca5-d4eb-4536-bf5c-efd7c2e16ea7", "value": "INVOICE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8260b0e9-0f11-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687227837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687227837, "uuid": "55e345b7-e600-4418-ab02-abba463fa42d", "comment": "Malware payload", "value": "2884fecc1cec69e41bfee62c8df02e71", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687227837, "uuid": "491fc8b7-6190-416b-af94-cf532216cbef", "comment": "Malware payload", "value": "677b8600adf2c4e1f17963eaaf18d57881a6a0c2ef5323c7f145b113480040df", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687227837, "uuid": "17779231-5ceb-4228-b772-ee188d50a7cd", "comment": "Malware payload", "value": "1ff0c9d2e08ce3018d5186838181ed29e323e4b9", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687227837, "uuid": "d09ae56a-a925-4b26-9331-343cf0a7b554", "comment": "Malware payload", "value": "1ad643ac821fd724d33cdd269e2a443dcf07875948399d54e769350952372da6d58487f54111242a28a17eb9b5a9344b", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687227837, "uuid": "93f90437-0c89-427d-b680-35b474dcdb3f", "value": "T1BE35E186B358E427C877C93582F54BAB1A858D64499BE3174969B31C4DBFAC04F88FCC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687227837, "uuid": "a4a2ffd0-62cd-4ca9-8bb0-0a1d69415e88", "value": "24576:uBZ2VKtzn9r6VFWb+hIjY6hGDYYDYueBuCNCjmPZgXJA3EqOV/SNMUWU0:u3Lzn9OFWb+hG4DYzueZkiWm15sr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687227837, "uuid": "d2854256-b1e1-402e-81d9-5764da88e74c", "value": 1094226, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687227837, "uuid": "608a5332-15fb-4be2-999a-5d33e0681b56", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687227837, "uuid": "32587353-c40d-4e7a-b9b0-7c7013e3e1cc", "value": "Ultra.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9b0090a-0f5e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687260974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260974, "uuid": "b1531021-a03e-4861-8698-cf936d53f86e", "comment": "Malware payload (RedLineStealer)", "value": "5c946f9454bdb0c7631a2709def10747", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260974, "uuid": "cb5ff506-5f00-48e9-b06a-0dc0fa6e4bf8", "comment": "Malware payload (RedLineStealer)", "value": "67b9b74f647846d67ef5be1e4aba44e74cc62e9e401ca9f8e5bb695daa15e611", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260974, "uuid": "f39547a0-65dd-4ad2-b2d8-a544da4337a7", "comment": "Malware payload (RedLineStealer)", "value": "dbb125df84c15a7c4c7220d719af471086b6ed0f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260974, "uuid": "ac4e494a-5ca4-46e2-a848-f4915da02063", "comment": "Malware payload (RedLineStealer)", "value": "c15c8402fbf59312bf1c7b7412cef7b981cca574825bbb558f9ecc2ab6f53b83b1c12b384dbb1a1706bbfec58b142c6d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260974, "uuid": "9466634b-6405-4c2d-a014-b408bf671fa1", "value": "T15344190FB6C50736D471103D2B706966ECEDFC910D34ADB77A5CC329126ABE2A9680DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260974, "uuid": "4eea176d-a160-48af-88ce-f19b9a29a360", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260974, "uuid": "10fe01f8-6c92-4b10-89c2-3c5efe341175", "value": "6144:Zbdpx+VWoGY1FmJ/Zu9LB1KuWoa6+K5WMt:Vdn+Y3JeLDKVoP5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687260974, "uuid": "21df31b8-a035-42f2-a7fe-72a12f2eb40a", "value": 274944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687260974, "uuid": "11da9bf2-63d2-4fe7-afd5-ea2a8a53db6d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260974, "uuid": "44c5c254-5cc9-4717-8876-10ca3fcf8b19", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38561cda-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241456, "uuid": "64b3573f-94ca-4a04-b549-3f246f42a45d", "comment": "Malware payload (Amadey)", "value": "3b3c338bd07eae47eb82458eb7192485", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241456, "uuid": "9ebceca2-9e23-48fc-8adc-11d737fc0ca5", "comment": "Malware payload (Amadey)", "value": "67d131acc5a819a9d4d4a4396a16d5cde9159e99e9336ff84d782d89d22a0517", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241456, "uuid": "ecdef9f0-2ee4-46eb-a385-5fad3c00a5ea", "comment": "Malware payload (Amadey)", "value": "856f257a13393ff1c9e7e1c8eb9b335920319073", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241456, "uuid": "ae3e6ec5-8d3d-499d-9747-f2f10e7b237b", "comment": "Malware payload (Amadey)", "value": "c36a1957625abe6cba4c6bb4b5d99e6cc22ddf558ffb75d7d330a2b35f977616a1520a6ddb1b59e38a59e176cbaecda7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241456, "uuid": "3d1e0356-814f-442a-aeeb-ccd70e312553", "value": "T125F40240B4C8B134E9314531BC6ABA927E7CF8A14B24DCAF7F8423294AB54E075F466E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241456, "uuid": "3dc13387-cc4d-40a1-9a10-7380ecc25fca", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241456, "uuid": "a5c78d9b-9e7f-4a22-86ba-df29b34b8e1e", "value": "12288:y+cWVRmv7fWlu+T/NnIzGZ8YUhI0UqExQ8VVVTo2oae:yUR+7fIuynIzGZi+1qMQE3ya", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241456, "uuid": "f6587642-7af1-4850-9b76-b4c4e6c3c115", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241456, "uuid": "b3eb0ba1-910b-4a6c-8915-e731845aabbd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241456, "uuid": "744d439f-bb4f-4481-8712-516a252b2362", "value": "3b3c338bd07eae47eb82458eb7192485.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "294fd756-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687267630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267630, "uuid": "880e6943-c3c5-40b8-89e9-6f08dc2161bb", "comment": "Malware payload", "value": "dd68432394efdbb3d158c7f882545b3c", "object_relation": "md5", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267630, "uuid": "13bd49fb-a3df-42fa-91fe-911a6036d7b4", "comment": "Malware payload", "value": "67e0be83f4352289c04c7fabe1f30c27e865d3097304cd1752b4fa1ca3c6cd37", "object_relation": "sha256", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267630, "uuid": "6c77b8f2-f6e1-4070-9d0f-ab367a95c1bf", "comment": "Malware payload", "value": "30040b419cec1f49b8b04f6f4be1448e52c2738d", "object_relation": "sha1", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267630, "uuid": "da382202-271d-4532-96ae-8752824a0dad", "comment": "Malware payload", "value": "afb36a8c00ddcf2fa7c24c0f74250c0d1f645b237263e54884c8deb3822cc1cfed8baff50c694a7e2af77db5e0f2a6f1", "object_relation": "sha3-384", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267630, "uuid": "5e275596-9604-4a94-aa66-407e28a0d847", "value": "T116A58D317690D076C273253155DFA7BAA6BDAA300B34829B67901F3D2F705D2963C36B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267630, "uuid": "96893aa9-9832-4388-84c5-30c8c5217b3c", "value": "201ff869ad6c3f02568eee2611fcce86", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267630, "uuid": "3738268e-ec48-4c10-be18-149171b94f49", "value": "49152:2hsWMg+B5q8oPPBdJeyPfgSp/bdbUxEnQYO+jhcbwKEAqgh5XZDUJR9phCXbiTDC:2sD55q8oPl1AQbdbUxEnQYO+j+b9tBRQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267630, "uuid": "8d8881cf-b8f4-4652-b96f-9fa1c73f1086", "value": 2247168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267630, "uuid": "f89dc77b-cb10-4ae6-8d01-50aa85e55b8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267630, "uuid": "22434927-da27-4843-b2be-183e451eb7d5", "value": "Wrangler.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61e66bf7-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687267725, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267725, "uuid": "e5425f0f-8ae9-4a92-a95a-98ad7de3a781", "comment": "Malware payload", "value": "de41cb12857e6104375d86dfc81b6b18", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267725, "uuid": "3ca64140-d12d-48f4-801a-3a4f715edce5", "comment": "Malware payload", "value": "68813b10c04751c8889063d3faaa376bcbe8e399c7cab070f5131e513f15b4b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267725, "uuid": "ba1065bf-6a05-41ea-9475-7f84ae32a2c5", "comment": "Malware payload", "value": "293f7c0dee176daa4663334052fd95be9256b5bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267725, "uuid": "8895fb60-7e5a-4bca-806f-320d68bdf9bd", "comment": "Malware payload", "value": "4dbe2708182852a563242e3ef00ec6b665a3f366822257660dc6bf8a69ad3cedc775687d8d54207630d6a056775dba78", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267725, "uuid": "86b752a1-a000-4206-8bfa-705eec26b51a", "value": "T103957C33B66184BFE93225B0821D5378A1ADD9B05E7D0147199D2F3F1A744824AEF3AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267725, "uuid": "ce780194-6c4e-46c6-ad0f-2785796bf27d", "value": "62bd6e3a7d9ac4d11db85a37bf8e78bb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267725, "uuid": "ae6f3f6a-81b5-4210-81cf-efd3d4cfc0f7", "value": "49152:DBOdJVQDyfs1GijmWZqp4TM2Sij/QwLkGhRjIFXgS7K88+s0yVw+:DB+VQDyfsPjmahTM2Sij/QwLkGhRUdwb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267725, "uuid": "e2240098-00e6-46d9-ad8f-d317de221ddd", "value": 1904640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267725, "uuid": "3d9b6ee8-b19f-447b-9152-31c77e9c7a4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267725, "uuid": "6cda3a84-c819-4d4b-b03c-5fcdfedbfe23", "value": "68813b10c04751c8889063d3faaa376bcbe8e399c7cab070f5131e513f15b4b5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fed24dab-0f39-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687245225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245225, "uuid": "61892df9-53be-490d-a005-c823c9427290", "comment": "Malware payload (AgentTesla)", "value": "5b1575080f4bab0596ad69fcf42b357e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245225, "uuid": "751d70bb-299a-4d80-a0ec-46ffc73fb998", "comment": "Malware payload (AgentTesla)", "value": "689fcaa4f27b98410de7f5219626b2abde9ccc98690aa8bbbc903c80eddd1b45", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245225, "uuid": "06224c8c-d0ca-4a01-9946-d3a90e91dd3f", "comment": "Malware payload (AgentTesla)", "value": "a15e9f9f2c0da7134806c23f90ade24f1891bf4a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245225, "uuid": "93d4f004-727c-44ae-89d0-5e468d749189", "comment": "Malware payload (AgentTesla)", "value": "4adee4f64b6366523269b39dcc6292fd44981160adbed2d5718e562e9a5725d994c25c70a76d0679721e27217127a68e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245225, "uuid": "1cead6ff-e0a1-4544-8340-95dd75c8bbc6", "value": "T119F4239A68FEA5363EB47476D529532A7E835B500B7C62A3C8D2C302DB440D763E1DAC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245225, "uuid": "c5a26f12-60dc-4eca-ab0b-d83136333e62", "value": "12288:oY28joZ6MowmEMl+HzCMjt67B1y5M/6Z1wuZz6lL+iRu8WZRX8A/looQkDb6dep1:oQj66Mbm5l+HeJspZgoZRXUkDB4xebco", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245225, "uuid": "8f3817f9-a8ab-491a-804c-c17f9ad7af5b", "value": 747142, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245225, "uuid": "36884c93-e9a0-494c-b56f-7a957c704c99", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245225, "uuid": "569ec1b1-31f3-4c63-9e2f-7ee572aba273", "value": "CTM REQUEST BIRTHSHIP.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5a92002-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1687288106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288106, "uuid": "6ecdb71f-f109-4623-a876-5aa6f4b029b1", "comment": "Malware payload (SnakeKeylogger)", "value": "e6b09f1c7473e375eccf56221de26cc9", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288106, "uuid": "1be43c21-3edd-46d0-b1a2-d7a777433ad3", "comment": "Malware payload (SnakeKeylogger)", "value": "692d4bd4039b369085c4529e425513503a4731717bed3b11bbd4b46e8d079ff9", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288106, "uuid": "116e7550-9ae3-45a7-8d0e-1e4d649358ec", "comment": "Malware payload (SnakeKeylogger)", "value": "2f619964e15ba5325181c9661ee7b2f15100fc70", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288106, "uuid": "8e1d8723-f00d-47fd-92b8-e19c9cb3d755", "comment": "Malware payload (SnakeKeylogger)", "value": "26d782732734a4c1a070af3a21c99ff8236698de9051846168e482cc649c887cf1b43c9043609572ecab1a0e79b813a8", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288106, "uuid": "fb0913d7-d3bc-4f3f-934b-e07578eb0fea", "value": "T1C204F143B7970161C24989F7C89790D453BAE75A3623DB1E368FA38D8E437DF2A58D02", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288106, "uuid": "aae65c45-5106-4093-baf6-413a15f34906", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288106, "uuid": "c7c0643a-578b-4b8a-9ea4-03d5a4ec2b83", "value": "3072:/I+7ChhSivH3Zg7kHNXFubffqApiTxiuWUOD4NT1aPzDCo5Kzo+U8TR:/IK09Hpg7WNXusiuWdcEPzz5K68", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288106, "uuid": "fb1a4f04-5cc7-486d-91e3-9c2085bd4841", "value": 175104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288106, "uuid": "0f6345dd-e151-4854-b56a-fc2bf87636fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288106, "uuid": "3baa335f-97fa-4eb5-9953-cefcebc03e1e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ba2359a-0f3b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687245810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245810, "uuid": "1d62aadf-c2e5-4970-863f-2151743eb7c1", "comment": "Malware payload (AgentTesla)", "value": "fe895adeab166572816f8a29de2b50a0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245810, "uuid": "5f86f26a-ba20-43b6-98c2-9977413d0dcf", "comment": "Malware payload (AgentTesla)", "value": "69d771ee6e3b2e45970e36579970a8b6622f2395f686f500680f695d6a22e43f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245810, "uuid": "56394d2a-3418-4fee-be58-b04edafa8899", "comment": "Malware payload (AgentTesla)", "value": "742ccb1a0eb5e7521301cf2293a1689748dc44c3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245810, "uuid": "9aad8cf6-0e52-4466-b8dd-00f40969ed11", "comment": "Malware payload (AgentTesla)", "value": "c1ff3c6853389185cb0a0a490ced4046efc51f2c5d5e2a174bcb4e4176f83e970ffa3f8eb06acf8c57c77e515fcdf5c5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245810, "uuid": "9f455f94-bb09-43f3-bcea-ba8d77cae5d6", "value": "T1C515C4BD69D026B7D475D5B2C16234C9F63F6322B2534D6822D2DEC7866248E37EC80E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245810, "uuid": "6bb05fd9-cef9-4899-ad87-48bb880068dc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245810, "uuid": "fc74cd49-d43a-4f64-ae4e-b555b3d44cf8", "value": "12288:4V3NBX6Ioc6chPtNfcFD8FrqdIBfK5sMPzI/Z8NeMvnWX:k+IvltNfcFD8FrUIBfK/LI/aeMvnWX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245810, "uuid": "ffbc1b6e-e534-46b0-b42e-e37b3c38c184", "value": 940544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245810, "uuid": "6be87c29-92a2-4e00-afd0-841276f9eb31", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245810, "uuid": "586ca5ad-ff4d-4b2f-8d5b-e993e2ac9af1", "value": "order 600368142959.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15b3e573-0f99-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1687286066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687286066, "uuid": "74be68ca-5d63-4a76-841c-95697d147881", "comment": "Malware payload (DCRat)", "value": "9d01a511c625dc4e297db3c2cf71e3c6", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687286066, "uuid": "e2541275-8a92-4ff8-94d0-f52844bdce92", "comment": "Malware payload (DCRat)", "value": "6a8ea9c4a9200f1dc374e7a60ffaf6ac6399bccf17eeb3c0c7ebe047ee9e6843", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687286066, "uuid": "986d64e5-3a2e-4ff3-8bf1-f72d9b5195f9", "comment": "Malware payload (DCRat)", "value": "e910ba0853a3eea14d1862aae889f7335b485447", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687286066, "uuid": "c2f2d6a0-fa73-4df3-9f84-876f2d816a28", "comment": "Malware payload (DCRat)", "value": "d634a0784168e39dcc37618878d6900129a72fd2372a4b8b52b90aa7b7d39863ac6a3bd95a066c74ba33fbbaf1ffd072", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687286066, "uuid": "0194f5a2-f64a-4a6b-bc94-2b23f2a86d97", "value": "T15A236D0037A8C13AF2BD8BB4ADF292058675D61B2903C65D7CC825EA2F53BC596136FD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687286066, "uuid": "fd5e6854-b347-4673-9a71-c6467002d5df", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687286066, "uuid": "81033066-bdd9-4654-b879-a08145c349c8", "value": "768:dOEuILWCKi+Din0Ni5R8YbngeLT2NEyvEgK/J9lZVc6KN:dOtmnVzbgk2KynkJ3ZVclN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687286066, "uuid": "500e0e7f-7937-4fcf-94b3-8d3a37693705", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687286066, "uuid": "50d54c8c-de04-44f6-82d4-33c97fbae3ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687286066, "uuid": "2a942b9d-a82b-4d3d-9660-9e873240b590", "value": "xHzNZxddxTxH.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e52b1359-0f5a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259356, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259356, "uuid": "866a797f-46f4-456a-a307-524a3fab4421", "comment": "Malware payload (Mirai)", "value": "fa001824f95e493e24899ed6eca70dbb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259356, "uuid": "b161f87c-3ad7-42ad-aaea-3dd07887f2f0", "comment": "Malware payload (Mirai)", "value": "6b25b078193fc3ef47f075a4e8f9cd1db87c8406b4bed9453f2c65783278ce08", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259356, "uuid": "8af3671b-c261-4922-85b3-b1c7f97ada0a", "comment": "Malware payload (Mirai)", "value": "f1f66cb5ac5efcc15603b2dc488880107cfbbbbd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259356, "uuid": "713c6d62-a5a0-4c50-8051-e90ba3a92f24", "comment": "Malware payload (Mirai)", "value": "becb8ca58b200fc941a546df247907f6e425d52d89155f2224666ec1bae12025b235d2a20e5f2c7d46e9e4fb7ac027f4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259356, "uuid": "238a54fb-8615-41f7-9398-7602efed2d7c", "value": "T108F37436B7619E77D80ECE7305A985121C8CD98712D92B6BB2B4E51CEB6BC4F08D3D48", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259356, "uuid": "f922a973-f27a-4d0f-8514-2999583dd7be", "value": "3072:1LNqrhHZ0P6bRFBQiEfRjHkLwmrThPaLEne7rNb:1Lsrr0PeRTJegLwmrThPaLEne7rNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259356, "uuid": "2565803a-c5f5-4385-9265-1252bf03c809", "value": 159493, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259356, "uuid": "e4bfd976-6e47-4e5e-b416-6b3e73901009", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259356, "uuid": "d2c880fa-b233-49b6-a616-74233d02eee0", "value": "fa001824f95e493e24899ed6eca70dbb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95b3c8ef-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1687242472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242472, "uuid": "384a23fa-0cfb-43b1-80fd-c5a9f90531a7", "comment": "Malware payload (GuLoader)", "value": "b7e213a041a9c69d928291b56fe7b54f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242472, "uuid": "2906f8a0-fbc2-4676-98a8-e90e49c6ed45", "comment": "Malware payload (GuLoader)", "value": "6c1345906061387def10feee0d6b61d63e44f002f5062ee3e06e00c62e686806", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242472, "uuid": "15607b4d-5eb7-4228-a071-1797ddfaeb94", "comment": "Malware payload (GuLoader)", "value": "bcae003792c75229874fd072564986f75439d141", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242472, "uuid": "63f7c761-2897-4fb8-9c33-ed88f190a50b", "comment": "Malware payload (GuLoader)", "value": "4d57b30def0d8125e888bad1dfc2c3826680775b3fd390d0307aa911a734d8fdd1093323b4f8b93a1c7afcc81230578b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242472, "uuid": "a7d69a65-3c6e-4ab9-a0d1-db48221679cd", "value": "T1B9E42360037CD1B3E5A3823A5E375F637ABFA908A192830F93100E5D79787D9D30A795", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242472, "uuid": "095ca7b5-01b1-40ec-b170-dff0f9471739", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242472, "uuid": "a62c87a4-efa5-4a4a-9fe8-86e832ada3ef", "value": "12288:gMwRd/84G+3pU59I4+s3XFLoeKjl+arlswcU9fL6VMr+rw+Ykh:gMwRd/8qZU59+AVMpj88/z9I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242472, "uuid": "9f5bf8ab-51d9-45db-b5a2-0a7844ae6a87", "value": 692154, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242472, "uuid": "b3da3c45-ded4-478a-b800-75be13f152e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242472, "uuid": "1c1bc04d-2fcb-41d0-b4a8-b4010778d144", "value": "New Inquiry.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c67bb68-0f9e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1687288198, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288198, "uuid": "ff55a7e3-951a-4368-bc46-9ad674f1ee45", "comment": "Malware payload (NanoCore)", "value": "20b05ef6a9a219260ba6a0603687db86", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288198, "uuid": "e503773b-65a6-4663-b81e-82947d2b3598", "comment": "Malware payload (NanoCore)", "value": "6c2e104bb3a97e3f5054b9436ec4f200cc6187a051f67f19a97856655e9175fa", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288198, "uuid": "432e55fe-d578-410c-bb4f-86dbda7ebb1d", "comment": "Malware payload (NanoCore)", "value": "6668a9d1b2a3a03c04c95b239259f2fd5930be16", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288198, "uuid": "a59f34a2-f635-4cd2-b7d0-928fd6de98d1", "comment": "Malware payload (NanoCore)", "value": "4c9e943bc6606572a292df6982459a95278e1b79325ed4d692ed93409cc8f34007aa99ec70fae49672bf2f2fc2a12c3e", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288198, "uuid": "640963e0-890d-4130-b78a-6e45297f2bf5", "value": "T17964CF88368576CFC817C875C9D61C24A7F1666B133BD246A98712FD8E0D6CBCF462E2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288198, "uuid": "654c4268-34ad-4fb0-a73c-a90acfa87401", "value": "6144:ekI5HaDvw7Df3ng6Rq2ZNqDAkOtbnzjaN09ww/KAz/w5QRGR3:5nDvwnngCqUcDPOpSOiw/KAFGx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288198, "uuid": "31ec452d-e01c-42b2-ad68-7a5c83b2701c", "value": 317952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288198, "uuid": "138a4762-463f-4fa7-811d-54fd832a94c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288198, "uuid": "52523f95-b5e8-4114-a44a-d403733abc3d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e62812d-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241466, "uuid": "5a918d79-40f6-4769-9a6f-f9a57727d09d", "comment": "Malware payload (RedLineStealer)", "value": "41a8c18ad9f0cad37f0f39c6ae7dd14a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241466, "uuid": "eb653b16-529c-4071-97b9-499d84662506", "comment": "Malware payload (RedLineStealer)", "value": "6c7b7d158e7e17066fbb8603a3b9945c14d5a6f2676dcdd93ed19adbe9bff870", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241466, "uuid": "f95e728d-957c-4f04-9ee1-beffc316b762", "comment": "Malware payload (RedLineStealer)", "value": "4dd4a817c539d19e4ddac98910c5e3302f990987", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241466, "uuid": "fde0fced-2b73-4965-bd4e-31239b9fafd8", "comment": "Malware payload (RedLineStealer)", "value": "8dea7c1da8a2f2ca6ad798e553e5ee20a42e1c20d47c1524d363482c450c4ae909db45361302caef8b83a817170b5947", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241466, "uuid": "e801449e-3c82-4d64-ac83-627cd4931a8b", "value": "T150052282A6E08073CDB52B7554FB13835732BC91B97492672706DD2A1C33AC1E6763BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241466, "uuid": "a7ae99c0-11ab-456e-8f55-5a541b052be7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241466, "uuid": "1aea24f5-40f2-4384-8540-9822fb6d3e30", "value": "24576:xykzs7W2EugF+Qpk+fFoiINh5lNGloVff4q/:kSsCBZ+QpvSiAXlxaq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241466, "uuid": "cc9be0dd-af58-4bd5-8144-b79e74dbfa6f", "value": 824320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241466, "uuid": "f85ce9f9-7002-42ce-89c1-250f189fa0e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241466, "uuid": "b61780c9-b97f-4056-92fb-d8a7ef66239e", "value": "41a8c18ad9f0cad37f0f39c6ae7dd14a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "275a112e-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687243575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243575, "uuid": "b332d836-977a-4216-a0e6-7b0d3fffe0ad", "comment": "Malware payload (Amadey)", "value": "bc36222545fe73b75e7bd117d868f7eb", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243575, "uuid": "35a86f56-85ce-47e9-b592-bbb5a948949e", "comment": "Malware payload (Amadey)", "value": "6cd4680ef59dc3dc716dda8080b3f828862176c49296d13837877257cd388494", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243575, "uuid": "bdbb4e97-ecad-49e3-ad0e-c45fbc2f49d8", "comment": "Malware payload (Amadey)", "value": "ba90074f59d56d93f822baeec37404fa43fda07b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243575, "uuid": "33adaf14-c596-43b2-9fe3-6c6487c5d17f", "comment": "Malware payload (Amadey)", "value": "d6e0885fa2bcd7343256fa7192dbf8762bb5577507816003435d70460b76858f54d01eae37dbfbc282f6c2e2caa947ca", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243575, "uuid": "d1376d9e-edc4-4ab2-b422-5ce8171dbe2b", "value": "T115F41281B4C4B225DD3216316C667A426CBCF8E18E64DCAF3F54720D0BFA5E07AB552E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243575, "uuid": "c8f4e5f2-be80-40f9-b550-b2db189371e3", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243575, "uuid": "0831a7a6-8492-45f2-99af-9494c3fa257b", "value": "12288:pZ/r8VmRrv7fWlu+T/+AUMNcE/eJGyBTvtU5GOuTFnL0UjiNirjTkXgo/71n:r/ZRz7fIudccEmUmTvtNu+UF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243575, "uuid": "7597699d-2ac2-40b9-b1b6-b0d2291f17f8", "value": 761344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243575, "uuid": "365a81ab-786b-4b57-9899-9cbb7612aeae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243575, "uuid": "19e534b2-2a26-48dc-b893-941c726049a1", "value": "bc36222545fe73b75e7bd117d868f7eb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fee17e53-0f4d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687253815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253815, "uuid": "11f0dc44-a40e-42fc-b6fe-ccca8ff6338c", "comment": "Malware payload (Gafgyt)", "value": "1d88d569d686c689e6e073db069bebfd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253815, "uuid": "b580eb23-a77a-44d2-be89-0de6a1caec91", "comment": "Malware payload (Gafgyt)", "value": "6d0dee640a718d03b6445063144a3f9953be63d9fc3e7f96de46bb08b6508920", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253815, "uuid": "95788cbf-c9ac-4b81-b78a-928c883a206a", "comment": "Malware payload (Gafgyt)", "value": "b716f7eda6264db1c3e4442e4abebdd734ea3a73", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253815, "uuid": "32f182a9-2d06-42ba-bd1e-f00d04d2530c", "comment": "Malware payload (Gafgyt)", "value": "1cca6922030b12bd28d9fde823c6ad0e0b3b066f011bf81bd31f9274d1a860319e3ad846749ed2e2209d254b373ef232", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253815, "uuid": "6f44f4ae-b304-423a-ac6e-cfe0c56b9502", "value": "T137C3093B7B270A23C0D9507102E31332B9B9DE5938BA43D7A9D07D9C6F3A58834567E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253815, "uuid": "f8711d5e-0cdf-4510-b55a-08d2aad8d0cb", "value": "1536:ctrv5GE2dFg8aI0DN95P8tf7PJtAiRdc0sfm7ypwYujl3IdnuW:ZP0DNPAz5sfm2pwYux3I5uW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253815, "uuid": "ebe401dc-d5f7-4ee8-a7a9-e740c4cbd96b", "value": 126446, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253815, "uuid": "7b5f90db-9a4b-4d43-9e55-b1c3c1107642", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253815, "uuid": "aa66c0de-0b8d-4732-9280-acf4ba79eb9d", "value": "1d88d569d686c689e6e073db069bebfd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf2fe25f-0f69-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Quakbot)", "timestamp": 1687265761, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265761, "uuid": "5b68181a-536f-4dc1-842d-c80db7cc4a23", "comment": "Malware payload (Quakbot)", "value": "0bf5f0c0cebaeabe8911296dfdcc411e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265761, "uuid": "101403e7-d99f-4a08-ba10-78e80bcfaa0d", "comment": "Malware payload (Quakbot)", "value": "6d834ad9e1b6d85b48c48c22453d99b6a6ada0039122be709379bd9e3035a302", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265761, "uuid": "5bc84a50-b91d-4977-9305-d827706a7e52", "comment": "Malware payload (Quakbot)", "value": "70e63f05e55dbe5a1fb8e913ed1acd9ae22edfd2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265761, "uuid": "872cd77c-5e59-4a33-9b41-fefde9be7654", "comment": "Malware payload (Quakbot)", "value": "e40d6aa279b270f8fd1e7f0d788a9bc3147ae080769f6a8595b935c7072956504912479d785135605609aafd007a87fa", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265761, "uuid": "dda3183c-0160-4a7b-bd46-afd21e8315cc", "value": "T175655C23AA45C223E5E120B28D6D663B151CAE340728D0C3F69E577A2977DD31F7A31B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265761, "uuid": "6f32faef-b28b-40c3-bf60-11623195251c", "value": "ba7b27563b9fc0cf1e4ecffd5357ef76", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265761, "uuid": "9a4deb5b-ed94-412e-8326-020d3d7fadb4", "value": "24576:cN3qBMxETyLH3A8RJb6zRPybxJZgvfFkACytBJrrCa7rrrCx6N4wAJMLvy1Jx5J4:lBqxLwKAlPybxJZgvfFkACytBJrrCa73", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687265761, "uuid": "c91ce141-f3d1-44bd-b464-5b9714fc3677", "value": 1517598, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687265761, "uuid": "68135e62-7bc8-4910-b92a-48a37332303d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265761, "uuid": "686a421d-4790-4f07-ad4c-75d67ae9289d", "value": "gYllW0vKa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02b2edc2-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687240937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240937, "uuid": "b8382f36-99bc-4082-a8d8-c094ddf1cb30", "comment": "Malware payload (AgentTesla)", "value": "db1409ffcfa26228df0e916d92e7079d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240937, "uuid": "f4d3ed4b-a30e-4196-9fc3-76684c74a008", "comment": "Malware payload (AgentTesla)", "value": "6d9fe81f7f3e7e01b2f0ed86012b129172bbc4a3f3155339f8d2f14bfea2152b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240937, "uuid": "1db6bcff-c675-4606-a0e0-6732c5792c91", "comment": "Malware payload (AgentTesla)", "value": "8b7ebffe014fd61f97e743c7993b13654fda72a0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240937, "uuid": "16ee2215-f520-42ed-ae47-85288c01579f", "comment": "Malware payload (AgentTesla)", "value": "e1634a377a73ed07b6768749b8f1a2beac9306c84e79fa9989aa4389aae8f2c32e787bbea515b6568035b619083a7095", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240937, "uuid": "63197c7e-88f1-45af-a3f3-8a15847572f3", "value": "T11CF412249697862BD00B0F7054A0E7B552BC9EC9BB22D6EF0CCB7DD37E667C90534226", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240937, "uuid": "a28c6a16-9e88-40fa-b521-67d2dc0c7957", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240937, "uuid": "af592d8e-3182-4ad3-86b3-8aecc5fb180e", "value": "12288:0b903YT7uPM7q6bpw4dcZda/igJI/DR74uy9irSCJesJKpBI+KEaJWlAfLgy7cyI:0b903YNzu4CZdO+LRU7Y9J9JKHPKPAAK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240937, "uuid": "b405cc7c-43bc-421b-bfb1-bead67e9be87", "value": 744448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240937, "uuid": "68292c91-b5d5-435d-a5a6-8277c828eba3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240937, "uuid": "64d63adb-560c-4bcf-b539-4a2ae5c9236b", "value": "Purchase Order #71866.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e50f1265-0f5e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687261073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261073, "uuid": "0ec1ff4f-85ee-45ed-a4ab-ed5b548ceb2e", "comment": "Malware payload (AgentTesla)", "value": "093c1bde4035456fb470cee1954922bf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261073, "uuid": "e264c536-86d5-4f47-b09e-d82ba8ae2aac", "comment": "Malware payload (AgentTesla)", "value": "6e6f55f9a23fef574c6fd1f3b71cd6916d127eacd789303702d9766446350c15", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261073, "uuid": "cd669cf1-2e28-45fd-902f-a1d74ee21282", "comment": "Malware payload (AgentTesla)", "value": "30a699605a2b3c1319c3f0d5c3bcda1964b01c74", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261073, "uuid": "eff2f524-ba47-46a5-8fcb-b7692204ce1d", "comment": "Malware payload (AgentTesla)", "value": "0a901c830e8bd0191764c116362d1973c9c983054ce015c9d7a57506929c037e29730db3c54a0c789ac967b2e88e1b0f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687261073, "uuid": "5e40fcef-60e0-49bf-9b81-5cd01c4e1977", "value": "T1C9E423DB243FCB7157822F569B34EA34E72C2C6E22ECD89E4811F36763868E4564464F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687261073, "uuid": "a463e31e-1f41-4f5c-88e9-48ff1eb6c7dd", "value": "12288:JYTu8FEP0WK2eSlYanhQpSIyVVapDy3pWY3nPedTeLAUBgoAKraxIPrFhUs24:JD8kK2VlYanhESIWVah4WC+T3UBgoN9r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687261073, "uuid": "06ccc662-e3c0-4b96-ae80-129460478533", "value": 706139, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687261073, "uuid": "8c0ed757-638b-44ed-893b-8256916c4a97", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687261073, "uuid": "c9018f6f-1a14-4b01-a8a9-e7bb6a5d98f1", "value": "CTM REQUEST BIRTHSHIP..zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98f3e442-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687242477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242477, "uuid": "f07de21e-01f0-4ed6-8bc8-3db9406bd2be", "comment": "Malware payload (Formbook)", "value": "8cdaa8773fd3e08dd15b596180872091", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242477, "uuid": "5a7c6cce-c183-4b27-acb1-3f4f7aae8d18", "comment": "Malware payload (Formbook)", "value": "6f1acd309fb5ffdbfe2e1ca42dd060ed57e2107767f945f47cbbd71a5a189062", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242477, "uuid": "7983251f-2d03-45b7-8675-6ba8fd7c0528", "comment": "Malware payload (Formbook)", "value": "de41f2119677b21f5b118515ed32fd4d24c98304", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242477, "uuid": "1c322fc6-eebd-45df-bdc4-cfa21881fd0f", "comment": "Malware payload (Formbook)", "value": "f63712bec50050eddc8a5466b75a7a996c3c5c42377e6cd14a142114e559ec2699fc4bac39d211be0354394f0f8ed31b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242477, "uuid": "5edba907-0bd5-42aa-ab17-78678da674ce", "value": "T16AF412285A96452BC12B0B799860E770523CAECE7622E7EF0CCB7CC77E56BCD053511A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242477, "uuid": "5fef3971-1319-471e-9d1f-e32d90f42241", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242477, "uuid": "a5d79602-c0cf-49e2-aab8-a4daa1fcf2fa", "value": "12288:Ab903Y6auPM7q6bpw4dcZda/igJ4aaZvZ/xMmAMYm8jgO/x4p+r0t+Qy:Ab903Yrzu4CZdOexD/+mAU8jB/wuA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242477, "uuid": "5cb08c02-0ca2-4650-82c8-ead0bb220e58", "value": 774656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242477, "uuid": "7e488c6e-9bba-4080-a421-20dd551eca18", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242477, "uuid": "7aaa47de-626b-403c-b739-20081478b484", "value": "quotation request.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "932e4e4b-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241179, "uuid": "41080519-174a-4ec6-9ec2-c8db0cb35a5f", "comment": "Malware payload (RedLineStealer)", "value": "875c664f5e9498fa56754ea31932f698", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241179, "uuid": "6d71621d-623c-4f94-beb4-8c29d242df44", "comment": "Malware payload (RedLineStealer)", "value": "6f93de9da5c5a04fee964e0b5802108a15a743e507bb98218a383e2eee7a0df0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241179, "uuid": "e23bfecf-787a-4ad5-b58f-5ed108e80aca", "comment": "Malware payload (RedLineStealer)", "value": "92f1c04e46ed1f1784cf7f9e5ecd49158b9f1302", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241179, "uuid": "4fa9bf88-581a-410b-ac8d-c91fe62ecf09", "comment": "Malware payload (RedLineStealer)", "value": "5560cf8c2dd110efd5fe3a978649a8454194efc95bf9a45197d550cfdbbaac34eb13088f2c77b4c437777439575ec6be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241179, "uuid": "f4f58f14-30f0-48b4-b190-491e8cb3b4a4", "value": "T11CF41292B4C4B134CD610930AC6AB893AD6DF4A58E70CCBF3F68370E4AB65D17DA451E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241179, "uuid": "744ccb1a-bb79-4257-985d-60c6ca070891", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241179, "uuid": "4620b027-8034-4bf6-8014-6a13aecb37f1", "value": "12288:SvVU1Rcv7fWlu+T/VRcA/HJfAGu2kPpObRtgej0bGHlC93hyKl:SQRY7fIuaRcAPOGu2k8RtP0aFa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241179, "uuid": "20660013-fbb7-4648-a87a-38f60e62b0bf", "value": 760320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241179, "uuid": "cc29d079-a802-44ca-b128-1915768074d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241179, "uuid": "ccbe7521-3277-4991-b3f0-454032131a9e", "value": "875c664f5e9498fa56754ea31932f698.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a8f73f6-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687268572, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268572, "uuid": "1346345c-d391-4f8c-83ee-bcb3ff34ebe1", "comment": "Malware payload (RemcosRAT)", "value": "0ee88e93436414a28ce5bea8e1fa102c", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268572, "uuid": "fc661511-2fbe-49d3-b868-42cb6ff00846", "comment": "Malware payload (RemcosRAT)", "value": "704526d7d5e523aaeb969eda4b2aaab28149ff7ae131fddecea7b8573416440a", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268572, "uuid": "2ed8894a-8abd-4996-9040-013d96095e17", "comment": "Malware payload (RemcosRAT)", "value": "8d3a6d903da05a6dd39ed2cd38f45384525475b8", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268572, "uuid": "e30f9df8-8808-49e7-ac78-c7e1bf84844a", "comment": "Malware payload (RemcosRAT)", "value": "f4f9c279d9c8eac95439ac378969e32603df759e642449ba716bd66688963cbdd051f61dd8274504c4efcdc9cbe5cc65", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268572, "uuid": "597fa949-c169-457f-b353-172ae7401279", "value": "T122253315B8C967326F7A2935FB652D084ABBB103A8FB5E246011A5D243DC7DBC663C8C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268572, "uuid": "c8e6a249-6dce-4360-9a4a-b82674437e41", "value": "24576:QYTKY5yGOgqIabG/d9dwAn/T/oDM94kpoY6QiuOe:zKd9bG/dHrA7kpocse", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268572, "uuid": "b8b6337a-e9fe-479d-acb4-a3cfa095e542", "value": 1026395, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268572, "uuid": "7d58d2c4-3dd8-4ff6-a361-09ea458f76e9", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268572, "uuid": "eb4315ed-061d-4ed7-a4f5-31a26263e923", "value": "Original Shipments Documents - AWB 5938370362.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a42426c8-0f55-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687257099, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257099, "uuid": "ec703cb2-82b6-4ccf-928f-81141f07a1c3", "comment": "Malware payload (RedLineStealer)", "value": "343b56f993c28df0ec6cd51943c94054", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257099, "uuid": "b03ff5f5-7261-4fcd-80fe-2c4f04b22f58", "comment": "Malware payload (RedLineStealer)", "value": "70652796714158eea5b4e6ad7da1090d799957aaeb0adbf6d9a9eccb6a3e1b40", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257099, "uuid": "883e56e4-de3b-4ff6-8c30-63424e6651a1", "comment": "Malware payload (RedLineStealer)", "value": "71190eb6bea28db79408d6372832573b5feb1a0d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257099, "uuid": "6dd353ea-ed98-4711-ae34-8fbdda9681f5", "comment": "Malware payload (RedLineStealer)", "value": "d1221b74b88237a7c44910a5c7318805a467e86bf5e84f52010a14557dd81ea77c23741fe3c838fddb8eaf33aec18b6e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257099, "uuid": "1a56b577-febb-46fd-bb1f-610163a12d10", "value": "T1FA84088382E13D94F9378B72AF1FC6E8764DF2508F497B6921199E2F05B11B2C5A3B50", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257099, "uuid": "6e531502-96d4-40d4-8488-69e9961b0582", "value": "17e5230c5cf4f4448b3cb8e448bbcc70", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257099, "uuid": "cce52f6e-5b64-476c-8d10-b40120b43bf0", "value": "6144:RfnVfrI3ko0Rbq4nyomAX98Mb0z6Wtiu:RhEq98Mbiiu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687257099, "uuid": "537729a8-10cd-4a08-b5eb-81ffb160c6da", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687257099, "uuid": "257f0f8d-dc9b-4355-81e4-91ad9e7fc0d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257099, "uuid": "1b24696a-1a1e-47af-927a-8c139d2005f2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97b15df6-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1687241187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241187, "uuid": "e1954c65-a579-4601-9f68-63af3798205c", "comment": "Malware payload (ArkeiStealer)", "value": "da2f8bfd0ad22e435ecb1b19b214eb2c", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241187, "uuid": "1cceb882-9e0f-483a-9fd7-aad1f9a5caab", "comment": "Malware payload (ArkeiStealer)", "value": "70e6345ef02646224dac47249effdb26dcdfae3766c4a3c7d47892a4527da34e", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241187, "uuid": "149a86b5-072f-4548-b4cd-637ca6edaffa", "comment": "Malware payload (ArkeiStealer)", "value": "87b16ae7e77ed56e2280adb3adb384b87ed85e46", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241187, "uuid": "28fd10a6-19cd-4aa8-9c40-8d0a74b8566b", "comment": "Malware payload (ArkeiStealer)", "value": "40d007772116fa30e51b591b778e99816fe96f58770baeabc106f6ae971e65c82083fe18b5ece53f9e57ebb671cd17f3", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241187, "uuid": "e6f116a1-6ba6-43bd-b380-b6134ac2180a", "value": "T13974D02272917D30D62E4B73CE2ECAE4B79DB5504F1977AA523A5B1F0BB11A2C5B3304", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241187, "uuid": "d4078d2c-8c79-4822-8392-aaf6be10da7e", "value": "9b2989d99e2629f49acf09b8f648e077", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241187, "uuid": "b28a34f2-7e22-4866-9ffa-ffc463be8b5a", "value": "6144:qxXdLO6mboycuXTI5esBUvjNeYEV4XrhY3IN0GfWj:gtS6SoG2eTeYmYy3IT+j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241187, "uuid": "6bf5eb9a-1946-4db6-bba1-38c31fd533f2", "value": 337920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241187, "uuid": "dc8731ce-d1d7-43c1-b929-52138b92ff38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241187, "uuid": "e4527b92-f3a6-4160-8bb9-dc302ba05c8c", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d96a93d6-0f61-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687262342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687262342, "uuid": "3d059921-caae-4c95-be27-b0705f8365c1", "comment": "Malware payload (AgentTesla)", "value": "cbbb869dfa025e0970f6d458647bdd72", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687262342, "uuid": "3e078078-f716-498d-8360-6a6752839383", "comment": "Malware payload (AgentTesla)", "value": "718d24b42da5d2be230b84229304a0d324ea3f3762de95b635b7b9e43ba8583c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687262342, "uuid": "65f82472-5ca2-4816-b0ea-256d0286276a", "comment": "Malware payload (AgentTesla)", "value": "83280d0bd68fdf1d02ebef1243f3bc47e8354a72", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687262342, "uuid": "9b2841ca-ee06-4043-8c5c-e5133ef31fa2", "comment": "Malware payload (AgentTesla)", "value": "2347293b4b256c4a8420b690a0eeaf176bc3653c0c4427e637cef83b460fd5b289e5fe51781022c01b240ab63f663cc3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687262342, "uuid": "7e178bc9-1e04-417a-a0bb-99a36afd3afc", "value": "T1A2E4233E54DDFA5B8389A170086DBD9753312C807E167DB87B29AF1A722EDC9640138F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687262342, "uuid": "5f745940-b0c0-4cc3-97ca-92e2712d8f27", "value": "12288:vjcijdKKjVN/6rD/xhKyiJ5IzlYNtyeEJpivmW4HZGaRdu6Bm70Qoixs:3PJcD/xhKrw8MlniuW45vE70Qps", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687262342, "uuid": "bde83aaf-3c61-436b-8057-904ed4a3a207", "value": 706658, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687262342, "uuid": "649ebb58-d0a2-4c73-954c-c3179b320d56", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687262342, "uuid": "3d295164-2f1a-4960-82fb-249884f3e2f4", "value": "PO 810884,810904.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90c03646-0f74-11ee-b3cf-42010a9c0076", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1687270381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270381, "uuid": "7f7435c9-9d95-4509-a8a5-2c7de3e6e3c1", "comment": "Malware payload (YellowCockatoo)", "value": "73bca9ce3634e2fcbe9e1a845ac0a3e7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270381, "uuid": "409baa74-521c-462d-922b-47e087d9748b", "comment": "Malware payload (YellowCockatoo)", "value": "71e5b8e39db7c753a7ad7218b7ab68e985f59521bfa855cb44e4dcde2bf919ef", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270381, "uuid": "e4685d8c-d878-491e-81aa-6531edde7305", "comment": "Malware payload (YellowCockatoo)", "value": "7e7c05af5c68e41cd2c5bbf26aa5ac5b7286cbd0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270381, "uuid": "0fde98c9-3ed2-4d3c-90b8-0fa736c425fd", "comment": "Malware payload (YellowCockatoo)", "value": "ced5b92539f2631b3636bf0935a21b9bf0b580ee0c53f733e2c2d425e366aed7479744e0dbc54be357f3189ebb309b65", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270381, "uuid": "134b87cd-f6b9-4b5e-bfe8-2e85adbfc888", "value": "T198E402142BA0CD509B2C5EE868DB93179B2796AFD6CFDF3706A380758B5A92307510CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270381, "uuid": "fc225b3f-fc51-4a92-9f76-38f356664021", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270381, "uuid": "2d8d9711-1f10-4ba7-abce-5e8fd4e11b17", "value": "12288:hY6VlbBENnK2q4Ic5X9zgbac4/MjlAD2:hYsUdKTg7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687270381, "uuid": "6f89ae49-5cd8-4fae-a986-e72fd68696d4", "value": 694272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687270381, "uuid": "edcafcb0-78e8-4a3f-8f9b-088ed4ea8643", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270381, "uuid": "757160e7-8c7a-46a1-b7c8-11688b2f8eb6", "value": "7e7c05af5c68e41cd2c5bbf26aa5ac5b7286cbd0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22be0113-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687268478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268478, "uuid": "a9b98624-cd71-40ac-9e63-bd560c0e2f66", "comment": "Malware payload (AgentTesla)", "value": "362b19963d60e9594bf6fa7a96ec8566", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268478, "uuid": "a521da5f-44e9-4021-afa4-db329092585a", "comment": "Malware payload (AgentTesla)", "value": "723d1d6be0a985275ff93c97bb9531b1288ad0bbd948b910e7f40c7447200850", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268478, "uuid": "890cce87-76b4-486d-9971-74da270e7730", "comment": "Malware payload (AgentTesla)", "value": "b055b9b0e8bb494eb5374499430cc27403453610", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268478, "uuid": "17237996-2f4e-4ca4-b853-8b1ee62b11fb", "comment": "Malware payload (AgentTesla)", "value": "24e172ea00ce9855d8b703254b6382e48f8546da77da854fe407454c1686db32896ca8c8246f3b2d2933b2186197676e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268478, "uuid": "971f484b-3f06-40fe-b539-ff028b23864a", "value": "T1BE85020DE1059779F75A07B56A42B499801C7CB67FCA848337C5731F2E33BAA58E26C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268478, "uuid": "7ac6fe5f-d75c-4619-9b2e-ba636666dc01", "value": "49152:tQmmQ30SCVUIF2NO5QmmQ30sCVUIF2NOWD+aZoi7I:tpmQkStIAOpmQkstIAvq8oi7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268478, "uuid": "4e3d89b1-f9f0-4a8a-a908-72b0549c54eb", "value": 1801216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268478, "uuid": "ad694b9d-cb2c-4e18-a6bb-6a0956a82d9f", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268478, "uuid": "5c621b72-521b-45c2-9b41-5a4743f55f0b", "value": "Signed PO.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "124cf40c-0f65-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687263726, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263726, "uuid": "b035540c-ee69-491a-bc67-838d2b375749", "comment": "Malware payload (AgentTesla)", "value": "d63fe952e90788072c6166a39bde21b5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263726, "uuid": "842e23ff-a4ac-4695-a569-85551b679279", "comment": "Malware payload (AgentTesla)", "value": "72415d85437a9ce23c1b6e7379c4d68673f0fd4a4612877bb625db9b5dfd6785", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263726, "uuid": "363516f5-e476-4d13-b6df-e3b82996ca1f", "comment": "Malware payload (AgentTesla)", "value": "903979ba9591049611d13bb95846ca8b006021f0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263726, "uuid": "ded8a03f-5c0d-49a3-92ea-acf03acf23ba", "comment": "Malware payload (AgentTesla)", "value": "9114b580c33128e1cde45a4fa267342342b4ff17b6dabdd668a783d23a1ec9e82ae42b2f3aec4e3e04a57cc81239cd2b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263726, "uuid": "ffb88f89-a74d-4739-b50e-c4985c5ac28f", "value": "T11964127075F4D933EC614EB15C3A2B324E62922611B6972F5BA8191CBE261C1FE0FB13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263726, "uuid": "b267dfd8-e663-4830-8ff8-2e8d15e7f8db", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263726, "uuid": "f085cb3c-7f58-4255-9ec1-21de2d5edf70", "value": "6144:PYa683IqU8s1pvGk2tM8rkze6447u8P1ggkGpW/7pg0Go7QY7Lh:PYC3IL1gk2tVGf4+ggkBtR7h3h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687263726, "uuid": "70930885-1cba-41df-8ef2-4f6eebd0d2f2", "value": 309949, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687263726, "uuid": "3b7d37f6-f5ef-4540-be9f-b7afcfce990a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263726, "uuid": "fffd02d0-4bae-4b2e-82e4-52eb6510cc9b", "value": "rProductSample.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7a053c6-0f39-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687245106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245106, "uuid": "8813de6c-7a01-4fe9-befc-96a66524c110", "comment": "Malware payload (Formbook)", "value": "af391ee598dcad6563b79a84a3976215", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245106, "uuid": "163f5a7c-5eb3-4f9e-8243-3b226ee89939", "comment": "Malware payload (Formbook)", "value": "734b40e27ccf789d7d026f77bc37042e0c14ea994a3b48636253a2ce3c484db6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245106, "uuid": "4d8a5496-df20-4ddf-b5fc-af3caa87845f", "comment": "Malware payload (Formbook)", "value": "bcd55dcc98897004171101a34555a5a52102549a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245106, "uuid": "d4967ac9-e4df-4cd0-9000-d39fa3b366fc", "comment": "Malware payload (Formbook)", "value": "887a8985fea972c2305e0a13d9cbbe07338b60d3966eb7c23144882513d4b6eba311872e2b7aebf67f0ce15d8496d696", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245106, "uuid": "fd129581-7cfc-4753-8cf9-fbcaad59a433", "value": "T10744126075E1C1ABD85383B1AB7E16634FF2A42318A6B74B1B708E5D3D37681B61F306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245106, "uuid": "379a3b9c-7202-45bd-a27f-1e468d8f5a1a", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245106, "uuid": "48875506-7f61-464b-bb8b-d52d27771192", "value": "6144:vYa6YQFSXM2GDkA5w6f/FQapX1etE/DvIrcGlXT:vY+aSnwDzl6micOT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245106, "uuid": "c3636eb3-9ad1-41ae-a32a-ca1ccd76afab", "value": 272260, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245106, "uuid": "bf68469c-bbc5-423b-ae90-f480fd27e8c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245106, "uuid": "f027273e-41d6-45f7-82fa-49a5d6c6f037", "value": "af391ee598dcad6563b79a84a3976215", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a2aefda-0f39-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687244842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244842, "uuid": "da0763a8-6de3-448b-87b6-14cdc248a37b", "comment": "Malware payload", "value": "c2b366628b0281045c6de1c017e5b38c", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244842, "uuid": "9643a5eb-cead-414e-8ee6-f8ac2a19d789", "comment": "Malware payload", "value": "748198d7d1847c3fb691a03d6d60f179e42767e60f6a14fd0e901b4cd33ddb40", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244842, "uuid": "e9a3371f-8408-460c-a8d5-846f9cbc7780", "comment": "Malware payload", "value": "894d0e7b503dca90723fc664c206a3349de669d1", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244842, "uuid": "6561f151-bf41-4242-a031-255e3287fa1f", "comment": "Malware payload", "value": "2e1972c6b37a97a341a17a9dcebc588452cd39dfd627c76490a5a5bde2fae316897048294f8585affaa6a57ca0f1fb9a", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244842, "uuid": "dc862a98-be40-45ca-a547-c10be3022684", "value": "T1A6D15C69A31A14BECB577B39B8650DC690C95953600CB11B7860C35AA1DBEC42B3F43B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244842, "uuid": "5cfd0841-2024-4bc2-908e-db3b65a4da4e", "value": "192:d0n+yqmqFjqhd/a8nOA1GKCu+P2PH893qMF2b1QZ+:Cc3FjBYEwc1qMgbI+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687244842, "uuid": "6d1a2027-f23e-4b01-8b7f-80f5e9ce3d52", "value": 6207, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687244842, "uuid": "7f3271ef-2444-4ddb-a1ac-0f12368e1611", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244842, "uuid": "bc04414d-d9b0-400c-9c71-bdc863d9881c", "value": "Braemar MTM Report.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb6861ce-0f42-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1687249058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249058, "uuid": "806c4065-1663-4871-83e0-1a2c9f1f7391", "comment": "Malware payload (Smoke Loader)", "value": "42ea843d217d335bd0218260ac2cd822", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249058, "uuid": "5e168770-bab4-4c69-9ca5-e4e0f1779ae4", "comment": "Malware payload (Smoke Loader)", "value": "74e3fd1dee0f1936aa3c7e40aff95f7d9784a22451e7ce0541afca5f6a21d1fc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249058, "uuid": "e6de72e1-6afb-45c8-8af2-f3128d89b7c4", "comment": "Malware payload (Smoke Loader)", "value": "5f3002345b72f97d129e66f449af87d801a5e988", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249058, "uuid": "80b3c884-abea-4ac5-b4dc-96358580d0d4", "comment": "Malware payload (Smoke Loader)", "value": "2dfaa1160ba2212cc8a999404c9a5031e8c8f48036654724ea563ecfa48f311bad855e860a7970d8c71c56d2f5eaf725", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249058, "uuid": "dee88b20-81f0-4ca0-b8ef-207e20723f0b", "value": "T1A454A68382E13D94F9279B73AF1FD6E87A4DF2508F4A7BA511189A2F04B11B6C1B3750", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249058, "uuid": "349b3bd1-5b10-4ffb-bbef-e55a65caeec5", "value": "b1a5bdbc77a4868d9509a53571fbe8fe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249058, "uuid": "419d6640-f87e-4bef-b10c-5cafaea828fa", "value": "3072:9BozTpN8Rbwnk1plFR/MvqxaQiQp98KQbxM0rTYfmRLiLgy4t:9+3n8GQpvR/M6igBQbxFrTYUq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249058, "uuid": "be047875-8eac-4c43-8611-ccabff76c2f9", "value": 306176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249058, "uuid": "36f74764-fd0c-4137-86ee-57e01f30c012", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249058, "uuid": "c526aa9a-f57e-4645-877f-2f023f438121", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80a73736-0f37-11ee-b3cf-42010a9c0076", "comment": "Malware payload (a310Logger)", "timestamp": 1687244155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244155, "uuid": "17921c08-ba02-4495-8829-6db773b0deb5", "comment": "Malware payload (a310Logger)", "value": "9c424d6e7622f1952c1220046d81a02c", "object_relation": "md5", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244155, "uuid": "3131d8bf-4b87-4394-9a7c-e5c188f55590", "comment": "Malware payload (a310Logger)", "value": "756555660b6d49c5090db8367c86edad286d30512e8fb5d4b65dec2c75dd006d", "object_relation": "sha256", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244155, "uuid": "dcacc4ef-16bd-4bf1-b202-dc20bed29014", "comment": "Malware payload (a310Logger)", "value": "843ba4e1c7cdecd2d908a894c9531f49f4a59113", "object_relation": "sha1", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244155, "uuid": "638d150c-f64d-44d5-9785-3de2647d2099", "comment": "Malware payload (a310Logger)", "value": "ad35c10ec682c3c310fba34c8be0dae87ec0fece6856c0aa84ab977f10da1059d29ecd91f9c4066831e667acb3fe36ae", "object_relation": "sha3-384", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244155, "uuid": "d493b81f-0226-4c74-8d61-be80376f18c6", "value": "T1559523117781C4B6C537413A98D5CAA89EB02433572653CB778E4BB39F813E3A76A2DC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244155, "uuid": "b04c80db-d20a-4a06-851b-2c761583f4ce", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244155, "uuid": "dafc4ad7-9010-4fa1-aba3-50b78f27ec4b", "value": "49152:xkQTAHb52zYLef/LU2qGsY/FVbSfVWdEzHH1dEpBMcgOx7hD:xaHbcKI/Ls0VbSKwH1dEnM0hD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687244155, "uuid": "e346d3de-decf-4a71-b8e6-b12e79bd9db8", "value": 1927744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687244155, "uuid": "3f6dc2b7-f944-421b-b559-f342aacf4614", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244155, "uuid": "af7c3e5e-417b-4a56-ab2a-92c7a6d60246", "value": "Order Inquiry_19062023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c899c9d-0f74-11ee-b3cf-42010a9c0076", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1687270347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270347, "uuid": "8c6847a5-c6cb-4d42-9441-195aecb1ac92", "comment": "Malware payload (YellowCockatoo)", "value": "573fce8188b1da447a1d0ac501477d81", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270347, "uuid": "995be989-1785-4cd0-8f28-b3a9539b0a87", "comment": "Malware payload (YellowCockatoo)", "value": "7595af40dff6df86a32e7aaab7d5021b18dcdaecab3a2b3c9e376eaaf7ae31c6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270347, "uuid": "9461edbe-eb22-4057-acb4-91eb0e4b6e0a", "comment": "Malware payload (YellowCockatoo)", "value": "0b53cd091cef80d8c103f29d7c88cf08c3666476", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270347, "uuid": "ed9eab94-660a-44f7-ac7c-5cdb8aefcf3b", "comment": "Malware payload (YellowCockatoo)", "value": "6641516f7c60f49527f7550cc646cc6a57edc4c9f846a4de5310e9452a626a84d2f1eb7766de58dd876a8eafc23ec830", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270347, "uuid": "bfa51cde-26e1-4813-835f-d46ea9ac91fa", "value": "T138E44410FF63DB55AB3D5AE8B98B3B0B2B1483F7E5EADF1902B38170281A97176141C5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270347, "uuid": "0e625be1-b3dd-4657-a77d-d363dc31daf3", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270347, "uuid": "502ee4ba-1a31-4241-825e-91249a386394", "value": "12288:nMYCt3Y0GBdpsXjFmeRiukTGWQJCEA5GYW6DEs3V791yhK9W6M:Mo9BdpsXp9pkTQlq1j3vWK9W6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687270347, "uuid": "773c3f32-d528-46d4-8be1-e63fd85e0d57", "value": 661504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687270347, "uuid": "f1db7bcd-f352-4f98-bf48-ffa3f8de2ef7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270347, "uuid": "15ea3ff7-3403-40c7-af07-80ae0b7c2004", "value": "0b53cd091cef80d8c103f29d7c88cf08c3666476", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5e04b2e-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687242150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242150, "uuid": "d97eda13-1bcc-4983-9e20-64fc764adad4", "comment": "Malware payload", "value": "c89c6dbd0b751c1b04eaef99e72acbb5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242150, "uuid": "3bdc385f-7a79-4f1e-ba7f-7b1b2217ee3f", "comment": "Malware payload", "value": "759e360b7e36dd9f7365f452324aafd783f2ed9c057cea4bd8d394b4e69b2e66", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242150, "uuid": "439f4c35-541b-4832-aeab-683cc1d706bd", "comment": "Malware payload", "value": "d13df4abb308f6dc5a6e84a23e4c8681797ffda5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242150, "uuid": "2a9b9679-8186-4c21-8394-0624da9eb5b2", "comment": "Malware payload", "value": "7073ec7de139b6dc5e169a5ebbfe82850251b7ff58791017b2700a050dafe6e46179457eaf0a7dba4b82696a0f80557b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242150, "uuid": "40963e0d-0116-413d-b569-93f529e2a1dd", "value": "T10185CF3FF268A13EC46A1B3245B39310997BBA51B81A8C1E47FC384DCF765601E3B656", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242150, "uuid": "a35b98cd-c9a9-482e-bbd4-196391f47085", "value": "e569e6f445d32ba23766ad67d1e3787f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242150, "uuid": "8673e489-f372-40e4-b5a0-7e9060e30422", "value": "24576:s7FUDowAyrTVE3U5F/B1lOR0Kic6QL3E2vVsjECUAQT45deRV9RU:sBuZrEU3q0KIy029s4C1eH9G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242150, "uuid": "5d70a185-3da6-4602-b3af-5791798736b9", "value": 1794787, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242150, "uuid": "f2b2010d-8994-4098-bb7e-226f0d9f5626", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242150, "uuid": "9aefe7ff-7a8d-45e3-b301-e377c47bba00", "value": "c89c6dbd0b751c1b04eaef99e72acbb5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0763ddb-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1687288151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288151, "uuid": "1f30fb38-9941-4b06-8e4f-cdef7a266593", "comment": "Malware payload (AveMariaRAT)", "value": "e7a2ab8911263403853a67fce20941e7", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288151, "uuid": "6fabb924-2b0a-45c8-a9a0-4af376771fb8", "comment": "Malware payload (AveMariaRAT)", "value": "76a1273c6769b73bccd386cb56621464e2ffcac27ea6b49c03456a6a656d4d5a", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288151, "uuid": "cc9c67a5-0535-4a4e-8a53-c9cc3a942af2", "comment": "Malware payload (AveMariaRAT)", "value": "0047da51abe36e7014cc13dd0aa52da340e81c09", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288151, "uuid": "8b4232c6-c154-4979-ac6f-462294d69fd8", "comment": "Malware payload (AveMariaRAT)", "value": "0a160b21911994d6a2cd77d1113cb39fa29c41ef7dd8055a8b2a2ba5f84a3ff01257b3d8ee842f314bca577368cd931f", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288151, "uuid": "c1a24855-4146-459c-8f5b-c4f08dc6a478", "value": "T1EA140253B6E74D50C6898A77D99B520003B2C38E3427E31B3A9E239D6E17BDF1B50B52", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288151, "uuid": "31ccf5a3-8640-4dc7-9d4f-cd19ecb69fdd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288151, "uuid": "1eea99da-ade5-4c35-8bab-a43dfb384473", "value": "3072:AHHydZJR9S8vhP+RBJ0TDxaf7SUptG0A0qMSTI25ulKFJpJX/YCh6Udst3I8LFSK:QUDXdvhP+Z0XUfHptGtjB5uKF7hTKLF6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288151, "uuid": "703e65c9-4242-4a61-84fd-ef31c8026571", "value": 194560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288151, "uuid": "792d1a58-186e-4a7e-964b-213f209784fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288151, "uuid": "df93edfc-1177-4733-af58-84ee0d061d64", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "892cb553-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241162, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241162, "uuid": "f5f034d8-d9e6-4fdd-ac6e-6ad65d944b4f", "comment": "Malware payload (RedLineStealer)", "value": "8c308ce94bbe0d80eeb75e73ccb10fd4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241162, "uuid": "2146f795-8696-4f87-9ce0-9c03f1a8d487", "comment": "Malware payload (RedLineStealer)", "value": "76c3200cede3e533da79e52b9aeff692108fcfd55f4452879581b7d8f0d8ccda", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241162, "uuid": "1a59392d-dfab-4f7b-9bfe-fd71aed3fdc3", "comment": "Malware payload (RedLineStealer)", "value": "dcde7d080e3220fa44fd2144721e37eb1118a5df", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241162, "uuid": "26a6af5a-8a3f-495e-a451-562fd0087219", "comment": "Malware payload (RedLineStealer)", "value": "e131ebfa72580dd75498ce68e3b6ee55794411f8160a88cbd9ce0b588bac91b92dabe09d0f2a901bd41f519127c8f644", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241162, "uuid": "5d0450cd-8459-4dac-a026-ed2a3a3a2e1b", "value": "T1D7F40281B4C4B234E8314631AC6EBA827D7DF4B58F609C9F3F50771E4AA61E0B6B151B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241162, "uuid": "3ab884ef-c97a-4364-a6a5-b0c4d09087d0", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241162, "uuid": "1a18f6be-7a4a-41d8-9d6b-7fd192e96c6e", "value": "12288:vakVRMv7fWlu+T/rztfPBGwD1X0uogGevNbG2kncBir33MVKijoJbHH0RD:5Ro7fIu8tfPb1XscbGtcinMAkoJbHH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241162, "uuid": "04ca9e52-432b-4038-9b4f-f2f6eb5f9b63", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241162, "uuid": "8e765b01-215b-480b-95b5-08780e286002", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241162, "uuid": "8265188c-c3c1-4692-9b4a-69d03beec121", "value": "8c308ce94bbe0d80eeb75e73ccb10fd4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f74884a-0f56-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1687257440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257440, "uuid": "a44acffe-0e43-437f-a431-3a3ed5ee3606", "comment": "Malware payload (Smoke Loader)", "value": "a1b442c424a7d8f59e21c0a198daca50", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257440, "uuid": "68c6010a-4497-4e4a-a485-1c0797872f3e", "comment": "Malware payload (Smoke Loader)", "value": "7731da8e243d5ab2a2f71c828ca623cbadf9f7eff58ac2adafd74c36f186d104", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257440, "uuid": "a12a0dae-85a3-40c5-a4c6-d8517850f2bc", "comment": "Malware payload (Smoke Loader)", "value": "994dcc788c84ce3a104b36fb83eb0819a5c294d2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257440, "uuid": "af6179e6-d8f1-44f6-88e4-573bbdf35e5c", "comment": "Malware payload (Smoke Loader)", "value": "9f8fb0144b388672fa2bb7912df8e5d114c3a824c4c8979e576ed123ce21c8f4f71f9f79de54d3d5281034555856b7ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257440, "uuid": "a1bf68c8-8aae-467f-9a4f-a78273017db0", "value": "T18164B58392E13D94E927CB73AF1FC6E8764DF2508F4A7B6912189A1F04B2176D1B3B50", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257440, "uuid": "35428941-a187-430b-aee1-f739fe54fc02", "value": "17e5230c5cf4f4448b3cb8e448bbcc70", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257440, "uuid": "4679b9ed-7a30-4961-ae15-a9e9b6302c47", "value": "3072:LE6zl+O/VYZO0DvoGm9ix8cAPvj51tAE4QqCDREF6ot:Q6p5/SUli6l1tAVF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687257440, "uuid": "fbaa6861-f546-43f8-afac-f2e9cade6345", "value": 317440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687257440, "uuid": "e88aa342-df11-4876-adea-0ab24323a8f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257440, "uuid": "f20c8d1d-9955-48e9-b33a-b0c16559ab6e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8112c4a-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1687241268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241268, "uuid": "0cc63296-0d8f-4b87-84a1-24fa2ad33ed4", "comment": "Malware payload (ArkeiStealer)", "value": "1bd22948a307a33b78d4890d8206f0d6", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241268, "uuid": "2b06cd4c-c232-4148-b1b7-c3a026c6dba6", "comment": "Malware payload (ArkeiStealer)", "value": "776f9f37f48c8d6a05ac08ec3dcafe6b92ee19078dd2991eb13d9223885c522f", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241268, "uuid": "aa09f7bf-fc61-4a6d-be05-ae7ce525f0ee", "comment": "Malware payload (ArkeiStealer)", "value": "70ad7248b248569db8537c8466522f332b6dd8ac", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241268, "uuid": "8217694f-9c27-41b2-ba66-e71ac00afec0", "comment": "Malware payload (ArkeiStealer)", "value": "33185517502606752e567d99444d165bc289250480ac01d03efbb12e9c40448d41b215dd814987bbd877f60e750947b9", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241268, "uuid": "99b4ad1c-4a0d-4fd6-9786-aab433c0e2e1", "value": "T14974DF2362D0BC71C52E9B72CE2EC6E87B9DF9508F19679B22385B5F04B12A1C5B3711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241268, "uuid": "c152731c-b0d5-4d5f-b17f-459d8bc46f16", "value": "c1947b9846baf229e0c776cadd6d408b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241268, "uuid": "22059527-86c7-4dd8-a90f-6fe96b8b98d6", "value": "6144:iz+BOluYgThZKRQy+iRFGXljFeR48TXXnFJaW6ZhFxbuW2:iCQlpOy+iRQljFP8TXzaR/bR2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241268, "uuid": "7fbd3fd0-d321-4729-bf21-a3b2d5551691", "value": 348160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241268, "uuid": "da27bc6e-415e-4158-b41a-34325f9003d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241268, "uuid": "6119b26c-8514-434b-93d4-7fdd82912017", "value": "1bd22948a307a33b78d4890d8206f0d6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05b835bd-0f43-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687249102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249102, "uuid": "16b6f748-8ff1-429f-a74c-4c67861b5756", "comment": "Malware payload (RemcosRAT)", "value": "e0ed0c9ca4b1c665c4e3bf59264437a7", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249102, "uuid": "d2344c93-9f1c-4f78-8a87-927660069771", "comment": "Malware payload (RemcosRAT)", "value": "7795f522a55ae41cb43c380f7bb4150a2170b9fca1e8b98070ee32934f32fb1a", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249102, "uuid": "3ede7c92-1c80-4cb9-be6a-5cce02245353", "comment": "Malware payload (RemcosRAT)", "value": "98fa5eca5a16266471c1b5056d03846f3c9c6f50", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249102, "uuid": "0fb20bda-851a-4845-a66e-5cd6bd2c6519", "comment": "Malware payload (RemcosRAT)", "value": "b23eae4d7204754f3fc9a716d5465daf8781da2e4defda4b495a0070e64b6b371aac9c383f882d4496c3e641bf6106a3", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249102, "uuid": "86133422-bfe6-4d0a-b755-3663f533d248", "value": "T1D8E44E197E9F40FCE13ABD5A5BECAA9C0F5FB305453EA1092148454B4B87DC28E91FA3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249102, "uuid": "f66106ed-3fb9-41eb-a826-137a7dd75dd6", "value": "1536:FQvgYcpa5U+ogsUJW4Wrle/PhG+/kery+bGMvbEQEkqkM5Lyi9LYHIdtUogy6Gi0:QgYcpl+og0S7TbEQEkqkMWsgw9ZqeH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249102, "uuid": "df36e8a0-0dc2-4cb8-999a-9477044ed746", "value": 684740, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249102, "uuid": "90892689-3b29-407b-9db3-39f1abac8759", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249102, "uuid": "362a6b43-62c1-4917-941c-4608972d65d4", "value": "lukas.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4a3613b-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1687242175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242175, "uuid": "b370cecd-cc28-4a73-9115-8527089d3192", "comment": "Malware payload (Fabookie)", "value": "4e6c59fefd45631f651196c1af5ab219", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242175, "uuid": "4bf6e863-cf09-4844-9ebe-e7343b02a77b", "comment": "Malware payload (Fabookie)", "value": "77d4b9f29fed9e1b5bddcd894e5f99d0dd6f22083374a4e598bec6dc05080ae8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242175, "uuid": "77faccfa-60d5-48c3-9625-f334f69f7662", "comment": "Malware payload (Fabookie)", "value": "455deec24b09f09bd62a75518a61664f1bd41855", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242175, "uuid": "a6f1d657-3298-47c7-aed6-af0aa438d4b2", "comment": "Malware payload (Fabookie)", "value": "f135de380c061c97353ae659c21e04528ec9034677209445726c167ffc077bff3aa327ae5512f9c9bd38a645c00ccd71", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242175, "uuid": "42962ac8-5c0e-43af-8d6c-1e19d41d6778", "value": "T1CAD4DF81B39095D9C4B88430C693CE71CA317C64DB28569BB6D4BB6F2F32AF1653731A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242175, "uuid": "847de22a-35b6-49ee-88e1-8041abe40b97", "value": "4673ad56625d375f2efee239af061364", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242175, "uuid": "5f685412-2a04-4d3c-80a0-ee64c8e82e48", "value": "12288:G72i43pjvLx8Xr3lRkRc4YFwjsWOfRg6gtPbcTTn7qxerx7:q83pr9Wr3/kRc4l6g6gtPbcHn7q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242175, "uuid": "bc5e9968-7398-476b-8c53-b74d44507801", "value": 606208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242175, "uuid": "44de1469-45f2-432a-8372-25790300d0f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242175, "uuid": "dd0e001e-27d4-4d10-b214-5216e59d7025", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94b5c068-0f7d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stealc)", "timestamp": 1687274253, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687274253, "uuid": "90d45c6c-8d8f-4f59-bc60-8f8db5c34543", "comment": "Malware payload (Stealc)", "value": "ef89748d18d90517a5126a2c7ec18c50", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687274253, "uuid": "f1f212b6-8897-4980-a8ee-7e0fd7a43e3d", "comment": "Malware payload (Stealc)", "value": "7840cb8d12d3a20f265802531f19e7d58928167a37a58b631fa468d78e417a14", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687274253, "uuid": "98783de9-a45c-4ed8-b251-21856e879711", "comment": "Malware payload (Stealc)", "value": "0f0929e90eae199d90371057e9315fc258962256", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687274253, "uuid": "d8f8544d-ae56-4fc7-b357-cd350d4a08a9", "comment": "Malware payload (Stealc)", "value": "3fac51eb9536458844eb03b8317224d813b9115d3e0f60d91b773dd2b6d53723818844121d0f15363c9557dd983045b1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687274253, "uuid": "6f404371-6432-4a0e-8ade-44f0fabdbeec", "value": "T1DF76F173F0DA1071F8B31A36E8D25422393E088CE44629A935B46BE7F973D494F4B799", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687274253, "uuid": "ea526da7-26f7-429c-86d3-eb221f147162", "value": "6011984d7c1f1b97a34d7517a498bff8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687274253, "uuid": "d6f64000-8a97-4138-b9ef-e48a60e31797", "value": "98304:37Oih36L5F0tjOTBrHJWGs2NyqeoNE/7SRYY2VymGu/m6zHAlA64TRRbCvH:37zkMiTVHJack+YlGlSRRbCvH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687274253, "uuid": "3fdd6734-8462-4e34-86dd-1d78b9428cc8", "value": 7452280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687274253, "uuid": "8ded7440-47de-46ef-9e91-346b41a35828", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687274253, "uuid": "09211f42-a182-4ee8-baff-1657de3b3919", "value": "CCleaner_setup_612.exe_", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0920fbf6-0f60-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687261563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261563, "uuid": "42b17616-d53f-42c5-bedb-b47d077693e6", "comment": "Malware payload (RedLineStealer)", "value": "599a6cb990989181acc955163716c73c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261563, "uuid": "0e91df48-b7c9-4932-b258-70dd49c34535", "comment": "Malware payload (RedLineStealer)", "value": "78f0a8cca7e2675ffb4a83e4682cc3bb63ac95ca1908a771169b726a524750bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261563, "uuid": "812f9314-286d-405f-8715-32b295e03ea0", "comment": "Malware payload (RedLineStealer)", "value": "c87a46aca2cabb7de2c4b8dac3e7843ad899acec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261563, "uuid": "2f800e90-e89d-4178-8f3b-2a0774707a9e", "comment": "Malware payload (RedLineStealer)", "value": "d918c7328a999ec09c262afac251d4f57fbb68a795d8465e5b88972edcc009bf4990efe7706d83318ed894c74d41a416", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687261563, "uuid": "0c0f1c5c-1499-410d-b3bf-259adab9f44a", "value": "T1F0E41201B0C4B128D9725931ACABBA436EACF8A14E619D7F3F64331D87B25E0B5F151E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687261563, "uuid": "559567bf-5786-48a1-b56e-cd532cb6f96e", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687261563, "uuid": "1361658f-f41b-4573-968b-71778ee60ad2", "value": "12288:vZViRBv7fWlu+T/R8jg7P7aF0r6i5DKFv5whn/UnpOwy1IvnndE+Ko:iRN7fIuK8jeP7aFU58v68Xy1IPy0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687261563, "uuid": "95e515e2-194e-4604-a7bf-b99724277826", "value": 718848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687261563, "uuid": "31ced024-4bf1-4490-af55-e8749910cca5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687261563, "uuid": "913d0892-9a42-4059-a40d-2e867bab1624", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87ae37b7-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687241160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241160, "uuid": "f0fac808-6fc6-4e2c-8fcc-e4220195b722", "comment": "Malware payload", "value": "d438b5a42cc5b1f94b16832782f4f55b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241160, "uuid": "7906f329-487e-48cf-b445-69cff48abef6", "comment": "Malware payload", "value": "799172df44fac316eb43979375b5692b6b73c70edc842bd11577b062ca5f83f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241160, "uuid": "70b7994d-03ea-44b1-80f4-b106b7800ed5", "comment": "Malware payload", "value": "448b8ac40aec072a9025b6941dc054d538d6db4d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241160, "uuid": "0c84f374-29b2-4b27-aa62-f9eb52d7e0b2", "comment": "Malware payload", "value": "dfbbf9714b91423804828c41f12f7d4661d649e6ea08703bff15078faf193b9c2876a4aae8ff51900b363984b879bfc9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241160, "uuid": "4b444b54-87f4-4f07-a410-16435c87c6cf", "value": "T117D41256E7D840B3DDA413706DFA02830B307D61AB3597AB128399DE4CB26E0AD7573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241160, "uuid": "b084df3b-39c8-4067-aef2-cd8985ba9a5c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241160, "uuid": "6271c2eb-7ef3-4a7b-8bd7-d98d34f2d7d8", "value": "12288:ldy90WD6rMyIrNUkVl7eHq2/yGKWtzmenV9oKOSzlwK:ldy32MBikVxePuWt/V9oNSzWK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241160, "uuid": "62652507-02d2-4aa1-8393-296909d912c2", "value": 639607, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241160, "uuid": "4ba6a9b7-4722-4500-85da-7cf7389fcc33", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241160, "uuid": "9d38b062-b386-4040-985c-252d30363713", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bff6be05-0f74-11ee-b3cf-42010a9c0076", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1687270460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270460, "uuid": "4b4a41bd-1edf-4342-974c-8e6faced94ca", "comment": "Malware payload (YellowCockatoo)", "value": "e513ae618b8d9abde08a4e178be5e348", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270460, "uuid": "910023f4-148c-4a41-a9a7-dbd527450af1", "comment": "Malware payload (YellowCockatoo)", "value": "7a90464fd4f4a9f98752f53ba2eae214c8cfa0543b0aa4b34cb7680400818a18", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270460, "uuid": "c78a0c34-e034-4352-8b39-574dd307d031", "comment": "Malware payload (YellowCockatoo)", "value": "b55759ababfdace49ab91a8e190d851c07e02d1a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270460, "uuid": "5f719ef9-e7c8-42b0-9232-e183e3b593ea", "comment": "Malware payload (YellowCockatoo)", "value": "9afba9a5f14f60d45925f00a1296b597fc59bded6746a419e32931881255b9886cec632422fb46997260946c7dd866b8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270460, "uuid": "ad7e135e-7d60-49be-99c6-a1fe0725a6c9", "value": "T176F4AC1437AFCC509B6C56E86B9B57079B2496F3D6F2970706A2B477096EB207C8C0CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270460, "uuid": "8ff3b833-3c27-40c1-82f3-84cd79517062", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270460, "uuid": "3e9169c6-52b4-44d3-984c-66dad13930f9", "value": "12288:Z7aXmcyDsMC3P+TBobFUtA2fbUTGzHRww:Z+iBCB+A2gK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687270460, "uuid": "bc854c77-6e0b-48c9-b9b0-3cce2badee69", "value": 750080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687270460, "uuid": "b7fd2433-3d45-4c68-8367-e4287ab0b00a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270460, "uuid": "8c3bbdc1-7112-4e5d-8cba-4ec9a767c728", "value": "b55759ababfdace49ab91a8e190d851c07e02d1a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1de4419a-0f8e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687281355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281355, "uuid": "42880efe-8681-415e-84e3-e0aacc7c45b8", "comment": "Malware payload", "value": "815656eb152af806cff18eec503b82ac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281355, "uuid": "1995e573-4c0a-4670-b2e4-05e82dcae16f", "comment": "Malware payload", "value": "7b6b6698ff3347c2bcaa7535d72543dd708358f1c2d01ae8409d28b94c088dbe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281355, "uuid": "a07e88d0-d678-472e-9aae-4f74be4857ca", "comment": "Malware payload", "value": "bfb3f9c831bd6dc1614f92066049409b4097cf43", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281355, "uuid": "271c85c5-8ecf-4bd8-8876-ff2060145df6", "comment": "Malware payload", "value": "e9fdbe068b4bf6273be7c535b3ad5f71aef236ee8d7af55a27ce42d5c64f16af2e97f489e4818433cfb456552cfdeea4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281355, "uuid": "15e84402-b147-43d9-8706-f04e47ae5ec9", "value": "T1D2863382AD50D1BAC0F5113216E6C936ADBFBE0243024D8F67F83F7F36217A5A13595A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281355, "uuid": "aa81a867-366e-47e5-9093-f4abf9806dcc", "value": "bdaa4f11fa75ae7944b223ba584c1f57", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281355, "uuid": "267d0829-64cf-4775-bd33-2c2b7f400321", "value": "196608:a9eRyCT+aj1Mz+ZUkLugNs2It/n16yQ5KIqQ3iRa8:a4sCT+aXZUKugZG1iMI9r8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687281355, "uuid": "c7c03da5-143c-4abc-b463-b5ba6a303d1f", "value": 8446375, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687281355, "uuid": "bfb4cac6-f042-4862-a3b8-393d851f314c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281355, "uuid": "a0dd2f5b-2602-472b-a1cd-3b539f54f689", "value": "11111.Exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "815547c2-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241149, "uuid": "4f013eb3-5186-42b2-9747-3c170ef731d9", "comment": "Malware payload (RedLineStealer)", "value": "569f5a5e43a899fb01356e5121e6e5fa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241149, "uuid": "c7490eea-e49d-44c2-9529-187cf2775534", "comment": "Malware payload (RedLineStealer)", "value": "7bc7a4ba0ace6c1032e997bcd47aeacb68639ba09be33c148fddda8deced57b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241149, "uuid": "13360ba7-e5ee-4dce-a096-7257eb466f57", "comment": "Malware payload (RedLineStealer)", "value": "259be6e49163c1b59d36ee5151590c231c1cf0e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241149, "uuid": "0cc19ed2-225c-4037-a2d7-b0c6a0ec0c39", "comment": "Malware payload (RedLineStealer)", "value": "a76415f069e08d6e1e9d5d7c771afca846241488494506c4e30b4ece107db7271c0c9abe80a0e233d7d8d0f8ebb28856", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241149, "uuid": "f6d9a2dd-49a1-47c9-bc6c-c81389543527", "value": "T19CF40241F0C8B134E8750931BCAA7992BEADF4A48F20D99F3F84631D5B655E0B4F096E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241149, "uuid": "d1632a66-e52c-4aeb-9973-90ce151f8251", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241149, "uuid": "6167e548-1838-45db-bb4e-a69ac281eee6", "value": "12288:2v2CMRIv7fWlu+T//t3Jyd1bg3W/owWP8o/tB+/pbgKgNvJgbYu1h+NhQV:2uRU7fIuqt3Jyd1l/hWko/C/KKRa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241149, "uuid": "8e678424-9788-41a1-92e0-80f2af6fb518", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241149, "uuid": "10610113-ae36-4439-8a5c-b719c8db5c11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241149, "uuid": "5453abbe-66df-427e-9379-3e85c522100c", "value": "569f5a5e43a899fb01356e5121e6e5fa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d188bb01-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687243431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243431, "uuid": "e21d0924-62dc-4f92-ae6e-6f4aeb729572", "comment": "Malware payload (Formbook)", "value": "0279a95d310a259cbfb19199c4ccc441", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243431, "uuid": "b21cb840-73a3-46e1-a06e-f9a406b4bd45", "comment": "Malware payload (Formbook)", "value": "7c34a775e0bf30bcd2983db83edc98a9d4f0eace683ab77ae3d03173461c76ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243431, "uuid": "8d6cc2ee-133c-46de-958c-6d0c38eb86b6", "comment": "Malware payload (Formbook)", "value": "7c58c84b5c158ec233d31665092e667843cfe477", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243431, "uuid": "58f1382a-d89b-4d1f-a025-1ab3333579f4", "comment": "Malware payload (Formbook)", "value": "49f5be1cde96e799c7b7e0c70921b0bac65d55ee1fdbb31ab69e4064f07cb8565e521bc1bfb97c09e3499b9a6932a465", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243431, "uuid": "ecb1bdd0-523b-41cf-8278-d90872f56e85", "value": "T1CA15E0607A7D1B57E47D93F84041A63117BEAA6A783ED7280ED3F0CB2A62F410A51F17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243431, "uuid": "978836bb-dabd-4096-92db-0a790691aa2e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243431, "uuid": "c48656c1-37ed-4573-8a53-73764a10a0be", "value": "24576:+QYqtm8OqKcirIZ2hJG2a/aVYSiyP+J8P/:j+8OWOgUiyWJC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243431, "uuid": "8d9c8147-c804-4eea-a36f-8c6ec3ef6f37", "value": 924160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243431, "uuid": "5e9f97c5-f24e-4bfc-a6d1-4815331d34a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243431, "uuid": "06170cb3-4a8d-4ee4-a6b4-3e44639a5a0d", "value": "Confirm revised invoice to proceed with payment ASAP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d027d1b-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687242457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242457, "uuid": "803657e6-7fcc-4e51-b9a7-1316faa15089", "comment": "Malware payload (RemcosRAT)", "value": "635878acb781b518ae07dbc89aebbc35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242457, "uuid": "f8868ee0-6694-4af4-80c3-1e2d9fc84837", "comment": "Malware payload (RemcosRAT)", "value": "7c7f0a5db9e0b183d08e1646883500347c5729df0f6f6d1faa0c430c1aa6b36c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242457, "uuid": "33f42f0d-767d-40cc-99d6-bf289fc35d07", "comment": "Malware payload (RemcosRAT)", "value": "d264b4aabcdcfc52840f208537c4d36c3284e899", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242457, "uuid": "e8963a4b-cb93-46f5-b379-5d4409367eb5", "comment": "Malware payload (RemcosRAT)", "value": "e942af9feebafa2a8ee009dccf84f019f195dde2d7a0b9474a3be5435cf20ee570f77ff803449fa0183aecf4129cdef3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242457, "uuid": "cb9974a6-d6cc-409a-8904-caf6396fa3d8", "value": "T132A4CEC0F51080CAC5FD09733D8AB12536F47E58D5F1623B42A636AAB7F32E2291ED19", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242457, "uuid": "63fe6c25-4795-40a3-8c66-787da12c57bf", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242457, "uuid": "39d8ee72-9372-4132-970c-7d35ee315790", "value": "12288:fML+Gt7inp26hPkRtwVGPJp/wGJHjJB5Ahgq5Pb:fytGnUePkqqj/wGEGqlb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242457, "uuid": "cf2d7af4-87e9-4e2f-a146-10fba6d947a2", "value": 475696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242457, "uuid": "ea60b92e-2f1d-4177-8b20-7bacd65e0620", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242457, "uuid": "3eed5da4-e254-4fa1-b107-7feb04b5fb60", "value": "IMG_20230619_150233.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1a55c74-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687240855, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240855, "uuid": "86bf9ff2-b0b5-4177-a108-e672d04f1988", "comment": "Malware payload (RedLineStealer)", "value": "321362d7c842f0a2cd15e68e26e577e9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240855, "uuid": "4c9b4d57-45de-4392-8dd8-9cf3edbb5e1f", "comment": "Malware payload (RedLineStealer)", "value": "7cc0f168af431f24640a7a41b189498660543ddf12841997f0fdcdf5787c91db", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240855, "uuid": "488bfcf8-23c7-4e1e-b511-800f23d5a628", "comment": "Malware payload (RedLineStealer)", "value": "cc031cbe3edc4aff96ffff8c67692a56ee92214e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240855, "uuid": "c18857b1-5d42-411d-91eb-4aa325f3f74a", "comment": "Malware payload (RedLineStealer)", "value": "796a3d18d5a0f136aeca5d8bf19568f4ee31ddb138c9e9e66d3a1debf90b68cfdf64379c31adceec990341809546f36f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240855, "uuid": "1d068c64-65d6-44d1-a954-3c1c99ea0335", "value": "T12CE41251F4C4B235EA321531AC2A75976DACF8948F24DDAF3F84331C4A761E0B9B486E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240855, "uuid": "8f523417-6023-4894-a16b-74857541138b", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240855, "uuid": "63790be2-7758-4102-8469-a5334e9db9ee", "value": "12288:grYkKGRzv7fWlu+T/We8wYBzP1fuMKNxBrcn8aHwU3zg61e2mwIF233he:gr9Rb7fIutTBj1fuTxFcnJQU3kGSy3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240855, "uuid": "f79931d8-3b5b-4f23-b7b1-a4aaa0ce36e1", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240855, "uuid": "1ac97881-6304-4c17-88e8-45d4c0277847", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240855, "uuid": "ae96571f-b5c0-458f-8a0c-23d1c2978304", "value": "321362d7c842f0a2cd15e68e26e577e9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "461c9f13-0f6b-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687266390, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266390, "uuid": "d5d39445-8238-4573-8a84-95be866a1c08", "comment": "Malware payload", "value": "abd5b8d98f40676301f632d3045b7864", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266390, "uuid": "fd6ac696-504c-4791-857a-988957ce0a2f", "comment": "Malware payload", "value": "7cf8c53adb466b11b1c5af6c77cc4ea154f59c04e7085e6308f6cc45e4c02e17", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266390, "uuid": "441581c3-6cc7-4d0e-b9d1-e5d917ad6ef7", "comment": "Malware payload", "value": "0e7d28ce5f14a444dccb48f9b3db20c889560e15", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266390, "uuid": "cd322e8c-6a38-412c-995a-09ea3ebbe531", "comment": "Malware payload", "value": "029c5f948f5066cd15c4cb8dc0ce2cb23ee529b702fa8983b9efab02a6c4b809618a7c848cc3f9ebe0bde43c8aa47813", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266390, "uuid": "d4e5825f-fdb2-421a-9253-b6b00bb55ad3", "value": "T1ECE65B07F89191E5C0AED270CA269262BA303C445F3067D73B24FBB92B76BD85B79354", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266390, "uuid": "37c10ff3-c788-49f8-93c6-d45e2272612b", "value": "57c9b357ae0cb2f414b0a5873e2f216d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266390, "uuid": "3f5e7c0c-612c-4c7f-be09-a22276dd5489", "value": "98304:9XUbcXD7go3FlWZk4U9xEwX/4zHSwiQf8J/zW:9koXXgofz4UchzHj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687266390, "uuid": "7f339ca5-b35d-4315-a655-a65cf9216da3", "value": 14533120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687266390, "uuid": "796be43d-6871-4bc7-b597-08ade391a25c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266390, "uuid": "672b3692-67b8-441d-96f9-b03944bed79c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26a9e632-0f75-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687270632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270632, "uuid": "39f95238-08ec-42f2-a4b1-5a9bfcbbb41c", "comment": "Malware payload", "value": "773eda1938c9fcb08889ec6c2b2c3f5a", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270632, "uuid": "85e30e67-747a-4ccf-a4ef-2b84a18ada5b", "comment": "Malware payload", "value": "7d567c92fbca71d5873076142ccffdd2810d7ade76049dfd191fa09e301e7332", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270632, "uuid": "73477fff-c07c-465e-b04d-e1198f11d7e6", "comment": "Malware payload", "value": "1d13867220426581e30a1bc87c6a681e85f12281", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687270632, "uuid": "425d7a5b-e60d-438b-8dbc-804aaea263d6", "comment": "Malware payload", "value": "9c27d5674f628aba57820a283635e4df10467bc46b96f2be716dd50d2b8587c99e277790cceeef4a31d3a70fbf042498", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270632, "uuid": "c8d9d7a1-da20-4cde-86a7-5350be2c0284", "value": "T1AD14EAC259CF90CEB2829F1517C9BDAF00CBE512551E36F421C29C969376ED8D6A0EF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270632, "uuid": "0370eb7e-af6a-4922-b1ec-2a3bff93e7cd", "value": "1536:RBF8TfIuc1xXON6yh8mHXsTq+4wawq5TPhEvmEL4X4x0Ic9t7SGQHPJkCBb1qJtk:v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687270632, "uuid": "f865553b-fa31-443a-8736-8c69790dc0d5", "value": 202630, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687270632, "uuid": "d956b032-4133-4f9b-b76d-ec25e740f2b5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687270632, "uuid": "93410836-3248-49c3-83f1-fa7be5eec1ff", "value": "main.sh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de31d19c-0f61-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687262350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687262350, "uuid": "71ac057f-2b01-4419-a82c-f094cd4f25a7", "comment": "Malware payload (AgentTesla)", "value": "07b7d1e6d4309400aaf2b34b918cf3c9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687262350, "uuid": "7f615062-2ea7-46e7-b91c-9c33298d1fe8", "comment": "Malware payload (AgentTesla)", "value": "7de1f4d63829919b3a5d9d81b00e7b21702cb3e8e04f96e18802f2ed8e815772", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687262350, "uuid": "fe3a7b83-9cd1-4534-a4b9-23ef51ebf079", "comment": "Malware payload (AgentTesla)", "value": "64560aaa9b09e4aea9e693ac82b18beb16e93d2e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687262350, "uuid": "264c91e1-dfa5-4073-9b7b-214304848547", "comment": "Malware payload (AgentTesla)", "value": "4e55b7b59a3a646f09fb13ba645f97c4b95658af9f253a022d03fb25f8e61ed7d3bd770bfca588d2523ecc10823fa38a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687262350, "uuid": "6d96fb19-b4b5-411f-bd60-893b780283a7", "value": "T18905E0A83650B59FC417CE728864AE70E51468A67307D35394873D9BBE0EACBCF351A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687262350, "uuid": "444b02e1-42b1-4e18-8d8c-bd2cca93fbe3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687262350, "uuid": "db94745a-f63f-4701-ab49-ccd3e620d00b", "value": "24576:oiLzu4CZdOkKuGzKrSa2vMliI74JH5/A:zz6ZY6NSvvM486", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687262350, "uuid": "b78e814b-bb61-4ec9-9fde-6c394b0b7b34", "value": 826880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687262350, "uuid": "ad5d45a7-940a-42b9-a6aa-c5970810b2e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687262350, "uuid": "e85ad3eb-c2af-4bd5-9b37-2c55850e2b30", "value": "PO 810884,810904.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "314ff8a7-0fb7-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687298997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687298997, "uuid": "e50c041d-6f5f-4ace-a711-9e67357217a7", "comment": "Malware payload (RedLineStealer)", "value": "2022e1f2860c1b10a6e6f14208f7cf0c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687298997, "uuid": "9db4b8ae-3d06-4b5c-aba4-7cd21f2b4eca", "comment": "Malware payload (RedLineStealer)", "value": "7e130f8a69140ece70cfbe3c554b9decd09d5dab0c5494601fd190b693e11f9f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687298997, "uuid": "57b76127-ffb6-4975-8c35-2c95618649aa", "comment": "Malware payload (RedLineStealer)", "value": "751504a0d153c7fd55954effd98f52a6e664696f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687298997, "uuid": "0630f917-b57b-422d-a761-7bcc7c90ba17", "comment": "Malware payload (RedLineStealer)", "value": "7c5fbb597ec78c8edf07e9950d67ecacf237febb2828f634f07b05a69bcca6ff4b886c7374c1696a1e58490554a84650", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687298997, "uuid": "05e05ed4-7ed9-4fa0-b0ea-f3e8bea76ac2", "value": "T1DF848D547842E03AE162C032856A996CBEFC6C6467D09EFB6394D6BFDF90CC2E730545", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687298997, "uuid": "7f2441af-29a1-4e9b-8d16-2d9bed937d0d", "value": "9af3e93e35221a2c8c04a3cc05e589b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687298997, "uuid": "08f3ceb4-2440-4daf-9f56-2cc518f3f854", "value": "6144:kvGaPhsExn0lAhLnRIUHT4BUOAOVNxZ6ctUPBC+csUMGfW:6GOuEn2AhLn0VyctUPBC+csUM+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687298997, "uuid": "23c72847-3bcc-4e16-a1c0-905600c16180", "value": 383488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687298997, "uuid": "465cc2d3-830f-4aed-9aac-c4e72e676d8d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687298997, "uuid": "ab4bad5a-1757-4380-96a3-bb36f7158873", "value": "ValorantSupreme.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6b4cc1e-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1687243816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243816, "uuid": "f6aaf3d8-a75f-41f9-ab3f-fcbc43a221cf", "comment": "Malware payload (Fabookie)", "value": "0fa0f03caeed2cff450ab9e2d5c9f1d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243816, "uuid": "2d37e21d-268f-4c70-8128-26425e5bdc9c", "comment": "Malware payload (Fabookie)", "value": "7e290b69efbd441e9f968dd21304c7685ddae17be0378113650fba822af08f69", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243816, "uuid": "bdd9a150-4c18-414f-84d4-659ceabc5a90", "comment": "Malware payload (Fabookie)", "value": "7f827c6f0c9b7ae2dec220b915db4b6ecc8f5315", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243816, "uuid": "2be43520-d494-498e-a3f8-4510d7e3bc9f", "comment": "Malware payload (Fabookie)", "value": "9220e1e4572801f4ae56771ad559ae5ea195ca8e2d9b992d18c65df872b6e2c798c8f2c9ec459ba40c08b30abcdcbd7d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243816, "uuid": "167ce4cf-ef23-4038-b095-dc6b009e4cd4", "value": "T14E545B0392E17C55ED264B728E1FC6E87A1EF5504F4A7BEB22049A2F05721F2E6B3311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243816, "uuid": "f760d2ef-66d0-4e96-a5f1-d621846b0a9b", "value": "90a8b2b6ad978d000a5ba3658ad3f7fb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243816, "uuid": "5f6061ad-f897-4c85-a2e5-6393aad295f2", "value": "3072:456FAwZAVwl4pvMobX7rL4SyosVGRMqF84iSrk3/yaA5ynszhUsrQ:XAwfGMoDUO+GRMP4jGK+KQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243816, "uuid": "2f2b101a-0da7-4cd5-8f11-9c8c5356dd41", "value": 288256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243816, "uuid": "e37a4a37-1798-40d6-ad70-88e77cc80a60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243816, "uuid": "98656a00-3098-433c-b2c9-3e90cdff7154", "value": "0fa0f03caeed2cff450ab9e2d5c9f1d3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d81ca83-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687267691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267691, "uuid": "cc493813-f8ad-4d70-9b1f-216fa8ed318b", "comment": "Malware payload", "value": "49e8b4923e324f6257b4832a526e5059", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267691, "uuid": "6cca8a27-ca3c-45ec-89f8-a39660640fb3", "comment": "Malware payload", "value": "7f44e4f52472d6384266a1dc76a77cc55a391f8bcd511511ec183a48afc8e8f2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267691, "uuid": "974bac14-b8bd-4aa2-967d-65adf6cd0ca0", "comment": "Malware payload", "value": "ad071b66a264eb45cf8028348b1d65ac05acf98e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267691, "uuid": "5d0dde01-7571-435e-b6f5-0fbdc7fbcec1", "comment": "Malware payload", "value": "81f0db662e52a5edcfd5dcab6afc13f25767b4353daf97a49f0d89779988657e5e22754ecd8b7918d8fc6df171e669cf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267691, "uuid": "b4d3fa2f-e357-47c8-9c0c-a3660b9d0ef7", "value": "T138447C067261C97BD34161318DD69BBEF6BAED240F224683B3E0FF1EAD352D05926352", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267691, "uuid": "6990b270-224f-4df7-86ac-8d5a1793b812", "value": "94c711951a3a5e82f4e4458bedd929dc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267691, "uuid": "1cfb0998-4858-4334-aaaf-054b3d10e930", "value": "3072:ayx03KuV60ahvB45cTFDU0Y1FGU34c2Af6gSa9g9P29tm+2Eufe:ayx0b0vB45qUV1FZIc2g8Pb+2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267691, "uuid": "1d7cf801-a6b1-4a14-99dd-e4512c60983d", "value": 274432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267691, "uuid": "dcfcb4f2-2263-4a15-b226-1670c707b65a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267691, "uuid": "39bd74ca-256a-4ae1-be9b-22ce8aedca4f", "value": "Chess.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bf28b9d-0f95-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687284573, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284573, "uuid": "6c4d81d5-8606-4eeb-a118-c70454c3d21f", "comment": "Malware payload", "value": "fac83cbcae7ee6eb3d211f0e3ca3a5a0", "object_relation": "md5", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284573, "uuid": "fc537b29-d1ff-4761-80bd-9483efe1c1e6", "comment": "Malware payload", "value": "7f568878ba41616eac0dc2204776e202eaf01d39f199ed7cf2e7ff183b428249", "object_relation": "sha256", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284573, "uuid": "dc0a7599-4357-4928-b688-423190f49a62", "comment": "Malware payload", "value": "f70a80701453f0bfd139920e435b02f63f21f253", "object_relation": "sha1", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284573, "uuid": "ec74d594-8eb4-4616-805c-0fee3e506de5", "comment": "Malware payload", "value": "f5543471a6263ee498252b46719b91b20792d6177ff01e6d7bc1b4ed0aa05b20808b3d45ff391e3f6b77c9c6075ca537", "object_relation": "sha3-384", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284573, "uuid": "179de64f-c885-463a-8dea-783fcc099026", "value": "T1FCA53303D3A53864908D72467C99A4825767F5EF8D90839533AC37B8A885E73A3EF70D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284573, "uuid": "de9fca6c-a6d5-4c3d-8b91-6e43bbec9394", "value": "24576:wu1BNBUV3Ww0AjgnXVZibpxnuORpCBmr4Qw1IlHY+NJ6puU7MFLbHAnqetKrCQ58:wu174hSXGLsgY+fFfoirGjfdWZtHTK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687284573, "uuid": "a20a0618-78ce-456e-b4fc-309a2072a35f", "value": 2144217, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687284573, "uuid": "7d6d5905-7636-4a7d-b182-0dfbf035bb76", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284573, "uuid": "44970bf0-b2aa-4749-aaef-a7d10cce7138", "value": "Acrobat.Pro.2023.x64.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3be8ef5a-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241462, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241462, "uuid": "91650e8c-4d53-4639-9a12-dfe7315be38a", "comment": "Malware payload (Amadey)", "value": "d5371ca692fe8aeee90ba70e34bea1a4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241462, "uuid": "52d2cf6c-c4dd-4f7a-9023-4c97ea5dc0e3", "comment": "Malware payload (Amadey)", "value": "7f7bfa04da691b74896851c660e6d083413ded0b3148ea7874688d077afaf221", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241462, "uuid": "e9f1bf6a-1407-4e7b-b92e-0f23ffa5e0fe", "comment": "Malware payload (Amadey)", "value": "ddc268afa7a092b36ef54a9304d98d8842832196", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241462, "uuid": "73c796d0-2c08-489c-93aa-2e44c61daa43", "comment": "Malware payload (Amadey)", "value": "f4f4fdceda722372c579aa436487a895ec22171762946b5aca1ff5572a27b154cd54511494753305ea4ce8f5ae8fed78", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241462, "uuid": "2418a352-c99e-4e4c-b859-ca274617f14b", "value": "T174F41280F4C1B178D9220532AD6ABA827DBDF8914F34DCAF3F54331D8A711D1B5A4A6E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241462, "uuid": "1a267b15-b39a-405e-9649-2148d14a8b68", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241462, "uuid": "81539a86-dc4e-4abd-8a8c-1279a8715db0", "value": "12288:Tt/VnARYv7fWlu+T/bEL88EryeI8VSvErkEAgpTeWbLpxHBQ0:ToRE7fIuFL8/ksJ3j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241462, "uuid": "39dd1471-507d-42d5-90d6-a4d3f2a6f4dd", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241462, "uuid": "45c897e4-d39f-4ea8-95ff-151f80e3c4cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241462, "uuid": "763474f9-c2aa-41d1-8c74-2db24d290433", "value": "d5371ca692fe8aeee90ba70e34bea1a4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c99ee120-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687240841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240841, "uuid": "39d6c472-44ed-406e-b0a7-0f846aabafc8", "comment": "Malware payload (RedLineStealer)", "value": "003daa7b54d3228df1f411b35f8df9d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240841, "uuid": "553af176-6fe6-45de-ab4b-7cd8792efa6f", "comment": "Malware payload (RedLineStealer)", "value": "80a91ba5de3ca86da464eec7430f10e2f41af050d2b2664819552e31b9cfc9ad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240841, "uuid": "110fa499-d9fc-4e0d-9dfe-6b7ee23ddf68", "comment": "Malware payload (RedLineStealer)", "value": "e88ec6abd3b878e5e50c14948251f232dd9769c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240841, "uuid": "b8a22a35-d24b-43f9-ac85-0d7ddc97d28e", "comment": "Malware payload (RedLineStealer)", "value": "6fca4e1434e3ff864372410e953325042aa7ea5b51cca7fc08ea1acbe88a35b679453a0b009beb998f452bf22f9626e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240841, "uuid": "3a4efa7a-1649-449d-a26e-03f32305ea06", "value": "T1C4F41251B0C4F138ED720630AC1A7A426DBDF4E18E24E96F3F94334D8A769E0B1B566D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240841, "uuid": "53ec774a-2d69-433f-a916-9e13ded0d546", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240841, "uuid": "62200585-a44f-4f12-8fd9-c83d36a06707", "value": "12288:5W5uR2v7fWlu+T/tyDz8X33/s0dLJkLWez6y4F24g7hXOAi0Wf9:BRu7fIuc9X33/HSihPk4+m0W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240841, "uuid": "93031ab3-6808-4738-9409-5b24caa4eb93", "value": 761344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240841, "uuid": "351549e5-f93d-4a70-91fb-4dd2015ececb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240841, "uuid": "ef03d09c-71a4-4fea-b01f-20fe76d4a665", "value": "003daa7b54d3228df1f411b35f8df9d0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "283ebf20-0f3c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687246154, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246154, "uuid": "84caf7ca-c5b6-4f95-affc-7a536eb8c92a", "comment": "Malware payload (AgentTesla)", "value": "6ee211af363cfe33979fce1145d6111d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246154, "uuid": "c58adb86-adc0-4e58-a918-fbf2bd545958", "comment": "Malware payload (AgentTesla)", "value": "80dea726f43653bd1f3b39466f2c471335f2cc099ebf53f025f61cb50e625f25", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246154, "uuid": "00777587-d4e7-44ba-b8cb-77f44712cfe6", "comment": "Malware payload (AgentTesla)", "value": "9af22ee919a39fc44f71bf1c7c2e2a98f6de1f85", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246154, "uuid": "5e58282d-22f6-4b71-bf35-6415e83048bd", "comment": "Malware payload (AgentTesla)", "value": "dcc9317679b465fd75511397a2e44b140759054d3e91d7e3a76a375d2bda2806a12254c61202640f2de33f9cbf835450", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246154, "uuid": "cd7856b2-ce83-427a-b255-cfe4c1a03440", "value": "T13FE423B3D85C87726E19BB0EEDA85C5686B7B1057E7C4023580CBF98F1A14E870A95CE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246154, "uuid": "cb2b0c1f-bdf9-4102-afde-e5b01959d5ff", "value": "12288:PoPXZAebRoxo/yUYned5GyHZVj3eenu4OedWztEVI5ZcD7PE3a1cJ9lt6:PRkoeqgLDHK64YQaGG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687246154, "uuid": "ee6c819b-ee19-44ce-859d-4b37b52a6e08", "value": 667556, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687246154, "uuid": "084a5ab2-446c-4381-8b94-499847cce18f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246154, "uuid": "cb934c32-8717-4dea-9967-cf838454222f", "value": "RFQ #62023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8344dac-0f47-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687251200, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251200, "uuid": "1431e66e-17fa-4669-abc7-8adff65ae84c", "comment": "Malware payload (GCleaner)", "value": "29e1fb525618dd0a118735a9cfae2749", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251200, "uuid": "915bfbd2-40d4-468d-bc7a-3292c04d1990", "comment": "Malware payload (GCleaner)", "value": "81e241febfc8f6b577db54026ede71a2b81234de9a6ba1d46b20913893e7a892", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251200, "uuid": "78eb1585-a077-4338-a62c-9cb79ff9d232", "comment": "Malware payload (GCleaner)", "value": "756d5d42a99454e55e5b50837e1a4cdd51ca0124", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251200, "uuid": "32d5b84b-4b12-49b4-9109-3e2059b2996e", "comment": "Malware payload (GCleaner)", "value": "01625727615f4f17a060606d18376f65bcf65d87fdc3e1fa7e8b5204ea86709b1e1cde35e529c2827b8b6af1c0fa3408", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251200, "uuid": "cb455243-9867-4b9e-9935-de34427caf32", "value": "T1F8D512058B7CD920C1FC88F9EFE133D9A228E4201BFA41DA68B7563BE49565D2E3F514", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251200, "uuid": "353eba13-f182-432b-88e5-dc673281202d", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251200, "uuid": "1ab6926e-0bdc-4c80-ba3d-7ae9cdeb6230", "value": "49152:2Gagz+UnTldb5wsaFzCfk8wEPopu42yvXrnado6uKJ2CDPk6ekWFBWXuN:fagrbDMCfk8x43NJkkOEN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687251200, "uuid": "3dac6ad0-9ad9-4b4b-bf12-b4b1b9c3fdb4", "value": 2761582, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687251200, "uuid": "8e648ffc-efa3-4ec2-a1dc-691d8f8cae1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251200, "uuid": "f1934fdc-b6c6-4052-919b-77a9a986bf28", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b6b3fd9-0f46-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687250508, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250508, "uuid": "2440e3e7-237e-4b36-9159-0d21f86b6594", "comment": "Malware payload (Amadey)", "value": "35cde6d3530064623c510d2504daac18", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250508, "uuid": "79821608-6578-465d-bba1-a021f2500484", "comment": "Malware payload (Amadey)", "value": "8232ed16d856e6b73644ae570487a90577dd4123eff234c19c17f065f35a969c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250508, "uuid": "615a30db-7b26-4dec-8297-9a37b9dfa534", "comment": "Malware payload (Amadey)", "value": "337592eab975721254e224dc31491ae583b29096", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250508, "uuid": "f60b1a07-b4a3-4aa1-98ca-9a2eb8d33bf6", "comment": "Malware payload (Amadey)", "value": "81f0266fc83e5a8bf2858a6233d136f0b4131dad2b908f9a70afff3fe17b522e35d64d27d830f937affe9303a95ed4cc", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250508, "uuid": "95c0a36f-4a86-44bb-a612-095c257a0284", "value": "T150E41241B4C4B2B1ED320931986A78127EBCF8918E148DAF3F94375D4BB95E076F162E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250508, "uuid": "287cfa27-31d7-4e1f-ae15-93838e375587", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250508, "uuid": "95a43002-e7ef-46c3-b0a0-17cda061e7b9", "value": "12288:wF8BJr2RZv7fWlu+T/WP/awKOvV9DtksbWwT2A2sK1zngVQBtRVi:wW6Rl7fIuBPEOvVlJaAQgQpVi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687250508, "uuid": "60731edb-036a-42d9-92ee-46e4303d69c3", "value": 719872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687250508, "uuid": "0b7ac6f2-d13b-46eb-8ad2-152b8a69b565", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250508, "uuid": "64bcc649-f09b-4191-a70a-5f4aadc3e378", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cdbe880-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241491, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241491, "uuid": "d551553a-13ab-44a3-964a-57f822de166b", "comment": "Malware payload (Amadey)", "value": "fb29d51c3d05b966135802fc3cd46ca9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241491, "uuid": "11100d3a-0d60-4db7-9f60-be9aacdb929c", "comment": "Malware payload (Amadey)", "value": "82647977fc8c36f765a0ba91e7947cb3c12b9a97659eb52e7241474fcde3b7a6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241491, "uuid": "1df0b982-dcf6-49e1-aedc-47289f9a2ef4", "comment": "Malware payload (Amadey)", "value": "ddfd6bf8cca611b1618296b8ff562cd57f4350f9", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241491, "uuid": "c0a2b441-ac16-441a-8106-5ef5085a46e7", "comment": "Malware payload (Amadey)", "value": "fb8d07471a90bb7e3cc8a0900312f6aaa5514c6472e2584ff3051cb81074851d8857486be2fe81924d7a48cd10071122", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241491, "uuid": "9e0528c5-3aa6-43cf-b3b5-4e6476fafa69", "value": "T19CF41241B0C5B234D9320831AC6A75927CBCF8A18E64DDAF3F58331E89754E4B9F1A5E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241491, "uuid": "deaacf3e-3384-4753-8bcf-31403a5574f9", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241491, "uuid": "8f77e2d1-1f3d-4918-998e-3d46bfb6a0d8", "value": "12288:AQqb2rR4v7fWlu+T/G/4SbMLkF5/UD/0JlT0pRHcRVhAgsB7yxnKsNgdIjVUa5wL:AbSRk7fIuZwSQi5MDcvTycGgsB7z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241491, "uuid": "25e1def2-c0d8-4f8c-b09c-fdbb3746d5fd", "value": 729600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241491, "uuid": "4999b31b-f828-4419-85da-8d535f34c622", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241491, "uuid": "ca101a60-b908-4e85-9c7a-ffc6fce56347", "value": "fb29d51c3d05b966135802fc3cd46ca9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff664411-0f63-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687263265, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263265, "uuid": "005454bc-4f3f-4e8b-884d-311a47fee538", "comment": "Malware payload", "value": "da4aea2124222d996666fbb40c4f478a", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263265, "uuid": "0298c6e4-c614-4a11-a0d0-5897098877b8", "comment": "Malware payload", "value": "827b0e7d50e73b273ca1ee6a4529c7c85ab660200fa9d391ed5de7ac0094e543", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263265, "uuid": "f4d8dedc-eb59-4c24-8394-2b474a0746f8", "comment": "Malware payload", "value": "a6d36ada346c666c8883b41c91e660f131f3b2b5", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263265, "uuid": "1c75049c-7df9-4060-854a-717370a80b0e", "comment": "Malware payload", "value": "9a312b69bc6993ecb00939c6909c57929717a2d693129b8a1f651dbb2bdfb3ef2fcc55ef261b6265288dff9b71895531", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263265, "uuid": "f1100f52-76aa-4538-95af-e447d061c7f8", "value": "T1E8D433D1DA714452F784CCF865BAA7797A422D3BF92AE27C0CE0A7C1D6442C3761E12B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263265, "uuid": "caa5923f-8eb8-4220-89f6-e3304cbcf543", "value": "12288:40xTBFoXAqjmZ2NQHeOpoMKFzU2MdqrNc/3F/+4V3DBK1ohB0CLsPJo7qoNFRwBL:1V3To3QHQMKFiArNcP1Rh6cs2xFRaL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687263265, "uuid": "fcd0b5af-3ce4-4baa-99cb-c60d8bc32e79", "value": 630369, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687263265, "uuid": "fdac2d41-dadc-465e-a009-33ecc55d265b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263265, "uuid": "47df3309-b66e-4694-8a3d-5fa9b299a8df", "value": "export trucking instructions.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bce9e05d-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1687243826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243826, "uuid": "40d8ebf3-1d74-45c6-8119-40a1e6c74192", "comment": "Malware payload (Loki)", "value": "f00e67bdca62a0d90fe30258b92450c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243826, "uuid": "eb77ebfe-52c4-4072-8b63-bd2782da1f73", "comment": "Malware payload (Loki)", "value": "82874f8df8a0b976870b77bf33412b6fb8aa14f35477f597460540a1f3b9f85b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243826, "uuid": "9164c453-5b2c-4259-a70e-ec40a5c62298", "comment": "Malware payload (Loki)", "value": "53fb08fc05013f544bdd8b77eb16e68f0b23ba27", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243826, "uuid": "10db4fbd-0de1-4352-a3b5-6761e892b27f", "comment": "Malware payload (Loki)", "value": "45e7aae0e13b295ef380d9ba9390a92faac3fd281efb0a2268c693b69d0236feaa4600ef993d35700c8c2f546ac75ec8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243826, "uuid": "d25a0d0b-4d1f-4697-a8b1-968eecac4b0d", "value": "T118E412084AE4661FDA6717799BA5B7BD4B3EEA017633E32B2D50F0CB6C15B464B01332", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243826, "uuid": "86302ba2-f4b4-490d-9d98-f2ca86613997", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243826, "uuid": "5fbe7f1f-08a8-4bbd-bdce-13877bc63d18", "value": "12288:+MbISvruAHu/TwGUh6CTIVKXMrDQd9gSlOzT6gtYq7J3At5iHOq+ZQ:+6buAO/0GHCTIVFDxf5Yqtm8OqK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243826, "uuid": "3c5e96a8-7182-4834-bee2-d07530df1641", "value": 697344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243826, "uuid": "cded9397-ac6a-48a2-9320-b32cc5b9ca7f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243826, "uuid": "bce5338f-19c8-4133-8663-01202ffa0dce", "value": "f00e67bdca62a0d90fe30258b92450c4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6891f89-0f54-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687256674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256674, "uuid": "9e241b8e-42bb-456b-9a3c-c114283663e8", "comment": "Malware payload (Mirai)", "value": "9ba2297f36678860a617cd7e0e06cd58", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256674, "uuid": "b989a7d8-f79a-407a-b775-daa4429d8379", "comment": "Malware payload (Mirai)", "value": "83b684a0afddf687089ac6d92a418a638719c7df5007859e9c3ac1a1e4348bec", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256674, "uuid": "a4d53f07-4eaf-428f-a444-fb2a476f8e50", "comment": "Malware payload (Mirai)", "value": "ece40663cb715f876541028aafc1865a0aae6b92", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256674, "uuid": "c5d9e0ac-f8ed-4cd6-9c9d-50d67cfe0382", "comment": "Malware payload (Mirai)", "value": "4e653fb4b182f96fd7654ee6e0802dd36e0200eb8dc98582c62eaca7d2ceea8fb7cccb31b47367736f8b18a90dbb8e51", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256674, "uuid": "da03a102-49b5-4769-816e-64cf27beb9eb", "value": "T12DD33B06B31C0A47D2632EF43A3F27D1D3EFAA8121F4F644251FAA8A9171D325586EDD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256674, "uuid": "e2f542e1-489a-425e-99e2-e4d50ff31380", "value": "1536:sqI8Kr+Ep2VMBeE3EQxsCo1pQK41L2q3KdU5vANJQCQW2DYCq0Z+Q4jE:NQZEQxcQJsqadD7bZjE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256674, "uuid": "6f4824e9-a3d6-4c53-837f-87ec7c2c7bb9", "value": 138104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256674, "uuid": "c4de0b1e-fa6d-4f37-a683-d3f0c8505ceb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256674, "uuid": "9e479cdc-7ba5-4e5c-a59f-d2bc9f094e91", "value": "9ba2297f36678860a617cd7e0e06cd58", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75844a33-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242418, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242418, "uuid": "f48644b1-8447-4a2b-a079-a478e534dc26", "comment": "Malware payload (AgentTesla)", "value": "51a8ed9362dafa607d65a84a0a7b4b03", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242418, "uuid": "c12bc3a9-a09f-4388-9157-87b6ccf2b341", "comment": "Malware payload (AgentTesla)", "value": "841c2906a20d94ec86b77f8521073f13981909c97a739a06f84a7bb9dc9cbe6b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242418, "uuid": "d107208f-9e9b-469d-b536-3db18eb88ef0", "comment": "Malware payload (AgentTesla)", "value": "b94dea7be04f47e7c18bb62bdd87759fbc87252c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242418, "uuid": "319424dc-1017-40ba-b763-1043dd50e687", "comment": "Malware payload (AgentTesla)", "value": "bdf436f72c49b12f81923fa7e11a678532ec079f425e6aced7de57edf3edf26fc7c79290d46f99f57deb7763f1286dc8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242418, "uuid": "6ec6bfbf-e011-4292-9fe8-8d99d947e641", "value": "T164F402185A878A0BC02A4FB59460F774922C9E997712D6EF0DCF7CC7BF267C90A31649", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242418, "uuid": "f14d7b76-bdf2-460b-825f-264e9c044c50", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242418, "uuid": "da353466-4866-498b-8e74-f9d318b353e0", "value": "12288:Gb903YDHHJHHlHHTHHHH2iuPM7q6bpw4dcZda/igJynpsgnXrR0jw2ey6ZgS0Hn+:Gb903YDHHJHHlHHTHHHH3zu4CZdOwzdt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242418, "uuid": "5a91734b-1e8c-4ee9-bcea-9a408e89f77a", "value": 744960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242418, "uuid": "50cdca79-195c-4731-aa66-610d4b046078", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242418, "uuid": "266780a3-9aa3-4e11-9a4f-d57aa8496300", "value": "PO 211436_Sirius Electronics Ltd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61f411a0-0f8c-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687280610, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280610, "uuid": "48403770-7dc7-4c95-b2bd-8b93c80b6632", "comment": "Malware payload", "value": "18d025838309a97005781e3cecf3cdc7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280610, "uuid": "05443a2a-1d03-4973-a903-3a9078c02646", "comment": "Malware payload", "value": "844a05488a0cc987a4be009b0eeeb6ef6e6683e6f2e3998f74cdcca0d7e3231d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280610, "uuid": "54e2dd32-f4ab-4aed-a2f0-377ce4699bba", "comment": "Malware payload", "value": "83f5c4a168b87cce8a40157cc4bf4db73c99d532", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280610, "uuid": "a6d2bc14-c626-4eda-9b5f-a620f9b42ddb", "comment": "Malware payload", "value": "32f0cba1a80d932bdcde14244ae9c85dd738c371df69970990683c985b14d878a9d56ab49aea21a20d7b0f934199242d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280610, "uuid": "cfdfbb97-b9b0-4bbd-ba3e-359b7c98b89f", "value": "T1BC8412031E28BCD8DE0D50F15CAF56BD218E6976C92085EB29A030DEC9F4A31FB5BB54", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280610, "uuid": "893314c2-8078-485b-8333-e0c9911a4ce2", "value": "6465fbea3d16106dca01c167664a738b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280610, "uuid": "9ce5b3a2-3ee9-4e8d-8f03-6a8fca7b035e", "value": "6144:coL1O0xpmrIR1zepuKp5D+O+vBneHNef7ktytxiBB50Tl6vmBup8XYf1/Sq:cLILze7OUQwsyb50Tl6vHuod", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687280610, "uuid": "92a134ef-a41c-458f-a62a-d52012519321", "value": 374784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687280610, "uuid": "271cefb8-10b5-49ee-b165-effbc90c3798", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280610, "uuid": "7553b50d-2629-43ac-87ee-c04492cd1a62", "value": "844a05488a0cc987a4be009b0eeeb6ef6e6683e6f2e3998f74cdcca0d7e3231d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d13141b-0f3a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687245383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245383, "uuid": "1fa387d3-3ee1-475c-82fb-f317faa995c6", "comment": "Malware payload (Mirai)", "value": "9c8ade76748bda32ba854d43df366be7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245383, "uuid": "d4f823a0-9629-4989-b6fc-3fb98ff9e2cb", "comment": "Malware payload (Mirai)", "value": "844dc0c4e41367d31f065fa704715a89591ff3241465793d7f4bcea8fa2007cb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245383, "uuid": "bd58a0fa-d77a-4289-8a89-200d0048bdbc", "comment": "Malware payload (Mirai)", "value": "715257debf0769822e6a9fd7a3a8a79bbbaa263f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245383, "uuid": "9d5b4c12-1414-49a7-add8-693ea6497796", "comment": "Malware payload (Mirai)", "value": "582b930462ec266d6d84ea31afe5401271222032c069ff1477d05920a5cc11119ca59cf2b93f5f44dad26bc78fcb8a7a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245383, "uuid": "ce2a36e0-d82f-46e4-a06d-2be3e25bf576", "value": "T16ED2E14CD878B9ADCECC4EBB51BE1BA987C8A05022FF9B5607050845571FE076C4E97D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245383, "uuid": "08a8432b-5fbc-432f-8ea0-6ccde0ba8c7b", "value": "384:78y/sWhMzhxtfgZ5wjNqDBy70GZBU5cKBILoA8lECnG9yQ2eSXtH0eoRWGVCz0Nh:IytizZkwj4By70GX8S43VZXtwWbg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245383, "uuid": "6c7d26b2-739b-4f69-bda1-ff2d5ef14700", "value": 31092, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245383, "uuid": "26938de2-cd32-464c-9126-a6cf0f0f69e4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245383, "uuid": "23f9b43b-10fe-469a-97e1-b73667166965", "value": "9c8ade76748bda32ba854d43df366be7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b75ff30c-0f34-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242958, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242958, "uuid": "9df4caa2-34a7-46a6-aa97-dfa0bae1657e", "comment": "Malware payload (AgentTesla)", "value": "a8bf999204700340d3805ee8418688f8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242958, "uuid": "1be7fe90-a43f-4966-a7bb-cc72bd188106", "comment": "Malware payload (AgentTesla)", "value": "847d6adbabdcebf16d6b55425197525489ed9e5a342dd93e9af27d0dc92238b0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242958, "uuid": "a7410922-5476-4602-9845-7a9f9a15c22e", "comment": "Malware payload (AgentTesla)", "value": "700b3aff284e15e488ab7164ed047793e74fd65e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242958, "uuid": "dc281ba1-5c56-4fd5-897f-dd3658ba8098", "comment": "Malware payload (AgentTesla)", "value": "ee9da45b1d176d8523afb531e9c9aedbf6c17585d87a4b120f791ae76a70da4459f7af358cb568d97843a0ec8c6098c7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242958, "uuid": "952b9f2f-17f8-40de-a16d-082da748cd4e", "value": "T120E423895CC632F67F2E09D68D4D02F11F03A25A66FE0DA993E7DA2D11AD57CC0A04AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242958, "uuid": "188dd5c8-293c-47a6-aff8-4bdd51c63aa3", "value": "12288:FXFLrm0wJmQoKmjEdob1AH1vl3/F8/sJEHU3KVm0gaW4vh5rCAr7cRs2:FXB8Jn5hds+E03KVm0gaW4v1r7ct", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242958, "uuid": "fdde79c8-a7b7-4ccb-802d-39fd82ca45f2", "value": 679947, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242958, "uuid": "522495c2-e315-4dcc-8caa-15a30605a223", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242958, "uuid": "6a42ddcc-93d6-4cbe-9f6c-6cff217f3972", "value": "IMG_MV HOVERLA EPDA REVISED _SOA APRIL & MAY 23'.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "189383f8-0f76-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687271038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271038, "uuid": "0f421712-256c-4a4e-8e63-e3aecb446d9e", "comment": "Malware payload", "value": "68e3421306389249d2b5bba9cc44c2ea", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271038, "uuid": "1badb810-cc8b-4f9e-8469-df72cd358d19", "comment": "Malware payload", "value": "84e3c95fb57d803e23aedbdd376a205b36c75675a01b134c594bb47dc483de13", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271038, "uuid": "e99c62fe-8f83-4ac6-a1f0-0f8ea9dc1e3c", "comment": "Malware payload", "value": "48fa7f9d8c3a40d5e7e8ab098a045ae02d727647", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271038, "uuid": "7f277818-7d93-4b23-a0ee-99aab13f871f", "comment": "Malware payload", "value": "09307e4bf234f406919c87b0de3b238d855644441a1b79561cf243d5b6575e2e29cae105fc7d2071b9552aa48760c625", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271038, "uuid": "a0e9684b-cdc5-447c-a1a1-025ff9ff7c6f", "value": "T1F577337CD0A1635B1C7B6831B5F1A0EBC85681F18E535E2792BDA633DBCB7D19078089", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271038, "uuid": "eb32e659-d0d9-46f8-bdc5-4b7b4445ca06", "value": "786432:6+fTPmBTW7E0YaoUOCpeQW9twEvaemA9deOhhY996tURsWT:HCTqzYk8PYA98SYEWT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687271038, "uuid": "50df8568-efb7-42d5-90af-a9c485d2d925", "value": 33329395, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687271038, "uuid": "3486c134-bb2b-4518-b510-e9bc3d2f1447", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271038, "uuid": "c41576fc-2296-40a0-bd1a-09b27498dd1e", "value": "68e3421306389249d2b5bba9cc44c2ea", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e163803-0f1f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687233816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233816, "uuid": "50ae0390-fe00-4aba-9669-ebbf6cdb8b5a", "comment": "Malware payload (AgentTesla)", "value": "86a979e843447982b68f2a0c343e333b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233816, "uuid": "e772144e-01ea-485e-9df9-e8eda48fc7a5", "comment": "Malware payload (AgentTesla)", "value": "8514688f25e263c5e78673ecf3275a0eb4d49bb7d155924d1a889b4f3a7eec49", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233816, "uuid": "829da300-c0c3-4688-b706-267da9120c6f", "comment": "Malware payload (AgentTesla)", "value": "1f09d96b2aebf3540b49dd5effe06236055c23be", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687233816, "uuid": "9e94171c-9adb-47a4-8796-3105b6fe8a34", "comment": "Malware payload (AgentTesla)", "value": "ec0cefb2f51101a1b3ff3852fb4dfd9d1425145aec937961a6ed27621efb37bcbb7ed52b36b1d3329086bde9a92f4536", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233816, "uuid": "531e4a92-b8f7-4cde-92d7-cf36988a1bce", "value": "T17AB4120DB36C8557CF1D0A39F616611C4378D62AB223F3EB4CD470EE09A2B448656ABB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233816, "uuid": "83cfb375-f258-4b31-9884-93afea733f09", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233816, "uuid": "31c00de2-6302-4924-b9d5-bd7e4a0ef13f", "value": "12288:0IPbAkY6kaUKSBKW1IRYLpHKpt87HL1gMlW++D/A24YDr:U76r+IyLxKpt87HLaMUrAh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687233816, "uuid": "de37139b-e9a1-4908-ac54-a2733e4d7bfc", "value": 519680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687233816, "uuid": "b8c1f734-6eb8-4894-ae82-a501899320c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687233816, "uuid": "c534cf90-dd46-40b2-84a5-0a1debb15d9e", "value": "86a979e843447982b68f2a0c343e333b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee510acf-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687288147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288147, "uuid": "a8d60925-9f4a-4770-8036-326c60d17ba2", "comment": "Malware payload (RedLineStealer)", "value": "3a957b0840e8040640418f8cfb3f5cc3", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288147, "uuid": "7c92123d-307b-4546-8637-f279464df6d9", "comment": "Malware payload (RedLineStealer)", "value": "85247b43b20e7ebb76d22d1f30d36f957c845fa1a8088beb09ccfa5e2a1158d2", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288147, "uuid": "b02c9026-c87c-4861-969f-2589cae3906e", "comment": "Malware payload (RedLineStealer)", "value": "c828fe38c818964b04cb7ec2f66f631d1aaa23ff", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288147, "uuid": "85305b44-7b5f-4150-b8a5-81e97b6094dd", "comment": "Malware payload (RedLineStealer)", "value": "2947a30e43938c0b5a46e3bc98fb11a47d152f0f4e673ee46d3be6084f1d3f93e4735a28c2711578a1f201e663afafac", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288147, "uuid": "f54fab82-49a2-4c66-ba5a-7cd63f39d59f", "value": "T1DA26223588513551F44AF6F9E865EDAB3667861B7CA0E7C3A8CA07A7CB2C703021DD4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288147, "uuid": "8dc0af6f-4260-42e1-bc03-8c1111d87874", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288147, "uuid": "48a460fe-9272-4a61-bfde-4a286241b215", "value": "98304:FG2pIXYHLN7JSTcu4NEBWtXtM/qPMkQcG5k09gsuGPWicUq/T:78gN7JSoLa1/qPMZdOHs1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288147, "uuid": "6dab14d5-808f-449b-847f-4762bddc6089", "value": 4528128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288147, "uuid": "3d57b7ab-0019-4e8e-8a59-cd19c846eaa9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288147, "uuid": "53a48ddc-e4f7-4a25-9c4f-9de79d060aa1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a669e95-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (MassLogger)", "timestamp": 1687268464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268464, "uuid": "b2ceeb3e-c128-4070-95b5-e533ca093e9e", "comment": "Malware payload (MassLogger)", "value": "b5b2667294faeecc29b8290e6d05e4ed", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "MassLogger", "colour": "#D898C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268464, "uuid": "f20dea7d-fd14-454e-a4f1-c938e1442b9e", "comment": "Malware payload (MassLogger)", "value": "85af2b7f64dc1018d773c803361353401e64034a70e0c030774cdc54e00bc123", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "MassLogger", "colour": "#D898C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268464, "uuid": "7bb3c07c-82c6-4fdf-88ec-68a55d1c61ae", "comment": "Malware payload (MassLogger)", "value": "343b2e86c27eb19b4846e00fcfcfada52e205d30", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "MassLogger", "colour": "#D898C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268464, "uuid": "8a57ac43-34b0-457e-8320-387a063dc581", "comment": "Malware payload (MassLogger)", "value": "01331002708fa0d197d5f78964552df7aa1717fddc6db5d20efc4d1e5802c1e74a055bb10c3a3083576a7d1e041187c8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "MassLogger", "colour": "#D898C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268464, "uuid": "9d2b0a4e-9ded-4373-81f3-288f5a41731f", "value": "T10114491A77EC4A65D5FF4B39E0B852450675F997A82AEB0E0EC464DD0E32B80E8017F7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268464, "uuid": "16e83ced-a97b-486e-ac84-cf5fb8e0fdf4", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268464, "uuid": "de50c79a-26df-46bc-b3aa-d6bb9488a73d", "value": "3072:z3kfugUTLLlH5F2jANp8eO6uUdn1QB4+M2yimcB0ywvbpt5puhAx10TzAL8o9t4j:zbRTfF5F2jANpHnAjWPvbpCaN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268464, "uuid": "bc0b734f-5008-4584-8b54-39bde9ef12a4", "value": 202752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268464, "uuid": "c76a662e-6b44-4ba6-8c00-3009a17ce443", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268464, "uuid": "3fe672b7-d0ba-4162-932f-dd74a7362d9b", "value": "b5b2667294faeecc29b8290e6d05e4ed.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3dc215f2-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gh0stRAT)", "timestamp": 1687267665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267665, "uuid": "6fb8c043-35b7-4ee6-9252-0473716f614d", "comment": "Malware payload (Gh0stRAT)", "value": "4b765297f7692c82c857f1441b741266", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267665, "uuid": "07dcafc9-a10e-4e48-ac13-1e3f165e5fc0", "comment": "Malware payload (Gh0stRAT)", "value": "85f36d885a8e4a34c2bb5f805eed2c0ce90cb543e565faee53196d3cc1fc5b9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267665, "uuid": "30ce8a29-834a-434e-a856-f9a2042ef66d", "comment": "Malware payload (Gh0stRAT)", "value": "c034528555d614b1d86f323bb24d8793268273e5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267665, "uuid": "6591247e-6e33-4446-9dd8-ada02702e402", "comment": "Malware payload (Gh0stRAT)", "value": "294905c0f7fb3ed5fb01de8b812b0e87629f8bb950cb39270e438b710dfaf1bedcbb2424a1f85b3d1fd1c36917cd379d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267665, "uuid": "0b4cabfd-b719-4be6-9826-0a6399537ceb", "value": "T1EF95AF2176E1C072C5733574865EA3799ABDAA300B3943C757A11E7A2EB08D2D93C37B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267665, "uuid": "1f097112-7d79-46a5-84d7-3f3d7910bc49", "value": "bf70a35de41d4d7506b32d38b778fb85", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267665, "uuid": "100f2e81-fb93-4dd1-a9f1-7f4c61b8a640", "value": "49152:aWY+EnVMVG46vxR7INESQIOxQaGwkWhTY7/G5AxgHbrTLLw17FM4eTsO:aW2VMVGXvxR7tIHaGwkWa7/G5A2HTHWh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267665, "uuid": "d221d47d-d522-4f87-b721-b559ea601b6d", "value": 1964032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267665, "uuid": "0b75253e-ab1a-450e-b5ee-f26db86e00c8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267665, "uuid": "24f998a0-ce76-427a-857b-5a0ac96d5fe7", "value": "Skyline.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4a197c2-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687242497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242497, "uuid": "1ba28177-b5da-4cf2-85a5-a95532c7fd4e", "comment": "Malware payload", "value": "11c8023d0eb9a24b0717cbf84965a8ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242497, "uuid": "2e40cd3a-0054-4ed4-99ed-be506a3525f9", "comment": "Malware payload", "value": "86cfb935c6eb9898d6545db6bbf9713cde8f7761c8c41be08f707a53342b3bfb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242497, "uuid": "1ec34195-ef65-42bd-8296-23e159f1ccd1", "comment": "Malware payload", "value": "0d095bab69f790618c4b2f35f74406b603f073aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242497, "uuid": "da12aac7-08f7-46be-90c8-4e0bcee56091", "comment": "Malware payload", "value": "ba0ede1d6056d158f9c6424bd4caee6b6486747a8a004100c65fb01789730ff1a8a445a4677549859f2214594f3ba11e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242497, "uuid": "e0432a90-4f88-4c11-85ff-5cb5285cd96f", "value": "T1F4157D217980C072CA7315324E7CE66919EEB5610F314ADFA7DC0A7E6F704C26B3A667", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242497, "uuid": "497ae409-6c04-4e49-be79-c901923eacb5", "value": "6ce63cc132d5d858579f8d1856ccf49e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242497, "uuid": "861787ce-5c1f-401a-a702-535ae96728af", "value": "24576:SU34S83495PPkuRC+gn2OTOx7/48ZJr6jNVrd/QyFRYm1b2x/h:puzuRC+gn2OTOx7ggrGrdxn/1b2x/h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242497, "uuid": "d3d16c82-433f-4cce-a41e-f3b9dd84bd26", "value": 926144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242497, "uuid": "34fe62b3-f237-40e5-a8d7-b4de0178a054", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242497, "uuid": "9a51cc90-cf60-4da1-9337-0f7e17a30908", "value": "ConsoleProxy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "381a8614-0f06-11ee-b3cf-42010a9c0076", "comment": "Malware payload (OrcusRAT)", "timestamp": 1687222988, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222988, "uuid": "8f0e154c-635c-4de3-81a0-1694308c6349", "comment": "Malware payload (OrcusRAT)", "value": "5c960cf771c6c72a643210898cf655b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222988, "uuid": "fade21a3-fe3f-4665-8158-c029b37cf8b6", "comment": "Malware payload (OrcusRAT)", "value": "882f31f3aca2f53b480168e22107cfb20bd2bfde1e3e8a78dfecfa36369ff6d1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222988, "uuid": "c988cd1f-e8cc-4c48-8a71-b8dc8e42cb00", "comment": "Malware payload (OrcusRAT)", "value": "3b9f6df7ba588a85dc71276a814ad21a8aa3801f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222988, "uuid": "70f72e36-2fab-4abe-bb02-5e46006d843f", "comment": "Malware payload (OrcusRAT)", "value": "88c356f37a85ffbcf24485f2a7a54d799a717fb630aa65f1328d143acc5aa461a1037ee4915d573239d05aa0f1f70b60", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222988, "uuid": "1ff4702a-fd0b-4bf2-ba70-dfe594e1b4e6", "value": "T19725CF013FACBD07C1BE2A78B7731AC91778E9066052FB4E185861AD1DEBB01BD16367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222988, "uuid": "61af06e7-6ce8-415d-823f-e361f986e08a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222988, "uuid": "645f6587-a0f4-44cf-a8fa-469832d8e6e6", "value": "24576:lYE4MROxnFl/iSrZlI0AilFEvxHiKGk3Bd3X3K:lY3MibKSrZlI0AilFEvxHi2BdH3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687222988, "uuid": "cb12407b-a66e-4751-b3b4-1fa88ccfac79", "value": 1032704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687222988, "uuid": "beb9195f-8207-4e09-8ead-34370d73309f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222988, "uuid": "c980e04d-7682-4c1f-8eed-4486cb356ebc", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "740ff5e8-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687242416, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242416, "uuid": "b9ea2dbb-f475-466b-a432-5727cd5dcec5", "comment": "Malware payload (Formbook)", "value": "674ffa56c80f33cb36302433870f8865", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242416, "uuid": "46e40c7d-1aa9-489a-bb76-ee14a803673a", "comment": "Malware payload (Formbook)", "value": "88a30998e16685f778e1f9b61c5513bdaf30f0582c0c1ad276e155b570f96fd8", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242416, "uuid": "366a85f8-f6a0-4670-af28-86250b540d84", "comment": "Malware payload (Formbook)", "value": "0f77d9c8c21653978fd9ea5f94484ebc6cceae08", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242416, "uuid": "7cc8cbf6-c66d-4359-8f75-62bb081fc1b7", "comment": "Malware payload (Formbook)", "value": "21f4ed653c16641dac957a9e134dd51ada2f893c07cba4ba1e4c0a4a498442b2e832350bbc4c78ca081248b7dff69d42", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242416, "uuid": "66f36fe9-def3-4ee3-baff-3e7cb331a874", "value": "T1EF71F730854CACD7D0D78096D699BD7E1ADBF49347DA6EC0701EECA5087F2301B2AE4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242416, "uuid": "0eb139ec-53d9-4284-b059-53d97bd5f5e0", "value": "48:zc6aVju/kn43KsPPsUJGQ1YqY01WPa0aTh0t4le9AbUzewempPA+DRhjsPilWQSw:laVju/kyVJGEe04Pa0Sw95pA+9Bn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242416, "uuid": "4c9ea4db-df28-4e03-9e9a-6f85588b6241", "value": 3499, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242416, "uuid": "dd6d2cf6-9d42-45a1-8196-a61aefca1309", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242416, "uuid": "06126113-45dd-4f2d-939f-1e3cee252208", "value": "RFQ-3252010628.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07b74fce-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687243522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243522, "uuid": "f6c2feb3-5b10-4d1a-8c00-d6d7f7c5e1d4", "comment": "Malware payload (Formbook)", "value": "bb7e10017918658b8f3f4e05e505741f", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243522, "uuid": "20dd8f67-a419-4e1d-b51c-de6f69612d3d", "comment": "Malware payload (Formbook)", "value": "88b839bed586fad53b03b85bd6d7d6514c51de244e56e671c3385e9cd3590dff", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243522, "uuid": "4e1c3050-ad61-47e1-82e2-53e0cc90074b", "comment": "Malware payload (Formbook)", "value": "15de61fc4edc230be1ecd5d2fa0482fd10b58601", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243522, "uuid": "c792c119-0446-4e42-aa75-9590a6c2007d", "comment": "Malware payload (Formbook)", "value": "f5e1d557d268d41f81f064fe6e70134ef5bdb56fa4120abfd3db91eede9f624330b10ea8f646c6405d2fa18dcb605026", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243522, "uuid": "3427ad2a-20b4-431f-903c-976c6f74a44a", "value": "T19FF433F1D2FE2DC8971035783AD51A8C57E927AA50ABB9F3A06ED4A325C8F05D4C09E1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243522, "uuid": "1eab551a-8a02-45b5-9fa8-46c88c60de87", "value": "12288:uR4y6/LQfitmM2ZiJoCudDQ2u8jIyQW92JgyH42h6vuoyF0JpM:um+iUM2IQ17jIyb92Jgu4han", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243522, "uuid": "bad2bd52-3719-482e-a9b7-4da7c3142ef8", "value": 762523, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243522, "uuid": "27056420-aef5-4344-8b02-0bb8bb9da8bd", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243522, "uuid": "e1a83595-4562-4f21-bba3-a63267f5703f", "value": "Mirus Packaging GmbH Purchase Order.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "475706ee-0f90-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687282284, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282284, "uuid": "1f6e6902-d5e3-492e-9289-2062552be064", "comment": "Malware payload", "value": "ffc65ca13eb5db61d472c471257dfd71", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282284, "uuid": "06a4c05c-35d7-45ab-abae-78ff95187a33", "comment": "Malware payload", "value": "89e8c87f6f7da3d0ba6bb5a99d2f2006c0762892d5aa645414b6831752e04ee9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282284, "uuid": "2e15009b-0c04-4438-9b71-16c6a3c1cf45", "comment": "Malware payload", "value": "99e2d34a1f3ffe84cf854e786bff670cfb7fb465", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282284, "uuid": "73ed9033-e2ea-4f0e-ac7c-c953adc9d753", "comment": "Malware payload", "value": "38a95b167d0010006de576bb4dd04fc4e52e6fdbd02e728c4a11eaa4c7fb3a761ad2c91f21c8421638aee9729ddcb3b7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282284, "uuid": "5b5908d7-1a8b-44ac-8243-b5f212649739", "value": "T12A64E16074C09171E5BD063074D6C3EB4E7EAD706F1838EFEF5866AE8E283C9E129519", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282284, "uuid": "026575a6-5d96-4d40-a2ba-3e45d5c2e8aa", "value": "55e4edc3fdbba34851414d76b9c66d91", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282284, "uuid": "dd0bd1c6-c1df-46df-8462-4b322608973b", "value": "6144:bXO53w81NaPoiEG1HPaJUW+dQA3xVtAvFcJfHrZUHb+ZvnVKr9im3YLsv:bXO53lDGRPaVUQA/Y2fHrZUH6ZfIr9iq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687282284, "uuid": "500de34a-3487-4442-9826-db3b24391eca", "value": 324608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687282284, "uuid": "1b571a8b-6a5e-492e-b29e-14c86955f206", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282284, "uuid": "e01faca2-9733-46e4-b4e2-a8127d74fc4e", "value": "SecuriteInfo.com.DeepScan.Generic.Trojan.Genesis.Marte.A.0A20F92A.28421.6182", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "853aaf17-0fa2-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687290118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687290118, "uuid": "ebf16ab8-02ec-4e5b-8452-fc84b326fd3c", "comment": "Malware payload", "value": "e2f08f163d81f79c1f94bd34b22d3191", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687290118, "uuid": "f6d506a7-0bb7-4949-8f99-8e382f943673", "comment": "Malware payload", "value": "8a3808d549c6fe4560153558fe20fd47f8089b392b984dfbde4c20b92044e358", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687290118, "uuid": "514fa5e7-2910-47ca-b6cc-46bdadcf7d5b", "comment": "Malware payload", "value": "1fea4a56ffb7756d9b6a549dcd17be6657b31682", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687290118, "uuid": "2f9373f8-95ca-4bf7-bde2-f4113274d59a", "comment": "Malware payload", "value": "132d5694877a11a4b2e02c1e6471366b426fb390b5720fd10e72f8aed751198809cb483b8913b538dd487dc44e16791d", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687290118, "uuid": "3b182c60-18c0-45e7-ae1b-552b15631d4d", "value": "T10802EF87F7E18E6BCC9853BD4597033232B3E472934383231606B6751E43BD62F6A989", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687290118, "uuid": "ef4495e6-75f8-4ab1-90b1-3f797d18b98b", "value": "96:Gn/TVFeKHF9Guyt+k72tMVL67gGpf2pDSmWx+Wh:Gn/fF9rytB6kBS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687290118, "uuid": "263a90af-da8e-4aee-b8c9-46408728c5f3", "value": 8456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687290118, "uuid": "32700c82-648a-4bae-bed5-3881228c6171", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687290118, "uuid": "f9d173d7-0fe3-419d-bdd7-2bf7d6db21cb", "value": "8a3808d549c6fe4560153558fe20fd47f8089b392b984dfbde4c20b92044e358", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be8a4bf9-0f6a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1687266163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266163, "uuid": "a3ee9f91-b913-41fb-a5a7-4a6d99759282", "comment": "Malware payload (GuLoader)", "value": "23ac451fb69f5aa0725b9358d0c83125", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266163, "uuid": "371fe24d-9306-4e86-bc9a-192da8c96728", "comment": "Malware payload (GuLoader)", "value": "8adb8e5522c86ccd116f752132b2da37d02f9b035796838d6b7502e0552970f9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266163, "uuid": "aa12369b-f4c1-44fd-9bd9-68d3c9360b88", "comment": "Malware payload (GuLoader)", "value": "f3ef4032c31222474d65620edc9fa8fe27bb39bd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266163, "uuid": "3c2154d2-ec25-4a58-b776-0655b7ef6ca4", "comment": "Malware payload (GuLoader)", "value": "18ede25d2c942d12dc8bd02dbe753d799f1895b985bab335735ee96ee0b4c934c88eb863e0df39c4d07aeefc5ebd5593", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266163, "uuid": "2d426270-5e6e-4357-9442-f5b21bcf2f9d", "value": "T1B084F19EF34D4892C956F73174779B26123BFC6BAD3D2A4F721A7A642D733820012936", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266163, "uuid": "93f233b2-018c-45bf-8e1b-0092620bde2a", "value": "e160ef8e55bb9d162da4e266afd9eef3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266163, "uuid": "71969bef-6253-40e5-8484-e756d8f10e09", "value": "6144:PsKxNX1AvyxrDb1iXamvYMLwbavBPOsf54omsezbmBUzQWI642k/vL:7WvyxrDhiKmvCbavz4owHmBaO/vL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687266163, "uuid": "b04a1252-ae33-4d7f-a465-19fe87e1adae", "value": 391512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687266163, "uuid": "f59891a5-967e-4c7d-91d1-e86580e0d050", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266163, "uuid": "6d73f46c-2fcc-44cc-9c71-322c361db0a4", "value": "PO 00829611.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b84f2ed-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241488, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241488, "uuid": "57e7ac63-33ed-4229-a84b-35ed034a7dc8", "comment": "Malware payload (RedLineStealer)", "value": "b25d646ad3a8cc232e5e43e173ba09d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241488, "uuid": "0b95f334-1a2d-4a41-96e3-17b0d5c3034a", "comment": "Malware payload (RedLineStealer)", "value": "8c636ec4d87a637a59d1eac676059f592159f50060345d9681b9d35d7825686f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241488, "uuid": "7c790739-fdd6-444a-b487-a79960b751ec", "comment": "Malware payload (RedLineStealer)", "value": "045ebbfea3c8b7c33258c6d3ec092cce6cd25828", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241488, "uuid": "809b56a4-8ef4-4bf2-acf9-4a69eabba1df", "comment": "Malware payload (RedLineStealer)", "value": "b0e294aa1bf19d55f70620d75beaf942972ba99c98c5cce8d14b4d27a705365558201077421d21c07203c22fe0f4db54", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241488, "uuid": "451ea346-a43e-4008-805d-9782aba38d8c", "value": "T1A6F40180B4C4B174ED3209316CAAB9927E7DF5A54F30896F3F54331E8AB29E0B5B151E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241488, "uuid": "59c38d59-1ddb-4fd1-add1-0eb2225c3c77", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241488, "uuid": "12fb4beb-ef67-4358-9272-a5da456160dd", "value": "12288:G5fh5B0R5v7fWlu+T/knR9BSkHsLuUvBBJ7j7pLvt4fWRc0+BGsSxIuUdGXc9Zml:G5DORF7fIu1nTHaPvt4+Rn+4sSxIuKWH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241488, "uuid": "4af3b824-7c60-4922-baed-6ff98e29f339", "value": 762368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241488, "uuid": "1d07e45e-0780-4e55-ad3f-06fb20500951", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241488, "uuid": "f224dc72-f3eb-43ad-830f-376cac790ae7", "value": "b25d646ad3a8cc232e5e43e173ba09d9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "468282d6-0f1a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687231602, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231602, "uuid": "597bfb7e-cf1d-4078-9d75-666d12d11285", "comment": "Malware payload (Mirai)", "value": "4454dcbceffccf049227dde5b9c026fa", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231602, "uuid": "dbc2182f-c49a-4ed5-bb30-3c827defb249", "comment": "Malware payload (Mirai)", "value": "8c691c521d821b2ca0d2c126d3e3b52618e09ef4212b0e154657fc62414c7e7c", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231602, "uuid": "2c43b7d1-bb6f-4ee9-9b68-80f8aa583af5", "comment": "Malware payload (Mirai)", "value": "0d18c338c6152db971603adb0f6b8fc02cdec702", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687231602, "uuid": "42b1bafb-efc0-424f-90c6-5e21c5687ad3", "comment": "Malware payload (Mirai)", "value": "a203a385624e2bbf5ec9b0249833e54359a80c6e052ce7c08696977cce92ae603ccb7fdec7c4bb0efb3d24c3c789a9d9", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687231602, "uuid": "33de6e25-70f1-489d-a19e-a2afa3f37899", "value": "T156F2F1ED9E91785BCD5B2C3CD46D17A10E89389937BF8C0F87A48E85A2A88477443478", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687231602, "uuid": "23556fec-2a3c-405d-917b-eab17a785750", "value": "768:ter4p9QgHfkKrb3tdaqd6nJKUL20HKV3k43CGE0vTtaBmGk3f4WMLP:tTpOgHsKf9ddQ/L6p5fvTta2UP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687231602, "uuid": "17f63319-f8b5-4f0f-ab89-4d8c2f7c6c1f", "value": 35552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687231602, "uuid": "37c85099-2d45-4866-8341-735f2fa328d4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687231602, "uuid": "739f833c-2134-475f-9273-9b926736c18c", "value": "SecuriteInfo.com.Heur.20230620032659981078769", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3aa5e992-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241460, "uuid": "63e1e8c5-46a5-4994-898a-4cb60d8e91d6", "comment": "Malware payload (RedLineStealer)", "value": "78870229f774446c0e42a44a17dda044", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241460, "uuid": "e780d224-ceb1-4f94-9b0e-ec59bf5e7834", "comment": "Malware payload (RedLineStealer)", "value": "8c996967aaf591a96dd85c46fb2a8c03ac45dbb3c7c1e487c469cab61f139fa9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241460, "uuid": "e75a59a1-e8ff-4ba0-a0d2-34e270c649dd", "comment": "Malware payload (RedLineStealer)", "value": "d1c397c14c6c195c8db98a5bcd319997cd92cb3d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241460, "uuid": "a8c0d488-3ac1-4db4-830f-f5b630ce93a2", "comment": "Malware payload (RedLineStealer)", "value": "802ba03a8aca0e32a1d3dca950f3811ed96e8df1dd99fb9f68550f70c05387a3500d50f8f28df063660eea2d37e5c75e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241460, "uuid": "b798d85f-ad27-4186-bdd9-b20e52073ad4", "value": "T136E4024070C4B235DD321531BC5AFA92B8ADF4A15E208DAF7B90732E8BB15E0B9F551E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241460, "uuid": "d96f278d-d4df-4099-ae23-691eac00a356", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241460, "uuid": "6ad1d9e1-2cab-4373-8008-b06729613bc7", "value": "12288:hznhbbLRKv7fWlu+T/eNJZI5k5dT8h6Wvn1evwrl8xhACKzd7mG:hbxRy7fIudjK5k5diBn1eorlKhPKNm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241460, "uuid": "d09e5472-42a1-4311-a2fc-1985b7ef3d02", "value": 719872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241460, "uuid": "198e0173-bc29-4c31-8eb0-a79f1d70fd20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241460, "uuid": "67623fa8-6993-40b2-b328-2cc23158047a", "value": "78870229f774446c0e42a44a17dda044.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "583e3860-0f3b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687245805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245805, "uuid": "77d67155-44d5-4237-bf60-5f24ade1215f", "comment": "Malware payload (AgentTesla)", "value": "e3f9d668ee149f5ef85aa0e650df8d39", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245805, "uuid": "0176e763-7fc8-4d83-b968-66cf4a799368", "comment": "Malware payload (AgentTesla)", "value": "8da906c20224d3e4c93fc592fe32f6dd78fe97592adcb10dfe6ff22e03c55259", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245805, "uuid": "de34e1f1-42be-42b5-bd41-053377655eba", "comment": "Malware payload (AgentTesla)", "value": "ff1cd3d81d49895349c634d0422566fad370b92f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245805, "uuid": "566b1343-ff5f-488c-a761-62748b104d98", "comment": "Malware payload (AgentTesla)", "value": "877d6eefaccc53ec30af8c6fc2df9cb6e4ff006f88c1b7433e16acdbb2a186e35ba0297edc27425c37a10a8eb77d8ea3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245805, "uuid": "314d7b44-c34e-4334-8e88-18636f7aca4e", "value": "T1CBC423CBBBECB8305AF9DC80C565A44A1E15597A8B1DC0F4EEB62887407F0F69546CCB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245805, "uuid": "93e301d4-33b4-42fc-9595-215625cbb5b5", "value": "12288:LlGjnJcSsTfoC68vPLvfcFD8bLqdn8Qu3YxpgMrWQ:LlBSYHLvfcFD8bLUE+pgMr/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245805, "uuid": "16e4e5b8-779e-42d9-8cb2-d9e7e0ff775f", "value": 575012, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245805, "uuid": "0b49e43e-71c7-460e-91ff-0a2e6189eb6b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245805, "uuid": "95dc5637-a7d0-4f47-8538-41b583218f71", "value": "order 600368142959.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7ee69c1-0f3d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687246878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246878, "uuid": "f463dd90-1186-491d-9849-2acb6e164969", "comment": "Malware payload (Amadey)", "value": "b99e6ee189de73e59ea435219b792f97", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246878, "uuid": "ce0f3da1-90b2-43dc-9e5a-07922d23d32b", "comment": "Malware payload (Amadey)", "value": "8e9ae899ab2347452d71dfa4c2c028e13973b6569fd4ccb3021b7f41c011aca7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246878, "uuid": "b4002248-7267-4416-8000-44cfb296b22b", "comment": "Malware payload (Amadey)", "value": "5996a8697d6214649c450fd12ee55ca2d483a4b1", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246878, "uuid": "05a7cbed-9de6-4ccc-9ac1-d24ae01668a3", "comment": "Malware payload (Amadey)", "value": "80323f0a593aa8336eb99300ecb9a27df680f9c1faacfd23d48424a4df9ed2b7df3acdd25f25b434ba6967cb175c3177", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246878, "uuid": "8418d0f3-ee66-4fa2-89b7-865297fd285a", "value": "T12AF41241B4C4B278ED3505306C797A433E6CF9A09AB0C9AF3F58331D8AB69D076B495E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246878, "uuid": "4dbf0377-6172-48bf-bfb6-3eff0b112f1a", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246878, "uuid": "fc4ac484-e918-4a09-96c7-57cea1f70ae2", "value": "12288:GIXLY9XRUv7fWlu+T/Laa4B4pRy89zhGcllG+sj4yUTLMS7rcfmpnJnbgt:GbRQ7fIuwV4B4l9FGOsj4lsS7r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687246878, "uuid": "d3b7ff7a-aac1-46ad-9e72-b8f8b9a42284", "value": 728064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687246878, "uuid": "7897c30a-00f4-4ac0-9ca1-6d0dd910d014", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246878, "uuid": "3bf6b69e-ee88-49a1-a868-021de3033694", "value": "b99e6ee189de73e59ea435219b792f97.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74242450-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687243275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243275, "uuid": "c6a71d32-2ff5-4bbe-8477-ae06bb86c511", "comment": "Malware payload (RedLineStealer)", "value": "15119d274c692c0f4959aa1181c615fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243275, "uuid": "b66771e9-c80f-41b4-a05d-0908205722fb", "comment": "Malware payload (RedLineStealer)", "value": "8f29df372ea828f3a52b2f89d3b158fc55590d76641d4c64277c9a97006c9ac6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243275, "uuid": "5a839eb2-18ef-40bb-99ea-28fe03d5d793", "comment": "Malware payload (RedLineStealer)", "value": "55d0df941350d2f38a10118cc022dda572da8dfe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243275, "uuid": "9eb26b84-2057-447b-a8dc-671811ced152", "comment": "Malware payload (RedLineStealer)", "value": "2463a595342d1d41d2c4ef1d77a589b9a426d82f695541af2aee563f49cb7f65d824ad2d43e1c7ff1b0c962f769f27ca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243275, "uuid": "a13e0f2e-526e-46fa-903c-92882144b18f", "value": "T154544B0FB5C50336E471103D2BB02956EDEDBC910D34EDB73A6CC329156ABE2A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243275, "uuid": "d83f5f33-b22f-4509-aac4-b019371677f7", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243275, "uuid": "e64a3026-0518-43c3-a136-6a76fa606b5d", "value": "6144:1aqMeD20Q0FKHgKNRBH13TLxNP9T0x+SRMt:1weVQzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243275, "uuid": "84725acb-98d3-4f30-b0de-36eae031af16", "value": 279557, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243275, "uuid": "3767f71c-38f9-42d4-ba8b-d6ffe0974e3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243275, "uuid": "859f4d0c-e62e-4e63-948d-4c906982a417", "value": "15119d274c692c0f4959aa1181c615fb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86ef2a6c-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241159, "uuid": "5786e215-fcb6-4a0d-8484-3bd5c0a28512", "comment": "Malware payload (RedLineStealer)", "value": "890f1cc7d1bca39b929e3a0ab4c46d26", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241159, "uuid": "5c3fbcb7-33f7-4faf-ad25-ba8aa4199794", "comment": "Malware payload (RedLineStealer)", "value": "8f346c975ebe1bb1d7183cde56d4e579b0d6ebbca44c929d62d0be48a3bfd3a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241159, "uuid": "a86a0c8d-afc6-4e68-8a13-f387e80bb308", "comment": "Malware payload (RedLineStealer)", "value": "47adf07dbf3e08d1689be182d3574f741a996f77", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241159, "uuid": "25c01c14-18d1-4d66-bde2-4c9d322ce2c0", "comment": "Malware payload (RedLineStealer)", "value": "d20bbe5d0fde7badae0ebadfbdea4f59ea23b53bd7d119271795031923b450ae13d8f4789724c56578177a9ed4c18131", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241159, "uuid": "aa5f2555-87a4-494a-965f-10f616bceae5", "value": "T13C544B0FB5C50336E471103D2BB02956EDEDBC910D34EDB73A6CC329156ABE2A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241159, "uuid": "dd9bb0e7-843e-4261-9710-2a6efd93eac5", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241159, "uuid": "d5d7019d-a828-49ee-a928-4ef7ce3413e0", "value": "6144:NXgA2TQ0FKHgKNRBH13TLxNP9T0x+SRMR:JgbQzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241159, "uuid": "a5ca0722-6a31-4dbb-875d-6922693f00b6", "value": 279045, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241159, "uuid": "8aad9358-c2a8-4f50-aec4-d691134a1f80", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241159, "uuid": "4fcfa091-14c5-45ec-9ea1-09106a96d33b", "value": "890f1cc7d1bca39b929e3a0ab4c46d26.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94b98f46-0f5b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259650, "uuid": "ad1002c7-838d-40b8-a0a5-a8efdad5d1b1", "comment": "Malware payload (Mirai)", "value": "ad4e65c8bd04b8347516b9b97cec1073", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259650, "uuid": "719fa5da-6384-4376-9bca-2927dca9e0cf", "comment": "Malware payload (Mirai)", "value": "8f8dd2e71401d71275f676c59ff275da1d4ce458a23ce8604a2573557c3e20af", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259650, "uuid": "176125a9-7042-4f55-b189-cf1c78dcafe4", "comment": "Malware payload (Mirai)", "value": "0131bd5bd1629780104377e0fb2d9bededd0a99b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259650, "uuid": "46e80541-9e96-446d-8df9-8605ea411ccc", "comment": "Malware payload (Mirai)", "value": "241ca0e75be60af85866087c632b13b0e31a9f2a1ce45fd53ef50cbd0a78c2e55c68f5e3c669343d596e4fc42761b5f6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259650, "uuid": "a48498e4-479e-4250-b29f-8bb2a270b292", "value": "T130331785B8819A16C1D053BBFB2E418C372663F8E2EF3207DD256F14778A82F0E67655", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259650, "uuid": "f6ef7f2c-0e4d-4e87-b38e-3bcd936ed7d9", "value": "768:Ah+SOCyZbjRe7b7bWAEAfZi012e7qaquo9IMxTcSP1t5j/NPUBBBnOzfl:VSfyCbWAZE01Caq/NxTca1t5j6B2B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259650, "uuid": "29ba20b9-6e01-4c9c-9e51-06412bd3748b", "value": 52960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259650, "uuid": "23fa53cc-2188-44ef-9f09-35875c28337e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259650, "uuid": "ce0f5108-5dbb-4892-9628-589447f68ad2", "value": "ad4e65c8bd04b8347516b9b97cec1073", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91442fe9-0f05-11ee-b3cf-42010a9c0076", "comment": "Malware payload (ArrowRAT)", "timestamp": 1687222708, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222708, "uuid": "6ab2e587-7498-478c-96a0-e226ddfe32e1", "comment": "Malware payload (ArrowRAT)", "value": "1a6204ba18ed28ba84ae8a3299602bc8", "object_relation": "md5", "Tag": [ { "name": "ArrowRAT", "colour": "#DE0E56", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222708, "uuid": "d70bae6e-4107-482f-84be-eb7386fa5696", "comment": "Malware payload (ArrowRAT)", "value": "90093c647c4ef8f612e3e470c93debfb667aaf39073cd503cd670c6355dc474a", "object_relation": "sha256", "Tag": [ { "name": "ArrowRAT", "colour": "#DE0E56", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222708, "uuid": "bc34e320-c708-4698-a4ae-1955e73b6516", "comment": "Malware payload (ArrowRAT)", "value": "ca32927f6e8d86e326fda075f096b16fae482c88", "object_relation": "sha1", "Tag": [ { "name": "ArrowRAT", "colour": "#DE0E56", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222708, "uuid": "0dcb81fe-2f3a-439f-9326-12bb5cbed609", "comment": "Malware payload (ArrowRAT)", "value": "609779243d16013f9538c27b1a03b963958e966fd7c9e233ba84f87a73ba6e74c50e6366ad67fb3728d982052a5ad8a3", "object_relation": "sha3-384", "Tag": [ { "name": "ArrowRAT", "colour": "#DE0E56", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222708, "uuid": "54a174c4-d0cd-40ca-8278-13293ac85bf4", "value": "T144F36D243EEA5029F173AF765FE47596CA2FB7733B07A85D2050038A4B23A81DDD153A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222708, "uuid": "77944215-5e27-48bc-8820-4411623ff6cd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222708, "uuid": "f8c0a1d0-fbe5-467f-b690-25fbb2306c27", "value": "3072:gbzZDH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPjSO8Y:gbzZDe0ODhTEPgnjuIJzo+PPcfPjN8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687222708, "uuid": "0d966c0f-8d99-4e7c-ab76-02807a46f012", "value": 161792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687222708, "uuid": "457cca17-afc3-4a46-8bae-d8989c87ba01", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222708, "uuid": "f1cdda48-f152-4d80-9f7d-e74dc3d93ad2", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83a1f318-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241153, "uuid": "7cbaa5d3-89d4-4ce4-be22-72243dc75835", "comment": "Malware payload (RedLineStealer)", "value": "8a65667b706ddedb2dd15ac57b199722", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241153, "uuid": "35f243e7-d587-4491-b86a-1699b4ee861f", "comment": "Malware payload (RedLineStealer)", "value": "90b3d2326db31030d665e6c2cce47ed2877bc579d236855c96f04b962c4a29f7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241153, "uuid": "68b15abc-2023-4697-b6e4-5ae79bf757b2", "comment": "Malware payload (RedLineStealer)", "value": "687edbcd23c08d9f58cede35880e49c3f2e8a10e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241153, "uuid": "d4d292b3-113b-4614-96e9-f0d8b004dd66", "comment": "Malware payload (RedLineStealer)", "value": "90def60fe2221f45e61e784b565961da6b16319971f7e126ebf9304f6624df481800aa71930947022461a60e2d2213de", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241153, "uuid": "1fa03507-c919-4cdb-ab80-ee4c2e4e7062", "value": "T10AF41240B4C4B334DD310531AC697982AD7CF8959E60CDAF7F94231E0AB56E0BAF952E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241153, "uuid": "9df4967b-4616-4a91-a31b-cc2af9ec98fa", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241153, "uuid": "8cb4767d-7a56-47b0-89ce-fb553c92d5c1", "value": "12288:RKzCRcv7fWlu+T/DgwgZ/mS2Zer7bKPBiwlWWCuDnqFd9LzCQwUQEdhG7yw8v:fRY7fIuugd1vmPdgVFjLzCh0Q7Mv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241153, "uuid": "9db50999-959d-4c84-8d3c-aa10de3ba3c8", "value": 728064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241153, "uuid": "cc011a36-f346-415b-a6cd-5dfcc967c72e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241153, "uuid": "529a9cfe-7493-4c06-abba-7a8f86b43fe0", "value": "8a65667b706ddedb2dd15ac57b199722.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1cd9cbc-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687288099, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288099, "uuid": "727a1557-6f31-4434-b412-20e0c6ca59bc", "comment": "Malware payload", "value": "114ca97346c1c4561157be2191e0fd71", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288099, "uuid": "28e4f4ac-3141-4e67-af3b-8f65c85231ae", "comment": "Malware payload", "value": "9131deaa40e5eea024b5ffb74586329931d53d489652d56021f2b5a57673e818", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288099, "uuid": "70b98515-9b1e-4c72-b716-8c109b12030a", "comment": "Malware payload", "value": "a550c80fbc475ae8f3a2be3a6e1cbfabed1cea6d", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288099, "uuid": "ff19d9f6-efd2-4d37-9c96-532aa180ed49", "comment": "Malware payload", "value": "be5c3868016b981632732cc88bdf5df0137073a165404f3a846a6268bf75b4266d21124ff18c858139508c5bc70de04a", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288099, "uuid": "9e613db8-c912-4b34-88ed-51a915ae7706", "value": "T130F4231ABE6C8E12C93A86FD781C072454A299C38943E0791DD3942BB7A335BF3CF951", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288099, "uuid": "7187bbd9-eabf-451e-a863-85038c5f87e8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288099, "uuid": "df8661c6-193a-4197-a557-a125ac900ce7", "value": "12288:XIMIMHqvom9QOslI+dgum/Zqii0k0DYScZvAzTO78rIuvIeP4h8e2A1Qz9Kho5hU:4MIMHfm9PgPeBxqoDDY0O7XuC8e2A1kS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288099, "uuid": "c910ade3-452e-4750-ab30-de0c20fecaf3", "value": 734208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288099, "uuid": "7ece4e57-40ef-43ed-8508-8f974e1d45a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288099, "uuid": "623191b0-d693-4831-b934-59559efc52cf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b763745d-0f6b-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687266580, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266580, "uuid": "cb9cbddc-3d7c-4d42-8033-9fac69898542", "comment": "Malware payload", "value": "002ea05ce596760723b0787ee4bfbbcb", "object_relation": "md5", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266580, "uuid": "fcb5a990-fbbb-4bfe-9d7d-9ea5f5eb1a99", "comment": "Malware payload", "value": "91bedde298120f2112051018910a77a8672687917722e9a4aba692ec312bf4b2", "object_relation": "sha256", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266580, "uuid": "ec57a839-74fc-47b8-bf19-f33e98b462f5", "comment": "Malware payload", "value": "b2fb11f5eb37ea6ef0cc03f39b4824e81ffa1cfb", "object_relation": "sha1", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266580, "uuid": "38b7a2ee-4885-4181-8035-6c430433530b", "comment": "Malware payload", "value": "b970cde8ccb5f6b3c61d0538b8e0ce8a533adef8aa0352557bc1acab9e8f6d87e3b7c73b20e1974f5dd49740e3c2d77e", "object_relation": "sha3-384", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266580, "uuid": "86028c2d-cb9f-4958-947d-204dee36897e", "value": "T11AE5BE0DBA96EE67D3A6273FA02741289631D2523713BB1F0B7D46B43D923F40A417E9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266580, "uuid": "fee57654-d223-4568-a174-9a3f4defe6ab", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266580, "uuid": "2787a64e-b2a4-4582-93db-4e7a385ac1a8", "value": "49152:PkD/BI8szy/fieUebMNeyW6e4CwPZJ8y/nKbYv3I5ctnnEpmQO:Pg7MNTNPZJKb15cupm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687266580, "uuid": "4bc67732-2e7b-402f-860c-10c218010e9f", "value": 3254272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687266580, "uuid": "10594778-f249-4b69-8b8d-525e9ff46a15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266580, "uuid": "704525e0-2bca-433e-a14a-6d94a41d0dd6", "value": "168726657698b1d94e482e96168370f0a24749cf0ceaeef19ff5502ce20e1cabd4b9539b93625.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7449ce99-0f92-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687283218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687283218, "uuid": "c994fc0b-2e36-40da-8720-c670dbfa16a1", "comment": "Malware payload", "value": "f4731e5a45ac2acac9130f3ec3155409", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687283218, "uuid": "466af9ad-1268-4618-aa21-a8e96bb52843", "comment": "Malware payload", "value": "920f528cdf720187b49ee99274a5bf75ad392c9ae7eeecca803ec049aea2bd36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687283218, "uuid": "855058ff-2aab-410a-8c01-915881b9405c", "comment": "Malware payload", "value": "51b7de62665edfe44941f169b67f7cbb2a0b45f3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687283218, "uuid": "f8411517-dd19-4dc2-a070-daceb22a330c", "comment": "Malware payload", "value": "49ad48a9dbd4f33835eff10b8022d34c7374c5aebf7976d017ef2ed992ee3700ef79f7fa76d1f382b4718f39414fd82f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687283218, "uuid": "208e4325-9c8d-406f-81ba-1a666fc95426", "value": "T100733D1266014454F3188B359942F9D089B9BD7D5AD0F28FF278BE3A6E322C35A7714F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687283218, "uuid": "b7d2592e-dff7-43d9-8d5e-99942800e344", "value": "999596f8cb58af543fa9274acf2f1fa7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687283218, "uuid": "15437159-bbed-4c23-ae94-dd554bc18071", "value": "768:hm+a1SPei+h2fbYOZkQzie7OxgDZU9qZU9:32i+cbXOx6p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687283218, "uuid": "123050d5-2d90-45d8-ae60-054f621ec887", "value": 78848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687283218, "uuid": "dc904909-b642-407f-a936-1ba2e43165be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687283218, "uuid": "a3a2f46d-356d-48cb-ac1e-57c650f99b9a", "value": "App.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2748e4a0-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687267627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267627, "uuid": "d77591bb-4ce9-42e1-b0c1-54898dace6d9", "comment": "Malware payload", "value": "d3d580d3bf4d0dcf0eb52e17e97da392", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267627, "uuid": "ce2d533e-165b-46bf-83de-fe6c5d9fcc7b", "comment": "Malware payload", "value": "92a9423befeafe6d4a16e778eb6720cfd7ad16604e8209ae6a78b89c6dc41f03", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267627, "uuid": "6da9f656-954e-4ca2-a219-2a785f46bc69", "comment": "Malware payload", "value": "b9fda28c28be4382b11a41e8a2370889cb270d01", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267627, "uuid": "c5fbbdc9-7e62-4dbb-87bf-7e800487f6ad", "comment": "Malware payload", "value": "f443c79141cbc3fad7cc9a7ae29eec1bbcbedc346395d511d7b1ac4af514e2bb04e0ecd85bcf16cfd14447f0564a418b", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267627, "uuid": "b62587ba-2c31-4f4e-8209-e8f9e579910f", "value": "T1B27423C4EB5B57B17D02F6BD449CFF62AA4AA50037A08CA2DB25FEC4351161EB124E7C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267627, "uuid": "75de9d89-713b-4d59-8643-0af351414c49", "value": "6144:Pw7cFCCnQ/2GQyAyQA3PvoOMQ2HwQrsu+fAN/AUts4BQqSL9oovPNWJf5VTY5YL:PwAFCCwVdjQIoOMQuwvu+fAN4Uts4BDX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267627, "uuid": "80402bcd-58e2-4f02-be95-6b49d113f9fa", "value": 348344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267627, "uuid": "42415f0d-7f18-46c3-9508-9577c46854c9", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267627, "uuid": "99fe4b10-7943-44d2-9119-3a3480716ff1", "value": "Kaspersky_Premium.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da6f70bc-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240869, "uuid": "1cf10688-79bf-4340-80f5-674cb2c95c1d", "comment": "Malware payload (Amadey)", "value": "780fd338de941f1998cb464c66088d9b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240869, "uuid": "36dc61b4-9037-4709-b6ba-80d9be2d9b94", "comment": "Malware payload (Amadey)", "value": "92dcb67fc1ca1edfb6054393a8d9328c094b187bbe835289dab06322d7b43514", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240869, "uuid": "f7665774-33d8-4fee-93de-5bd7794be621", "comment": "Malware payload (Amadey)", "value": "2445fef70af3f4b4e176c14058ed1d57ff06a02e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240869, "uuid": "57c165a1-528c-47a8-baf3-9008d3d5789a", "comment": "Malware payload (Amadey)", "value": "27be2896b937a6ae3a49f6e5b9918dbf911578f6cd640ffa4d190ac4f3d200e60e9288c7be5d449ec5fd895d0c9fdb80", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240869, "uuid": "1b17021a-bc0d-418d-9088-a096ac6093b4", "value": "T145E41241F4D8B234EA320A31A86DB942AD7CF4D58E60DDAF3F54372D8A714D0B9B419D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240869, "uuid": "a58b1d8d-a75a-481d-9f34-a9d24d6e1476", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240869, "uuid": "05e9aebb-4d81-43f5-9396-23933cc51c70", "value": "12288:a7ahM0RHv7fWlu+T/JkYBTw14jvsrwS5MOrBuRfwK3sJmdZEKg1gFOND/:VRP7fIuZYI4orzrM4K3sAg1xND/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240869, "uuid": "369dc861-f09d-42e5-83bd-05fbb79fd368", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240869, "uuid": "99f10c3f-ff29-4913-917a-35f420ce7a94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240869, "uuid": "b13253fd-2c95-46a0-a3ad-b0a1310fc0ff", "value": "780fd338de941f1998cb464c66088d9b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "987dd721-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687243765, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243765, "uuid": "668b2ada-3caf-43f7-9e93-caf5fc0d8e6e", "comment": "Malware payload", "value": "2a0740eb43c8767dd646b48f71431833", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243765, "uuid": "0d65b263-145b-446e-8856-b0425314e40f", "comment": "Malware payload", "value": "93a83c3670f21191cd338e237cc6f1d3866d1d4d168104263304aec799455a14", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243765, "uuid": "1862e7c2-ed9a-42ed-9ee3-43f2d8d1801a", "comment": "Malware payload", "value": "620668332921303d18f1659bfb2cd0427e16113a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243765, "uuid": "82c82308-63a3-4f95-94c7-69feb6977505", "comment": "Malware payload", "value": "f0a9555991d5cc0eba6e3f1a67105bbaecefc36b9a8918f38375281ecdbfde39775dde30580a67ee9c4bb1a98eedaa0a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243765, "uuid": "b539bdc5-bea0-4b21-8188-4d82cd98a9e6", "value": "T11CB35C1179C080B1E9B315326974D9A28E7DFCA10F64ED973790162E0FB46C1EEB49AE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243765, "uuid": "7ef7f63f-be8e-4c5d-8682-7596cff76ef8", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243765, "uuid": "58d15241-6dea-4500-b167-1488c54b94b5", "value": "3072:slu8M+RSplrqcgVplOuk2xzQFAPYJaXGMT8:slu8cp7KbkET", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243765, "uuid": "848ccb37-707a-49d1-8a2c-20758a5f74e5", "value": 113669, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243765, "uuid": "d01b2283-ba99-4a9a-85c9-e2aab4cc6661", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243765, "uuid": "9487a70b-f1fe-459a-a2c2-59912c9f93bc", "value": "2a0740eb43c8767dd646b48f71431833.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b1ce6ba-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687268600, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268600, "uuid": "605ec82b-fa6e-451b-a031-92f178b99a9d", "comment": "Malware payload (AgentTesla)", "value": "f46a60a67a27b77c16723da6aa016800", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268600, "uuid": "afd95703-09c8-4205-b821-85f96bba4953", "comment": "Malware payload (AgentTesla)", "value": "93bd0a081feb2e1576bbf84b672e120981ad2cf3f5017db7942959f9959f5066", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268600, "uuid": "b6315753-f4ac-45e3-b403-acc99d74e82d", "comment": "Malware payload (AgentTesla)", "value": "6078706801513293e228c08506ccc7a9ef30edd2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268600, "uuid": "42ca3901-82c0-4ef6-a818-9b2813b14fc2", "comment": "Malware payload (AgentTesla)", "value": "2f13c20e14377aa89b921cd4e4900f18e5ad9172abe0f04d4a764d1a6805209c4bf7d47d35b073a3d28f67b9c3789027", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268600, "uuid": "fcf75c44-98ad-4348-badd-066c0caefad7", "value": "T1F283B70273EE4A48F1F32BDD567E11A40B2B7A54693AC69C107D650E0BF3E908DA5F63", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268600, "uuid": "1132b300-dfe7-4459-a532-8096b9018147", "value": "1536:44b5X/AkV+4VPJv69u6uRSqFBeWpf4b5X/AkV+4VPJv69u6uRSqFBeWpg:44b5PAkV+4VBi9u6uRSqFBeWpf4b5PAz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268600, "uuid": "9db65032-04c0-4598-9170-c3259f464d83", "value": 81502, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268600, "uuid": "bc77da59-1512-40bd-bf27-25503c96914e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268600, "uuid": "435bc3d0-43bc-439e-b8c8-dbf025cc8a12", "value": "Indalo Farma.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3ab2885-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242173, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242173, "uuid": "4f66694f-2b20-458e-ab49-30316b548397", "comment": "Malware payload (AgentTesla)", "value": "3851e249cf7d32ba359962fda41f90fb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242173, "uuid": "2324be10-aa8e-4ee3-b6c9-29ef0c19e750", "comment": "Malware payload (AgentTesla)", "value": "943e2a06f79d662f5cd0cac37eb6e131b1f4a8bb3dd8941ab0d0494b0cee7e3a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242173, "uuid": "5cdadd6d-b28e-4117-a650-1b8d8f25d65d", "comment": "Malware payload (AgentTesla)", "value": "51ebce9186507f47a1ce2a3a862f457e8872f717", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242173, "uuid": "eef64826-36df-4774-b018-73ebe35eb478", "comment": "Malware payload (AgentTesla)", "value": "6aa1e55474c5951c9349e305a913b602d9a7aaa3c064b46177bcc50fb9f31ad77f3feb84a837bae66bf111f1c94bcb99", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242173, "uuid": "677039b0-5795-4f58-b851-8ff04a53b26d", "value": "T183A51212E1519A3DEA6A07B05F8795D1421CBEE4BD0E2916336A3B5F7AF35C1D08BE0C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242173, "uuid": "9c804982-8a97-4658-92e6-ecfadd5f26ec", "value": "49152:vLK8/t95bbmIB/uYp95bbmIB0u1LinsybDAfRHgu9c:jt195nlt95nucGnssy5pc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242173, "uuid": "abdbd9e7-0779-46cf-a955-01e85ca66d59", "value": 2121728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242173, "uuid": "02b18399-acc7-4038-ba5f-eec49dc14e63", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242173, "uuid": "7292462a-9fe3-45a4-80ee-2669b0007c3a", "value": "Packers Order.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e196f771-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1687242170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242170, "uuid": "948aa10e-0fa2-4b81-b11b-e5aa8c2d4ca6", "comment": "Malware payload (Loki)", "value": "e076810391fed8fddff768e167252342", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242170, "uuid": "92eddabd-9460-460f-a9cf-80db2b8d3e66", "comment": "Malware payload (Loki)", "value": "94cef8e7b13b09fc1749b77d138c944d83aae1cf84aca1113ee8a4719b24cb12", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242170, "uuid": "ae54f2d7-fc1c-4721-a606-95a17cb4a530", "comment": "Malware payload (Loki)", "value": "88ce094c871eb2e0f859bf51321782540ce0e2bf", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242170, "uuid": "3537b389-76a4-4719-9c1f-cdef3cc6ea03", "comment": "Malware payload (Loki)", "value": "d99cb7c638549d74d1db225249d30d1f3720569207384fbefd466b583086f3634fd28300cc3b924184a035a7a918b653", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242170, "uuid": "3118ad47-6420-4783-bdf4-c4ec8bd8b030", "value": "T15585011DE404A7B9F7460B756953B18A900CBCB67FCA84827B85331F2D33FA658E65C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242170, "uuid": "79318f55-de6f-445e-8b58-79eb423ea7a8", "value": "49152:0QmmQ30S1A+c0sbQmmQ30I1A+c0s9nYH7MK:0pmQkL+0bpmQkB+0927n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242170, "uuid": "fbdc1b1d-a7d9-4741-abd5-63274a3c8de9", "value": 1851904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242170, "uuid": "c42f02e2-7a63-493d-bbe5-7a3ff7ca9a52", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242170, "uuid": "38bd0684-349b-4f5f-8182-11096366c5d1", "value": "IMK2306-\uc784\uc2dc1 SEM-PHIL AIR_RANADA, RICA MAE ALV.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b15bfbb-0f26-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1687236683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236683, "uuid": "e312724e-ac3e-490a-a710-d4864938fe78", "comment": "Malware payload (Loki)", "value": "1a66a7aa607af278f7a7c5d0ded3b929", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236683, "uuid": "30918084-4313-4435-880d-24ac44c8347e", "comment": "Malware payload (Loki)", "value": "94ecbf6f04ad4476d6b032a83b96f93897af0e16821b76802aaafb11677ad836", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236683, "uuid": "33c82e6b-2457-460e-8e5c-00784516d9f9", "comment": "Malware payload (Loki)", "value": "866060ec7a98989f42cd046923b96366555dca97", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687236683, "uuid": "21120022-3030-4b32-b3e8-8920aedaaeb7", "comment": "Malware payload (Loki)", "value": "8563696bc36481358498d3b361a8b80adecb661a0e5359a4b9c2a77b6da71cb7a60cc6f60a4c0414e2555a07a77ff756", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236683, "uuid": "cf1702ff-ede2-4491-8392-d29220165247", "value": "T1FEC5A4037797C5A2D171EB33CDDF908407A5E9A27333D76AB59A23290843B669CC261F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236683, "uuid": "7db637b9-17c6-4641-8888-f4216c66f47f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236683, "uuid": "66c12ca3-86a3-4cb8-9113-0b7298970b99", "value": "24576:ogd8HCTqEnE6MYXo5AOvjlFboX+lz868qgCFndzvppKrznmr2yWGgCCPQ8ywaANJ:TTqX9OhghpBQrRC+nXD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687236683, "uuid": "0765b5d7-6009-4090-9097-e7e6069fa471", "value": 2678784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687236683, "uuid": "8346bb46-3c34-49bf-9cda-0ece7723191f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687236683, "uuid": "78349320-91d1-4015-98d2-7607f13c6026", "value": "1a66a7aa607af278f7a7c5d0ded3b929", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6003d98-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687240862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240862, "uuid": "c4e9e57d-3738-4dc0-92fb-8f45897ad5f8", "comment": "Malware payload (RedLineStealer)", "value": "3b0b80d9bff688cc1d76af98e677d810", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240862, "uuid": "1134fe56-d7f4-4265-96a3-fde5407f2f32", "comment": "Malware payload (RedLineStealer)", "value": "9506615499fa08a990eec75493cbcec5368b00cf08298dc5fd12ff79f2c6869b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240862, "uuid": "2313e70c-c8e8-43f6-9985-d01c7944295e", "comment": "Malware payload (RedLineStealer)", "value": "4b982e3a590bd84e357bb676d23032bdd801dc52", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240862, "uuid": "2bb12476-de44-47fc-b675-dae408f20b4c", "comment": "Malware payload (RedLineStealer)", "value": "0251ef2521b344367e4e67ad001572baa45ab2bb045f7bfe23f383936361c3d22898af50e01fd1eafffbbc536e8338ba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240862, "uuid": "76d7f518-1073-4fea-ba6c-252a989f4428", "value": "T108F41241B0C4B138EA710A317D6A3792BDBDF4A04E60896F3FA0771D8AB55E2B5F045E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240862, "uuid": "a61be9e1-69ed-4309-af79-c89c689ce1bd", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240862, "uuid": "3d28babf-374b-4995-ba27-4d1bcc51abd7", "value": "12288:+Mwz5NR9v7fWlu+T/E6ud2NQxjM70eRufZB5CiiWAoTwKbFJGgtNPuwTTL/G3X:vMRJ7fIud2sYRufZsWAPKWgtwSTC3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240862, "uuid": "51d5f287-987d-46bf-8701-9998f700381a", "value": 761344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240862, "uuid": "804d38c1-598e-4d84-9a6b-c552ea04d333", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240862, "uuid": "b7c7453a-4baf-4e4b-8b2e-78a791c7a2b5", "value": "3b0b80d9bff688cc1d76af98e677d810.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d360aa16-0f4e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687254172, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254172, "uuid": "3e7a9f2e-3cb8-44f4-b9e2-871fcbed9b8f", "comment": "Malware payload (Mirai)", "value": "5ed4317bb7e9a5345f51b19289907562", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254172, "uuid": "de81f269-50c9-42e4-9503-6fd6a3af1220", "comment": "Malware payload (Mirai)", "value": "9507e3fd6a74289998c5460060038d45271f175a0485db63379f494843b1f7f6", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254172, "uuid": "38747668-6fb6-41d0-bfc3-d5ff3d1b4238", "comment": "Malware payload (Mirai)", "value": "44bfe710e59122013bfdb7fa96860330f5044e8b", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254172, "uuid": "8d4b3809-cfb4-4bfe-92c7-55031044f16e", "comment": "Malware payload (Mirai)", "value": "362a587e63b9170cd87dfa5d815459cfb0490427c3962bc7b7b1b255ea0e2cc3012e3639dd1dc7d631af09e6e37c3506", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254172, "uuid": "649dad38-020f-4b49-9120-cbdc93866281", "value": "T187E33A07B5D188FDC49AC2B44B9BE637DA72F41D1238B16B27C4AE262E5DE305F2D610", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254172, "uuid": "e254db29-fb57-4c21-9982-883d22da446f", "value": "3072:H7E9tDCzCNeuJXmMbUKxl4/Fz7oBuBw8i2HbIseD:H7ytDCzCY8BWxMQI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687254172, "uuid": "b79abb0b-cca4-459c-b880-91ff65f30c7f", "value": 143672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687254172, "uuid": "c4546cbd-3aa0-4489-8236-233b5ab17ecf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254172, "uuid": "32f794eb-41e6-4248-bacb-0db379575ed5", "value": "x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec5089f4-0f5a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259368, "uuid": "2a872d52-5ed8-4111-8171-6ca07f8a8d43", "comment": "Malware payload (Mirai)", "value": "2f6b741ff7e308425672548702003cd9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259368, "uuid": "d0c89ce7-5c01-454d-828e-9f0c2cc7e71a", "comment": "Malware payload (Mirai)", "value": "95724a35fddadd4c3973dd2456a55c57e895c30978f42483d2ff39b328964eb5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259368, "uuid": "8cc4ca03-b6aa-474d-bb66-d9797f0afefe", "comment": "Malware payload (Mirai)", "value": "84d6f71cb822829d3c7e1dc51a84f13d8d5826f5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259368, "uuid": "72530f4a-c40b-4db8-9be0-f5969e74ee5d", "comment": "Malware payload (Mirai)", "value": "41ab556fc3f749d1e037e5664c27fc22e6ca386d4bfad1f3995bee40c842eb10fd429188dac78991a90847b484c3f6b8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259368, "uuid": "6e6d095a-5473-4f26-8dae-60749afe409b", "value": "T1E0A30731A641C973D14305F211A7DB620D32FEBB1A6AAA96E36D3CB0DE360C1B561E5C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259368, "uuid": "b33c9006-5e4a-4778-a1a2-89233c30f9b6", "value": "3072:gjtwgA6UlYzZveohR9kIEAfdGZmmFVcqq0G27ZT:gjhzt3mIEAfAmmFVcqq0G27ZT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259368, "uuid": "3c0ac12c-5d12-46a9-9a02-c74e33d11dc4", "value": 100267, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259368, "uuid": "fd4c67c9-9c6b-4ca9-8c09-1caa3a27aa3f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259368, "uuid": "fafdc048-d9a3-4a55-858e-2e7e63dff184", "value": "2f6b741ff7e308425672548702003cd9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddf55efe-0f5c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687260203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260203, "uuid": "7c8f3dc9-a4df-4dfe-96e3-5ff7fc28f3ac", "comment": "Malware payload (GCleaner)", "value": "d0625541e5a2cfddbfa75765d4c8d00e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260203, "uuid": "fcf03712-a5f2-475a-9b0c-16951e338a14", "comment": "Malware payload (GCleaner)", "value": "95fd65d2e24cd35d1ad779705122399dd335562ee70759171ca30536cc3fa391", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260203, "uuid": "ce6f25c9-53de-47c3-93c0-775cc6585da5", "comment": "Malware payload (GCleaner)", "value": "c9b20c528565644c0384ba43b41e17661859c247", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687260203, "uuid": "37fd6992-8684-45e4-a0ad-6bee42a378a7", "comment": "Malware payload (GCleaner)", "value": "a5446a4be3101183435e366be13bd0ca34f1f0ff8461599301da64a6ea42ba030f36401bafcf244f705786765901f6cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260203, "uuid": "9c332d41-0076-4ae0-b1e0-84520017aaaf", "value": "T1DED522565BACA921D0FC48F5FFE233D8712494245AFA01F96CBB5A3BF0A564C2D3B604", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260203, "uuid": "25555171-9299-4741-ab93-9d13eb79296c", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260203, "uuid": "904e291e-a9c1-46c8-82e8-dc8fad2fe253", "value": "49152:2GagdVIc3YEjbZ7w3u6pOkTBqkcaQLNNYHR5wRqBW8eiZZ/LWXuN:fagwngZ76u6prTBzTQzQiR0Wi//VN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687260203, "uuid": "4bfa02e6-3b4b-4755-bf97-a9dfa9e393ab", "value": 2748489, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687260203, "uuid": "8fcd7f4a-c0ea-4b0f-a55f-5fca737e20ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687260203, "uuid": "568866ba-13ef-4ace-953e-8b1811d51de1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39154ae4-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1687241028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241028, "uuid": "66e524b4-a10b-468e-b8c4-7d9bdb756ad0", "comment": "Malware payload (SnakeKeylogger)", "value": "8b98a1ce7dcd2c5fbc71cfae5be17c33", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241028, "uuid": "98a9bbc4-8ec5-4b2e-8103-cdd2d21c8964", "comment": "Malware payload (SnakeKeylogger)", "value": "9641acb7eae3fee9520a90f738b5bdee07a09bc09efecc0082568ea6ed15525b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241028, "uuid": "642a48cc-390a-4003-89b9-71db0aeda032", "comment": "Malware payload (SnakeKeylogger)", "value": "552890aa74b87949271554821990a3fe86a46cc3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241028, "uuid": "0bf20ba3-0cbc-4c5a-97ec-f7ed534c3832", "comment": "Malware payload (SnakeKeylogger)", "value": "e6a283d9214efc625fad7114eef28852ae15b71944c5f4e9ecd82ccc09a98862991783104bf751c8b9739b5829da6b37", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241028, "uuid": "4ec82b62-ebd4-4dcd-b0c3-1f8a1866aa8a", "value": "T1C26412181B12DE87E59706717B3E1BA3DFB7E05A2075494B23641F18772A7C2E72B360", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241028, "uuid": "67c739b6-cc15-4de5-b3af-a23f781fc2f7", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241028, "uuid": "a8a3f20d-4f87-46a9-8138-b6f7052b28a6", "value": "6144:/Ya6CMnexQTe/jqoD6K+hvhbD1nRCeeFes4GGqMrUFDGgNSlORB8tZEv:/Y8MsQsj3ahvhXKe6TGbgtLRBwe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241028, "uuid": "8e723a45-4e5b-405e-ac7f-56be21c4571d", "value": 315905, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241028, "uuid": "c4f4d7f9-5403-486d-95a7-3da20aa427a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241028, "uuid": "a22286f4-cc78-485d-9e15-4b8f70dbe30a", "value": "PO#63542.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ff7a553-0f48-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687251401, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251401, "uuid": "bd0ef3f2-1779-46c7-ae3e-201b71a8d86a", "comment": "Malware payload (AgentTesla)", "value": "1f263ce202620a41198ccf99063added", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251401, "uuid": "ca964fcd-bb3a-4590-8bf0-92f0de3a18bf", "comment": "Malware payload (AgentTesla)", "value": "968cf0913cae66409f90e8055d5f8b170c733b515a8fbd62e0209f83685a01c8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251401, "uuid": "55a03d6c-59c9-449d-9197-b2f986013cf8", "comment": "Malware payload (AgentTesla)", "value": "a9f9743aef066d7dd22f4e1bb26fe1881cbb0407", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251401, "uuid": "81c97607-aafa-4a0d-b9b6-fad37d23be4f", "comment": "Malware payload (AgentTesla)", "value": "6fffe61a48a7b5b72b2bb1c56708fad5c48409a30f92e5a67f870b4e6ee5b9b0ef358df31ab993af159d0a112c54bacf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251401, "uuid": "60c22471-3e2e-4e79-9b33-24a6b81cba5d", "value": "T1C8E423363EEB72DB15A01923CDCB406DDC3B10F124794351CA8E5D28AD6B649DBDABC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251401, "uuid": "73020afd-3b8c-4e3f-820f-b41c4fd5da14", "value": "12288:4TipCoE5LtM2LP8cKqBC7GXfXEVNVewqFYgUZIaXzJEX3MK9VXm1VFC81z:4ewoENtMYRlBC7mfXEXwwqFCHg3MKPkh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687251401, "uuid": "51306046-e507-4fff-a476-2bc7d244e965", "value": 712590, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687251401, "uuid": "f3965cf4-3a06-4fdf-a01f-a53dfebcf922", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251401, "uuid": "f059b05a-82eb-4e64-a8c0-fd649e14be2c", "value": "New order 5003848511838068.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "167a66ac-0f42-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687248701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248701, "uuid": "3304e363-b0b9-4cab-bf84-900598a76b86", "comment": "Malware payload (RedLineStealer)", "value": "b494566c506f600c5845ad065e7c861f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248701, "uuid": "1965b1f8-b118-4f5d-a24f-112121c231a2", "comment": "Malware payload (RedLineStealer)", "value": "96b0696e091b6dc3532d98739e162ec1ac7535faefbe3bd8fb14e926e9e4924a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248701, "uuid": "c225ed44-30b4-4f12-9607-4bad1f4fd88e", "comment": "Malware payload (RedLineStealer)", "value": "cd81776c7fe40a990d43ab828f7710318448bf1c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687248701, "uuid": "0429d24d-4754-450c-859b-0fe0ecc3a31d", "comment": "Malware payload (RedLineStealer)", "value": "2b4f62473b6a4e54f74a62cf923fe29b03f166998ed00947307edf1af6f5b2f023cbafed1b4dbc33bec66a40aea58f3c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248701, "uuid": "bdab8be8-06ac-430b-8a32-5d5648a4aaca", "value": "T1DE84F88382E13D98EA278F73AE1FC6E8764DF6508F4A7769211D9A1F04B51B6C1B3710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248701, "uuid": "4d13eab0-62aa-4b5c-be2d-a8df1eab949e", "value": "b1a5bdbc77a4868d9509a53571fbe8fe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248701, "uuid": "03afa559-5ba7-4f06-94af-d3bdb7e9c6a6", "value": "6144:mJNjh6AqaG9hZy5yqoRf0+4hk+T3uePepyBBu:Yh6rzgoRf0US3SCBu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687248701, "uuid": "f3ee6f39-99e5-4f05-bcc3-5a4c4a58bd73", "value": 388096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687248701, "uuid": "8c038772-a39b-4dff-a433-1dcd20d1f046", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687248701, "uuid": "c20630bc-cc64-4d22-93c4-dbf2f1957d92", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6108ecd9-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687268583, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268583, "uuid": "530395c8-7f1f-490d-a369-88243afdfcae", "comment": "Malware payload (AgentTesla)", "value": "54ce7dad8e119eeb9cdd9d866dfce196", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268583, "uuid": "c009c020-b060-4606-8dd3-b7b013fb5ba9", "comment": "Malware payload (AgentTesla)", "value": "96fdf5c2a638bb7b2390fc8764534d26027446115f781706aa67d1e83234dcd3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268583, "uuid": "eaafde7d-9d07-4f02-a3e6-fd639cf08856", "comment": "Malware payload (AgentTesla)", "value": "0f415bb430fb6858ca529fde657151190f892055", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268583, "uuid": "a3b77e81-d1a6-4fa1-a6b4-db6a00c69f37", "comment": "Malware payload (AgentTesla)", "value": "98b5b661ad242e1fee1b95ce254bbd59fd20e84862e4470d16f570c8f83cd489d5323112c072067d02b4f8339ae26b6d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268583, "uuid": "264d68fa-a851-4666-aa17-386b77960ec1", "value": "T1ECE42C507FDF24A5A9B72E5746EC64EC4F8BB549123CA009A04C4A0707EB987E9D9F33", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268583, "uuid": "4111cb87-8f5c-4f48-b48a-51d34a889f53", "value": "3072:9gYcpl+og0S7CTn/7kwkkqEMWsgwBZqem:A7kjLgwBZqZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268583, "uuid": "67c87091-a153-48b8-8225-7476659a6de1", "value": 684242, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268583, "uuid": "2e335633-2104-4ed8-9f4f-ee0b543df129", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268583, "uuid": "6b3818ea-d8b9-4223-bf40-7958ad12ab25", "value": "Creed.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e158f302-0f5a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259349, "uuid": "1d53db13-b2a6-4ebc-a674-4613618bd3f4", "comment": "Malware payload (Mirai)", "value": "636ae1e25e6eb1a91d080fc99c0b8dd4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259349, "uuid": "9b8d35ce-6f4f-4881-9003-df707a7526aa", "comment": "Malware payload (Mirai)", "value": "97854ff0a53e12a5520c938c04efa3821c91b77ee612d11cc8c0c4472b6b5c59", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259349, "uuid": "606387c7-8bfb-4f3c-bf22-6703d205d8e5", "comment": "Malware payload (Mirai)", "value": "b65f675b0a87f6a909dfaa71a98da4d200facd2f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259349, "uuid": "5726a9d2-5ae4-404f-afef-fa3ffd1ab865", "comment": "Malware payload (Mirai)", "value": "ad619782552bdb060040380ca30e0cc9a5711b756b28571b118a4b91961b5602aef6382d67185562aac113142c81fc86", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259349, "uuid": "83550d8c-dde3-4179-bd7f-76534a204c1f", "value": "T17AD3F730E8044B1BC2D227F6A79E469E3F351EA7979733115A387DB02FF27992E25520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259349, "uuid": "af901c42-94af-41ab-98a2-3e792421b693", "value": "3072:+DShVLkDZ6waCAdcljbYJOmP46aQyfPluesNb:VhVeZ6zcljboOmP46aQyfPluesNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259349, "uuid": "01efa3ef-5d46-40e8-a40c-71e4d29cba5a", "value": 130115, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259349, "uuid": "bb7c79c1-148f-4e62-8b00-f7353444f1ba", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259349, "uuid": "96bc9e8f-c571-48de-b3e2-eaf0b7c88424", "value": "636ae1e25e6eb1a91d080fc99c0b8dd4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bd6d61a-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687243261, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243261, "uuid": "e891cb12-34ee-473f-a72f-12a6138fde52", "comment": "Malware payload (RedLineStealer)", "value": "593a630e010736dabdeafbaaa6c04858", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243261, "uuid": "6314b570-2b96-40ca-8764-a60ebeca7048", "comment": "Malware payload (RedLineStealer)", "value": "9814dc8b4f8fb8907dc10eec1738afca5260ec977c6d774f1cbfbce7f7002430", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243261, "uuid": "350cedfd-91ea-4b96-a07a-5d3998812cc4", "comment": "Malware payload (RedLineStealer)", "value": "1fa2f19cddcab9346519d415eb95c380596eb816", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243261, "uuid": "d267d9e9-8833-4d62-b8f5-c809abb5c087", "comment": "Malware payload (RedLineStealer)", "value": "fcc63d6a41c5bcf8c12c6403f11303c26ff9e0b67047ae69830a5b855e983e475dd1e6b5bba116edf8bfb2b241e98944", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243261, "uuid": "b17b28c3-2278-462d-8c1d-8f3c75f9cd60", "value": "T1C2748C4392E17C61ED268A729F1FC6E87A0EF5604F497BBB12089A2F45711B2F633750", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243261, "uuid": "c3e0d47c-caf5-4dba-a1b0-8788ca195cc7", "value": "90a8b2b6ad978d000a5ba3658ad3f7fb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243261, "uuid": "febeb76b-ad3a-489c-add2-5099c665a598", "value": "6144:iGnSHH43m0xLKrZ3Hp6IaBuQ0rgVWCaQ:uHrZ3pfaBs2b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243261, "uuid": "1cf67b8e-ec0f-4f86-926c-f693072f17f1", "value": 369152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243261, "uuid": "29ac312f-9e1c-4b48-9da1-40e0b9d7947e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243261, "uuid": "2decca55-d4ea-4f11-a1a9-1c8130a6fff6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbdcf2cf-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240845, "uuid": "7ee8f490-b50f-49a7-bed7-2f1a25e0a6e6", "comment": "Malware payload (Amadey)", "value": "0a0fd34c6b4a0a05c64c5ebf57c9a470", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240845, "uuid": "00482814-b5e5-4651-b614-b4fc1f068592", "comment": "Malware payload (Amadey)", "value": "9877f0afd876d6e7869e3c3ff7d4be8c4bd498e97930e5193e6dcaea3b45ca1f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240845, "uuid": "0ddd5900-2697-4b1f-adcd-26f90ac5842d", "comment": "Malware payload (Amadey)", "value": "a7d779ded23e7caa4566963db60ce8ae0dc4f923", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240845, "uuid": "10dcd5bd-d582-468b-93a7-eb1bb9dbbf87", "comment": "Malware payload (Amadey)", "value": "76b659661e3d79fe5b310c075dade5ff56e57130ad2b1404c28fcc4158ffd1acee825bbdcdb46eb7e843ac4ed00f5ccd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240845, "uuid": "af3499c3-3ac8-4087-9bad-cd9f5ae29266", "value": "T160052203B6D84033ECB967B01CFA13C31B3B7D615D78866FA289994A1D713E4A572B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240845, "uuid": "d612ee2e-edda-4c37-9628-8537400967cf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240845, "uuid": "090a2e10-e559-46ae-a86a-eb0992e222e8", "value": "24576:MyCAhAV9Bb/qj9qUDcvKx6rIqgAzv3RS:72VvTgcvKQrIoR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240845, "uuid": "ffa43d83-e07e-4e05-ad20-a3abcfaef6bd", "value": 825344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240845, "uuid": "3df4a1e9-db91-461b-a6e6-b6f8a8bb79bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240845, "uuid": "b014be12-3698-4d28-a548-6be3144e85cc", "value": "0a0fd34c6b4a0a05c64c5ebf57c9a470.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f5ff2de-0f48-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687251373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251373, "uuid": "ff3aff32-516f-4806-bbfd-d206a477834a", "comment": "Malware payload (Formbook)", "value": "931796a49e91fab72ebf4478407b4f5e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251373, "uuid": "f0184f26-4c81-4901-b37b-bb5bc26e1010", "comment": "Malware payload (Formbook)", "value": "98af1f3c5432305b017b9d94ee5e4f7c9aef070f5cfbbcddda83f6ee7efce263", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251373, "uuid": "b96b8b29-7e75-4e3d-8d9f-02a45bdb422e", "comment": "Malware payload (Formbook)", "value": "350b493825a72e06cf61fc904deb4ab9987c2004", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251373, "uuid": "4cb8cc24-e36d-479b-96ef-e1f37dcebcce", "comment": "Malware payload (Formbook)", "value": "cba69a878734653510f5f7d9aae0b9b1c45c854c17811882fff63a64b29c70443be966de6998f2089db5446f281da184", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251373, "uuid": "855b1dc7-ce45-456b-8a22-4d47a60faf0a", "value": "T1E644120227EAC5DAC2F541F009389B9BAFF24D3130B9AD47676076AB3E376D2490D751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251373, "uuid": "22a55421-4ea7-449a-afab-3e4971241f1b", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251373, "uuid": "28389ea2-bf50-42be-bb6c-11182bb09421", "value": "6144:vYa6zJ3m9E+0sbpMbUNRO5c+/QXFl//Zc+vcZSOFgizi7:vY5Nm9wEeUNROEXFlnZ7EZ5F5O7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687251373, "uuid": "c69651f7-cc72-486f-97b9-c00aebb152db", "value": 278462, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687251373, "uuid": "eb18e4cd-485c-4418-bb96-fffb470efc11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251373, "uuid": "4a1e2e13-d851-4eff-a55d-b8686f98c369", "value": "23-QAI-OPS-0067 (7000000061)DOCS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6c188bd-0f53-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687256379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256379, "uuid": "f6dd83cb-d6bb-407d-96aa-805e4952736c", "comment": "Malware payload (Mirai)", "value": "8ecceec08c2a650226e1c3b575f6603a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256379, "uuid": "5b7a0fda-4f02-43ee-bacf-3d8488da6b03", "comment": "Malware payload (Mirai)", "value": "99113c2c9a572d606cc5ae93bbe83d3b315dc1151079f511c7148c68dbbb3aa9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256379, "uuid": "84b6be11-b739-425f-9555-087f355c814c", "comment": "Malware payload (Mirai)", "value": "0fb4599618ff1fc8d8beb9cc0a7014607f9f442b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256379, "uuid": "cfba5f19-6c96-4d58-95b9-bc7466d32847", "comment": "Malware payload (Mirai)", "value": "de22cd27e26790a9e80601c0945d18563d886d152757fb3e276fc25dff4ca76c45de3ccf6a9aa39a3994fb778375412d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256379, "uuid": "8ca7bea8-1e86-4dbb-9a59-05da98780bbc", "value": "T1E0D30A45F8909F27C6C512BBFB5E428D372A1768D2EE72039D256F24378B85B0E3B146", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256379, "uuid": "af6ffdcf-6996-43dc-823a-7acf1162b928", "value": "1536:rr6P7KyhUNA5RwL98OtX+U89Afo54VedYxTN/RLZWEQ4FvNKXlBwwywxICzESdtq:rr6PjPnOtP8914OC55LZWy1+C1R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256379, "uuid": "6b217891-1651-4960-84a4-68d4c01a1971", "value": 137984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256379, "uuid": "687aa09a-6304-42b8-8084-46c11a727f30", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256379, "uuid": "58d2cd90-def1-4124-8a7f-2a5176d3b7e4", "value": "8ecceec08c2a650226e1c3b575f6603a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07a32f6d-0f9e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1687288190, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288190, "uuid": "bed7874a-cf62-4041-bcfe-0b4998de297f", "comment": "Malware payload (NanoCore)", "value": "8ef917494a0e51cc61e491173b16150d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288190, "uuid": "adfe2c4d-bdc0-4799-b798-97ef3b44a6b5", "comment": "Malware payload (NanoCore)", "value": "99ab8405bda88a4990c2f46ca14251aab1498bec940ae809d354613f2ec4ff7a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288190, "uuid": "296c40c0-ba5f-4f0b-b9be-bc28bb5bd4ef", "comment": "Malware payload (NanoCore)", "value": "960c8748ca3aed52085baf26f1561edb181c8837", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288190, "uuid": "26afd594-e8fc-4e6f-899f-67879086147c", "comment": "Malware payload (NanoCore)", "value": "0cdfba4dc088cc1c3eb1f02a8a7af2770478f60a4f455b13074a3202c8962a536244f11beaaff7d40204168f6b795bea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288190, "uuid": "d25523ef-d7e7-46df-87ec-53387778164d", "value": "T1D03522247180C1B3C5B3167041E5CF39DDBA70220B77C6D77AAA2BA96F102D6A7762CD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288190, "uuid": "9704b1a7-8bdf-4cda-af8d-b3da5d942e6d", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288190, "uuid": "c96a0dc9-d7a6-4591-98e1-4d55659aacc5", "value": "24576:fk70TrcknUyZKMjSMO2P5tc+55ScWbLD+MbX9XhJxq5t+d:fkQTAknUyHjSM7K/q0XH/qud", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288190, "uuid": "ef8f038e-4547-4d95-ae40-d964a8291758", "value": 1095232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288190, "uuid": "18f38417-56a7-4819-8b38-b1393f32aac8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288190, "uuid": "49d1d80d-c2c7-487b-9ae4-d23e052dc6aa", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2bf303f-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240856, "uuid": "64d9af07-e9e3-4a43-8fea-4897147337ec", "comment": "Malware payload (Amadey)", "value": "148658879bddc9fefe0c0f87841bd3d6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240856, "uuid": "e4895477-9811-4733-a638-1274a16a693a", "comment": "Malware payload (Amadey)", "value": "99b6c2cf4b3073ede4392faed4f59f11f224901d1b6f832093761dea098b49c9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240856, "uuid": "1573f569-99cd-42fc-8931-224e92088529", "comment": "Malware payload (Amadey)", "value": "8216ae722d64f1ed4318ed03cec295fc12d31f58", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240856, "uuid": "b11f18fc-a651-41a7-bddf-1c7523b82de4", "comment": "Malware payload (Amadey)", "value": "7562ea10f8b0c724273d16fd77405165b4dc4e9e32f37830ae385c0454bed42e7aeb6d0c227fba3d78711d5b2cf7c4c6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240856, "uuid": "dcb60546-c338-4986-a752-6bf17f2db4d1", "value": "T10CF40200B4C8B131E9305A32AC69B9937DAEF8954A24CDAF3F54731F46716E1B5F482E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240856, "uuid": "b36c790c-4265-4abb-b55b-346c056aafc8", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240856, "uuid": "049c7291-d340-4bb5-9c58-75229e6e103b", "value": "12288:HlNmaRtv7fWlu+T/YVisg+QuiuH+aHeuAbnRS6SAg1sNm6xno04TPJy7oe:H7RZ7fIuR0sg+JHSb9S6EPTx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240856, "uuid": "377b2454-8441-490b-a8c8-ca95fa4de442", "value": 760320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240856, "uuid": "3b727596-0e82-4346-acc9-c1a0e31ddce2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240856, "uuid": "d502e886-195e-4283-8dfc-5218a48846e1", "value": "148658879bddc9fefe0c0f87841bd3d6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5bb2935c-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687267715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267715, "uuid": "d2790d40-e39b-4ec4-9a15-863fd855ca40", "comment": "Malware payload", "value": "6a8c99e7c477aa9421373a857b3c8bbf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267715, "uuid": "fc9868ec-0cd2-465c-9955-0d57acaafc77", "comment": "Malware payload", "value": "9a21ae5a8e4f0c012bbb9e17a3ec684bc70d53379296878c4928c66a9d3b66fe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267715, "uuid": "fd8de190-c73c-4b08-b173-867558e084ba", "comment": "Malware payload", "value": "bca9462d8b13fdf1bff3d9012b80b0704d953625", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267715, "uuid": "094d8617-0985-451f-b65b-fad0373d13f8", "comment": "Malware payload", "value": "9d3aa77f8cb02525374f06125d0ab19f7b40c495e8ee53fb7f640387f11f0b90966fc0afc2f419f4b6db82f28b338e58", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267715, "uuid": "5566577a-a18c-4ec9-8a16-74775fd99d06", "value": "T121447C067261C97BD34161318DD69BBEF6BAED240F224683B3E0FF1EAD352D05926352", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267715, "uuid": "5471ed3e-c170-4ee0-92b4-5a227bbe77bf", "value": "94c711951a3a5e82f4e4458bedd929dc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267715, "uuid": "b0f8d16e-a041-4cb0-933a-833636de48ca", "value": "3072:Ayx03KuV60ahvB45cTFDU0Y1FGU34c2Af6gSa9g9P29tm+2Eufe:Ayx0b0vB45qUV1FZIc2g8Pb+2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267715, "uuid": "bfac1dd6-bc6e-4553-bb1d-3647ffbf6209", "value": 274432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267715, "uuid": "eb30090b-a943-4b3d-af67-f3c7661b7c6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267715, "uuid": "aa0f7671-b5ef-4f34-b706-c356176342d2", "value": "Chess_.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96efdee4-0f95-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687284565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284565, "uuid": "39d54ee9-9d7b-4d9f-bf23-d639471af5b2", "comment": "Malware payload", "value": "a9aece6d18685a23cbc56cf5e0f22890", "object_relation": "md5", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284565, "uuid": "08e430bd-d4b6-4057-a0d0-f44cb4a7538e", "comment": "Malware payload", "value": "9ab99edc4c07abfe70b0792bd59c986cba3444bf33404712e53340d12d57243f", "object_relation": "sha256", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284565, "uuid": "261fe6a7-b18d-41a5-86e4-f47375d83919", "comment": "Malware payload", "value": "85d11df4c137f44f0619f9c2b2c63b37311581f7", "object_relation": "sha1", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284565, "uuid": "52cc4d28-364f-4f19-a48c-f7660ebaba09", "comment": "Malware payload", "value": "9d2c2d81520aaec8d3c8c686a5f3afe0ce6d79fb0f7ac7a533b41f9d0c71d79cf6313b0c9d05033de433917ba436961b", "object_relation": "sha3-384", "Tag": [ { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "triocatering-net", "colour": "#FC09A0", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284565, "uuid": "59054877-5278-4f7a-97c7-747496f6b3ff", "value": "T11911423A1BB7BDA6845106204114ACA8BB1D0E9537936F1464EC2B3C94920991DEC9D9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284565, "uuid": "be5fc871-9e2f-4fcc-a42e-fdbf9c6c6f94", "value": "24:/OF5yECh/GDicHxW4Qi/1NV99n8UdfC39uQkcIyCrOYXjpaBH:/oIECheJHxt99DdfCF1CKYXjpaBH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687284565, "uuid": "d8810316-2928-4031-9470-ff955c7efb61", "value": 1028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687284565, "uuid": "432d61cf-13ed-41c1-bfc6-c61016eac1d6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284565, "uuid": "986b5058-ee05-42ba-b270-c4663775393e", "value": "Readme.url", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a94025d-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687242426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242426, "uuid": "43767ecc-e27a-4fb9-b27c-169ae4be1cad", "comment": "Malware payload (RemcosRAT)", "value": "24e099c5b8b2a393da403c384fe88764", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242426, "uuid": "3e69178b-c249-4476-b724-37da5ccd43be", "comment": "Malware payload (RemcosRAT)", "value": "9c579392d600eb07e19d7d4c7b0c485d5a9c0cdabdc66518ad4b10db7fca1eee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242426, "uuid": "74b625fb-fb6d-441d-b766-9c9bb8af8495", "comment": "Malware payload (RemcosRAT)", "value": "18823a708aff6400ca742a5afab46dcf3cb5c0b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242426, "uuid": "914a44e9-ea7b-4ef4-a8f8-84a244c0a09c", "comment": "Malware payload (RemcosRAT)", "value": "1f7d49f7f60e28da17f053bb83393805e3d2d3dd95532298d187267a0c500e6cae4d7caa544442ab1edae0cc2a75c742", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242426, "uuid": "c6525954-18cf-498a-9edb-5e6ae9f26c8e", "value": "T18A35127C9F261A7BD498027C60A573BE2B1E9B75BDD2F3C39D41B0E8580EBA1114358E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242426, "uuid": "3784fda6-17d8-4a36-998f-8bb8178f06bf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242426, "uuid": "4a740c69-a189-4e61-bc44-8bdc03ccbe3b", "value": "24576:7IfEeNaj9nqfydX0066Q8uqVUHt0XskTvjwYqtm8OqK:LeUZqqdrzZuqVUqvjw+8O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242426, "uuid": "16dcdffe-d123-41b7-9533-539e2826efc3", "value": 1068544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242426, "uuid": "28ce8a8f-98bc-4673-8597-54d8b01ec81e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242426, "uuid": "9971f83c-ec27-47d1-b961-6db6b8e74d33", "value": "RFQ #03664710859027.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0159b8ac-0f9e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687288179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288179, "uuid": "8d3a2b52-75cb-444f-86b8-786cb60f1e8b", "comment": "Malware payload", "value": "55f7ab5a61200627961a5e3401d8b2bd", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288179, "uuid": "856b5d90-120c-4fe5-acb0-01d798fa1286", "comment": "Malware payload", "value": "9cd9994b0c9c1e3c8e2cc7892d3d411061d006fd01a1f62c364076f4466deb0e", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288179, "uuid": "17449e3b-1a1f-4e2a-806b-a7015a6018d3", "comment": "Malware payload", "value": "6efb25930ef6341b15a68eb063dcd950e30dfa4e", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288179, "uuid": "7b002f52-51e8-44cc-aabf-03e54c09a929", "comment": "Malware payload", "value": "f09c604041c3f3d1ac7cd8ce8a56a9f09bf7c0681f3aac3c2d2568a3fa702c311be325a51a40083ead91b8a69756634b", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288179, "uuid": "9759e6ab-a5c6-48fe-8f83-ed1a8ffbeea3", "value": "T180854AD132A8055AF0BE0A76C6732CE04771BE5B9ABDC74E1C9674DE21F37418816B2B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288179, "uuid": "77d8d5e8-0e9d-4485-badd-4d26ee189d20", "value": "49152:7zzzZT9IakZsx2nc/39aXC8KzzzPzzzzzzzzzzzzzzzzzzzzzzzzzzzzzru0rKuZ:v3kZ6D39aXeJNEM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288179, "uuid": "b57d1640-ea62-49b9-a0ab-1d813e0ad654", "value": 1833984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288179, "uuid": "bab66b93-f023-42cd-8f0a-c0f07a8d2b73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288179, "uuid": "77b3a2a4-1de0-451f-829f-0d94f6494cfc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "959060ad-0f86-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687278120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278120, "uuid": "b244bdf2-923e-4b04-a410-4d0a15dbc67e", "comment": "Malware payload (Amadey)", "value": "2d135faac776c4850a3f39ae4703c747", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278120, "uuid": "d90ea7cc-3714-4b03-ae22-630d3d5b270a", "comment": "Malware payload (Amadey)", "value": "9d66863b767f55ad441239a3fd4635a4199b1bdf8e85c62ceb619616720f7aec", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278120, "uuid": "6d9838a9-3b29-4bec-b3c0-fd8999d833b1", "comment": "Malware payload (Amadey)", "value": "75c22704b61dfb9955978b580746f48826a2536c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278120, "uuid": "7b272e88-293e-454c-b42d-c8b5db4cb932", "comment": "Malware payload (Amadey)", "value": "dd5a3eb767de2730f4262706bd81be41e7e0e5a6a26886aed2a42c345451aa6d45097bcd69bfe74562eef516b6a96336", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278120, "uuid": "4ca17530-6692-4ec6-8a20-12d8ec239e16", "value": "T10115F10171C18477E4B326729BBD656AAE3DB8B10BA596DB63E48D2ECF30DD0F630815", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278120, "uuid": "b1f9687a-cd07-4749-bc90-4567998d1bb6", "value": "9af3e93e35221a2c8c04a3cc05e589b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278120, "uuid": "bf2ecc29-7db3-46a3-9aa9-06589f3a7a29", "value": "12288:Fi/yOASDoBeiIlAwAph7WHxzngZ+bB1XOK4aYcJtXfkfUOtPLYxecNeFltH2Ht:FtyoB/wgkF1eKBLtvROtjYAieFltHct", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687278120, "uuid": "e7ffee3c-2f0e-489d-8fa1-ea498512a8ab", "value": 914432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687278120, "uuid": "3585831b-4aa5-4246-8591-b73a6cdcf088", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278120, "uuid": "49d8f33e-268d-42f6-a8ff-d44b361e24e6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09324f68-0f65-11ee-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1687263711, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263711, "uuid": "7a78a57f-25b1-40bd-ba61-dc0a42aa1148", "comment": "Malware payload (CoinMiner)", "value": "803a96317ba8bf933cf95f8f56bec689", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263711, "uuid": "6e8335b6-f636-436f-92cf-cbb633c46b18", "comment": "Malware payload (CoinMiner)", "value": "9d7f0589ce454fe8ab38a265b5fe9782f0635d251a95e69292bf57e076e205e2", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263711, "uuid": "b37272af-91d7-47cf-aa29-8827bdfa4642", "comment": "Malware payload (CoinMiner)", "value": "efb1f1766a0a886138f27932c3d88adb310f1582", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263711, "uuid": "2a3a98b3-9960-4afa-8f0d-7774ec074cfa", "comment": "Malware payload (CoinMiner)", "value": "cac71f268f09d83e46d5206ffa0740be800920e5b7ec6a9dfee2eb5c244d263c6a41134b33ddf8e63ad594cda5839b8e", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "sh", "colour": "#DA83B1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263711, "uuid": "179de7cf-27cd-4c76-9151-90c4e2f350e9", "value": "T15AF2164D9072ECB52D65C866DEE1362DB0BEF088C5F37B88AE213D3C54A4105FA715AE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263711, "uuid": "a8a07c7c-68cf-4b8b-adcd-51b274440645", "value": "384:aAC6+7pQwKL//OMHDf6jlpTWg3vMGQiirhv6R+wMeWGj4CC9vEKMvU/4Qdre21jj:S7LzQ5VFNcDAFLcIwgnoYq0xFB3Htguz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687263711, "uuid": "f46d3d8c-80ea-4bc6-a7eb-b76a3ad526e0", "value": 34473, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687263711, "uuid": "0c744886-2bc0-424a-985e-cd0ca729b434", "value": "text/x-shellscript", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263711, "uuid": "8d19e235-7f77-4ab5-aa71-0d0fdfbe4c08", "value": "ex.sh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42885b00-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687243621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243621, "uuid": "534c9433-137e-4b13-8b04-61380f68b7c2", "comment": "Malware payload", "value": "e5427267febd264d31e1c6ff0712ccc6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243621, "uuid": "7974ea6a-ef1e-452d-9a53-724319372f37", "comment": "Malware payload", "value": "9e0122fa6b8ab88a22b6aba7ade37a70738a713739092c0ec52836ce82f4dc18", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243621, "uuid": "51c5f53b-24d6-440a-bed9-ee41158e3ff7", "comment": "Malware payload", "value": "828fb67d8498999bde1faf061341bbca65d5d220", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243621, "uuid": "f10b0be1-2860-4a0e-a363-40d29427e338", "comment": "Malware payload", "value": "4cb96c376c2b9cdc0d61916f87aeed55545d8e191668bac576201110feeaaea41a44608b0af271478dc46c6639b0e895", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243621, "uuid": "efe3a4db-1195-4a74-b1bd-f013da5eb374", "value": "T1DAE533D64D2C5E50FCC341F909A79EFFB2A9898C86B5BEA3261C3F512599E060336CD1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243621, "uuid": "92d38e78-4a32-46ef-ad67-33495419cd0c", "value": "49152:WdNaqW8O3iXfMqiNmvmDLojL3zDjUJVa+cZE8w0p5fJIks5u8ZEmO5Kx6:WrXdt55DvUJRcZFbfqksoAEmvM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243621, "uuid": "8590b299-bf54-43b7-9aaa-5a1fd191c5c9", "value": 3030429, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243621, "uuid": "3fb49bb8-a0da-4078-b6b1-05969c7b6357", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243621, "uuid": "3a5fb455-3a79-4aee-9b6d-0b5b08d5c462", "value": "e5427267febd264d31e1c6ff0712ccc6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d83a6d5-0f48-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687251290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251290, "uuid": "70b411b6-e48b-41db-a761-d0db6cc3f6f0", "comment": "Malware payload (AgentTesla)", "value": "5ff7360515e703e08958ee77a93b0864", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251290, "uuid": "caf5e582-368a-4d4a-8b35-8b4115c5b575", "comment": "Malware payload (AgentTesla)", "value": "9e41cf5174dab99ec8b788e6a0b98747378e04406d7179aa12c832e75f6022d6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251290, "uuid": "772e3b97-adeb-4368-a826-0c2eaf1b3758", "comment": "Malware payload (AgentTesla)", "value": "b906c42ae836729f3f6ff9a3a860c257c79d2bb7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251290, "uuid": "adb633ce-adbd-4687-810a-68191234c5f7", "comment": "Malware payload (AgentTesla)", "value": "b20fe10cc1336137a65a3439e69acad2e10842fcfbb76df51d8683298166edf51e342cd2b8cb21fddcb35996c0da67c1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251290, "uuid": "d6a3817b-f5ff-457a-be44-46a066015046", "value": "T1F774020659B18497C9E57BF02DB956A7AD66BCA12018804B9AF47F0DFA73223CCCC35D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251290, "uuid": "da0b4b6b-69a3-480e-9beb-3bc276e09010", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251290, "uuid": "c271675f-79e7-4dc9-b772-211b9a3d7ff1", "value": "6144:wYa6JEVDJJtOo/ac75EaGmIbQ5RFSa5t1j/eYZ7thcTo4cackRHHCfgHFz1cQQ/L:wY70TTz77XIDM5xJhcTSackFSgHLQ/NJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687251290, "uuid": "8e8f0c5c-fddb-47a0-936a-a780d596dab3", "value": 342075, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687251290, "uuid": "4e519658-bb08-4286-bba2-984e760905ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251290, "uuid": "5b50cdc7-a970-4023-a90b-d8be323927e0", "value": "PRE-ALERT HAWB ANL2209036.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75348063-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687243276, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243276, "uuid": "1cdf69f0-e73d-4493-9066-6e61b667c5ef", "comment": "Malware payload (Amadey)", "value": "9d9c147b2c73ae6ae71a210747f2170d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243276, "uuid": "021abb2f-9e9f-420f-8318-815ba0c7f9b7", "comment": "Malware payload (Amadey)", "value": "a0499f829520323d989f05da98f65716c091f32bfe55ec66c148e3d22ae26d7c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243276, "uuid": "b6ffdc96-5da0-4a06-9436-3a227eeaae73", "comment": "Malware payload (Amadey)", "value": "fea99d13ace7c024fcdacebe571e615666aa0a67", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243276, "uuid": "b88bb2c8-17c2-40ce-a039-fc65f32077d1", "comment": "Malware payload (Amadey)", "value": "38e20e65096df024722febf927bf563dcc7fbda6483d95eb7ba9f03f2b7819b0870515dca81cc0f2ac7c0c95d2522021", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243276, "uuid": "a3a84e71-f909-4c55-9273-9ee0525670e1", "value": "T1EDF41281B0C4B530DD220631AC697A42AD7CF8A14E75D9EF3B64331E8A759E1F8F066D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243276, "uuid": "57964b75-a968-47c6-ae91-1164f5b6b02a", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243276, "uuid": "0e7b0b5e-d332-4183-a2b5-38fdf9e49a9a", "value": "12288:DlMEgRFv7fWlu+T/kmiT5ZDkWHCHchXz5MCe2uCCRhs3obkt+lR/335mc:qnRR7fIuPzHi8oJCf3RS0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243276, "uuid": "c4684816-9d1f-4a56-904c-8903e35ecba1", "value": 729600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243276, "uuid": "c30ba48a-4c9c-4a74-b16f-d22ead86a1f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243276, "uuid": "712bd37b-d359-4d73-9196-49304e4b270f", "value": "9d9c147b2c73ae6ae71a210747f2170d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4075fae5-0f69-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687265522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265522, "uuid": "119ff0b5-75be-435d-8cfa-49d8a795e5ca", "comment": "Malware payload (GCleaner)", "value": "3fc920db7337c9e02b9d98a8aa177822", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265522, "uuid": "dff3aa4d-4365-43a3-8df8-b0b43d46b955", "comment": "Malware payload (GCleaner)", "value": "a15abe18fbfd0002449e134df971fe3649ffbce4816d30fd8f8273a656c8855e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265522, "uuid": "a0671480-81bb-4247-b959-d4c2948b21ae", "comment": "Malware payload (GCleaner)", "value": "b13c361b2af3618508460212c8e884d2d3bd9ccb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265522, "uuid": "de44d00c-5840-497a-adf9-45e1cef71b96", "comment": "Malware payload (GCleaner)", "value": "0e349a77703c04ab9273a865e5ec0503ea91eac40d328d317e352dc52df0441bdeac740460caab415f8fdd7b8f734fc3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265522, "uuid": "dc867192-c536-4ea5-b88e-07e6dc586dcc", "value": "T1E4D522419B7CD960D4EC98F5FFE133C8A138E4251EF641EA28BB5A3BB4A550C1E3B524", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265522, "uuid": "f114e5bc-18a7-4caf-af47-73a73f56765b", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265522, "uuid": "3b2d4185-af32-4371-9c27-9731d68dd997", "value": "49152:2GagcuX6DvM6S4r+yv/Jc+1qSdCUmCSejBnvpBv+gTzjZz6mFjGlF9KYEkiIH8xb:fagcuX6DU6X+Qe+1MCnj5hBvVFl29KmU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687265522, "uuid": "57e07393-8c30-429b-989c-1e1a922026f8", "value": 2768213, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687265522, "uuid": "bb7a06c9-3e67-4712-8758-2792cc35f1ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265522, "uuid": "a36bc08a-46c6-4c55-9051-66ff643ba111", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fceebad2-0f96-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1687285165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687285165, "uuid": "a5ff462a-810e-48f1-bfb9-bc6b96ef4eeb", "comment": "Malware payload (DCRat)", "value": "47ae81ad30f25c3e8741eee7cec86469", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687285165, "uuid": "596f6bbc-3e6f-4108-9e62-735ee0fba6f0", "comment": "Malware payload (DCRat)", "value": "a16465e149e3d655f042fe17721a93f54c9db0ce45cc09b7152fbd4710f71b78", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687285165, "uuid": "d4ede03f-b6fb-43ea-a6b5-f79574f712cb", "comment": "Malware payload (DCRat)", "value": "87059c6fdb54e95a2ce0f5eac3d3614cd1dcc141", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687285165, "uuid": "44b7ac13-83cc-4f1a-99aa-811d4e6d3115", "comment": "Malware payload (DCRat)", "value": "c93aed11cd3829d974b9161dcee4c5a5920ff7272792a14c6602357482b8aeed0a6d3509253b344ab5c91f080589add8", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687285165, "uuid": "769473a0-f7bf-4ded-8b13-6b2c963f85d4", "value": "T158236D4037D8C136E2FD4B75ADF3A2418675D66B2903CA596CC814EA2B13FC696036FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687285165, "uuid": "33c3f00d-3973-44d6-9743-90004bd31c45", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687285165, "uuid": "fef35b62-068a-4692-b10b-839bf5502d5a", "value": "768:Eq+s3pUtDILNCCa+DiPstbJN/IisVr8Yb6grK6g0i2svEgK/JDZVc6KN:Eq+AGtQOE1CrzbtxgssnkJDZVclN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687285165, "uuid": "1ed8ee22-6e68-47f2-ba65-6f4dab4d1bef", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687285165, "uuid": "bb7ecff8-33de-491e-b266-f340c780e67f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687285165, "uuid": "d1f1d680-812e-4a7f-8175-3706f9a44a81", "value": "xp3fwpRq1cEz.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f794fac-0f54-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687256662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256662, "uuid": "dc06f109-bb64-483e-b020-852da726acde", "comment": "Malware payload (Mirai)", "value": "078e84c550ae237e60a3294bb20cec53", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256662, "uuid": "b6314a7d-800c-4bb2-8c28-22baea0f6dae", "comment": "Malware payload (Mirai)", "value": "a1b1567f0fd9d24c8e89f00cbf633ab62b1c495b7ffe5dd9b7a39a9ddd2af4e1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256662, "uuid": "cb7de821-9541-493d-9f01-922c949c12fc", "comment": "Malware payload (Mirai)", "value": "071ce530f176b58f9ee125c6c7aae4c5a86fcac4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256662, "uuid": "974304b3-c186-43fb-b4f5-5f356e6e0187", "comment": "Malware payload (Mirai)", "value": "1a07201003b2c63f985aa589f2932979cdb9fa2df556fbc3058ae61522ee000a7bbe976122fb067c404d0cc3a3cbad4d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256662, "uuid": "db4153cb-9992-4293-bc49-4e9b8ae35e6b", "value": "T13F04B81E6E228F7EF6AC873447B74925975823DA27E1D684E1ACC1105F2438E641FFE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256662, "uuid": "fe98bd67-412a-43da-ba85-c3612de2fc9f", "value": "3072:NCAHNLVVAn5VMVERexp+EZ4PnjKbdEDvu5P:NCACn5J2p+2an2dK2V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256662, "uuid": "240acc75-0f68-4d07-92ec-6126a4715fdd", "value": 182072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256662, "uuid": "18f4494f-79be-4b08-a251-a77477d7400f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256662, "uuid": "a10c0805-5f96-42c8-8d99-364997f70459", "value": "078e84c550ae237e60a3294bb20cec53", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07246332-0f58-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Pikabot)", "timestamp": 1687258124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258124, "uuid": "49aeb1d8-f19d-4e8e-975d-a121b7a14ed9", "comment": "Malware payload (Pikabot)", "value": "aa0822ad608185fb992bbbb54cb98ac1", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258124, "uuid": "3ff87bb4-e050-4d2d-bd65-c63415d5f1d5", "comment": "Malware payload (Pikabot)", "value": "a20bc458fdd68d29488c815604bdda51f4988b48d0e652a434d4323db7bd7a52", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258124, "uuid": "925e6085-d473-49bb-a9f2-479d6e8a17ad", "comment": "Malware payload (Pikabot)", "value": "a617ffb010cefd25b3e53b06dd39defc4eb3ced0", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258124, "uuid": "9759500c-c5b2-41c2-986d-32d42aee53ad", "comment": "Malware payload (Pikabot)", "value": "e723d718666a89a70a1846bcfb3ecc10f3d8d92e765355b189713db62ba1b0441f4f7cac68bdeb1c4c6e913451c4cea8", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258124, "uuid": "8cd5404e-f9ee-4eb5-a1ce-e10756daeb53", "value": "T18D9475815B8294981077BB22AF51E0D0D7560D89B2C14E5AF09D3378EF5C8EC76AFCB9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258124, "uuid": "8f206167-4606-43ac-be84-08c26a2ddd13", "value": "6144:kzk2tyuoE1y4V/gPAdgAdshhOa7JQbAQIabql9w6uBy2rnEJbXLKzV0:kzk2tyuoE1y4V/gPAdgAdEhSA5zuBHV0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258124, "uuid": "6c3a406a-4952-402f-9d8b-f4d9c38143e3", "value": 416509, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258124, "uuid": "b2b9f95d-7517-4c91-a4a9-eabbda99853d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258124, "uuid": "737983b2-0853-4ae2-b608-611f8d277787", "value": "Gl.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88071fc2-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687243737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243737, "uuid": "e7006e75-1a6c-4e32-9e37-cb08335a0e50", "comment": "Malware payload (AgentTesla)", "value": "b3579732c909136ef842302a1261b3cd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243737, "uuid": "d13bc963-0528-4e77-8b0c-6dc2bd735427", "comment": "Malware payload (AgentTesla)", "value": "a2e2e1fa1e718c0d2505ef567dca7a115d9cf17e67c9aade481187874216bf3f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243737, "uuid": "c66203cc-9fb6-4017-b3fd-dc972799083b", "comment": "Malware payload (AgentTesla)", "value": "929e7e3617b3c9125e78bcf0609a609f43070e05", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243737, "uuid": "1d5e83c6-62ba-4065-a62a-df134241159b", "comment": "Malware payload (AgentTesla)", "value": "98fd8ee62f1544b052e50e319b5cc2a5365b8d088a01bfece90147df0a72be5eddf64a450e45047812018319dc0c9552", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243737, "uuid": "00c44a85-bac7-48d4-8b4a-fd98a141f498", "value": "T19D64137463E08427D9B701B2AE3653760BE61409B830A79B13256F2E3F62353BD1F352", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243737, "uuid": "2356fd05-84b9-4134-bdf8-5ab905ad7eff", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243737, "uuid": "49c4af6d-801c-4c15-b460-c05aa9982cc2", "value": "6144:/Ya67ChnwlfzjwVGpSLunMIAB/Nz3/C/0IpKDmQh1dOYes5J/OLbtjN:/YxCOlfzjwVZLFBVzalv0jOYZxOLb/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243737, "uuid": "0224cf4e-3ace-4921-869c-262ecfc44bbe", "value": 308571, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243737, "uuid": "79148b5a-b09e-4cd3-bf3d-e1db1c0a726f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243737, "uuid": "7f4dabee-090b-4e76-91bc-c86ccff180fc", "value": "New Order _list.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60440d0e-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687268582, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268582, "uuid": "31083420-93c2-425b-8770-a8a1727cd214", "comment": "Malware payload (AgentTesla)", "value": "a93623ea40565b06437c51054640eee1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268582, "uuid": "fea67945-cf22-4714-b4ee-348e660e78ea", "comment": "Malware payload (AgentTesla)", "value": "a3646df57e935938fdf32f977fe40f1cff32a25ecfb8d086c08cedff9f7d7f1d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268582, "uuid": "5dd688a4-e189-4c6d-a2f8-ea6cff4f6ddf", "comment": "Malware payload (AgentTesla)", "value": "28cd2163b83cf262914aae5c72efd552a420b4fa", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268582, "uuid": "ae39faff-6ae6-47e7-a34c-301b564c2b34", "comment": "Malware payload (AgentTesla)", "value": "d9bd511fddc98a7a68ecf2fcdbd097eb500b4b986fc4ba8a70e9125e5f11cb78c6ec3277e9531a021eb6e66373770155", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268582, "uuid": "844f8933-c7a8-4fd6-9001-d82b13feefed", "value": "T12225BFC45148A9D6D0572F705C36EEB0053EAEE9332086093E477F67B973F96226AC4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268582, "uuid": "6c716f5c-efa6-4cd0-9f93-b4d3a83a2e16", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268582, "uuid": "d6c578b8-8a72-481d-bb3e-256d0b014329", "value": "12288:eb903Y4muPM7q6bpw4dcZda/igJK7364mYw2fJltP8W1Lk5hbtUz3jouavxZ4Ga:eb903YLzu4CZdOsRTMt+zzov", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268582, "uuid": "3dd9ba4b-1413-4e26-891f-80c919c5c15d", "value": 968704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268582, "uuid": "24d6e171-9c52-49e4-bb8f-ea06c8fd87a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268582, "uuid": "a3baa740-4138-428b-a4d9-bc388c48d94b", "value": "hesaphareketi-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9898ea7-0f6f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687268382, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268382, "uuid": "25153d0e-da48-4880-9049-ad9f99ed303a", "comment": "Malware payload (RedLineStealer)", "value": "55a96c067de0fd8efb2825ca4fadf93a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268382, "uuid": "f16c3239-dbc5-4d6a-8413-18ec6a8f1e16", "comment": "Malware payload (RedLineStealer)", "value": "a4196922906f2ed64cf0d789f48de73cb8ad7404184bc3dd062b2215cfe31cb4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268382, "uuid": "06f47379-2bf4-41b8-aa3a-6e9fdb50d755", "comment": "Malware payload (RedLineStealer)", "value": "6aed98c796c9c030bdd6c974e674ad60685b2b50", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268382, "uuid": "ae488c8d-fdf5-485a-8d84-7ad3fcf37491", "comment": "Malware payload (RedLineStealer)", "value": "a6e9ad21f83b627e39b959b50f82f6e2ba9dd4dfd3693f0856a902f94094987c9891657a3aed51508baca18a01204d73", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268382, "uuid": "c91265ca-fd84-49f0-890f-bda1afeaa764", "value": "T1D435D011B5D2C472D472213609E0DBB59A3EB9200B55AEDF67E81F6E8F303C1D731AA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268382, "uuid": "7d265976-0ae3-474a-bb6d-378d3fd5a663", "value": "6f3eb99ede26190ebb4d18e0266260bb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268382, "uuid": "96f0b9c2-71d2-4757-8685-d9111d4e0b7a", "value": "12288:5EXGJpqdNctnfhLwZG2l2XZLaEWoKJrHP2:5aG7q2c2JLa9o6+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268382, "uuid": "52112a9e-9e93-455b-86af-c2f52ed5d2cc", "value": 1097728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268382, "uuid": "72280034-dd29-4d46-bc4e-5b517a38c61e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268382, "uuid": "fb849ad7-447d-4cb1-9f97-e0b36f80d7c4", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea569fe5-0f88-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Meterpreter)", "timestamp": 1687279121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279121, "uuid": "481f6aaf-acf8-468b-82cd-9d6ca7fac8fb", "comment": "Malware payload (Meterpreter)", "value": "81c37f904ee42d542c6cea29f0f1ef47", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279121, "uuid": "d1295966-9418-490d-b01c-b8119b459bee", "comment": "Malware payload (Meterpreter)", "value": "a45f6849ee2181518fac4c0365e742ce273a846421471ce5cb0743c1b4eafc0b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279121, "uuid": "d6d0e52f-9832-4532-bfbf-e842c88fdd4c", "comment": "Malware payload (Meterpreter)", "value": "f0791dd57dc1abac2e5ca33d850cbb5a636dd535", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279121, "uuid": "119da79a-02ff-4dd9-8296-f185732a5cd2", "comment": "Malware payload (Meterpreter)", "value": "36ec25ffc1eba5fa39710af0bc2d4f52af5ec327b10f909b9e7ef2e582f65e886d02446763b97d76afc7ecc05753c5f4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279121, "uuid": "e43401e3-e645-4855-a5d7-a00a7d5a5beb", "value": "T1AD02B839B26D08F7E07127FBC5430987922CBB24039515DB1783342274526E7B679BD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279121, "uuid": "461a90f9-ca12-4fa1-a4c1-a7ef802e3956", "value": "57d6e7112c8e716cfe2eb0ff9f36763c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279121, "uuid": "faead857-bfd2-4f21-8fd8-2a5a930a2e85", "value": "48:qUr3zU9G4aNVhnX5hthMt6dOF4ACsJP5uPqb:+DIiF2sJPkP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687279121, "uuid": "8f3221e6-7cce-4b0d-8269-a7e48863f463", "value": 8704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687279121, "uuid": "f9e5e9d2-b74e-424d-a378-005590f4ea86", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279121, "uuid": "a1d32b87-4318-4dcf-a96d-42798e561683", "value": "payload.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "274c076d-0f3b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687245723, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245723, "uuid": "7e26c9dd-e44c-4ac3-87f2-9e7b6d3c84ec", "comment": "Malware payload (RedLineStealer)", "value": "fd72a67f1fe513068bb46bf63d943c9a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245723, "uuid": "ea7f72dd-95c3-48ed-a938-d92c676a7a0c", "comment": "Malware payload (RedLineStealer)", "value": "a4cd87054bb789eb286fa05256bc4b372592f4f6a463eae25370ad6616112b21", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245723, "uuid": "db9e577c-93a8-4e13-8413-ccf612217aa3", "comment": "Malware payload (RedLineStealer)", "value": "24ac52adbdd3187680c96502140170b922509c55", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245723, "uuid": "a9326831-d8cb-412b-b8a9-5df8d5094e95", "comment": "Malware payload (RedLineStealer)", "value": "5e23ff882b84d0af08bcd93e96ddf4be51a309ddf6c189909bc4bc6724409992b9ee784986d92c5ddc59fedfeb9809e9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245723, "uuid": "1dc400b5-c07b-4d78-80e0-1f4ef3be591c", "value": "T12E349D0876C05031ED2624356F2944936D3EE8921E78EC5B3B98E31E4AF4FD269F15ED", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245723, "uuid": "89423322-9074-47e4-8adc-9a8f765a63ba", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245723, "uuid": "032b14b2-acd4-4362-a1f3-1eb7fc5a7d06", "value": "3072:IWhQfgJapgTpcC8p+882Rlvo6o2sVmJNv5IXUQ6mBlyUNcffWvZsJxGPmDaGajek:IWhQfRuyR8Rg5RmlNrbGqegMC6n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245723, "uuid": "d22d7770-c931-4424-94b4-fdf99a991403", "value": 232448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245723, "uuid": "4e83463a-22c3-4078-871f-bddeecfc21f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245723, "uuid": "c6c950b1-7ab5-48cc-8a7a-9862b4fcbb3d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d105fad-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687267610, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267610, "uuid": "5d2fd4ac-1972-464a-824a-f18f99788b81", "comment": "Malware payload", "value": "7c242798e9aa870339219e2a32540ef7", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267610, "uuid": "c013574b-8ea9-4774-9308-8d349076e032", "comment": "Malware payload", "value": "a51e2cfdb56e05d45236fb8a5a5fb14dd3122abd9aea580e7d3b42978940e1b9", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267610, "uuid": "a1410f99-9d8c-4e10-bac9-879474b2cddd", "comment": "Malware payload", "value": "08752c439b7324af1306176031c68b67bb995751", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267610, "uuid": "f26a932d-8b30-48ff-9bdd-8fb6a3a82f9f", "comment": "Malware payload", "value": "f43f7c9c331b8bd7bde141b3d6859a4c21418844c37c32f8bbb3fa1768067804ffe6af977732cec9167e92a7e1aff624", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267610, "uuid": "ccaa8a41-e124-47ee-b0f1-5c851b0f4dd8", "value": "T10B55F513B4828421F41F3B7BA4DBFE1909396E6237E711A77DA4F5DA08718F252B19C2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267610, "uuid": "f98dbc35-4489-463b-8a13-a95d0ca87c03", "value": "24576:mx2VcFriChlH30IlvKKwc44q55ggXotc8cX:q2VcFriChlvrwc44q55ggXotc8c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267610, "uuid": "6411eb8d-be46-478b-b8c3-777e2bdbbf4d", "value": 1389568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267610, "uuid": "dc0cfd9d-34fd-48de-979c-e182b2609982", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267610, "uuid": "5c6ad209-8e2a-4250-bb51-630a0ddc4e5a", "value": "Kaspersky Premium.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8f948f2-0f5a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259362, "uuid": "7d96c26f-d975-4961-8555-d5c79db754b7", "comment": "Malware payload (Mirai)", "value": "4d34297647506a1330e3533d266ff7a9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259362, "uuid": "14deb18f-09fd-4ed2-a74e-1009887c9d22", "comment": "Malware payload (Mirai)", "value": "a51f44c8a5d7b1ab9bfae9ff37b7edc56b20e2d4788da16374033db456c7765a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259362, "uuid": "294dc331-4ae5-4af7-a8ff-5b950f721e98", "comment": "Malware payload (Mirai)", "value": "f9e6f32dfcc3776a86f8a9a221f26d4a01774584", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259362, "uuid": "b7728172-ca05-4ea7-bfc7-7267a38a2153", "comment": "Malware payload (Mirai)", "value": "99ff5565626fdf9acc1ca64cd5bdb69f0b5d1a0c650c45b0311af6c3a7c4a68df5b1fb88af5ce87ddafe084c2969b588", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259362, "uuid": "b4d5a0e7-c958-4832-8e9c-1112f830d211", "value": "T1F4D3C73B27170E23C0C950B101E74332AE75DE9B34B952D7AAA07D686F37A843856BDD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259362, "uuid": "300ff214-69c7-41f4-a1cd-4179bbf695fb", "value": "3072:3v8G4ZNBQTZiNPR6Iwd9g+pNAOhmm/QMurB12CGNb:RrUlkNXmm/QMurB12CGNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259362, "uuid": "11464957-a14a-4f47-b4e3-539dee0a57ff", "value": 130121, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259362, "uuid": "feb140a4-6e86-42e6-8212-53f1c80e3a07", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259362, "uuid": "999545c2-2b72-4bc8-ad7d-48974743e7df", "value": "4d34297647506a1330e3533d266ff7a9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81cbdb82-0f54-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687256612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256612, "uuid": "29aebbe4-021f-4301-964e-140671f0b16c", "comment": "Malware payload (Formbook)", "value": "c871f741e0683b09037427862e30ca43", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256612, "uuid": "290de044-1bb7-4b4d-8319-3dc1bafd6245", "comment": "Malware payload (Formbook)", "value": "a5758f619421e036e8ab2e19a147df17aaaa30efe639d75b057f3e93a922d4fa", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256612, "uuid": "b7f7c615-3e56-4049-ba35-0f5985540750", "comment": "Malware payload (Formbook)", "value": "4216a5787bbe4921e00ebe0930f5cc9e272c2b8b", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256612, "uuid": "b58cb2d8-c32c-4958-9fec-df73b85a05ee", "comment": "Malware payload (Formbook)", "value": "c71347894fa570503ab3ad66f540afa71e3bf3809014f09060cc40dacc39d42d737bb69f2cf4b7ed6a745abfa9345557", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256612, "uuid": "a90639fa-3a6a-4aa3-bf58-03d6d687362b", "value": "T15A4423F3F6A54E30C89138359FE6975102EA34958A4D6C98C36DAE3F20D0B7F904EE05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256612, "uuid": "f52cf05e-2fed-476f-92ba-ccecd8e2c472", "value": "6144:h4+VBiYE1odkbvO/u5Ilkab8ZyrBZbVozjbjA/TIbFCU:hlBinSebW/uilkY8MVZbVgvQsbFCU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256612, "uuid": "3bd4905b-5171-4a2b-9bd5-4efc78de953a", "value": 262640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256612, "uuid": "dab3fa25-5408-475e-bbd1-35a16fdb53b8", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256612, "uuid": "b41bf4ca-278f-4a20-83f9-2bda564bd6e6", "value": "LL-STITCH-20230706.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "844f572e-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687242443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242443, "uuid": "40673a6d-fe87-427e-955c-5cf61977ae53", "comment": "Malware payload (Formbook)", "value": "69946235bed51798bad9804f54ce229a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242443, "uuid": "68f460c6-acdc-460e-afd1-9e5cb9f51fac", "comment": "Malware payload (Formbook)", "value": "a6337679374115464adcacb0797f1eb2ebb1ee08808c74b66d437800eb5c9141", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242443, "uuid": "8d70e514-df15-4dba-8a41-71b526f62bfd", "comment": "Malware payload (Formbook)", "value": "f9a392643897a0a9a2e2b0a704a5ada25da8a1fa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242443, "uuid": "93e00e99-a68c-439f-886d-950452139956", "comment": "Malware payload (Formbook)", "value": "af411cd297a90501e80d2bf81d8bee8c78466325e9c2505097ce281728c4f809404628262799d7792e8aa22d5c0f0b6d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242443, "uuid": "3efc851d-4f38-4b55-b11f-e0ab5a58f41a", "value": "T110F412885EEC260FD9376778D3A5BBB8173AAF847A37D31A2D91B0D35D123014B42366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242443, "uuid": "7f5974cc-4697-464a-aa48-f573327a331b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242443, "uuid": "d507bac5-a8c5-4dd4-b87f-93bffd958b00", "value": "12288:4oEsOQktl0baC/rV8qv9cp/laXb3E/uIvpTMBcitYq7J3At5iHOq+ZQhb:4oEnQkt2aLE9gMXb32RMtYqtm8OqK4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242443, "uuid": "6df82e8e-ec5c-4401-8ec5-bbe5ec60baa9", "value": 789504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242443, "uuid": "b06ff93d-ebe8-4bfb-8f28-a00ac77e8c4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242443, "uuid": "5a927724-0a5f-4a7b-a6e7-e85f4db0174d", "value": "RFQ-1123031240058-pdf-.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "272b8ccd-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1687243575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243575, "uuid": "6bd55b47-eef3-4b45-b23b-8ae93fdb2afe", "comment": "Malware payload (GuLoader)", "value": "70a81d8a8e39dc10c9245907afbd5960", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243575, "uuid": "b84ff912-7f5a-4c9c-b805-dd970e6c5af9", "comment": "Malware payload (GuLoader)", "value": "a656e12c7d6227c6da8236a727fb596d4799e0bd36ddb7f215493bd5bb1d94ca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243575, "uuid": "17efbcb5-6e60-4973-91b7-3de648da602a", "comment": "Malware payload (GuLoader)", "value": "be99b1762e0b9edee0f8543fe4910a2bca904aed", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243575, "uuid": "ad083863-3ccd-4cf0-a13a-8416c7fb71bc", "comment": "Malware payload (GuLoader)", "value": "88f9800f7a60465b60d1110bc423e1ee1e4f2129486799807a5e3bf05e93f7c0def32e1dec08c8627c9c2fa19aa90f4b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243575, "uuid": "ffee3d94-4b10-43cf-8008-b7dc2f7183fe", "value": "T1E0641211B49BC8BBDD1209761C758727677483B92973B78B3F04A66AF9033834C1EB65", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243575, "uuid": "98e1bc00-329b-46b8-a98b-2547a5b2adc0", "value": "7eae418c7423834ffc3d79b4300bd6fb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243575, "uuid": "e79c765f-b307-4861-9fb9-a00a17b82973", "value": "6144:MNDlOw0MTS2L/2fxOlHoXu6NSVqryYJB3gOG0AkapIoZf/g:M50QL/aMHMuFQykB3gOYkaOoZXg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243575, "uuid": "e2b4fc4a-25ca-4971-ba91-38dc55c94bc8", "value": 314624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243575, "uuid": "95688e11-f234-4f8d-b026-4c123f16ca78", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243575, "uuid": "de65b6fb-b64a-4e1f-a301-a7b64b8deb43", "value": "70a81d8a8e39dc10c9245907afbd5960.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c750b6f7-0f43-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RecordBreaker)", "timestamp": 1687249427, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249427, "uuid": "e1216c2a-5d79-4048-9222-15a0e089ce3c", "comment": "Malware payload (RecordBreaker)", "value": "b6f7590b08d254d5e203c0dd1307cfc3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249427, "uuid": "ca2e1f76-f4fd-4791-9096-4f176670ab95", "comment": "Malware payload (RecordBreaker)", "value": "a69eda298867c4f681ba85d6b9e63d4ac5a6865498d10e3ee939cf3533d150d6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249427, "uuid": "2ca34d35-1b60-407c-bffd-88ef2cd436b7", "comment": "Malware payload (RecordBreaker)", "value": "4276690cde09f8dc343b869a206d723f6e095a39", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249427, "uuid": "28c1ac38-d435-4afe-9dea-d4ab5899a6fb", "comment": "Malware payload (RecordBreaker)", "value": "3ddb14c50ce11a42dccc303ab7622c14b604de46d0ffb7ca5869d11bcba6f8b5bc168dc2ee4477af2b15774172f2818f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249427, "uuid": "1a142712-7fb6-4c37-ac2c-1fef244a89bb", "value": "T1D007239538DF90F5DAC01970C2172AC713F39EAA5D81C9683AC1394AE4F1FB2706AD76", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249427, "uuid": "bd0bbfd9-9720-4ee9-900a-3b1f6c945307", "value": "fafeed772601714ec4fde701acf5a08d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249427, "uuid": "637134d7-74a3-43d2-be22-177527c155d6", "value": "196608:CzYb3pRrsY07EQGOcoUnxLVdDCDLU4T5X0UwqIXZsdb56rBPTLprGOXaPVBEf5QR:CzYg/YQGOcfnxLD6T5JwquZKOLpGNPz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249427, "uuid": "45210f6c-3eab-496b-9692-e3ec4772d8ee", "value": 17077248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249427, "uuid": "74ff6569-9c4e-4486-bd7b-3f8c0edb8985", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249427, "uuid": "2d8566c1-2b33-4a94-a584-99c65406e04e", "value": "b6f7590b08d254d5e203c0dd1307cfc3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "868e5af1-0f54-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687256620, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256620, "uuid": "07d13b90-c37a-4930-9a98-00fafbe9cea5", "comment": "Malware payload (Formbook)", "value": "aed115b5a242818468a8c251e71c17e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256620, "uuid": "2cd0c644-957c-46dd-8602-315f36fce154", "comment": "Malware payload (Formbook)", "value": "a72b08c35805f2191b29d691f93f58eb33d1c827c2fb94029f3f5d760a1af950", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256620, "uuid": "85673368-273b-4a70-98b9-2da395d13530", "comment": "Malware payload (Formbook)", "value": "e5ed7622afe58cc6a8d5bb29148e7f0ff90dfe1c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256620, "uuid": "742c7470-6388-41da-9eb7-1936c4f014ab", "comment": "Malware payload (Formbook)", "value": "9b91c9bab7737a15490ed2d0876e683820281679c382f0271296e14ef2a357ffb18e27188b88687ccc8794b3e47d2e88", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256620, "uuid": "335d102b-903f-4930-83c1-bbbab8789127", "value": "T1984413353AB6C43BFCB2073117BE07576B7AA90411B4965F2BD0EB99BD31241EA0E352", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256620, "uuid": "46ce2a92-eca6-4b19-b37c-f341a8101895", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256620, "uuid": "e7c062ca-6f2f-4ed1-ac89-cfdc852ce8bd", "value": "6144:/Ya6xS+3ApXqLbJUzzy1Dhownu2w7iRpLTLlfeQ+bEw6X5a8T:/YDpQwizzy1DhBn87CtwpbJ6X5ak", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256620, "uuid": "e9d75cc7-f203-43c6-8a89-02b3ae6f1e60", "value": 278576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256620, "uuid": "5493c44e-c7ef-4b89-aef9-41bb6e881496", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256620, "uuid": "8854a2af-7076-4a44-bb25-8e9ba0f9d096", "value": "LL-STITCH-20230706.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f16bf6cd-0f58-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687258517, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258517, "uuid": "c8c4ff69-5292-45ee-a4a0-555a35fb0152", "comment": "Malware payload (Mirai)", "value": "474018c8410b55bab287a6a518d7ee85", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258517, "uuid": "4268f5b6-df03-4d34-8c12-4d1a376ba707", "comment": "Malware payload (Mirai)", "value": "a82ed49c8c21868faee4016374a03f71fe42d0a57dceae34b11569ef56e3bbe9", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258517, "uuid": "2246c03e-d204-47a0-b786-220423e1eafd", "comment": "Malware payload (Mirai)", "value": "886e23e982a29358298919cb6455c6c758cc93d7", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258517, "uuid": "a2ec45d4-4e79-420a-9dbc-e167c5abf779", "comment": "Malware payload (Mirai)", "value": "bc148cd3be571b1459d51d08db7df5b13d4f9e6879520dd90af0fdae3ca7c021b1f919788fbcbb8ca6c63ec762cc9075", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258517, "uuid": "13662765-ebf3-4809-8aec-b76a4dbd4cf2", "value": "T14714070BB1D188FFC4974BB42ADFA4619C33FC3A0726A1067385FE592F3DE989949254", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258517, "uuid": "85d298e7-a54f-4dc4-be99-eb761aa501df", "value": "3072:h1grf9tj0KRgoTootyscpTs8HYXiIAbIDbpubcxF2j66xzYSsjwmNeLFoSPLwXRz:CrYHF4woO6WbmNeLFoSPLwXRdfH0eT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258517, "uuid": "9fe94074-c44a-48e7-b27e-aab616336fad", "value": 204182, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258517, "uuid": "c83cdc06-d921-48d1-b7e7-ee6c4a63afcd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258517, "uuid": "11e6c5a1-4049-4018-b619-ffeb39bb4ede", "value": "RYrydry", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47cf97ee-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241482, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241482, "uuid": "99a03d26-2dba-4364-a5e1-1e0b685c2e69", "comment": "Malware payload (RedLineStealer)", "value": "fa42a83203b3da84a39a680385dda5ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241482, "uuid": "766667a1-ea51-4050-9fd0-8b22413e500f", "comment": "Malware payload (RedLineStealer)", "value": "a8e255934640a077ca242c52d0cbfc811255a31c639881f05f949a52f8c86211", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241482, "uuid": "e22be51a-4524-4d7b-af51-cbf49be29edf", "comment": "Malware payload (RedLineStealer)", "value": "28d3ecbb31475408e5a4866cb297f178f56ff58c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241482, "uuid": "9c3e6734-d4fd-4ffd-bb26-feda1f7b0e4b", "comment": "Malware payload (RedLineStealer)", "value": "5f94f9f66dce3ff33b390492b51674f31ae24aedf5be520676875ba0fd247d46f71ce6d80e8ea535d2b3c65f93c1ef57", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241482, "uuid": "cc6f5f14-1c6d-4ea3-9fab-04510cad78cf", "value": "T133544B0FB6C50336E471103D27B02956EDEDBC910D34EDB73A6CC329156ABE2A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241482, "uuid": "73a9be21-29ad-4965-87b5-eae2ff2ddce4", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241482, "uuid": "9126e2af-0cdb-4fb6-b333-3d6cdf983107", "value": "6144:A8nI+oHh32vQ0FKHgKNRBH13TLxNP9T0x+SRM5:dPoHhWQzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241482, "uuid": "94636d5a-3d6f-47ba-a15a-505551a52689", "value": 279041, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241482, "uuid": "8e386372-5ae1-47b5-9c21-255d97716a5d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241482, "uuid": "64afcb00-675c-4592-891c-a8aa844d267a", "value": "fa42a83203b3da84a39a680385dda5ef.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e07c51f6-0f45-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687250328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250328, "uuid": "47571ac5-f5ef-439d-8a61-16869fddaa14", "comment": "Malware payload (RedLineStealer)", "value": "8d6df3a4eee7eec218c6d699ad4cf924", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250328, "uuid": "0a322b14-eca6-40d9-b978-9725f010205c", "comment": "Malware payload (RedLineStealer)", "value": "a96a35bc43655fb56600233225f427f6fa2ecb5058a1ec2184061ca023250a04", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250328, "uuid": "38531f24-d91e-4fc0-b76d-5427013fb3a2", "comment": "Malware payload (RedLineStealer)", "value": "e78f15b6130812a64ea8a5c1562c19b8f5fa6411", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687250328, "uuid": "1e587d7c-de26-4c79-ab93-0a07ca7d1db7", "comment": "Malware payload (RedLineStealer)", "value": "1ffdcc6cc6116c250d055e33360d0c66f3d34e772c6812e503bb6a5a8b61d6f156c3fbe95770a37bdc9e83f1ccbc78f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250328, "uuid": "f63abbb6-f891-4c87-867a-b9aef7bdeaec", "value": "T1A544D40A1F52B538C01DE8745AA87690CF796E263B3743762B62143AAD34EE70DFC5C6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250328, "uuid": "a494f4f9-70fa-4aab-9ede-f9912e640c88", "value": "b88ff38d8a9dd531263365f3574a285e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250328, "uuid": "a42d684f-8802-4408-9264-74287e966e45", "value": "3072:Kt7PTaNms0ZwASfZyoAoHU7MGKPoVfelMih1aJWxKLO1/mYHcChLS:DNmSpXU7MGKoVfelMz6KLOHhL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687250328, "uuid": "4c5782b1-b153-470e-8612-2ac8aee4b3d3", "value": 253440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687250328, "uuid": "510ef940-6e82-4b69-8e48-8b44282f6235", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687250328, "uuid": "9d968f82-faca-49c6-871a-65c52de1b7da", "value": "f8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a415b712-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687242067, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242067, "uuid": "23e99603-738f-4f69-b1c7-ad5c7660588a", "comment": "Malware payload (RedLineStealer)", "value": "31e6abe2984db478b52ee30b7c944978", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242067, "uuid": "b5eaa749-6ef6-4220-a85c-139c8c549226", "comment": "Malware payload (RedLineStealer)", "value": "a9a19fbfbdcee1fb98941638d60b3a09236d799417302e3dd252516284bef175", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242067, "uuid": "2d01fb2b-982e-4125-ac77-258907e35f98", "comment": "Malware payload (RedLineStealer)", "value": "40ad28a7592bb8fcba6597787faa9f2afe7911ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242067, "uuid": "05d5093f-ddfe-4faa-88b8-bbe05818253e", "comment": "Malware payload (RedLineStealer)", "value": "bbf0a66f89931ec5d3cf8bc03c5e57a4a99b6dfa2f408df84027616b23a7791d29492b2861b7798ac3253f86f69eb17a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242067, "uuid": "e3b00956-c079-4182-ac84-9f298e16f13c", "value": "T147F41251F0C07279DD320A31AC697953BDACF9B48E248DAB3F50332E4A269E0F5B552D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242067, "uuid": "43cf8677-5db3-4bc7-b455-ece20f04befc", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242067, "uuid": "59794dbf-78ec-47de-aa3f-f168511d9fd4", "value": "12288:dqyZR3v7fWlu+T/FphAyNeaHYoFsFFsgtCD477ouRDqNGpSyK1Qss7:ZRf7fIuOHAykaPF0t97JqE8L/s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242067, "uuid": "c4489639-c9d4-45b3-a711-308d0e88b8da", "value": 760832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242067, "uuid": "d9f805c4-a513-407f-8ad9-3b696645564d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242067, "uuid": "289578d2-a4e1-445a-a820-200ebdda2cc6", "value": "31e6abe2984db478b52ee30b7c944978.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16999caf-0f8d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (PrivateLoader)", "timestamp": 1687280913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280913, "uuid": "3b2ca104-3e3a-4625-ae17-6d1a09030d30", "comment": "Malware payload (PrivateLoader)", "value": "855a6e321e018cee3df3f120c9bc677f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280913, "uuid": "8242716d-171f-421e-b301-c83f73726dc4", "comment": "Malware payload (PrivateLoader)", "value": "a9df5699a9f130fc855f2976ca8b602816a2809a790f8759bb077cb194fc3f78", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280913, "uuid": "e4b8ba5e-4b96-40cd-b8ef-790ffb6ce21e", "comment": "Malware payload (PrivateLoader)", "value": "bcad38b1c50fdddbcbbb8ba7b8b718fb2b01ef28", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687280913, "uuid": "e61850ff-ba9e-478f-85cd-6a2377a24a84", "comment": "Malware payload (PrivateLoader)", "value": "407c1f76acf21fd58bdb0c012101546d371800b687ddadc29d709397b2a1fba0c7e320550bec67f34da8c115ec18539a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280913, "uuid": "0c04bbc7-041c-4bcc-973e-0abf9f9e095a", "value": "T14625CF10F3019072ED621430299FAB765A7D78300276EDABDFD009698D76BC1F265BAF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280913, "uuid": "0192fd44-d440-4db6-ba4b-87ddc99dd2a3", "value": "4480d061c3a4bfd23c4bdc107636fc65", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280913, "uuid": "6801baef-0779-40a0-bfbd-aa117fc7e52c", "value": "24576:s6g2/Dt6D1vB6qzkhgOMdFtzHqfl8O2anVH3qPi5UThvKtzd:sa/Dt6xvBpws7gX5UTktzd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687280913, "uuid": "6025ee78-e210-44c1-9f8f-d76cc4d21697", "value": 1054720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687280913, "uuid": "deb8b891-839d-410a-8db1-12d4a00000f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687280913, "uuid": "3bdaf6ba-ac39-404e-a3d6-b0f17c22fff9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3afa9e0-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241771, "uuid": "1506da0f-34dd-4c55-bbed-08511f936360", "comment": "Malware payload (RedLineStealer)", "value": "1f93c9a0addbbd24866efe321c209d8d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241771, "uuid": "0ece1daf-e2a9-4ea0-8d11-e08954fcadd5", "comment": "Malware payload (RedLineStealer)", "value": "aa6ba83e55d2583188aa4c243e6920b29236ea6497c94c387931cc35ecac5f4f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241771, "uuid": "665a779c-d3ca-452b-a98e-8d0c2503d6c6", "comment": "Malware payload (RedLineStealer)", "value": "40161b3b5a42b9e7ba21fb4a058a8519bae034f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241771, "uuid": "d6481f5a-2f7a-4e36-877f-733bfcfc8801", "comment": "Malware payload (RedLineStealer)", "value": "c3d22544f04f81b79d22260e43d6c39855196944c00afb7e2e0e6a078f2027dfbfbfbcbec6cd4756970b8889c9971602", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241771, "uuid": "294bd1d4-cf1d-4b10-84f3-c2bb38dc77a9", "value": "T10D051207EAD48127D4B12BB048F512D71B377DA29DB4836B6B466C8A5C722D0B930F7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241771, "uuid": "7d61b93d-ccaa-4674-bf8f-173f3b5a35f6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241771, "uuid": "94cc2794-71a5-47b6-8e0a-4a1f6cddedf5", "value": "12288:gMrWy90c16TtX2BKssElankJaNV9t0f9KBSheedGjrzSjRD0VQEgntW3dIxzAFO2:my9wX2BNsFkaFq9KBSbeSbxI30zAFO2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241771, "uuid": "2f6c3de0-3d97-4e17-ab54-90f7c70d7fab", "value": 824832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241771, "uuid": "66914501-ac81-4527-be64-ed18efdab0e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241771, "uuid": "b9594e26-2b66-4cdf-9cef-6a8de5931308", "value": "1f93c9a0addbbd24866efe321c209d8d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f21d39db-0f57-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687258089, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258089, "uuid": "63ceadcc-6b0b-4f6c-8e5d-546d2fecdd11", "comment": "Malware payload (Gafgyt)", "value": "3a4394d69efd1978660e3d177bc480c2", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258089, "uuid": "7e34f027-5bd5-4fb0-aeb1-ac8b757b0f35", "comment": "Malware payload (Gafgyt)", "value": "aae5c2b5f5d9dc42002faff299671b3806bc4645f21c5a883dfd0a5ae010d430", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258089, "uuid": "e4730560-88bf-4128-b9b3-856094a1f4ea", "comment": "Malware payload (Gafgyt)", "value": "cc8dd2121c1735021393705647442cc15054b22a", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258089, "uuid": "b77a49c9-b959-48b1-8f39-e8107b36f301", "comment": "Malware payload (Gafgyt)", "value": "91cb90eeaa986c6294edf6a694a843c7d9bec514dd9894e5ee36f48a61c8e229416ca677f8d1996a82ab28b76d2ad370", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258089, "uuid": "a2b92afb-0d75-478e-9745-d59b870d8e9a", "value": "T15A04180798761FA3D54A6BB92DB795A0035BEE510F4F0E8BA269F5F4422BCCCF409724", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258089, "uuid": "5bc6d999-5221-4f43-86cd-de29dfd16b2c", "value": "3072:G63kt+uHXz6sdJ3HWWQbaBUFn38TmWWqY1/fpZQP/OH+eX:G60tFHj7f2W4aBq3WmWWqY1/fpZQP/Ob", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258089, "uuid": "c9da696c-b22b-4057-b388-f245659076bf", "value": 180037, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258089, "uuid": "a4bd07b1-4ac6-4cc0-b7c3-d3289c7c1e89", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258089, "uuid": "161cf028-c2b1-4d86-8d90-4b8cbc766226", "value": "jhUOH", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb595679-0f8d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687281217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281217, "uuid": "13811193-afbc-41c8-9d51-0a4125fc14b2", "comment": "Malware payload", "value": "6679a7d280f6a067a8c04f6fbaf1d253", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281217, "uuid": "f428c1ba-a1bd-4fca-ab7c-09f1c49b82f3", "comment": "Malware payload", "value": "abbb0da27ee094eafe8b4f26a48cc2622c5197a7dd6b12115be83ce655688e88", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281217, "uuid": "2700ea32-f4aa-4626-a6e1-9c5b50123683", "comment": "Malware payload", "value": "c046c4ce4b7f9801dfb609a100af1c270960af79", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281217, "uuid": "84ff9791-7340-464f-adca-8364071008fd", "comment": "Malware payload", "value": "cb20c5c861d2e5f918742270d6f752df31bf80328c4ba6e5ef6e2ea9d4b67de843f2148aaf1fa36d709ac0e26aee8738", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281217, "uuid": "b6b0f97b-f0a8-4c46-87a6-2447a4597857", "value": "T1D7A446C257E95C81202BE3323696BA80F138EC697188D9D8F21C3B74FF6A550B5B6D71", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281217, "uuid": "cc88e72f-bdeb-4cb5-bba5-835d991b10c4", "value": "12288:7zr2t0uoE1y4V/gOAdwAdxbzJH84mkGFgSVXlJBa4bISo0sSwwOKXk7mF4OP/Weh:HTIAdwAdxdm7FHBJbIS32gmVeoX2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687281217, "uuid": "bcddb5ff-5742-48e4-bb76-33fe5abd1d19", "value": 475997, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687281217, "uuid": "8be5d344-2d41-4a22-871d-05827cfd5f0f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281217, "uuid": "7f2c5355-428e-4637-b36c-4d4641720097", "value": "1N27ZFqW0quhb8.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d95027a5-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240867, "uuid": "0a482209-f97b-4c0a-ac76-b848b14f4a02", "comment": "Malware payload (Amadey)", "value": "6f6859136037c1fe8dc2a99e146adfd6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240867, "uuid": "03eb1f65-6beb-4ca6-bcae-78fa9b4619d3", "comment": "Malware payload (Amadey)", "value": "abe0236898b49da34b64f190b51e95f8609259a15fef22dfbcc799c836b21e7b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240867, "uuid": "b8ab8981-f3eb-48d3-92f7-2888ce699958", "comment": "Malware payload (Amadey)", "value": "fe9f8c214393525d3018221ae5e9a6a5885454ba", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240867, "uuid": "4d49f4d6-86bc-4cf7-9086-c04a5bf52ea5", "comment": "Malware payload (Amadey)", "value": "b30b5131dc35de56e1f67024e4365470796c5bc6c8f1968f34386af464c89978cc0d0a398a24cf16acad09242a256c2d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240867, "uuid": "7b8ca63b-35cb-4dac-ad70-464aca1c656b", "value": "T1FAF412A1B4D8B124D9710530ACAAB893BDACF8A48E70DC6F3E54331D8B755D0B9F452E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240867, "uuid": "80bd7934-b692-4a88-b88d-bb2ec539488a", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240867, "uuid": "77297ab3-ff48-4a0a-b3a7-b0c40a07570d", "value": "12288:Vu06RPv7fWlu+T/+bQQwRD+UMSOSSTA6H3K8KWK5L6r8Ux/ozN2Iu3:0R37fIupeSpSXmQWKdm824Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240867, "uuid": "b0e632a9-47de-4166-b3b7-3b136610b3ab", "value": 761856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240867, "uuid": "f7050ccd-8a22-496d-bf11-3e3243e39f62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240867, "uuid": "874e2e42-e57d-4ba9-ba3b-878b3eb34beb", "value": "6f6859136037c1fe8dc2a99e146adfd6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a94d4698-0f54-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687256678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256678, "uuid": "e0360a43-edf6-4f7b-a15c-6a350397d0e4", "comment": "Malware payload (Mirai)", "value": "708a17f24e5009a54706df1cbfb3e545", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256678, "uuid": "4553e3dc-fe79-4f37-923e-f2c382095a8c", "comment": "Malware payload (Mirai)", "value": "ac4750995b6159238f8b61ea31a5de45c2414cc37d46b360ac3746ec7188bfe5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256678, "uuid": "cfcdd6b5-8286-42ad-bf28-52cdcd94bd28", "comment": "Malware payload (Mirai)", "value": "34a379bfeb0e5b462edb83b619770ccd4da74af0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256678, "uuid": "fbc6a865-da88-4cce-be0d-2a125fceb050", "comment": "Malware payload (Mirai)", "value": "ccc41f6212498ecd9f96ddfb5b6279e88115b3d07a3ef2361b9a7ccd27ac18fc6d23b601ed86f57929cf4afee06f682c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256678, "uuid": "83cbf769-4529-4ad9-b436-4e81d6a89391", "value": "T197042A46EB408B13C0D627BAFADF425533239B5497EB33069528AFB43F8679A4F23505", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256678, "uuid": "0dafb319-b7fa-49b8-ace4-ae846d30a103", "value": "3072:8RvyICxfSQhiSKaDd4k9WpVpegjqSUPwUFLogM/RlPT3cS:8R8fSkTKaDd4k9WHNPUP/SgM/Rt3v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256678, "uuid": "1a7cb800-f9af-4c7b-9e63-34fbf49ee8d7", "value": 185253, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256678, "uuid": "5b813ad7-65f0-4b63-99d4-00bf7712919c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256678, "uuid": "edd43eb0-5545-47b4-92b4-56c4773ac891", "value": "708a17f24e5009a54706df1cbfb3e545", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85caf38a-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687242445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242445, "uuid": "e924d91b-7543-4ec8-ab79-2fef7a8e75e0", "comment": "Malware payload", "value": "ab7909ed63acb7ba508f197aaf9c7806", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242445, "uuid": "cccbfbd3-b1a8-4b0f-ac39-6054fde6a42f", "comment": "Malware payload", "value": "accae6bf198321bf0d088752de9af5d7c5ccdfd9bfe75b1fb0de7de62accb693", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242445, "uuid": "60cf92df-61bb-4b0d-98f6-477aa6b0d5a5", "comment": "Malware payload", "value": "251e73c5275f8958975dd7da73813dadc553d27d", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242445, "uuid": "253f34c2-fa5c-4b78-9095-f12b6e6e428b", "comment": "Malware payload", "value": "3c89402a4f36c4278d6812df0feafb8b46fea54ac869d985383f7badafcda49af5aeb058e5444658020dda9ab6ec8b24", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242445, "uuid": "3661dd11-687d-41fb-8d65-c72df3ab631f", "value": "T18604127056420647E9FE19B4961E9AC0F141D251FA4A739027BEF2E2B3D6DBF47F0106", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242445, "uuid": "766b5de0-9c5d-4e50-ac21-d864000a39e7", "value": "3072:ZJ6Df0ZFivqx4ja1/WFKW6vh5KabwkiXEswvH2QMHSu1zgLI0HWf2pTyz8elCXT3:HWf0Ovqx4jm+KW6vvKUiXV2HxGS8gLIG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242445, "uuid": "f437f5d1-d1d6-4e7c-9755-3a8f8e1b7bb9", "value": 179327, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242445, "uuid": "2ca58f0d-1494-4217-8c94-1347b3e81a87", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242445, "uuid": "7b616ac2-e572-4005-bbd7-b18eca8a711e", "value": "Suntrust Bank MT103847594826200623.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f28a4a79-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241769, "uuid": "36db3378-39d2-4bd6-b26f-4131065a683a", "comment": "Malware payload (Amadey)", "value": "8c8963756d9f737ce64e08925ef8f790", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241769, "uuid": "36c858a6-aca4-4349-8e58-22e5e8e3d4da", "comment": "Malware payload (Amadey)", "value": "acff677c0a850ac3658544ae2f2357b2818cd0dfcaef96db5605d6ec1147aa47", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241769, "uuid": "308cb428-c59f-47f3-8d6d-882a2f3371f7", "comment": "Malware payload (Amadey)", "value": "b73138b173eef73bbbd741848bc3a7eb06ca4c92", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241769, "uuid": "5992943e-5731-4be1-9a91-dc24a46664dc", "comment": "Malware payload (Amadey)", "value": "1a858242ab051f7fcfe488460cb0e1814092684cc03dd19f81f37ef60c6016137dc143400cbbeaeeeb035c588854cb44", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241769, "uuid": "278b8401-1db7-4bf3-b2be-e5be39c3ff32", "value": "T128F41250B4C8B230DA714532ACB2BA92BDBCF5A04E21DC9F7E94331D9AB25D0B5F452D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241769, "uuid": "161ce2c4-ff65-4bb1-9584-dde5d7faf541", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241769, "uuid": "72061c86-adab-4725-ba02-049aad71755e", "value": "12288:zn/WRWv7fWlu+T/CmxbUrBshIp0vIqt1wkdrYHURcPuDFiOVN2vDodVMntNLX9:iRO7fIuqU3mLjDuDuDfXI8duntNLX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241769, "uuid": "f55cad3f-f478-412f-83b8-5b8c1f1fb7ff", "value": 761856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241769, "uuid": "e0bb3683-5d7d-4623-9828-6396491e2c6e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241769, "uuid": "a2754629-67a9-4677-8f5d-50b06844a209", "value": "8c8963756d9f737ce64e08925ef8f790.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2b548af-0f90-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687282571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282571, "uuid": "f62eff0c-4b30-434e-96a4-2a7f844d9dee", "comment": "Malware payload", "value": "f6a166584db4034de3f360e8d25f2d91", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282571, "uuid": "ac5ca721-a49e-45b6-bcfa-b53ca6d0096d", "comment": "Malware payload", "value": "adf41b357af9e403b21c56e144c7236948d23569bf73ca9e07a0a9787cd49e91", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282571, "uuid": "d73334d2-0198-43a8-9944-bfb25207c1fb", "comment": "Malware payload", "value": "3219c4680ad0c048ae0634090ce6dffe1538757d", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282571, "uuid": "73763f38-37fb-40a1-99fe-c32f641bce6b", "comment": "Malware payload", "value": "c8388ad1b1651570d34a60b6e41ce81e4c6a6acff2e4d20ee06f3e2068ed055ddd296eca83f52a1c6d3321788ec31163", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282571, "uuid": "3fadeab6-4a09-4458-9165-56d7206a6046", "value": "T135C423A9AF0CC30BD8D1433EB6456240CDF916ECE8DA9DEB9285B427C4975A1C2F3671", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282571, "uuid": "7e2255e9-bb59-4b4b-b06b-611de7bf6706", "value": "12288:+GzuFd10vkcYJ8KugL/2UxtfcU8KOhQubKEsLg1nG:+cw108cYJ849tUEOhQ1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687282571, "uuid": "d8e33e5a-510c-422b-b80a-12c3dd0aa008", "value": 551587, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687282571, "uuid": "73797d5b-8c81-4513-aa06-8f20d778a5c9", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282571, "uuid": "20eb4137-b65a-438f-ba01-215bb085ee4b", "value": "f6a166584db4034de3f360e8d25f2d91", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e52b24e-0f6f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1687268095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268095, "uuid": "35f7d019-411f-4dd2-8f74-d6c6b3fb3f68", "comment": "Malware payload (RaccoonStealer)", "value": "fdb18459d993ad95b598f222aeba6f7b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268095, "uuid": "4eed2e04-45a8-43f6-97f9-dca01ebb21a9", "comment": "Malware payload (RaccoonStealer)", "value": "af47b1136033d52fcc7fa107398cec8b491f71fcd71f2b9db0df6ffe0cd9e012", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268095, "uuid": "17e1caf0-b61c-46b2-93d2-d18482a3f9a9", "comment": "Malware payload (RaccoonStealer)", "value": "64dd6b329baac8ee921a1f7d49f842a4e1b8e48d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268095, "uuid": "3a083d60-8bd5-4d04-b78e-b5b892fee404", "comment": "Malware payload (RaccoonStealer)", "value": "ba1ba863eec8185a740f39ed8d9841a190848876de04bde8b9b998394d3f282bbd5706071fff46d4d90aa5666cbb7fd5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268095, "uuid": "14fac4bf-eee7-4711-a15c-974faa2052a3", "value": "T152562367639A0591F4C0CD31C927BED931B247AFCF92BCB9B8C72DC524129E5E122993", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268095, "uuid": "346c2442-c313-4054-aa24-48f3d1bc57ca", "value": "895e5e6e037e9108574fb94ed614d804", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268095, "uuid": "36cc4667-3a4a-4bd8-a377-8137df3744e7", "value": "196608:pkXHYGVcODSINzA4NvBt42WdsJuvTM794:CX4GyODSDsBtM6JuvoR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268095, "uuid": "f58d067a-fd20-4cf2-be6c-cebb793c067a", "value": 6413312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268095, "uuid": "f692c763-ae6c-4cf8-9455-f35f7dd0540f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268095, "uuid": "f7cef408-67cb-48b2-adff-837659daaf50", "value": "fdb18459d993ad95b598f222aeba6f7b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9010142c-0f44-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687249764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249764, "uuid": "8e47d8f7-48de-4b0a-a654-f8d42e494155", "comment": "Malware payload (AgentTesla)", "value": "415f817259b4473f6691592f28b608eb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249764, "uuid": "b3743387-d79f-4b73-af7b-8a6a87837ae7", "comment": "Malware payload (AgentTesla)", "value": "af87ecc512fe3271689f7674ab31070633ac5a85b3a5b2ac585068f3127b77c7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249764, "uuid": "359f2a33-114b-4a18-8880-62839b179574", "comment": "Malware payload (AgentTesla)", "value": "5fea503cce43aa5ec6dba4f87ee15106c8dec30c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249764, "uuid": "78da6a33-ec4b-4438-9fbc-b795167e1eb5", "comment": "Malware payload (AgentTesla)", "value": "f68a86a2ffb97f3229f6d4c6cad08448ad69de731b3836d22249d51e7fbb111885f71025be05411cf4cc314307f878c1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249764, "uuid": "40570096-9dc4-4698-9536-f4ff94c01c48", "value": "T12305F11123A84F57E13E87FC1460277093B956AA701BE74ACEC3B4DF2EA5FC20659A47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249764, "uuid": "eaf56592-e95c-4c86-a8fd-6d65baffa01f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249764, "uuid": "163a339b-a51e-4cde-bdc8-f83cc31a0f07", "value": "12288:e2qlAQBoPM7q6bpw4dcZda/igAti1VAGFaYVA4fSAvdcOXps9cXfhlyDgMpjiHA:8B7zu4CZdOlrhFVVAySAqOXYcXfOng", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249764, "uuid": "396dae91-2fe6-45f7-9629-f4daa967e6cc", "value": 852480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249764, "uuid": "2715a220-57ca-46d7-abb5-db84976bf6e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249764, "uuid": "a29e4a69-e706-4b12-a46c-fe595ff7976e", "value": "QUOTE TKHA-A88160011B.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "503e8689-0f4d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1687253522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253522, "uuid": "554942f8-e16e-4691-8606-9a461809ee1c", "comment": "Malware payload (Smoke Loader)", "value": "63b1cbf876981da8cb5477a773e75c98", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253522, "uuid": "a0a62841-e607-48a1-b19e-5df3483a3a50", "comment": "Malware payload (Smoke Loader)", "value": "b010a749d181fa2a1ad4bf78d84043a1fa334900029b86947a11990a6cb1db3e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253522, "uuid": "907f4ce0-a013-474e-bd90-f59e7b531314", "comment": "Malware payload (Smoke Loader)", "value": "f3ae890337b5f8db7404bd498c94b53e7d19884a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253522, "uuid": "d3023dce-ba8d-4947-849a-70f404b9c6d0", "comment": "Malware payload (Smoke Loader)", "value": "57c6b1a7c5ff389788ac45fa242df2a25e3b32688fd1c73a8984be908751d0b54bb02b852398b234812f8d86976eb13e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253522, "uuid": "1ae3f944-a6c4-42ab-9af2-27f489282db3", "value": "T14964858382E13D94F9278B73AE1FD6E8764DF6608F497B692218DA1F04B11B6C1B3750", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253522, "uuid": "eb177819-c432-47e6-ab6a-48f9bba98130", "value": "b1a5bdbc77a4868d9509a53571fbe8fe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253522, "uuid": "54b8b456-c4d8-4fcd-b120-db3c4a34ce10", "value": "3072:nDzdpY8ZLDD/TuXSzzHuYCoIfaWgxAdIbg6hzamRLcLZ+t:DBC8BDD70Czbv9xl4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253522, "uuid": "24a52a69-76dc-403e-906d-c3adb07a70dd", "value": 306688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253522, "uuid": "7f20adf7-1df3-44af-b2b6-4dd955eba79a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253522, "uuid": "cf935aa7-011b-49a6-a4db-3f858d4750f6", "value": "63b1cbf876981da8cb5477a773e75c98", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e105ddb-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (LaplasClipper)", "timestamp": 1687241171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241171, "uuid": "e314466e-b3ac-47b5-a7bb-95369ab9f041", "comment": "Malware payload (LaplasClipper)", "value": "41324a44f3c3b6a06b7acb27c24cb8be", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241171, "uuid": "736237df-45f2-4d78-aa53-e4c4e9876d6b", "comment": "Malware payload (LaplasClipper)", "value": "b02a04e65ae9453f1c3bc5fcfd47686be2fb8b8f978c3ec29a0c6749106ed4f7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241171, "uuid": "61ffa578-41d8-4b30-a650-a1c3ba8c0c34", "comment": "Malware payload (LaplasClipper)", "value": "f006637ba0718ecf52b1bff5dbb8292dba7f3809", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241171, "uuid": "e684dcc8-ae86-40d8-8630-ddb9ab6339be", "comment": "Malware payload (LaplasClipper)", "value": "190a49d03e56df7d004e1b8f2d0a5e66884f77dccd817b1a11f7d804f4a1f8f84ce846e49b6b9513fae9b12d03d94830", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241171, "uuid": "7e6733b4-a424-47fc-a036-ed8ccfbade2c", "value": "T1A3058C1125D1923AFC670C765E57FF27A62965320B0204EBF7D32B2A5F20CD06639E5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241171, "uuid": "dcfaa895-5912-4c3e-99d7-270b46ec52b7", "value": "d3bef53bd3b1af06f068902986513bdf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241171, "uuid": "7ab17481-049c-471b-9e07-2c835aa82c07", "value": "12288:AVkLJo17O5rRfZZExSnCTWM/VFtwIHx7xcUAH5b1wOe1H47l+6cw9t:AYJo17WrRfZZEKC/VFBR5Oe1H406Zj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241171, "uuid": "b923e505-15c4-4e01-99bf-b907cf024048", "value": 869224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241171, "uuid": "42fc2c23-2768-4b75-b716-61f715d62e78", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241171, "uuid": "d1094a7c-ed93-47de-992f-ac632e22f3c7", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b00bf0cc-0f39-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687245093, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245093, "uuid": "443c285a-5443-42ea-b2c2-c7474b1807a2", "comment": "Malware payload (AgentTesla)", "value": "a048d50c92a80b789d2f68ff061376e1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245093, "uuid": "29592eba-9b3c-4e55-a365-c50be0f5d687", "comment": "Malware payload (AgentTesla)", "value": "b052a8dff8f7cd814a235ebf8db0876c61e20ac035347fa7ab7b090159e20833", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245093, "uuid": "47fb3eae-36f6-4f6a-bd12-deafca806ce0", "comment": "Malware payload (AgentTesla)", "value": "57898ac3291a52bc2cbb8470b7bc3a8957f1f3e6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245093, "uuid": "204ca69b-0721-472a-b2ec-b8391b9dc394", "comment": "Malware payload (AgentTesla)", "value": "ceb13e27fa3e13a1ae8f2fdd52524440f88b37ae4582f1abf2778a836a55071fc895d26aa8350fa8c1c172558d06f0d8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245093, "uuid": "8647e2fe-d29f-4255-96fd-fa7d4fa30183", "value": "T1AA641274B6A0D0DFE1A357314DBE2BB2AE74CA5168B0330B1F6597187A25251DB0E3A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245093, "uuid": "62f08362-d560-4e93-a0ab-b317e59d2e34", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245093, "uuid": "10cb6d35-cf32-4d4e-a60e-f80e6f59de2d", "value": "6144:/Ya6BjGfMY5bi8Sm172Ho+PymNa+MAuBB/YmS57N/DkGBLis7JvwPJx9bRb:/YLiJ+V5H9hfuzbSddD7z9wPlZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245093, "uuid": "5aba05f7-76ed-406c-a57b-318c20b6010a", "value": 309520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245093, "uuid": "c953d450-8701-4a38-8547-c069f826e7c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245093, "uuid": "d6e694b5-8cbe-4dd3-9519-8e4d7169372f", "value": "a048d50c92a80b789d2f68ff061376e1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9cf3469f-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687242484, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242484, "uuid": "79df715a-5f88-4e8c-ae40-ee2ff16f0f75", "comment": "Malware payload (Mirai)", "value": "90898bba8d6690505f84b4c4b790276d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242484, "uuid": "d58e6181-92bd-4ddc-82f5-f4af7fddf3fc", "comment": "Malware payload (Mirai)", "value": "b07693363564aba6d04b2e37b487e1cc69a8c03a3da1f100f4eb92219fae158d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242484, "uuid": "08d723c6-1038-4e4d-a2cd-b6780c900a85", "comment": "Malware payload (Mirai)", "value": "e324da79e6dd2817251d40f5997f6b6d6fa49c5a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242484, "uuid": "5b0a50a7-589e-42e1-b109-ea2673a945c5", "comment": "Malware payload (Mirai)", "value": "12dd4c7dcbd04297f8c5fb3c8931de5f9ea7f8b8edc769d76f006dda20cf9a6d56831959e2e89ebdb5821f9a72295c45", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242484, "uuid": "0ad90c83-bda8-44df-9987-8519632e2f1a", "value": "T1F543F11DA1243CD8EFB521B7D3115185348A26B4BBE9B4B3462061917CD6CDF2BF0F69", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242484, "uuid": "d92c9820-b6fa-4c54-868b-521831fc593e", "value": "1536:mnO7KdMnWTvJRe17qvengLZXkA3pQ71Yiv++Hl:wO7YMWTxReYGgLZXv3m7pvTl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242484, "uuid": "9f34949b-30e0-4e9b-a9e7-b14f6be915e7", "value": 56668, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242484, "uuid": "d466c9bb-c976-4a51-855d-53f5a31a5a6e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242484, "uuid": "531bfcdc-04a6-4767-a21c-918e84afa717", "value": "90898bba8d6690505f84b4c4b790276d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb5b8566-0f6a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687266184, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266184, "uuid": "29dfcc75-3b84-4b79-88a8-62700076f453", "comment": "Malware payload (AgentTesla)", "value": "5c926d701bb34c38621f82ba55de205d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266184, "uuid": "3c3371b6-33b9-4f4d-bc6e-4f21472cd3bc", "comment": "Malware payload (AgentTesla)", "value": "b0a78ba8c4a1474b13aadee5c26f4c37b46ba223330f3feb20cec20f43b601ba", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266184, "uuid": "1985c32c-5ea2-4a43-a268-f883255cea73", "comment": "Malware payload (AgentTesla)", "value": "5420e761531308658dd018b3f9287bbe9cc944f2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687266184, "uuid": "8053afa0-3cfb-4aae-b2c2-2f2d09ca9517", "comment": "Malware payload (AgentTesla)", "value": "c031923ea704fe43ebf393bd8b46b8fed881f80ff308e5cb854c294569e440a14b2effaceb39950c0ec571e37d656f68", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266184, "uuid": "2ab53da3-5623-4d1b-950a-3cddf2f5b748", "value": "T18F64129C93A9D953D5018AF1697F5FB60FB6C1160AEE4B0B3782269BFC17312C856323", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266184, "uuid": "a948f967-b554-4f1e-9ecb-1878a880eb3a", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266184, "uuid": "8cc38dda-67f0-4ad1-9880-4b3796d911c1", "value": "6144:/Ya6t7xdS2SNh4ShqcDHDAwx2BBZAQbgcRq5015LubBz3kBnynj1x89:/YX7zSNZhHDHDAFBBLIOLubdkBynj89", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687266184, "uuid": "2b23b651-48ea-4477-b014-178f08c44bb0", "value": 308405, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687266184, "uuid": "919f8cd2-871b-4ddd-bd2d-b26d4f4b6296", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687266184, "uuid": "6395fb57-1e58-4e11-bbc3-620630e2ec48", "value": "grace.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8dace1cc-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241170, "uuid": "5df8af09-3780-4534-98ca-d1222cb91520", "comment": "Malware payload (RedLineStealer)", "value": "900eb2a494798056d98fac009677bda6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241170, "uuid": "1f1d8487-e32e-4f0c-893e-df20b5fafb2d", "comment": "Malware payload (RedLineStealer)", "value": "b12b32bf3987407b920cbe3b2460f9b3af0fc38e5526c7daaa42c1cd62ec03b7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241170, "uuid": "62d8bc80-01e3-49e4-bfc4-ad0cdcecb2cb", "comment": "Malware payload (RedLineStealer)", "value": "68abac988e3a45dc01ae26913decb2845121fd40", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241170, "uuid": "fa3c14d2-3fed-4364-a2c0-ede7d43f1923", "comment": "Malware payload (RedLineStealer)", "value": "6f7ee069fb6480617255c3f74cc63c539bbdd7ad5195dc566ecfdd6a325e7cf2aa3cfa589b51bd3619d3d3e8721130a9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241170, "uuid": "bc054a92-d0a1-49e7-9f11-e04ff7f19883", "value": "T1BA543B0FB5C50336E471103D27B02956ECEDAC910D34EDB77A6CC329256ABE3A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241170, "uuid": "6b2cf994-995a-405b-b70c-9c441784a0be", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241170, "uuid": "a9524a7c-da28-41a3-8d76-ca4b0688cd40", "value": "6144:+sCnU2/d22Q0FKHgKNRBH13TLxNP9T0x+SRMm:52/pQzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241170, "uuid": "74090a79-2ea7-428d-9fa7-b9b160c4e8ed", "value": 279553, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241170, "uuid": "c136ea66-db08-4fde-8f32-ba3597e0c85e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241170, "uuid": "717a0ba8-697d-4834-a8f7-990254897318", "value": "900eb2a494798056d98fac009677bda6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a259d2f3-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687242493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242493, "uuid": "028852aa-bcdf-4380-9ceb-7877551e3bd9", "comment": "Malware payload (Amadey)", "value": "8b3e6a624c9434ec128f5def7fc1d567", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242493, "uuid": "cf547b56-b0ed-4479-ba53-edc828578e8c", "comment": "Malware payload (Amadey)", "value": "b1c5195bf0afc806ad229158bd799eaa722724c7439900fce201829f848af809", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242493, "uuid": "39742731-aaae-42ed-8632-5ab579679457", "comment": "Malware payload (Amadey)", "value": "4d565f1e3a49946fdcbe29b106824da51ba140b3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242493, "uuid": "aad8ee04-5d26-4488-8354-7d1d9bba3327", "comment": "Malware payload (Amadey)", "value": "8cc4ab372c6f2f3d87324cf167ea118832a819864c5dc5621950df6b2c285d653707b4016ee272ac07ef7545e9ac0e76", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242493, "uuid": "0a72fd66-5262-4e80-9901-e875ae97cc29", "value": "T1135493C386E13D94E9278B73AE1FC6E8764DF2508F4A7B691119DA2F04B51B6C1B3B10", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242493, "uuid": "8ecedfea-0a67-4350-8f83-b957f0aea5db", "value": "2678d64d9aab251c39f4a926feb15079", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242493, "uuid": "63adf482-eff7-4027-a5c3-d0871dac863a", "value": "3072:HnzQpWpTpFVHxvLwSYJNN0cUbl6ZOV7wPYyO64PRLCLwd4tqU:HEopTpfy9uh5V741OrKkl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242493, "uuid": "ad1cb77d-9127-485c-ac48-617146d16afb", "value": 306176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242493, "uuid": "7793a6e7-4be1-4319-927d-9e912afcaffd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242493, "uuid": "d3d88504-090f-4e65-ade9-4b4d13b9d85c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebfc19c5-0f4d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687253784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253784, "uuid": "b212678e-189a-4fc7-b1f3-cef3d38bd9f8", "comment": "Malware payload (Gafgyt)", "value": "fe0d497afbe476a727f62dfa348b6090", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253784, "uuid": "e016143f-4ba5-417f-9331-17357d5a1a24", "comment": "Malware payload (Gafgyt)", "value": "b1ffa7db177ab5c22c21c163899e4da75176ea61bd7485883ec63efcdd090fa5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253784, "uuid": "8c49090d-0f45-4323-b1ec-a1ee8bc278d4", "comment": "Malware payload (Gafgyt)", "value": "b13264ef067dfdc0b3fe800441312afefdc3c60c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253784, "uuid": "4e910c62-7698-4626-8d07-37a2e3d45522", "comment": "Malware payload (Gafgyt)", "value": "8f43a63770f8241fb4cf492aba41aa08b8fe9a24ccee6424d8d9a4e9cccd9500fe915ee30f43b314a6f418fb7621fdf4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253784, "uuid": "31b5650f-2a33-47c3-a245-3b8abbebbd85", "value": "T172E3866E3E21ABBEE16886310BF76F70C39529D636A19342E16CF7185EB124C1C5F760", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253784, "uuid": "5670010c-9954-43bf-ac1b-489cc55fa75a", "value": "1536:mVNs7K797V+nv57gbj6l6T6B6v6N6/6AePe1ebeZe5bwClA2rKQA1dXAQTI/e0hL:vY01ZkXAQT4NO9//ImlWs4zWfOodW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253784, "uuid": "7dca1100-6457-4587-afab-50ebfeff4377", "value": 152121, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253784, "uuid": "61c3e540-f164-456f-bcd4-b7d53c176c24", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253784, "uuid": "dd58045b-f5f9-4fb9-a0fd-eff23f8754cd", "value": "fe0d497afbe476a727f62dfa348b6090", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad7c932f-0f39-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1687245089, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245089, "uuid": "e60a99d4-d234-4b0b-9710-5752bb832d15", "comment": "Malware payload (Loki)", "value": "0698733d4fc9fd6f54059550dbd86211", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245089, "uuid": "0cef0bf5-1749-4214-877f-1454de1af649", "comment": "Malware payload (Loki)", "value": "b3d81043a45b2c155f866d7710200892b12a9f31472c594e664e0a83ea959f85", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245089, "uuid": "2211ac1c-4127-441a-9085-006f47161b74", "comment": "Malware payload (Loki)", "value": "2339db5cb6e4cc260913143ca606956e4f36ebe9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245089, "uuid": "fc63f55d-65ac-4da5-8fcd-8ac9b0548ea6", "comment": "Malware payload (Loki)", "value": "05610b8326637d73edea1b66ac1a9a805357101d3b9a9bfb2e831e3be0956853218ab0bdc5617ba76ca5e59b77eac94b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245089, "uuid": "22974b39-9e5a-41e7-a1a0-ed0952f1c9e0", "value": "T17064948382E23D94E9278B73AF1FC6E8764DF6508F497B6912199A6F04B11B7C1B3710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245089, "uuid": "8b82b7a6-5c83-4160-871e-7f96569e0da7", "value": "2678d64d9aab251c39f4a926feb15079", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245089, "uuid": "5a45bd86-bce5-4555-a250-d4db2c3e9efa", "value": "3072:9fztpNy2zJStXxf+mIdZBVSl/h8C+ZhXXkPRLiK3tqU:Vpfy2zJStAZdZTSl/SdhXaiP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245089, "uuid": "cd87f5ec-53d5-4e0d-b1da-eecc5284b5f9", "value": 307712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245089, "uuid": "5bffb2f8-6b29-4f07-813c-d0106037fcc3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245089, "uuid": "9096f1ad-d971-4d05-a507-78f44ce46d9d", "value": "0698733d4fc9fd6f54059550dbd86211", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "627390b5-0f3a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NetSupport)", "timestamp": 1687245392, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245392, "uuid": "0e9f1ef1-0eb0-45fa-b158-dbc307288692", "comment": "Malware payload (NetSupport)", "value": "81d53bf8b406dff2c33477f1a6225bf0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245392, "uuid": "b0bb9503-93a9-4653-b871-0619439691b1", "comment": "Malware payload (NetSupport)", "value": "b47774fb194bb804c038491ab4cba01bb457383af05f4e6b1fdf46898a182514", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245392, "uuid": "2d01b678-f732-4e07-ab60-b1ea4eac3dd8", "comment": "Malware payload (NetSupport)", "value": "5da137ae88ea96b2cdb68aacd406b79c302d6904", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245392, "uuid": "85eb36c4-58b1-43b0-8fd9-535b3fb5e8a8", "comment": "Malware payload (NetSupport)", "value": "f00f86918fb51e49748de6d07f405ea707e42ed3d8077bd6535310282671262f7971aa8d2c7a23f25a1de7942bff5941", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245392, "uuid": "18607bbe-8fce-4e69-a744-a19c8c354251", "value": "T104657E23F2C2C53FC0722A7C9D5BB699D8257D102E38A8467BE44E4C1E3974239796E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245392, "uuid": "a13bbc3b-df7d-4a18-b8fe-90ca494e7979", "value": "ad6274b75a00990cfd4f51a1d6508333", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245392, "uuid": "7b3c0de0-5de5-4686-9dde-72ed20833300", "value": "24576:KfAEcs/3crIt5qIi7OtHS1E2oTkABMxrQsAbshp:KIE1rvU7OJwr3cnbs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245392, "uuid": "f02f9e75-a668-4b19-96ed-794b88b81d2e", "value": 1454592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245392, "uuid": "0a36a267-8866-47d6-9a18-f5bc135960a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245392, "uuid": "89282819-e077-4b2a-80cb-ac9e992a2e9e", "value": "81d53bf8b406dff2c33477f1a6225bf0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f038d91c-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241765, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241765, "uuid": "eaeb51c0-eb44-4949-8ae3-077302d13fc9", "comment": "Malware payload (Amadey)", "value": "e5de7ce33ad1ed83fea6d740e0da6d1c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241765, "uuid": "bf8b2a7c-478c-4d5b-b751-608de4eb046c", "comment": "Malware payload (Amadey)", "value": "b4942d19bd47b0a2a798eed96ca6274675249524264464f7b0e16d183aaa7ca1", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241765, "uuid": "ef8612fa-9cf8-4a56-9035-ae5ee78b4004", "comment": "Malware payload (Amadey)", "value": "a52f4f6727756211f3a689ffb5471b19775e4d39", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241765, "uuid": "baeed81c-76f5-4617-925d-5e1a56de8c72", "comment": "Malware payload (Amadey)", "value": "70db6a0e7999eb7564b8097b0828d89decbd63f158db3b789af0dca988afda44da4180af9091a2ce0b6a14aa8c27c176", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241765, "uuid": "794767e8-2942-4450-8c59-23e1b9c81d99", "value": "T1A605220BBBE59133C8B963B018FB07930936BDA15978436736625D5E0DF2290B935B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241765, "uuid": "cab06a5e-5267-4d33-9eb7-700a727d73d4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241765, "uuid": "d232c533-7e71-4667-824f-dcfe5073a897", "value": "12288:tMrUy90CmYDVuKYMPWqY4on8YrJmgqJJej4EWsg8gcJUx7MpauNrewQ:dyNuKYMPhtUINgj4EWRcJUFMpTNO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241765, "uuid": "7399b161-144a-44a1-8ba4-0c58872f93fb", "value": 824832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241765, "uuid": "fcdaba2c-1c35-4493-b874-8b309606675a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241765, "uuid": "b63bd79f-cd19-457e-bf43-379371fcdd62", "value": "e5de7ce33ad1ed83fea6d740e0da6d1c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7bed294-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1687243818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243818, "uuid": "2109290d-871f-48ec-bd6c-8cc4e039a37e", "comment": "Malware payload (Fabookie)", "value": "3b0dd5112657ab5d7937e1a3221564fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243818, "uuid": "82f5b53c-dc2d-4d0f-ace2-bc372eb5f9d2", "comment": "Malware payload (Fabookie)", "value": "b620c42791da1c6bb1dbfaa062487bf85dfd9fefe18df9964e30b4e5e7055f68", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243818, "uuid": "15ca46f2-d284-4586-be04-73cfed92121b", "comment": "Malware payload (Fabookie)", "value": "3b5e39261459ce53be61eb85bae4c3c4f05c7f97", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243818, "uuid": "97f56aa8-7846-49be-8669-fbf28331ec55", "comment": "Malware payload (Fabookie)", "value": "82d6d3762e4468c76265c2ebf10bdc8119ea6237b4c157ad029c2646f7c9208e88b33b98fd2eeda9dfa534b14de2bf77", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243818, "uuid": "9b5d32be-2634-4632-ac8e-d2c0efa49733", "value": "T12D544B0392E17C65ED2A4A729E1FC6E87A1EF5708F497BB6220C9A2F45711F2E173311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243818, "uuid": "72deb8c3-eff4-454e-8b55-5f6a5cb223b9", "value": "91d43b04a4de8668c2f5f19f2f87ab90", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243818, "uuid": "d11ff972-bb93-4dcd-b8d1-55de712ad304", "value": "3072:E5o1EQElVplwv8oJLNCrLsaJ0xX1sw0NU2UTUfMemCm15avszedS:9EQgE8oyr2hWUnbcyu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243818, "uuid": "83a29d6d-6b7a-4a5c-989c-d197d37ef6b0", "value": 288256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243818, "uuid": "47415ec0-6061-4e02-a641-ab5e26a2cc85", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243818, "uuid": "e5d66107-6fc4-479c-84d0-15b41bf6cec2", "value": "3b0dd5112657ab5d7937e1a3221564fb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01bcdf63-0f9e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1687288180, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288180, "uuid": "51e8625c-f432-4b45-89ec-4ecefd38d83d", "comment": "Malware payload (NanoCore)", "value": "ef4980e4520551d402c1723432a424ea", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288180, "uuid": "a66b8881-37c8-476a-812b-f63fae9abb49", "comment": "Malware payload (NanoCore)", "value": "b68c297a7780902c0b67ee593d52271a0e5c14370f15718b6d816030bcf20e88", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288180, "uuid": "3016d0cf-75ba-4bea-b83a-905977672f29", "comment": "Malware payload (NanoCore)", "value": "6006c7f1e4f4e1c6c4f346707ebb3eded444e1e9", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288180, "uuid": "522d0365-fb38-469c-8d32-4e05b59ea7b3", "comment": "Malware payload (NanoCore)", "value": "fd13d0a646d0a7dc18752d4776dfb00b9867213c8580dd95f48b4742302a70d78c9cfc0dee2a94859cc71cfc70b86dcb", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288180, "uuid": "029cf7d8-1c1c-4806-ae52-03df61d0e8f7", "value": "T15574E089329172CFC81BCC7AC9D61C64A7A2726B072BC247749316DC8E4D6DBDF542E2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288180, "uuid": "09f94305-8ebe-4bc3-8f95-46659a3e2d64", "value": "6144:Iav/Vr+D/yp5TiciHhkzz9neBf6z4WnBohpnhWLFPZLXtZXkp+:/Vr+DMTiciiF2a6phWdzZXkp+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288180, "uuid": "68b719c8-5029-491f-8b03-164880e3de0e", "value": 356864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288180, "uuid": "48a927b9-f95f-4bf3-9265-0d6cacb61550", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288180, "uuid": "d3767ea3-dae0-4055-8fe4-7eb0de3d2806", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "347800fb-0f50-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687254764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254764, "uuid": "f2a40bed-732e-491e-bbb8-307dc105df0e", "comment": "Malware payload", "value": "0262b8204546ab726b863ddd4950c01e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254764, "uuid": "7089e1d6-8b98-4fa0-bb02-8028827992d5", "comment": "Malware payload", "value": "b6e493c92ab21d3cffc5efda72a0afcee29e817e87256ae754aecfe9a1b421ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254764, "uuid": "d47ffa56-3bc0-47ac-b4ce-f6b3d88a55f5", "comment": "Malware payload", "value": "ae985bf18df5c6e90e450b37ad905666d36ffac3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254764, "uuid": "6c76a5ff-d83e-443f-81ca-f64488257e0f", "comment": "Malware payload", "value": "bbf11ce91d3d910a1cb79478d4030bbe51a1979f166a6ddf4d54f6db0ed372c2cf862a1892ad1ea21d3c59dfdd0b5c89", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254764, "uuid": "ac5ecae6-9b70-45f1-b56c-6bee02364639", "value": "T157B54803B55948EAD299C074CE0AD132EB627C5D4BF561FB36906AD53E77AE03B39B00", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254764, "uuid": "84a0bbcc-7360-466b-9c5b-031560543eb2", "value": "f6b98e68bc486f7c7d82017e75710224", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254764, "uuid": "6081d2a9-5472-43e4-a18a-c6a1e237f855", "value": "49152:iNrKEv9I52JiHWpq96AVBJIdb5nZIFA7SJi:j2VZI6Wi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687254764, "uuid": "7e67a342-49ea-45f7-b038-aa64029e00f6", "value": 2466816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687254764, "uuid": "7b1c6d5c-3bed-4bbd-b114-9d8077b97e97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254764, "uuid": "884eb081-bb92-405b-9fbe-5a3b84437910", "value": "prime.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8434a92c-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687243731, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243731, "uuid": "be6b0323-a5af-4893-80cb-0feb229890d4", "comment": "Malware payload (AgentTesla)", "value": "8483e0df0b556eecc49c245e086e0829", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243731, "uuid": "f05d7276-79b8-4d56-90ad-fa57d86cb74d", "comment": "Malware payload (AgentTesla)", "value": "b81899f8a1fe7b9d53201e87ac76a8c2cce6d14185745b0a05c9f74e66657ea5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243731, "uuid": "a47c8daf-5210-41ba-a621-1379f7360037", "comment": "Malware payload (AgentTesla)", "value": "f69e53d2c6e455ae0dc5b60fc3c22ad967ce74a7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243731, "uuid": "09651bc0-776e-4961-8873-d080de1cc9cb", "comment": "Malware payload (AgentTesla)", "value": "49ebbfc4dba23a22e8e683cf08d932a4bbbaac1cdbf6218687e7706295d590038fcd21409d5e097ecd9b0d3e5134d04a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243731, "uuid": "1a035c12-c58d-4211-8f70-36c059fb5006", "value": "T1365423B0B66223D9A65E061C991DAEB1C883407D35574917E4BE2CEF76BF2F00BA5D08", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243731, "uuid": "e36c9a5b-353a-49f5-bc62-603a6e89c034", "value": "6144:mMW3vYo3J5B8O31XM9ymAC8UrLH5c4y1APuzhkIyzefHF6K2s0EX1NY+3uEmF:mMW3R3Jn3BMIm/LZc4y1o8guHFUBEX1M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243731, "uuid": "9eaa5ba5-446d-47e7-9011-dd83d7628b4f", "value": 292809, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243731, "uuid": "0f1d54ee-6c23-4bc7-9180-4dcc007d9e86", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243731, "uuid": "befdb2ae-d2f3-4a78-b568-42f1c4cf764c", "value": "New Order _list.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d3c226c-0f5b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259638, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259638, "uuid": "f68237d4-1bbf-4027-a630-42340c895d8a", "comment": "Malware payload (Mirai)", "value": "d60f58408f59cada09511b3f3c16add3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259638, "uuid": "d07f059c-6332-4464-8549-20ea6d549b4a", "comment": "Malware payload (Mirai)", "value": "b8fdb23950a3edd2fe2c248b99edd66da18a0cd472582a7b7548f05ec9e16338", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259638, "uuid": "9eadbb09-898f-4324-a432-af2aafbc9a8d", "comment": "Malware payload (Mirai)", "value": "8a8ac1098d2bcf2d029aaee6c3c66476e9028aa4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259638, "uuid": "c535aa61-27bf-402b-bc21-cca8a658d39f", "comment": "Malware payload (Mirai)", "value": "ebb8f968bf662b92117884a3a051175ca1b2e5c8979425253b5f0ea58acd0cbedbfee563da24d92f8cde731bb8d5435f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259638, "uuid": "72fab3a6-2ab5-400f-8bf4-9d8866c34e5c", "value": "T1DD33FA8EB8029D3CF91BE6BE54164E0DB93177C152830B2757BBFDA36C721945E02E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259638, "uuid": "24586626-0b5f-4da4-8672-35737fb5171e", "value": "768:gduPBFnHooqR8qOCKq2cH4Fje+TK806MMUVjzMfQXOtHud2oGy:r/hqaJMcjeqK806MHdMfQXoHuCy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259638, "uuid": "992698ab-f73b-41f9-b2ce-809663817db8", "value": 54932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259638, "uuid": "3e3144ae-bb0c-4f2e-a42b-962c331ef98f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259638, "uuid": "774463e6-eb3c-4452-81da-e372558286d0", "value": "d60f58408f59cada09511b3f3c16add3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a26770b-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241540, "uuid": "05f06e24-abe2-4673-83c7-191a2dcfc0aa", "comment": "Malware payload (RedLineStealer)", "value": "dfe161fae4a1507d593f2e90374aa6ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241540, "uuid": "f4786006-bd20-467d-861e-438afa2afc48", "comment": "Malware payload (RedLineStealer)", "value": "b92be3eb6eab91466fd04a15c95d18d1bfd687be287cb4796d9653cd214c9972", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241540, "uuid": "7b1a3d67-3128-4381-8394-8f77fb36e3f1", "comment": "Malware payload (RedLineStealer)", "value": "c19e5f31334ba5701dd7222cac3e63d2ec839a9e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241540, "uuid": "91693131-acad-4535-ac31-f6dfcef3cfb8", "comment": "Malware payload (RedLineStealer)", "value": "1431cd8a94866b4a5388deb8e4f8e76be6b82ef07794b8397ddb8a40850837bd600c15c055d66b03389a74eb59513df4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241540, "uuid": "95f35a38-aab6-4fc4-8b64-7e00286c56e8", "value": "T15984F88382E13D94E9278B73EF1FE6E8764DF2508F4A7B6911199A2F04B11B6C1B3750", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241540, "uuid": "b58ac696-705f-4d78-b5f3-67f997fcb780", "value": "2678d64d9aab251c39f4a926feb15079", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241540, "uuid": "994380af-9c23-44a4-a0dc-da074bde9bfe", "value": "6144:FJQvAVTSd0ui4kCki/AB+hetfGmDGTBOCm4odiHHv:0AV+Sui/sAUheVjDGTB3m4odiv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241540, "uuid": "69e33a14-e91d-4c07-8318-0cc42a683497", "value": 387584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241540, "uuid": "c157572f-a8ba-4d8a-a093-1aba05f2e562", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241540, "uuid": "add957b1-4e0c-45a6-acda-7bb20c8d4d9a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e0fe20d-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687242352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242352, "uuid": "a4deea20-4c21-434a-8b76-1fa924a42a76", "comment": "Malware payload (Formbook)", "value": "7a9ff0992737924fa5970c21c0528fad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242352, "uuid": "cfedfc87-5ea2-4680-bb10-26fea648a274", "comment": "Malware payload (Formbook)", "value": "b99b31f37ace611b585727d0eafaff46a9364b9e062dce3f9aad8e9e29dfba50", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242352, "uuid": "3dffa2c4-3e41-43ea-8761-567e2e9d5e21", "comment": "Malware payload (Formbook)", "value": "b78a9e5f1a309aaa3f83e76e7e4ec292b0fe9684", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242352, "uuid": "b79a030c-37e6-4ed1-80d9-5207db8c282c", "comment": "Malware payload (Formbook)", "value": "e2d76f5a8a544562f3349baba70728fcec72912d6fda970829a745d400963b509934f6093c53010706f4f6a3cecef948", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242352, "uuid": "04855849-2eab-4af4-a681-512ab460e227", "value": "T134F423C420B55349DA970BF1BEB23EA08795D72160F9831FB724C32EBFD16917A163A4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242352, "uuid": "f867a925-d7e7-4883-99d0-ed8da30cd2ad", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242352, "uuid": "7286f67f-fa11-4dca-9ab5-4d278fc5c737", "value": "12288:gMwRcIpPSd9yvLV+ZoNovbXWGcOxmLhL5szt+GylXZT7wv17V4Js:gMwRcIpPS7yzSyGbXRxmdL3RZ/+1D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242352, "uuid": "a0813a85-2e22-4776-afc6-58a3d73ee273", "value": 726492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242352, "uuid": "c4b97533-ea3f-48ce-a301-69a561dae22c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242352, "uuid": "240708d7-92af-4be8-bf84-588d2348420f", "value": "Ziraat Bankas\u0131 Talimatl\u0131 \u0130\u015flem Bilgisi.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7832ba22-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687242422, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242422, "uuid": "3e68fce6-4441-434b-b21c-abf31d9fee24", "comment": "Malware payload", "value": "6380d881b2233ff0c75811ca958eceb1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242422, "uuid": "2ee87c1b-4f3d-4d53-afb9-4505e8deca7d", "comment": "Malware payload", "value": "ba6a65f70698b52731cc95e0cfea58393aac19d8ac609acbd634538e3fd91f03", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242422, "uuid": "15194e91-3560-47e3-a9bd-5c6526d0d27a", "comment": "Malware payload", "value": "6b3bd1f870af90e6c2f0db12312b970a7fe1886f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242422, "uuid": "2752bbe9-b12c-45c7-8720-41f60f076363", "comment": "Malware payload", "value": "7188406c97cd61eb4ad649498a1acfa3d7290f55075fb9cc034ebf637a586767f16381155a6fd885d1bf7dc2a53580f2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242422, "uuid": "2c9d1683-09ce-4156-bb9d-f284d5ff5c16", "value": "T14215E06436B90B53E07D97F90442A63117FAAA6A743ED3194ED7F0DB2A92F400E91F13", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242422, "uuid": "6f223526-4c3e-468b-943b-62fc076bea5f", "value": "24576:0QYqtm8OqKp8+BaTwUqgYU8Fg2Ci9nJ7Ydx6iA:t+8On8+ETw88FSi9J8dx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242422, "uuid": "82a4ff5d-bb59-41f7-99cd-7c77828120e2", "value": 884236, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242422, "uuid": "a123a655-d833-4d50-bfe2-9a63903a7f33", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242422, "uuid": "be3f89ac-8171-43ac-a06d-e3a4b3e4e3d6", "value": "image001.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73035986-0f38-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687244561, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244561, "uuid": "db7242bd-6b7f-49f9-8964-980b7e270cb5", "comment": "Malware payload (GCleaner)", "value": "8e4668be8dc626cd1d83df341f46b53c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244561, "uuid": "2f0e2048-3673-4b0c-88fc-15f099a1f574", "comment": "Malware payload (GCleaner)", "value": "bacec47b2b2ffb2f8446b883726f40f312aadfd83d697b6081bd595ff49030f2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244561, "uuid": "75dd910c-7502-4e76-b5a7-d00d925d6fca", "comment": "Malware payload (GCleaner)", "value": "6cb701e1cdfdb05139f38893964e30591055f78c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244561, "uuid": "7985ec95-de71-43b6-b8b4-dc49045adf99", "comment": "Malware payload (GCleaner)", "value": "a81f5f85f48d3ef1acd6da751f2beec39ef6c6674a99e744918cfb6b957b33d57fbdd34119f17d0305dc4bd998b13b5c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244561, "uuid": "7be8c304-f437-4392-a1f4-720c3cb60de2", "value": "T1E8C523419BACE911D0AC88F9FFE133D4B124A4201ABA11EE7C7F693BF4A551D2E3B514", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244561, "uuid": "2b238f67-d95c-428f-915d-3f6e2e7dfc23", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244561, "uuid": "60123e30-e484-4f2a-8bbf-9d80539fdd74", "value": "49152:2GaggWPwuyGpmbf2iq+ISFdWcoz39XSuq23q0YS2Xiy2qPeWWXuN:faggWPwuzmbf2iq+ISOxT9iuzXRcN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687244561, "uuid": "d09e1588-b9b7-40e3-9fc6-b6a8ac4736dc", "value": 2710086, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687244561, "uuid": "8b27d8d7-4416-4511-98f7-bc45c009209a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244561, "uuid": "5bff99e1-5809-4738-adf7-505a355ffa74", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc6fb00e-0f4d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687253811, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253811, "uuid": "eb1e9075-3c37-40eb-98c0-40610cb15351", "comment": "Malware payload (Gafgyt)", "value": "f8756dd0fad7797ceb57715664349dd5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253811, "uuid": "985747fc-311f-439a-8344-481f6a2d6010", "comment": "Malware payload (Gafgyt)", "value": "bb43515cfde970424a15a5bd3205ede825621b10055f563c449ac4ab35058b82", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253811, "uuid": "85125a3a-bbdb-48cf-94f6-4ea8d08fc7fd", "comment": "Malware payload (Gafgyt)", "value": "12faa9c069d61c00b2a4d410783c7287a4b84220", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253811, "uuid": "8c60ff6f-d629-4a9c-8ee9-cf611030ade0", "comment": "Malware payload (Gafgyt)", "value": "7ab205f307265a7525af4644a7d0708f6f29fa1498e10163c5d5dbb1f56fe424aa00ad9ea89da2324d1e514cf9409349", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253811, "uuid": "dfee2f27-9175-4f3b-85d6-5f4c6387eb5a", "value": "T1B1B33B4795A89EB3C086BEB525EB59300722ED120F2F1A9621387BF4437F5CD741EBA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253811, "uuid": "06d023b3-b8bf-4bbb-a367-0d5e826d25c8", "value": "1536:Aq/W65rWXAiP5dfK4EBbkb25lyDQnAjCvB5+TjgkHmmycgYVLu1IPYC:R/vp+9C4xb2Mjs0j/HmDcgYVy1IPYC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253811, "uuid": "f010fbad-178e-4eba-bf30-4dd93d573f40", "value": 108486, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253811, "uuid": "f22d6e71-850e-431e-ba19-1cddc128d87e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253811, "uuid": "26213759-e7a4-403c-a626-a683f654d171", "value": "f8756dd0fad7797ceb57715664349dd5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2733a25-0f7d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687274357, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687274357, "uuid": "a23da302-1400-4b5f-9592-74d44213a43a", "comment": "Malware payload (Amadey)", "value": "97bd4e043c14bc4cbbca80ace4c1eda2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687274357, "uuid": "03b4825f-c922-4914-9d98-b4d242758994", "comment": "Malware payload (Amadey)", "value": "bb6b4ecd843e5233121f8aa1ef6b2c8433d1536dc3cbaabdcd0ecd23a4ba80ae", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687274357, "uuid": "b487d6c1-d0e3-44e5-babb-ffc33ee4c9e4", "comment": "Malware payload (Amadey)", "value": "d4c648fd8c2b20abbe61785cf96423b3b5da6a67", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687274357, "uuid": "cb8ef87a-6a75-4fb1-bcd2-b66988d89012", "comment": "Malware payload (Amadey)", "value": "9e4143dc364936c358de975aa388d82e89c1365c39ac9eab50340dac7a2be3622f9ab5121c023fd3aeebdc97aad1f6ce", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687274357, "uuid": "13c75a71-d73e-4376-b791-60d991106926", "value": "T17615020171C18473E06329739BF9996A9A3EB9B107D592DB63E49D5ECF30EC0F670911", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687274357, "uuid": "fc279ab8-2976-4cda-80aa-cd24b3fea4b1", "value": "9af3e93e35221a2c8c04a3cc05e589b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687274357, "uuid": "e59b9508-e1b5-4c73-9886-c5d8a4cb2bce", "value": "12288:ztdXu1RA/Ngg/wAph9WHxzn+CsXO4RSmtmdGEakiM0cQgaa9vEBMHQOwhG+pjrC:n//N1WyXBHt69ecpf9vyOmTC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687274357, "uuid": "5d7a5e6e-472e-4db0-8116-8931428ac136", "value": 913408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687274357, "uuid": "e718789a-6470-488b-83e3-8fa23f32fb56", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687274357, "uuid": "81cdf8c3-0a19-4ae5-a732-d209b5c21b49", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc21fba7-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1687243852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243852, "uuid": "7b3aa51f-d36c-45b8-bd78-8f07749d1b6b", "comment": "Malware payload (Rhadamanthys)", "value": "ee1a7366583000add321abdd79949f01", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243852, "uuid": "a593edb1-452b-46a6-bad9-a9a5ab548ac8", "comment": "Malware payload (Rhadamanthys)", "value": "bc1e4e6dd1eec20e8b6685d7e844a0ad045c0700210ef40f451e51dd9fa00910", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243852, "uuid": "ae1c4a95-2386-4d26-96c7-0c51cfbae213", "comment": "Malware payload (Rhadamanthys)", "value": "db9201bf7bb4345670b1aaf0b89937099f8bb1e6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243852, "uuid": "d4f6b664-b199-425e-a729-78e1fa12cbf0", "comment": "Malware payload (Rhadamanthys)", "value": "8dd437b3413b4f22f60e21d14a655b9df8456ec97c758d72656e2c83c59e8e70676e9cbb399268efe63f41639086b741", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243852, "uuid": "c9173b00-56fe-4a33-b265-b23907db85b9", "value": "T180A4E12362A07C70D52F9772CE3EC6E47A9EF6504F5A3BAE12385B1F15B11A1C6B2314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243852, "uuid": "b8f4130a-9f2b-45a3-96f1-c9fde9f21f9a", "value": "9b2989d99e2629f49acf09b8f648e077", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243852, "uuid": "e1703f45-9960-45fd-a741-b6d10c43f5e6", "value": "12288:avBo236cRReRKARDf6U0m7e5J1NezYneTIR7q6wNvJ:aJ3XReRZfH0m7e5J7STIRO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243852, "uuid": "33564cda-13af-441a-8a78-628066f6090e", "value": 449024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243852, "uuid": "c37323d1-3e0f-407b-8eaf-6abefcd8a8ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243852, "uuid": "daf6df46-992e-40eb-88c2-034fa5c8006a", "value": "ee1a7366583000add321abdd79949f01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3982c33d-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241458, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241458, "uuid": "1fa1f290-a53e-4f67-b93b-3583990b2bf8", "comment": "Malware payload (Amadey)", "value": "d4f8440cda8e95479c9661a9e3e04a36", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241458, "uuid": "11f454e2-3f0b-45f9-b5b8-85c2c99aea0b", "comment": "Malware payload (Amadey)", "value": "bc800d3ff305ac703bafc39f8e4613905b5fc4e95b8bacfb5625ca01117a6ee0", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241458, "uuid": "1fd91f43-632b-4273-969e-98b4a32bf55a", "comment": "Malware payload (Amadey)", "value": "70acc70e9404c11c7e3244fab02618f6594a9c20", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241458, "uuid": "2456637d-5ec1-455a-9433-4ed797209b07", "comment": "Malware payload (Amadey)", "value": "134045042c97754460cea9b9af5ec885ba9c97dc2653848ab5f178af4a988b449176857d0a187e6b6ac8638009bffa46", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241458, "uuid": "1f80d198-5974-422b-852a-ca2a6186daf8", "value": "T1BAF41280F0C4B274C9714532A86EB982B92DF8C14E70DC5F3F98335D8A726D4B5B56AE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241458, "uuid": "ffc9c304-c4a3-4460-a996-0087893eef1b", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241458, "uuid": "56c54e84-ca6d-436e-b3b0-eea338e35a09", "value": "12288:94bPxR9v7fWlu+T/FoSL6h0UW7os23q1b9qOx0x4KFOjKJ2cYvSacrwP:9+RJ7fIuYTw2C3q1Cjv4cUS3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241458, "uuid": "cddd94b7-0e79-44e9-a045-22791a9cc5e7", "value": 760832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241458, "uuid": "fa2cad7d-e936-455f-91c0-dc88c2be6609", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241458, "uuid": "c9060c38-be22-4922-b6b2-cfef8f68516a", "value": "d4f8440cda8e95479c9661a9e3e04a36.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "176a0b30-0f85-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1687277479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277479, "uuid": "c88a535c-49a0-4799-9319-bbe1a377638e", "comment": "Malware payload (Fabookie)", "value": "f8348380aac1da647d5337999e2d6ef7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277479, "uuid": "92171d69-599b-496a-93ab-1c47e8ce68ce", "comment": "Malware payload (Fabookie)", "value": "bceba3b1d8dd231a77a017f46c807b30e50e1244f29628e09be6518598b1fb8f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277479, "uuid": "fb5b5c01-8bcf-40ae-bfab-dd1782a770e6", "comment": "Malware payload (Fabookie)", "value": "677351bac9cc59e5862274476b37cd8195c3bc3d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277479, "uuid": "0ed2480f-f51f-481b-ac00-d8f212b5b53e", "comment": "Malware payload (Fabookie)", "value": "b847cee31591080607d8cfcc8110cca16226e165aa36c39d4706c66d21088d08109154e345c083a5e8c1d001b0632fcb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277479, "uuid": "75b75159-4f24-403e-a081-b2af89174661", "value": "T1C4949EE1E34040E5D477C2B982774B62E7F27C285B214ADF4659B7292F337D28936A0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277479, "uuid": "aa6bc650-e70b-4d87-96e2-4d8fd27890a9", "value": "d1884757532ce7b0014241f40262c929", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277479, "uuid": "06702578-3920-470f-83a7-c0934c862b07", "value": "6144:ul073J3gQx1K46tV9rSDWso3T+cbJ5JIJAbW0we3:z3JwQHKjT25oCIJ5MZ0w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687277479, "uuid": "a570a720-152c-4dac-8b45-2873de7036c7", "value": 431104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687277479, "uuid": "c6b84a8c-06ac-4313-9761-0cebe0359970", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277479, "uuid": "736cd850-b101-42b3-9513-e6155acc4232", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9dd8234-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242533, "uuid": "e9959eb5-ed07-4255-aa49-e91990d264f7", "comment": "Malware payload (AgentTesla)", "value": "f854f0ad193871bb466c3d18eda56ade", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242533, "uuid": "1b791e8f-6712-4198-95f5-abc98bda9367", "comment": "Malware payload (AgentTesla)", "value": "be004de0059bfbb7e583cd7c0e3968f90e4ed273cf9bfb7c7179aa45d56461d6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242533, "uuid": "76d82a7d-7216-4cb2-82b6-6caf2b7fbe7d", "comment": "Malware payload (AgentTesla)", "value": "76f63e072e0dc22c01b5bb4410886c64cdddf0d3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242533, "uuid": "d9d4c552-b248-4775-be65-cb209983c274", "comment": "Malware payload (AgentTesla)", "value": "deece3c5e3b757818e478a345ab3256b316539db44fced07a60a698bc555fc78d50685f3ab57de898ae1345df4a43bef", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242533, "uuid": "92c6a6a8-6c85-42d8-ad26-7d3a75acd704", "value": "T1ECE490917F9F01A4E6137A8B4BDE71F80B8F7652873BD1583008060E2BD7E869495FB6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242533, "uuid": "5ccefcc2-9efe-4019-b5d1-d6b44aca6502", "value": "3072:9gYcpl+og0S7GvXlKZVUy70gUkqUcWsgQAZqem:GvXlKZVUy70jrgQAZqZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242533, "uuid": "8275ad7b-92f1-4d1f-914b-e469c6939aeb", "value": 677010, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242533, "uuid": "c6cd7c70-bf41-4630-aa5e-c4db78a84e2b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242533, "uuid": "c1787a88-a9c9-43e3-a544-daa24bea37ec", "value": "jboy.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8550c12-0f7c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687273883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687273883, "uuid": "70a7a78a-53ef-4a03-9df6-9507a8bcf557", "comment": "Malware payload (Formbook)", "value": "1459b480de2b67f1844e3d7e99126661", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687273883, "uuid": "4aab1a2a-e25b-4f6e-b5c2-b79c73b27be1", "comment": "Malware payload (Formbook)", "value": "be0791f3e56382436345ae0413249be5e66c0a593afc1c83ab57d8bbae61d4ba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687273883, "uuid": "de9a129c-6113-4743-8828-7db81f1c7bb7", "comment": "Malware payload (Formbook)", "value": "427c7a288203db6588693775268249372f63b763", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687273883, "uuid": "28fb4b92-24ff-43f1-8bf0-ac86d5d5e7bc", "comment": "Malware payload (Formbook)", "value": "27f120c0129c7a091790a083c7a46c3fe6b31761d203be7f2652c2170a6d62f8a0f53dce35da0af6550f1b5fff73c0c8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687273883, "uuid": "934e5a6c-0253-4396-a0d5-aa330c883288", "value": "T1175412052F9E80E7EC7302B21D7D536A9FFF9A5921F42B0FA394874D3EA5111641B3A1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687273883, "uuid": "bf1ab4e2-ed1d-455a-ba9d-98b66ec78abe", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687273883, "uuid": "c40f2035-e8a7-4305-ba43-b14b5095f794", "value": "6144:vYa62EkhOoD8bEd83T64m5h453ctZG3DGe:vYoAoH8j64m5x6Ge", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687273883, "uuid": "9056c9cc-339e-42a8-8938-404c1b13eeb4", "value": 279270, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687273883, "uuid": "ca4029b3-6fe2-4fc6-90da-90e2c86c83f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687273883, "uuid": "67af9a99-95fb-42ce-bb12-f164ad0cfbb7", "value": "p9810020232007.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "549415a3-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687241074, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241074, "uuid": "606ad8dd-3fcf-4bf0-9432-bd96e271c3af", "comment": "Malware payload (AgentTesla)", "value": "161c1fe47e4fdc0d073b7004459fdf2e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241074, "uuid": "a81014dc-ff24-459c-9e38-63effa66a25e", "comment": "Malware payload (AgentTesla)", "value": "bed100fe519daaadec879d745b79eb066671d072e4934f00d7078a177b6e8ac6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241074, "uuid": "ad5ff456-71ea-403c-afe2-e1182a2427c8", "comment": "Malware payload (AgentTesla)", "value": "8935958dd3f7c2530cd1ee390044ff486e8aee92", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241074, "uuid": "e039376b-f368-47af-8e30-4327425e1a5f", "comment": "Malware payload (AgentTesla)", "value": "e3f89a63c8f869c917e215da1b9f9a0051832c7e8135f5ae1a2ee6b90d1b5d93667844f788a65b8903b425aad5b26e81", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241074, "uuid": "cedc287d-a61c-4047-be24-691c8c2e0d90", "value": "T1C86412602929C46BD1A20E33283582962BB4EE3111F55F4F9754AFCE76A7783E90E713", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241074, "uuid": "a992f197-f5af-4fc8-9b85-a31b897381e3", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241074, "uuid": "e0009ad9-748d-41e6-8053-ae9db8bb2f57", "value": "6144:/Ya6/gia2kmLT8c0E/9RPH4gIUEnZidV+NVA71lFRNWcYNj96JI8aNtzen:/YdVDLTu2H43f4cUzix96J0/e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241074, "uuid": "4380cc19-5f24-46d6-84bf-ccf3f945edf8", "value": 308625, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241074, "uuid": "3cdc28c1-53cb-4a10-8c75-d63a095781f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241074, "uuid": "0cb11874-b0ca-41e7-ae65-aae8c5b93d1d", "value": "PAMENT COPY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ec11f2e-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242433, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242433, "uuid": "9bdb46a0-0741-4b4f-a571-1653810540b3", "comment": "Malware payload (AgentTesla)", "value": "bc8a66620e6f6f549beffd0cbbc3b722", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242433, "uuid": "1bc0baa5-551a-40ff-bda9-cd828553c616", "comment": "Malware payload (AgentTesla)", "value": "beeb040b9ea080d5d326ecfdd0429cd872ce09138c70eb2975433f3f9878adf5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242433, "uuid": "daf6101c-437f-40a9-b278-2105ddfdeb8c", "comment": "Malware payload (AgentTesla)", "value": "fbc50b4fd607799ecbac04ec09b3a0cd69a8df46", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242433, "uuid": "d8dd4e8c-a28f-456a-a728-aa66dfe2bae3", "comment": "Malware payload (AgentTesla)", "value": "c4a884be8d6cf71007cd71ee13da1a1a997aabe6493147a90b5ff285f44d2990b016cb4cc1bc40a6cc88255a20bed20c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242433, "uuid": "f5ae9fd0-f998-44c1-9e06-9012b6f78c1e", "value": "T17215E0203AB80F57D47D97F90151A23117FA9A6A783ED3584ED3B0DB2A62F410E92F17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242433, "uuid": "bb6faad2-7482-4ca1-b895-903dec20352d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242433, "uuid": "b22602fe-ace1-4a07-bf17-e220cedb437a", "value": "12288:+NcHCYtYq7J3At5iHOq+ZQkGHp9Q8rCAZdw16xw+oSdIkgOZa0Umidcs:qQYqtm8OqKUQ8rJySdIx1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242433, "uuid": "1a331369-e48b-4323-b488-f731623e76e3", "value": 896000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242433, "uuid": "187809b8-0235-422b-9266-605019d8a62c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242433, "uuid": "a9ee330b-5911-4a87-ae4b-74fc565baad3", "value": "Swift copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6da41959-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687243693, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243693, "uuid": "89307b91-e45e-4cc8-a920-fee9c307dccd", "comment": "Malware payload (GCleaner)", "value": "fbc5ff187eba86a2d5ebd318c6200e49", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243693, "uuid": "3cccf38d-7a64-4e6d-9bb1-1572127cf9a4", "comment": "Malware payload (GCleaner)", "value": "c0010d5a880d6a43d9c12023caaf380dc686179791be6ceaae0fa0075f86a294", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243693, "uuid": "ab87eb38-76ff-4d54-a69a-b95814624b1b", "comment": "Malware payload (GCleaner)", "value": "5777ba4e01e9511185db1478b231e9d875fd6e86", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243693, "uuid": "efc71117-4495-4f50-87e5-a6c7a755e47a", "comment": "Malware payload (GCleaner)", "value": "6181d9b813a75aa45ea560d2d51daa126f46a102972f581d087f4d5479c657c1c1c81a56117fe1b39ccb0a590757d89d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243693, "uuid": "aa7647bd-04a9-4fbc-bca1-49f72e1cd605", "value": "T16264CF2366907C30D92E9A73CE2EC6E4769EF9508F197BA722385F1F09B11B1C1B2355", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243693, "uuid": "5a94c1ac-be64-4f67-b25c-9b87535a43a6", "value": "c1947b9846baf229e0c776cadd6d408b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243693, "uuid": "0aff4056-e2cf-4731-a747-526523372f47", "value": "6144:LJjyVOd1upxO7H+iL0tM6f1MwXNYZ7IQjgOGgNYPsFWp:L5Pdsme1tNJ98BcPqK9p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243693, "uuid": "7abb3f5b-11e3-4512-bcd5-6a3430db38d0", "value": 316416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243693, "uuid": "88e38b32-f57c-4a1a-b61b-e6dfa535b3e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243693, "uuid": "3b9c4465-c6fd-4140-a9e5-ffab1f08ea68", "value": "fbc5ff187eba86a2d5ebd318c6200e49.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f92bc43c-0f53-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687256383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256383, "uuid": "87d97524-1576-4e3a-87b1-a0997f082ebc", "comment": "Malware payload (Mirai)", "value": "8ad4b0e3dd0aaf8a2dfb96073151f933", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256383, "uuid": "0ea8e0d8-8ee4-4029-82a0-a78d0f40624a", "comment": "Malware payload (Mirai)", "value": "c1374d3e77fc38c7d44d16df6a384beabfd81e1016675f92d1227ab2c20e19f9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256383, "uuid": "9b749a3b-ddf5-41c9-bda6-0511a58aa890", "comment": "Malware payload (Mirai)", "value": "18c6dc4319e073ee38823e118bfb876133651d38", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256383, "uuid": "80df7818-a7d5-4a38-80c9-752bc3af1bb2", "comment": "Malware payload (Mirai)", "value": "d374787c11d7e06e8bef2688e139d304a6daf7f2db881c6a04047df9b4a44ec3d098fafa699a01bef062d3150ef4d195", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256383, "uuid": "a3888a57-7507-4395-a33e-154420c7cd13", "value": "T183C36BB7D8756F68C264D2B4B0B09FB91B53A91081475FBA19B7C2B98083DCDF6053B8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256383, "uuid": "c9a571e2-6237-468d-afe7-5abc4ab481c9", "value": "1536:Za2SoXfA9Shm4pk4+TdCDgKJ5tQOXzMfEkljWD2RdrpgnxTHNv/FDv:ZyomynphMdSnJlzMZVWDAdrKnJHJ/FD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256383, "uuid": "df6dfc05-74bf-4d5a-9bff-68ed9e23f0d4", "value": 121664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256383, "uuid": "6e15e733-b4c0-451c-ac7c-c56972337789", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256383, "uuid": "9da6393b-838b-4de2-8ce0-9839e6df01bb", "value": "8ad4b0e3dd0aaf8a2dfb96073151f933", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f22ff868-0f4c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687253365, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253365, "uuid": "1679ecb3-003a-4891-bfa3-367138ad58f2", "comment": "Malware payload (RedLineStealer)", "value": "f15744cbc92fda60a54defa6614361d4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253365, "uuid": "e7a35073-d2a8-4071-bc41-3f6739792abe", "comment": "Malware payload (RedLineStealer)", "value": "c1d3a36f65ebc4f851e50bc11043dce80d6ece7652680a78c192676c8f9a71f7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253365, "uuid": "dc830705-04c1-43cc-9f00-f160502d16ca", "comment": "Malware payload (RedLineStealer)", "value": "dac17ec395ac0b1b145119f09ad9c5a745a6f475", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253365, "uuid": "04ef4c3b-bf49-45fe-8620-734ea05fbb79", "comment": "Malware payload (RedLineStealer)", "value": "120fa15e8b5dd434d7f812c0710cc24ab2e8bbb83b7e58af0c8b8f60fd78e924749f7748312bec8e63ebf5956df8183e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253365, "uuid": "5c715847-d87f-4cff-8df0-9805ba11dd59", "value": "T162E41280B4D4B171DC310832E96AA9837D6DF8A48E64CCAF7B44332E4BB65D0B9F551E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253365, "uuid": "2a60d7a8-fe18-4f83-9de4-87888a750fd5", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253365, "uuid": "38d20ab1-8d55-4e24-b369-c6062fcead8c", "value": "12288:x+wuRLv7fWlu+T/1Avg9E/Nw+fumo8OAtLescCD/wBVmHTnnRByE3+e/FlRw2:wRT7fIuSAEETmmo8RescIYBVmHTRUi+h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253365, "uuid": "9e9a4c5c-8591-42f4-8b54-ac71f61ccad4", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253365, "uuid": "49937c0d-5c36-4905-832c-9ef3d24a23be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253365, "uuid": "b95d7a2b-90dc-4553-95fe-7c97695b670e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c4973f8-0f3c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687246161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246161, "uuid": "48c625c5-026c-4eac-8769-e489dcabc869", "comment": "Malware payload (AgentTesla)", "value": "2f57f63f9a158deea4ad433c9da8b743", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246161, "uuid": "42b3fea8-91a1-4f7a-9458-712822445c01", "comment": "Malware payload (AgentTesla)", "value": "c27a4d017b1886d697758f747979b46b1f2d6012ba043869d56b07afab0c88c9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246161, "uuid": "aac4d190-09a0-45b2-b281-817c8506dbb5", "comment": "Malware payload (AgentTesla)", "value": "3551044a88b6d08d6712c0e55935503933f2f34d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246161, "uuid": "1ef51816-6315-4330-a0c7-350cd84eda8e", "comment": "Malware payload (AgentTesla)", "value": "c8a544f5978692e3e03aaf9a7c1263b29d3b0ad9e5e4f570e4a0e794d08461f9a66e76b074b9b86157f455f28584f369", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246161, "uuid": "1399263c-dd8f-4c64-89db-d4b1efde5ed3", "value": "T1B4F412249A87832BD12B1B749460F3B5827D9EDA7722C69B4DCBBCD77E517CC123420A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246161, "uuid": "3599450c-29c7-4688-afae-b9eb4237c811", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246161, "uuid": "73572b6a-2b2a-4a2d-aca9-7517c4c55069", "value": "12288:qb903YTpuPM7q6bpw4dcZda/igJFyUNI4sruMgWGBDMJuU3eWY4Oed0PtEJi5VcF:qb903Y7zu4CZdO+Bru3tUzH+6+qSalMx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687246161, "uuid": "7402b40c-91db-4432-b941-ab36206e05f9", "value": 746496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687246161, "uuid": "96c5ccf2-eee8-4cfd-b80c-b78c4db02916", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246161, "uuid": "fd00c7fd-9247-4f83-a48a-143c8dc4919b", "value": "RFQ #62023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "042e54d7-0f64-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687263273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263273, "uuid": "aff6dbee-3604-4a26-82ae-685b01189538", "comment": "Malware payload", "value": "cbeaa3d2e6f579fad643ede508cba24d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263273, "uuid": "a9930c9a-0efe-47f0-a873-dddf70404904", "comment": "Malware payload", "value": "c344f8d8a14c8809182f7bc2185527bf968de72962c9fc0b78035764a9423e4f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263273, "uuid": "752d2617-b63f-4c6e-ba4b-4b62659c5fb8", "comment": "Malware payload", "value": "45bace6464b9c6874b7fc381e9b56ab4a1246a96", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263273, "uuid": "76718914-2efd-4993-aabc-271c0581f0e4", "comment": "Malware payload", "value": "b76773792faddea0fac181a4252f4f049e369ff7bf7788ac34a03d4c99a5b54d41dff90587a89209e8555155b33e1b9d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263273, "uuid": "1fec2179-ae37-480c-b7bd-fd1c85ab549a", "value": "T1AF05BD0542B70A0BE27BA3F8550462F5E7B8A21AB033DA474E97F0DEFED5F4A084554B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263273, "uuid": "97ddb311-6601-46b8-ada1-df6e14181c20", "value": "12288:A2qlOttPM7q6bn6bn6bn6bn6bn6bn6bn6bn6bn6bn6bn6bn6bn6bn6bn6bn6bn6x:dQz222222222222222222m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687263273, "uuid": "616527e6-930d-4bfc-acfb-1c01421dfbe2", "value": 851968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687263273, "uuid": "a138bdfc-7491-4c92-825d-0ef2a37b5be0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263273, "uuid": "8aee88e8-656c-4d45-b06f-36dbeab79663", "value": "export trucking instructions.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19dd4f16-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687268463, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268463, "uuid": "ddf613cc-802d-4666-9749-4c542a61e83c", "comment": "Malware payload (AgentTesla)", "value": "f0a2bcb6625fc9809e39e2db961bc129", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268463, "uuid": "561cc9f1-bbfe-4889-8d3f-68d6a451e584", "comment": "Malware payload (AgentTesla)", "value": "c4601cad0efe4bededd885b43f5dda120088b79d33b8ea317697e4a72ce637eb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268463, "uuid": "095f98a9-52c3-45cf-b474-cb7fb5921669", "comment": "Malware payload (AgentTesla)", "value": "d01bc15fed4917b008c55cf2afbcb65dc21482cb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268463, "uuid": "fecb9703-e088-42df-9304-8b23f6f86c02", "comment": "Malware payload (AgentTesla)", "value": "f6e69dade3e90a11231dbb0eaed649e56841b9d3b836ffcb8b9cdf0ebd83599dc34128f1fb1a821b4de6bc42451c0a8a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268463, "uuid": "54f70c4b-4efe-40a4-ad73-b989a369b766", "value": "T1CA05F10122B84F57D13E8BFD1461227083F8A65B701ED74ACEC7B4CE5FA6F82065AA17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268463, "uuid": "dbb0eeec-6ec8-42c9-a6c4-c0a283f82d9b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268463, "uuid": "84ad6a66-1d9e-4ef3-81ff-3e9cd4a544ba", "value": "12288:C2ql5XcPM7q6bpw4dcZda/igljtRcxwFkJb9AfqaaJXy9sFxTj3mfIOY8ET7drNV:anzu4CZdOFtRcxavpkxPmfInxN8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268463, "uuid": "107ab286-2194-4110-a86a-cd0c481fd90c", "value": 851968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268463, "uuid": "200b0c21-9b5e-4b13-98a8-3d8a0eb9aa7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268463, "uuid": "8f21f9dc-99bb-4da6-a409-ed02cd923a20", "value": "LC COPY 8311.30.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16db6a13-0f70-11ee-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1687268458, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268458, "uuid": "7dbd30eb-7efb-48ae-894b-d8c5e0f5a033", "comment": "Malware payload (SnakeKeylogger)", "value": "b1e44f92fbc1b7f84f1ba9698b3b107a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268458, "uuid": "dda55563-1a62-4150-9b69-82d5ceaf3e4d", "comment": "Malware payload (SnakeKeylogger)", "value": "c4c920d6d5d253db092a28210596c60b4377224251c3d14c4558a54346a71b75", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268458, "uuid": "ebddcc3c-8468-48c2-9725-5c5ac3b5376a", "comment": "Malware payload (SnakeKeylogger)", "value": "db7f4512cb399bcd97dd4eff0d0fae3d1dec7cc2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268458, "uuid": "2e4402d3-2c26-41f7-96ed-ea6e028a78bc", "comment": "Malware payload (SnakeKeylogger)", "value": "eff8a2707154b8d085fc612f0e0674f3d6d2b31023515f9fb0082fb50b4f93209f680c8afcc51732f79a04644b1d7c3c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268458, "uuid": "805ad096-34aa-4bcf-9366-b33d7670dac3", "value": "T1FEF4F12822AA9B0EC4BA7BFC9C15673583F9AD463073E3460FD334EA9D75B1448D1993", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268458, "uuid": "f6ee2aa7-98e9-4912-b957-c21368298bd9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268458, "uuid": "67cea8cc-7f1e-4499-b280-6deb28941000", "value": "12288:2Ou52iNoOe42KMu/N3mWhQmwmJCMpU3KKk6AidAwWOvfy+HNF/OybgcCVYxYZ:hc1mOV/NOaqFkAdXrfy+HNF/OyUcuYxO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268458, "uuid": "5a0abe08-9dfa-4853-85a7-99913e39fe52", "value": 783872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268458, "uuid": "31f5187c-5e89-452a-b8d5-b8aa7ffca000", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268458, "uuid": "0120f0cf-8acb-4aaa-9e0c-2b3a9b0c063b", "value": "b1e44f92fbc1b7f84f1ba9698b3b107a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2ca0648-0f5b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259674, "uuid": "7610190a-2145-48a7-b8ab-f45bbfd1f2ed", "comment": "Malware payload (Mirai)", "value": "581ca648ce97cbe87d9ebc964f7cb45a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259674, "uuid": "1b0661e5-88bf-44c3-b886-33946e7a4b13", "comment": "Malware payload (Mirai)", "value": "c4e6a0245e919ffc4a15a86a52df4dc0cc90f2d8586e5bf410c46e39a183a881", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259674, "uuid": "3300bdc5-f0db-4eca-9cc4-fa513377c3f3", "comment": "Malware payload (Mirai)", "value": "65f0a60f50ca08fc83ff86ff356b2fd0836b8921", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259674, "uuid": "e5ba295e-ca4a-472b-a1eb-21cdec9d97a2", "comment": "Malware payload (Mirai)", "value": "da555fd8ae6176819b4ff76fbbd7e15022b58f8e3299377d4cbd535070c7d2a92c618cd900e503b99a06e2c62a940389", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259674, "uuid": "f56c5dec-4775-4e1e-93a4-de3469a929a5", "value": "T10CF3A53E7A21AF7EE168827107F39F70CF9529D326A19341E26CF6185E7128D0C9EB54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259674, "uuid": "ae48aafa-6f44-4980-a3c2-dca9724e26d6", "value": "3072:B7esBFP23rWfOB7ZOOyGVWKmrThPaLEne7rNb:1euCloGVrmrThPaLEne7rNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259674, "uuid": "91b00a1a-1473-48e4-a702-881bc5dbfcbd", "value": 159493, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259674, "uuid": "23419bfa-2a1d-48a6-b670-5036c83c5974", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259674, "uuid": "5d35ca7b-e398-491c-8f2f-ce84e76d99a7", "value": "581ca648ce97cbe87d9ebc964f7cb45a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6de21b1-0faf-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687295893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687295893, "uuid": "5101f892-e530-4aca-8c04-9a880cb9a4b5", "comment": "Malware payload", "value": "5ba8625aa5df8c7c12ece40636ddb4fd", "object_relation": "md5", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687295893, "uuid": "369aab4c-f2b0-4d46-9be9-3fd543b4d8cc", "comment": "Malware payload", "value": "c5cd3276132b18767bba52cd1fd7b74f2e1c75cfc831059f8a8aeed20879f483", "object_relation": "sha256", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687295893, "uuid": "ce499c67-44ff-4ab9-95c1-2a08ebda86ac", "comment": "Malware payload", "value": "36935f44e61e6ef1d7fffc09f959b0c700cdfc90", "object_relation": "sha1", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687295893, "uuid": "f7ab1dbb-feee-4c5d-83f5-af9616a23d7e", "comment": "Malware payload", "value": "e5377e39d46bdaa99cd163928a6ead2e9b3690a0ff5cab5fe40a27d7dd2a10a832346b49a9f40d4edfafd2f667241a58", "object_relation": "sha3-384", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687295893, "uuid": "6f689b4c-6a99-4e77-9d88-e1c65d40ea1f", "value": "T1E111DDF66B1E5012C9B1CB521D47A25ECF7041A298C40A05F8FE4E30EE3A127935EACD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687295893, "uuid": "4aa0ed95-9394-46e5-857a-a4c05ca6e69f", "value": "24:DOVtyCinixUkY/MnsFTxnswvpdPNuR71q2z8JAh/:DOVtyCinix0/MnsFXFMqcr/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687295893, "uuid": "a2cc8d7c-6aa6-4a2d-8659-03a762cf6c2f", "value": 1063, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687295893, "uuid": "0c1abca7-1811-49e7-9b53-e86a4afab428", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687295893, "uuid": "ec17567a-89fa-4297-8e19-fcb482e0b4b4", "value": "fM5J5F94.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc072f21-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1687240845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240845, "uuid": "9cf6de77-33f1-4b9a-bcab-c690db19b563", "comment": "Malware payload (AveMariaRAT)", "value": "6062526a68e490c593686329e2c1464e", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240845, "uuid": "d672ac23-0a89-48be-89c4-0de8020318de", "comment": "Malware payload (AveMariaRAT)", "value": "c7702da37e2057f2da641129eed6e1bf3a798a56fca6329e0f417499e1839809", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240845, "uuid": "b8d7eb9e-05f6-4c27-a176-8de5360318e8", "comment": "Malware payload (AveMariaRAT)", "value": "10b01c76377cab27c35715f2678c30a8c01c33eb", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240845, "uuid": "e9292420-1d1e-47c5-808f-67d50a6b690c", "comment": "Malware payload (AveMariaRAT)", "value": "9f91055d075d1d8dbe713716bfe3b669438e41e0eb2e643a668f1ba36a7a4425342b47ef9e899f59685bbd7219fcd3f5", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240845, "uuid": "0f805e88-df6f-43dc-a67a-a4477b3407fe", "value": "T1F0A5332578843661F58FA4F9C1BC2BB7F76E322080E74440F1115F2B6DC6A7628BA9F5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240845, "uuid": "38ac58ea-8104-4bd4-9eb9-15eafee07874", "value": "49152:t5PoRpoCDhidK3KbMHg+oh/CKcHTehP3YW7neAl4jMZOe:fQpDhiUHTkCkYWKAKQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240845, "uuid": "897b0747-66e8-476f-9e28-c825a91d2aa4", "value": 2066280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240845, "uuid": "d404f3ec-f591-4a43-a8d3-c9fc932a6503", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240845, "uuid": "d4c922fa-812a-4242-af50-23313f33e5c5", "value": "Purchase Order 25539.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06e36ef0-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687243091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243091, "uuid": "065fca6c-3ee8-4515-900d-ec468613c0cb", "comment": "Malware payload (AgentTesla)", "value": "a05ec7b6cb4921b79fb8c611d4ebba6c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243091, "uuid": "da092d4c-5821-49f9-bdcb-3a1c648bd6f8", "comment": "Malware payload (AgentTesla)", "value": "c7cd4da785e29a576a4c2ad7bb29adf302aafac6ec61a769f5b97e1b81a50f84", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243091, "uuid": "32deda46-fb74-430d-905b-58519e4409e3", "comment": "Malware payload (AgentTesla)", "value": "31d9f182c910da61058afa97dcd4abcc0e3c28ad", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243091, "uuid": "041360d3-84f0-4792-85fd-b33ea44fcf29", "comment": "Malware payload (AgentTesla)", "value": "6374f5d20b557311bd2820c5308cccd8dabdf2cb618035c51422a749c1dbf9b53c1117b142b7f2fa53a1a653b94c2c6d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243091, "uuid": "d9668459-8408-46b7-adf9-4c6462f70047", "value": "T16062AEB44A685A6AC3E360F454E16423E7D8FF3FD2953186AE20C3C59C751EE9740BA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243091, "uuid": "4c8f6dcb-c69a-4ae8-b184-ea1be889edd9", "value": "384:pyX0pJBWSqNXVJfYelHZhW3vbuJY9TXE2wvLQ:pc01x8zQehZY3koT0XM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243091, "uuid": "58bb1c3a-4ae0-498a-90fd-c73d932d7777", "value": 15548, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243091, "uuid": "e2c1610f-e97a-451c-89ef-c07277f55930", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243091, "uuid": "5bff552c-0102-4bec-bd14-0704fe8fdf64", "value": "New order.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2da208f-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687242521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242521, "uuid": "a60a4831-9ee9-49b9-85d0-f3fd7013f1e9", "comment": "Malware payload", "value": "86ca1336cd9a043b115ce410fe13d876", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242521, "uuid": "97079f02-0e7c-4940-9bd6-1f7803e30537", "comment": "Malware payload", "value": "c8230f67378339f05f43c15b0dad95528ec20fc61abf722cf79c2def5d4bfd61", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242521, "uuid": "e715398f-f2af-44ba-a5a2-f754c7a31760", "comment": "Malware payload", "value": "66af431687a06e39e16bcc324a33b3d6e0e0f64c", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242521, "uuid": "450fa6b3-a59f-4a17-a5c6-0fcf4220379f", "comment": "Malware payload", "value": "34ff2135c8c8ef75fbd53d7b38c6819c8b4309940e94d89acad8f8f5ceed141913e788eb67ee8a72553ef5412f6be1aa", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242521, "uuid": "ca110912-c45a-4094-adbd-7dff9764f076", "value": "T1FBC08047894B9144759059D0C5A597559E8BC17F25E8128635C320343509EDC031CBD5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242521, "uuid": "be42752b-de4d-4000-921d-ad064f8be296", "value": "3:C/hlKsocDAJHAlKsocDAhSyJoCN2RuzW+jaXMJFIIJTAizlVVQIKGGECJ0IkVmpz:g2ccm2cchC82z+1LIeAIKGckArBh9jPj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242521, "uuid": "24817397-c5b5-48ef-a72b-1b21eaddf16f", "value": 186, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242521, "uuid": "ce75609b-9b82-48a3-8999-88e7e6764d8e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242521, "uuid": "b20ab1f0-f722-4021-8f41-edf8cd49f1d7", "value": "ggbard.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "970407ad-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687243763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243763, "uuid": "2d4fac90-7ece-4690-aa68-f96f9f32df8d", "comment": "Malware payload (AgentTesla)", "value": "abd2c83cadf6f0ebee45b125f766ebb1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243763, "uuid": "252d8d4b-db05-460d-a805-053ed61562f9", "comment": "Malware payload (AgentTesla)", "value": "c9165814a5e6a1c06139a86da88737ef71fd5bfa986915fe33f7152928a5f35f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243763, "uuid": "d0e49494-9f15-413b-a5a7-4975e880ab1f", "comment": "Malware payload (AgentTesla)", "value": "689f9b772423538e759bc064830f883c0f6906bb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243763, "uuid": "739d3c50-337c-4ebe-8fcf-ea3dd0e4f85c", "comment": "Malware payload (AgentTesla)", "value": "85ecfd2711907e8faffce71229e707fdf51fb7677f394e898bec081cdf6569f15e85e593b798168a775256c1ee0091ec", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243763, "uuid": "7fccd729-5be5-49ab-a7dc-7e97a70f58a3", "value": "T1E9E423E9353964F6A88AC3EC9105F84DC01548812F2AE145DB47016FDFDE7CE9A8A4FE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243763, "uuid": "8a08a9d7-4b3a-45ac-8f9a-ad64920774df", "value": "12288:nioBAEAXye7ce8eMnJBBkb5MeYP7QBMDzRHz3hPAZpIxvoCIVR4M8BuVF6d1:ioBART7JSJBBPRP7Qcz3hIZWpoCICD1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243763, "uuid": "74e95595-b3b6-4f48-948e-6ee158d3736c", "value": 702109, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243763, "uuid": "f486e931-eccd-4916-a4f4-c3b89ccbc3cd", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243763, "uuid": "fe5518ac-8857-4d55-b30e-38e9d64299ee", "value": "TRANSFER SLIP.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "500a5b69-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687241496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241496, "uuid": "fbf54474-4b29-4a5e-b3e0-ab858a518c0f", "comment": "Malware payload (AgentTesla)", "value": "61cb74b56efaf4964ebffc587b0b0e14", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241496, "uuid": "501e5873-a4ce-49ec-a1b1-a5a0781d5f3a", "comment": "Malware payload (AgentTesla)", "value": "c9463aa342eb6e6aee71c05a6780f7a467dfb7e86330567a830ce490289bc236", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241496, "uuid": "55235022-76de-43bb-bb56-69a5e48492da", "comment": "Malware payload (AgentTesla)", "value": "23fc9c9cf65b4a59a19dbd5b332ff28bb7fb5c16", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241496, "uuid": "9e75f415-b7d9-4121-8883-e2b7ae053a00", "comment": "Malware payload (AgentTesla)", "value": "46e3f073f96e6a8148ac62e41eb7b3d9dc7960d3bf78715265606974e7b9f4880f597c0cc5168a639f51d05b9c938316", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241496, "uuid": "af2a6e0e-db81-415f-916c-cc6ba82c70c4", "value": "T1D4051219B715664EDC1FC83550FF0C606BB0B7D2267386C31A2B939DDF49B83AE241A6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241496, "uuid": "b8f35b72-6b8f-4378-afac-fe44254de7fb", "value": "12288:S86vg1zxFTI+bQPhAfkf7/GcAWz8dzH7iOc88gBS4hKEd5skZvsuf7x1I88zmAe:SCzf8EAfjGcAWUzbiO2GhKEdNeuTzGZe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241496, "uuid": "cf129225-d402-4c2b-bc9b-d0d3b00ec5cd", "value": 870640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241496, "uuid": "d6d3663e-777d-4035-8ee8-a5cb19ee8658", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241496, "uuid": "a1e8a8a9-edea-4268-8b3e-a8cb1366df66", "value": "PO 6789936.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1710ab8c-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RecordBreaker)", "timestamp": 1687240541, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240541, "uuid": "7bf576af-27ec-457d-9466-7f4331fb6f40", "comment": "Malware payload (RecordBreaker)", "value": "df14756a07d42a0e64b86e1c1038a1dc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240541, "uuid": "32a5e777-ecb8-4845-99aa-5b064e97bb7d", "comment": "Malware payload (RecordBreaker)", "value": "c96bc659a9f882f78b018eb6af1abddb4a1ffe7f959f056450399c27b97f70c8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240541, "uuid": "793c7a06-5c84-44ec-bd58-d5895aae9835", "comment": "Malware payload (RecordBreaker)", "value": "f7e8a179137b00bc327e3b3d6cdd9f8ab23c7d6f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240541, "uuid": "4622e2f9-d033-4e0a-bc87-17bb95c51616", "comment": "Malware payload (RecordBreaker)", "value": "a71919a8e3754252dc97ef51015b03fd433e284b10fa915efa62d93d80378931a3c28711ebac74a1a85283ebb6bd3979", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240541, "uuid": "aed0d457-df6c-4476-8b0b-c2630ae2ac7f", "value": "T15E348E2262A07C70D52EDB72CD3EC6E4776DF9508F1927AB22386B1F09B11B1C5B2355", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240541, "uuid": "bcabaf6d-0696-4bf2-8112-feb67fa4d726", "value": "68fdcfb9187c8890bc2889c7f70b139c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240541, "uuid": "20c920ed-62f1-40c9-a343-f71d772234f3", "value": "3072:0uEDVbCO4SRf0ryEiiiiiiiinVbf+Hcr7nTolCg/hP9hxbukTWMxkjAs1o4:rudCO4SRfZMiuE/B9hxbuUWh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240541, "uuid": "6efe352f-c33c-4351-8ce2-9adfc6a471e2", "value": 231936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240541, "uuid": "5b8c3a80-eace-43eb-bf0f-7c85ce0c83ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240541, "uuid": "a4b5e598-e270-4393-a9a1-9f141f17188e", "value": "df14756a07d42a0e64b86e1c1038a1dc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92964ac5-0f7c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687273820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687273820, "uuid": "cae01bba-946a-4365-9ad6-046a9336bed0", "comment": "Malware payload (Amadey)", "value": "64b9d713e37c4e7233c6b7bc7926a088", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687273820, "uuid": "9f2e01d6-e3f2-4037-9718-2055fa1ed9dd", "comment": "Malware payload (Amadey)", "value": "c9d9109ce23f4d10c6ddfc7fa1751521a153066a411d13a1ce7249ea1d198772", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687273820, "uuid": "8d718b66-7aa5-4b91-b631-9c14a6c98645", "comment": "Malware payload (Amadey)", "value": "0033acbe04b7c172678b17ea904fde52df12fab1", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687273820, "uuid": "040a797f-16fd-4f09-81d1-1e5af24b5197", "comment": "Malware payload (Amadey)", "value": "47faa27b6dcfbc5840619b78246d46d83efb6a78fae41b916128ca731955eb1d83ac8ed814a0d05851e425e9c2265a4c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687273820, "uuid": "8571da92-5910-4e22-bb36-067b9819a6a2", "value": "T11E150201B1C28473D1A729729BBD5A699E3DB9B10BA996DB63D44D1ECF30DC0FA30C25", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687273820, "uuid": "85fb9c7f-5369-46ea-81d8-456939ba6732", "value": "9af3e93e35221a2c8c04a3cc05e589b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687273820, "uuid": "3ed3fb77-31d1-486e-ab2b-c6d8580d86e1", "value": "12288:9y+HQlAZNTDKHwAphvWHxznNvFvPDnnXnSFAifpoaFG3qxFpuIoRFCzeSvK5yM:7jZN2kPjXAAi+qxFpuIorCzeSv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687273820, "uuid": "af5589c0-89ba-4db6-ae8f-2fa719f20eca", "value": 913408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687273820, "uuid": "02435b0d-adea-4f86-92ab-9f99bf578b15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687273820, "uuid": "7aad03f1-75c8-43db-a4af-3dd7e234f73b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b6e0f08-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241166, "uuid": "5353766b-41f1-42af-9b74-b017cd07e51d", "comment": "Malware payload (RedLineStealer)", "value": "b906b0cb81ee41723fd8859cac495f7a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241166, "uuid": "efceaecf-434d-4562-bea7-6b50dcbd5090", "comment": "Malware payload (RedLineStealer)", "value": "cac03a778201597d833fa8be6f5e6bde1e5b4a17d067b18e0e738f596d2290cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241166, "uuid": "4d6bd20d-41b3-4f65-b642-9252c4a69902", "comment": "Malware payload (RedLineStealer)", "value": "07e8ec45ea4d051c896f6673280af2bbd286f83c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241166, "uuid": "1a82039a-8564-4bcc-8525-cca3d63e372f", "comment": "Malware payload (RedLineStealer)", "value": "3ea155c6345b3b48ed95eb8c931380cb134709daaa0a2c97e6bf69df5ba7ab4eeb66b96f0e5e23f27c52a2270a8f11c1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241166, "uuid": "8815ae08-3e98-401c-b2ff-a54bffee3d38", "value": "T1BEF41241B4D87231C9321831AC2EB593AEECF4A24E709D6F7F94731E86B59E075B811E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241166, "uuid": "ce4791c5-5343-4283-94c1-d918b91bf8a2", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241166, "uuid": "efcbd1b4-eb34-428e-93bb-ab410320839a", "value": "12288:eEWJK7RVv7fWlu+T/xfXLpjEBLwzX/3WLXY5hW2U2y1/Ymz62WyGoCd1+1KolO9j:eeRB7fIu2fblE2P3IXYxU221rGoC7ulA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241166, "uuid": "96a2b318-cd3f-4960-aaea-c1caa9220e6a", "value": 760320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241166, "uuid": "4ae8b390-6989-4da8-a5e3-8e29fa5405f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241166, "uuid": "2c8d23de-22ae-4fc2-aee8-29ba195c605e", "value": "b906b0cb81ee41723fd8859cac495f7a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6b5b758-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (PandaStealer)", "timestamp": 1687242500, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242500, "uuid": "909b3117-9787-41a3-aa48-471ed84c1fb3", "comment": "Malware payload (PandaStealer)", "value": "c845efe0b7345f8a3bcfa5f7a5681b9b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PandaStealer", "colour": "#2D5791", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242500, "uuid": "036424f4-6ade-48e5-8812-685bd9407d8b", "comment": "Malware payload (PandaStealer)", "value": "cb058d57e98615b394f8cdf007049b606781570cf7647b32cb7d100c651146d4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PandaStealer", "colour": "#2D5791", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242500, "uuid": "9cc0ec35-4595-42dd-9ad9-fa12f282d7fa", "comment": "Malware payload (PandaStealer)", "value": "f603aa58a11dc002161180b401e998ee7c2794ff", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PandaStealer", "colour": "#2D5791", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242500, "uuid": "5e3e1a9d-0fd4-48a9-944b-3aa0b563e2d9", "comment": "Malware payload (PandaStealer)", "value": "e2917aa37f6054d4e090b22abebe1559c78fc915c2bf1bc9edd5a624179e24049cb8824c469ef0a759a9b7247640760f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PandaStealer", "colour": "#2D5791", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242500, "uuid": "a02b25eb-0380-49a8-930c-70b1e1f7d8b3", "value": "T1F8750201B4E18472D972213605F4DBB59A3DF8214B659AEB27E40F2E4F303C1E776AA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242500, "uuid": "5a6ade7a-a132-4844-bf2c-92dc4370aca1", "value": "4efb63d835bfd91987648120a37175c5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242500, "uuid": "483d4b95-8a79-48ca-95a3-a87b5cbf66e6", "value": "24576:/U4bhPbuU5KSnXAW7WFasH3CJkFAsuWyTq+:cYhPFgSnwW5JkFBTf+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242500, "uuid": "9c83584e-5d3b-4e51-88a8-886322e4a71a", "value": 1568768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242500, "uuid": "340aca1b-8066-467f-9efc-59a7df0c5277", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242500, "uuid": "f97221fa-293e-4bf9-bd97-2d6af86d7839", "value": "c845efe0b7345f8a3bcfa5f7a5681b9b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7809002-0f5b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259682, "uuid": "df1325ac-867b-43eb-bc32-1fa872c174f9", "comment": "Malware payload (Mirai)", "value": "b069d828c20a8be8cf60d7f0dfb6fe4d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259682, "uuid": "8f9d0718-ea18-4f09-9c25-674b013f799d", "comment": "Malware payload (Mirai)", "value": "cba03a36eeb9169149e1f4419fda6b73a7d218831075bdb0ba71b5798a7772a3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259682, "uuid": "da825354-e52e-4506-addc-bb3b849bfdfa", "comment": "Malware payload (Mirai)", "value": "70c76615465d99fa2d66b38aa0237c7b387fca0f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259682, "uuid": "7064c727-1e33-4007-9fde-d6b3902908e6", "comment": "Malware payload (Mirai)", "value": "408f6949dae1091be4314c0a9c33e625f32209fdeafd71f404ae1ce9875a57c4665f2dde9780bd22b50dfd8dec72086f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259682, "uuid": "0013be22-7109-4f26-956f-a034a350699b", "value": "T163E31930D4504B17C2D213FAA69E825E3F221FA793D733115B38BAB41FE279E1D69924", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259682, "uuid": "c76a93cf-739c-4ea8-9847-47d89c5d5cbc", "value": "3072:Z41HOuaGVV3NfHUOjqylOqCw3jkmhxQwoVZUNu:Ze3aGVVdqylOq1jkmhxQwoVZUNu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259682, "uuid": "691e39e4-d914-4b41-a563-ddbfc53e2edd", "value": 143044, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259682, "uuid": "b1ff7eb3-a2ee-40ad-8b09-5f3150e0dd51", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259682, "uuid": "7e6025b5-953a-41fe-9421-b6a0f1998725", "value": "b069d828c20a8be8cf60d7f0dfb6fe4d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c5641d1-0f71-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687268978, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268978, "uuid": "935a49cc-61c3-4fc1-a22f-a5eae81d2643", "comment": "Malware payload (AgentTesla)", "value": "3664b752a970856c4cc1be11d8a4b722", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268978, "uuid": "3e29bb11-94b5-40d4-95cb-8c9890518ccc", "comment": "Malware payload (AgentTesla)", "value": "cc1214e080d2525cf0b00c622186d0f78a228d3f6dc933cad0f0114d505a73f7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268978, "uuid": "bc715704-1afc-4202-b021-8e71a28dc724", "comment": "Malware payload (AgentTesla)", "value": "c68bf8cf24f0084bb32c51f23e354d354e6c4e11", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687268978, "uuid": "cc6f9138-0302-4e37-beb0-24e73b664523", "comment": "Malware payload (AgentTesla)", "value": "581972a6f42bc88a14ec87d6b8f9ec1188721bd0acf62bbc7b20bd0c513e239c1ef892c21e893f86dd302ffd874ab2a6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268978, "uuid": "cdd4f362-fb39-4360-aa69-df53c4009f03", "value": "T1276412147EA4C2B7E8B30E3119763BA61FB6991015649B4B6760F91DFDA33C1CA1EF20", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268978, "uuid": "50331f10-b698-4de0-95c6-2ac86fc64ce6", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268978, "uuid": "c5ac693f-fa2e-4c36-8656-b6905e61d788", "value": "6144:PYa6M1QbV3vei8kwFoFEdEfc8/BY5o7IG7Knm5TDV3nYcg0yE3tSI:PYCCx3vqT2FEdItB4oi0VIDne", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687268978, "uuid": "a376388a-e1f2-4a38-b98c-d1a5e0736287", "value": 308636, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687268978, "uuid": "c668fc20-e5a5-41da-a12b-3b668361a7ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687268978, "uuid": "6c039fb0-2319-43e9-be31-0939dd3163d4", "value": "PURCHASE ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de907ce4-0f65-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687264069, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264069, "uuid": "14d8215b-7e37-4e0b-b7d5-172531c3e04f", "comment": "Malware payload", "value": "b76d5cf1305a4bb70f46beb764ea556e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264069, "uuid": "4e029ba9-5c26-47b5-9af0-6e6a763082a2", "comment": "Malware payload", "value": "cc6b17ad40df561623c051c5125304a68543ae0bfb4b65f4d1c7f0284dc84c1f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264069, "uuid": "13736373-0505-4027-b02e-272584a40f0d", "comment": "Malware payload", "value": "0dc8fcb9cb89b68e6080dd95b97d2a1a16c5b8cc", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264069, "uuid": "1cd17b82-5287-4d0f-a71b-bc9919cc34ec", "comment": "Malware payload", "value": "e4fea35e0dfe6e08a3f0bfdd5807da2840972759530bb06d99bfb4f5095004bbf744e99e16f6c58bf7e015bc34685ab3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264069, "uuid": "7cb36c1a-98be-45dc-b7ac-01072ba8caa9", "value": "T1AB83191075ED8031D4F7427E4664E25246BF3D769EB68E8E7FCC4C8D0BB8482A7257A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264069, "uuid": "d9f56a0d-2f53-460b-b5fd-4d38ad51e83d", "value": "0c1e00e433c9acd3255adc197126fbbd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264069, "uuid": "657c46b4-8244-41f0-9d98-1efbb4816e65", "value": "1536:5VbEU+ws0sjQf0xF7+YsuPDoFVEe99hZFKDX8:XoSVf037+CDeES9hIX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687264069, "uuid": "4953c429-9186-4004-86e1-71ee1eca2458", "value": 88064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687264069, "uuid": "6216f5bc-3ca6-49cf-ad89-b9d52ab37259", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264069, "uuid": "edb0a6ef-7484-49b6-a1ff-71b174760ae2", "value": "SecuriteInfo.com.Win32.PWSX-gen.24978.23823", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f36a9ce6-0f39-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687245206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245206, "uuid": "f2950f24-32d3-4793-aecc-082df8062c07", "comment": "Malware payload (Amadey)", "value": "f248970869ca7ac8ff38f7135e2e2065", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245206, "uuid": "777c94d2-9001-4363-acc8-d6955014ac50", "comment": "Malware payload (Amadey)", "value": "cc92319800f2cc231d14dcaae2420866b19377637659e2042a1e93c8a81dcc5a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245206, "uuid": "d80af3d9-af13-49b0-b2ac-3db6d39275c3", "comment": "Malware payload (Amadey)", "value": "0cb0b0257138ccf5b0061f729b83344d37f089ea", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245206, "uuid": "01885a42-4f0d-4cac-a441-74b262996fa5", "comment": "Malware payload (Amadey)", "value": "bc8d7630af21eef4ebff86daf1e6426cbef8e8c90351f10e4d2a6d22657bb4ce69e8f63a36f3972a59def14af4f701ca", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245206, "uuid": "ed5dcb95-2e80-4675-802a-be1e59b43b2d", "value": "T12BE41281B4C4B035D9310A31A86A7E837D6DF8A44E61DD6F3B58731D4B726E0B9F212E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245206, "uuid": "7e34d40b-65a5-4b86-9467-487794fd767c", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245206, "uuid": "32567813-7641-455b-b636-2c25b7476177", "value": "12288:IJ1e3R7v7fWlu+T/rzPV9sws/4uW7KQojIwKmqYII2PzJgC5kKD:IWRj7fIu6LV9swYtZH7Z2Pzd5kK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245206, "uuid": "73300fc9-0694-4b07-bd0d-3f6325ae0b99", "value": 718336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245206, "uuid": "e747887f-d755-438b-966b-20c37650c1dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245206, "uuid": "0b7d9dbf-db58-4ff0-8727-c1c8527d1ef8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59827e1b-0f55-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687256974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256974, "uuid": "4756dd60-5518-49ed-a311-d3c74db4e784", "comment": "Malware payload (Mirai)", "value": "8f833a0481efb00b6cbe0307dfc19dcc", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256974, "uuid": "c474d5c2-be31-4e8b-a804-7a5c18d05ca9", "comment": "Malware payload (Mirai)", "value": "cd05575d2f5e4e1eeac347faf3f4dfb70e9a46591cc49fa5575472be46987a56", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256974, "uuid": "de264265-5f88-41ec-9ee2-b710904dfb17", "comment": "Malware payload (Mirai)", "value": "1781b4feceee4f0fcd601a9f074be54a9ffb03f4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256974, "uuid": "fb763bc4-d8d7-4687-ae4f-5fb7603584f7", "comment": "Malware payload (Mirai)", "value": "eb211dd411797d799b97ad9641498ce0702ec2a072376fa4dbcba985c69eb8c261eb548f5bdbaf90183744638d001931", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256974, "uuid": "b8ae7f14-07c5-41a3-aa0c-d5e08c0f3d8f", "value": "T1D7B339376251C97AC08342F526EBD5729C13BDBF0732229A33947D60AF368DA1E99F05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256974, "uuid": "5aec5fe6-1ea1-443b-a0d1-ecb47ad84174", "value": "3072:uirMUYZMo/QJLRZDsqtxqLX5I/uJiouq2yd1m7FnVqfJXoebNb:SKo/O8qtUbKEbm7FnVqfJXoebNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256974, "uuid": "268058bc-6a5d-4c96-acfb-35928b4c9d74", "value": 116760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256974, "uuid": "0f2c99d5-d568-4baa-837c-3ca10dc3cbe6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256974, "uuid": "a628bc4c-1755-49b2-95de-768b26afed9b", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "040b24ba-0f59-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687258548, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258548, "uuid": "6fb9e034-caba-4e5d-b99c-ecf8c247758e", "comment": "Malware payload (Gafgyt)", "value": "ec96635bfcde34b400b54f9fedcef4ac", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258548, "uuid": "ff935ef5-7def-4bfd-8f8f-5d964a0b9631", "comment": "Malware payload (Gafgyt)", "value": "cd3bf5e9c736c455ec26357f7bfeadab20cc2e3f3efea974c1dc3de8c43b75ea", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258548, "uuid": "02334943-daa2-4c5e-b7ac-465be8e17059", "comment": "Malware payload (Gafgyt)", "value": "2e8c89b44b5356a2eb900d3ddf43ddd56c179f7b", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258548, "uuid": "9ae59b9c-a91a-4708-9c40-44dd32232c5a", "comment": "Malware payload (Gafgyt)", "value": "85bb0198e4f037bab76a754b6732557861b84d1fdc76cc6713d370727c29d89a65420aa68ac5eb7069db59fb985f9fb1", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258548, "uuid": "85b9b271-ae12-4a95-a47c-632106ba9920", "value": "T180141A4BB30C07ABC16B2FB039B727F18B6BED1116665140E51FFB8413B2A706856F69", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258548, "uuid": "a6b39fec-1c33-4a12-8aa5-d9e7c2a0bfff", "value": "3072:xFRTNj1E2xHO2WmgMKoatmSIyJGyViXnfmigqYC/fExQf/OH36T:xFnhTxHOjmgMb+IyOnfmigqYC/fExQfh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258548, "uuid": "d611e3b8-c4f7-4a07-aea5-52781cc91a7b", "value": 191989, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258548, "uuid": "bed6c3b3-c48f-4b97-aef8-abe74c3caf48", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258548, "uuid": "68818029-5e84-40ef-b359-b3046c14939f", "value": "JIPJuipjh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d137a82-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1687243585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243585, "uuid": "f9ce6e3c-538b-432b-9420-40fb78569b6f", "comment": "Malware payload (AveMariaRAT)", "value": "eae9d0a62fedff5b7f063e4f8a5112f2", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243585, "uuid": "7528b6dc-03c2-4418-b576-6dd6c1c66bf6", "comment": "Malware payload (AveMariaRAT)", "value": "cd421ef376df4952564093e1d7fb0a8bc1abb986ba5617570226544a61a559d9", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243585, "uuid": "93dab379-92b3-4f2a-ae0c-a0709fb661f2", "comment": "Malware payload (AveMariaRAT)", "value": "0f16060119694de603fe491678b0b4cc34be67e5", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243585, "uuid": "bdbfc111-2204-420b-9316-438af3327cd0", "comment": "Malware payload (AveMariaRAT)", "value": "d893ee2eea8ea27039dde3be5f6293e93b48293352d791d86ef74460226f45828f488e76a28ad38a095eff29e287b63e", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243585, "uuid": "be225f75-97d5-424e-9d3f-f752105809ee", "value": "T12115B4BD69D026B7D535D5B2C16234C9F63F6322B2534D6821D2DEC7866288E37EC80E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243585, "uuid": "d9b9c008-7ea8-4de6-bfc0-9954736f7170", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243585, "uuid": "adaaa6a7-ef23-4902-a62e-fa086341f40b", "value": "12288:wV3Nj8dXmGsMPzI/Z8NeMvnWIQNQEM0rHrg5rJGdSTbKo4pAfcUZ:8N8gQLI/aeMvnWIqdnrAlbbdRUm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243585, "uuid": "e678ee4d-1c44-42dd-9ac4-aca4aa6e8e33", "value": 928256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243585, "uuid": "acf8af4f-f902-430f-8905-a21e77ae870f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243585, "uuid": "23a4e065-32e4-4356-b405-1d0b33d4d4fd", "value": "eae9d0a62fedff5b7f063e4f8a5112f2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94570271-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241181, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241181, "uuid": "e74f5a37-b58d-4aee-bfd2-f20cf4adaa9a", "comment": "Malware payload (RedLineStealer)", "value": "bb2fdf04fbe0fc520ad0ac74b3d4e2a6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241181, "uuid": "3843973d-976b-46b2-86dd-a653a9c8f843", "comment": "Malware payload (RedLineStealer)", "value": "cd4e99627ab0b38147474920a3189472e8900c592cc5741e1df00a17f4215cf9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241181, "uuid": "e1126ee8-54c4-455a-8769-eea667cbcd4e", "comment": "Malware payload (RedLineStealer)", "value": "7085229daf7504a8ee42ed410cd59c12a857175d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241181, "uuid": "b18fb9de-696e-4c6d-903f-b412e6e32c32", "comment": "Malware payload (RedLineStealer)", "value": "db1b885fe1b59601bfc3ff3c665e8d62b2e0fc39cd4e3d20e6215f06cbe3e90eaee493e6b4a411001d542384ad3c6c10", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241181, "uuid": "a89323ec-c90e-47e9-8e9c-de6cb697f762", "value": "T1CEF41281B1C1B264ED720531AD5A7E82BDAEF4944E78D8AF3F94720E4BB15D0B6F012D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241181, "uuid": "1245f7fa-163b-4423-826d-664dac661968", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241181, "uuid": "646e3453-edef-414c-9d2b-e82d4eccbbac", "value": "12288:rOciRvv7fWlu+T/res4Qn4GA36y8uLjYEG05+DKWVv6mAlDC9LBCZSk:iRX7fIuIesjn4b62jYEJsDJx6bS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241181, "uuid": "6c214eed-cb97-4887-84c7-2a74857a3715", "value": 762880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241181, "uuid": "bd237789-30b4-4949-8337-e3a6b841ac83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241181, "uuid": "33d1bf26-5d99-41ee-a52d-196487fdf456", "value": "bb2fdf04fbe0fc520ad0ac74b3d4e2a6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5545a972-0fb9-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687299916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687299916, "uuid": "1f61dda6-6c4b-4af1-a381-0e7f2fe8d2a7", "comment": "Malware payload (RedLineStealer)", "value": "b7b007a29f6cc7068c1efbe2fdc45f31", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687299916, "uuid": "7abce68d-c5e4-43cf-9afb-d744958b249a", "comment": "Malware payload (RedLineStealer)", "value": "cfe902baa8761bc95dd9993c041077945f20060bab4cd764429c76470f25d82b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687299916, "uuid": "9e7474d4-f283-4969-9ff0-ff7a00766fb5", "comment": "Malware payload (RedLineStealer)", "value": "53aabe098c2395878cc276dd76a8fd44261a8ecb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687299916, "uuid": "72816b35-6034-4a1a-91fd-436335303659", "comment": "Malware payload (RedLineStealer)", "value": "aea1732f83da72a95516346c53ec52aa9948efe63b5150cfbd5b0bf66b65ef0a073565d6f06714c1df6399c0165ab893", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687299916, "uuid": "47aef1de-48c1-4a2e-a547-9c775c7837d6", "value": "T1BA84D04132D0C072E456A4758625C7B05E7F78B2E6269ACF77E80AFE0F346D1EA2534E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687299916, "uuid": "768be8b9-7ba5-4d9d-b385-268aa7ecae75", "value": "04bc3b771cb54e93b1ad1cef06c16d9e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687299916, "uuid": "f03679cf-8c51-4dfd-b4fb-a72469f03149", "value": "6144:qPFCpUOnL74uVIV/NB3K8fiNz/JOTjoT0m74+WwirDb:qoprnL74uVCVK3zxA4L4+Wwi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687299916, "uuid": "1f3730b1-0869-4024-a32a-a219da67bf2e", "value": 376832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687299916, "uuid": "ea351567-03e2-4733-87aa-900a6cb46ca8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687299916, "uuid": "b77bb743-83a4-4ebe-b2ca-7262e22605b4", "value": "b7b007a29f6cc7068c1efbe2fdc45f31.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea3632e0-0f42-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687249056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249056, "uuid": "1f1d082a-6f20-4f11-94b4-8ab8b39adaf1", "comment": "Malware payload (AgentTesla)", "value": "eb3ef8e245917c9fae37e6738ef114d5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249056, "uuid": "d9c7aa60-6294-489e-b21f-056b1bf77a42", "comment": "Malware payload (AgentTesla)", "value": "d01060cd9a636414bd6e2e09712a5d12808fe8d3822ac1bb1e5bc90eb7f9f69c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249056, "uuid": "c2f81995-ea9c-4429-bb50-c20dbdfd2ea6", "comment": "Malware payload (AgentTesla)", "value": "687124ac7e7d79f8b00d574494098a394f2110e8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249056, "uuid": "1bebdf19-066b-4083-ae4c-02a8da279fe8", "comment": "Malware payload (AgentTesla)", "value": "6ab078a5477437b425ff1e41f50d866d320d5ba9e2fd9779a04680ef2abece983635f7c788751a60c5aca66b7b7f386c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249056, "uuid": "718cebe7-e4a2-4da4-9117-5ab5601ce8bf", "value": "T18E05F11022B84F57E13E87FD4460227097FCA65A742AD70ACEC7B4CE6FA1FC10A59A57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249056, "uuid": "b42399a3-118e-4fdf-a973-240839166e55", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249056, "uuid": "1a7792a8-93c4-4545-84df-66a3904ece81", "value": "24576:CXzu4CZdOo4dujsFqFgMNS7cabgCq46CL+:Cz6ZYo4MYFq6MNSKe6C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249056, "uuid": "9c3dc3e6-279a-4ca3-9445-703258fb066a", "value": 852992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249056, "uuid": "1ec46661-085b-474e-b329-d07a4bdb0762", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249056, "uuid": "92fb5c66-489d-4faf-84b0-6ae4f9786ff5", "value": "ARRIVAL NOTICE WHL050C538369.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "990ee43e-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687242478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242478, "uuid": "db1291c7-619c-4489-9d7a-4cefcca61213", "comment": "Malware payload (Mirai)", "value": "6102ec244a6587b84f279ced50ce546c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242478, "uuid": "d2d8b0b0-61e4-4445-ae9b-da66c89478ea", "comment": "Malware payload (Mirai)", "value": "d12157fd623d074207333a9cf500c8e64d76440e123805e052645d5a0091242d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242478, "uuid": "ac4e5c4c-df6b-4466-82f3-fd86f2fd55ec", "comment": "Malware payload (Mirai)", "value": "5a17331ff6f38ccfe64e89137151240544302281", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242478, "uuid": "7b83d4c2-8aea-4165-ba83-e92331973d54", "comment": "Malware payload (Mirai)", "value": "005aa22ca08c4080a50ee73d0192ff4dfe9e38e38fdb3fffdf6606c26fc72a77b2f5ff29270cb099f749e2dbdf434331", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242478, "uuid": "401a0fbd-a901-40e7-9fc8-00df5b852e96", "value": "T18BA2D0B25519CE65DB36D836D6A7CA83B017073DE2F470525E021634B7C344B6B39AC7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242478, "uuid": "8068ec54-5d1e-4660-999e-3a07d436c7c9", "value": "384:/r2z5Hoa1vEAeVJSUh4dmXu1NS4h1cCkajNhymdGUop5hQ:/r2lHg/4dmXuGaBs3UozG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242478, "uuid": "b141379d-a79d-4d78-bf0b-2baa7470da1f", "value": 21880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242478, "uuid": "d74c9ae2-3d98-4bf9-96bd-9df114ba671a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242478, "uuid": "1b2f6d8d-7deb-4be0-96ec-373fb8ab619a", "value": "6102ec244a6587b84f279ced50ce546c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ed21112-0f76-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1687271022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271022, "uuid": "496700c6-5444-4165-9ce2-2f06de7dbaf6", "comment": "Malware payload (Rhadamanthys)", "value": "76ede52958acde30e4eb548b60192d26", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271022, "uuid": "abc52206-494a-48ac-a1be-eb0639311164", "comment": "Malware payload (Rhadamanthys)", "value": "d123c9b1b0c55587b7a7036555b22967291543004e233520c7e1cf2ac8668869", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271022, "uuid": "cee52c3f-7397-4c4d-a7bf-0a23929adcb8", "comment": "Malware payload (Rhadamanthys)", "value": "3437f8c59351824976b5a3f04557bb176cc172b1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271022, "uuid": "8ece3158-2dae-45e7-a34b-96da13577cf0", "comment": "Malware payload (Rhadamanthys)", "value": "33e2368452d5ca490e15b1a6d50dd28df4427a9618be274661f9f445b6308af195a4ce3aa6727201d00a58d4d7cb44cb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271022, "uuid": "98aafc3e-8dd5-47d9-8648-0d72c97cc6e3", "value": "T161659D01EB615014F8F725FA89FE706C9A3DFAE0172494CB52C46AED9729BE07C31627", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271022, "uuid": "e5eaa44f-7492-4885-9379-d09d7f518177", "value": "0137f7a4db1baf3e8897c47a9441b8c7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271022, "uuid": "091ee875-0e34-4109-bbe9-f5476d90163e", "value": "24576:9398hIvedCLcL65fsuDFvIQjeeF1BIkxl7MIPVaUmsJ:9tZeLypvIDe1BIkn7M8VaUpJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687271022, "uuid": "fa4feeb8-0a61-4451-9949-1a070f92e207", "value": 1535616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687271022, "uuid": "bfe78e0e-bf45-4173-9d73-2293e0e88a2d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271022, "uuid": "2168ff06-44d5-4426-996d-b97d2c75efba", "value": "76ede52958acde30e4eb548b60192d26", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d8c65ce-0f43-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687249277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249277, "uuid": "f3a816f3-a246-4327-baf6-351eaedb9fce", "comment": "Malware payload (Amadey)", "value": "c3267c90f69eb55a57f14ebcfe69587b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249277, "uuid": "442f7c10-1014-489f-b154-36a8dc19425e", "comment": "Malware payload (Amadey)", "value": "d14eeac9881ae85f200e88f1d3085a40687e2b97b251efe28ad6e3f486b96424", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249277, "uuid": "a1c705c4-7fe3-460d-9f68-0c846dfb5c4e", "comment": "Malware payload (Amadey)", "value": "1832bd0d64bd33da7edf925e8807f85e76d98033", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249277, "uuid": "ab7b89d2-e27b-4e41-8dc6-ea37a75bf79d", "comment": "Malware payload (Amadey)", "value": "d07bdde4407dcb11c9a3590a7166bd176db5d5ac6ab20c982b46be4a4371b53ae3c4b181bd14242ffa6c7b835d226be6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249277, "uuid": "81344f80-074a-44bb-a163-fa6dabe6109c", "value": "T1C0F4124174C4B234D8320931A92E7A92BEBCF5A54E60D96F3F50331D8A712D9B9F4A2D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249277, "uuid": "98549ae2-3c13-43bf-b6f2-eb3eeba03d85", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249277, "uuid": "4e5c3222-5564-480a-96f2-b651d7ace6d3", "value": "12288:tM2wRlv7fWlu+T/V6JMFEVivtrIGRD4G7Kh9GH76KPHrNKAeaqtsiVR0r1D2A:2Rx7fIuW6+FcytrzDlKmH76KPHrkxsoa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249277, "uuid": "e3209b55-608c-4f71-9339-804db7514eaa", "value": 761344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249277, "uuid": "0cce964e-a560-4422-a64c-b4fe5a011019", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249277, "uuid": "7c676697-3cdf-4f4a-8df2-06c8b134b663", "value": "c3267c90f69eb55a57f14ebcfe69587b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4403324a-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687243623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243623, "uuid": "abb12f41-18aa-45a5-a5d9-37b51976bc78", "comment": "Malware payload", "value": "eee6cb7f15ba973651eeb46552ae109e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243623, "uuid": "173c707d-637f-4c13-adb7-51f566577909", "comment": "Malware payload", "value": "d1893479e0fa3dfefcfffed797ade7da350748a5b1a4f7ab33546cadb2423df1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243623, "uuid": "f7f5a72b-6c50-4c68-99c9-74d18bd8a02d", "comment": "Malware payload", "value": "25d5002b4cf2b8b72d536513c409acd65a2548a6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243623, "uuid": "e0541917-9595-417d-bff3-123e34a4d7dc", "comment": "Malware payload", "value": "17ae845ace10e624b373cb087fa0be22cdd5a397d7aa9464d79b0bb62f77c733b93f5350f7f7067ff362daa682896fd5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243623, "uuid": "e242a88d-9905-4153-800b-132f3516b12f", "value": "T1D4F14300DB8B61FEF40486B44265AE33E23CDA094C5C8F74EA25EF679567D49B8C6889", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243623, "uuid": "8c2c01b2-e7c8-488d-bf6a-5780fa030133", "value": "48:7I9HOkJw4XrmKSxqxl1/SbcnqMeRSqHfFkrHkL94SqMV7nOYKl0IK+ppobYLQTnu:VkJLYwNSbcxo/AkL94ShlxGKetjJxs+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243623, "uuid": "377aa2b8-0ab3-41d4-b94c-1c13eaf87530", "value": 8192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243623, "uuid": "14bf394a-8e12-43a0-965b-a75332f3792a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243623, "uuid": "75ee3d53-ed00-4238-b8f5-ea84a4b4bab3", "value": "eee6cb7f15ba973651eeb46552ae109e.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eae779c1-0f89-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687279552, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279552, "uuid": "9eb3fbd9-92d5-4a28-afbb-de6a11e6f26d", "comment": "Malware payload", "value": "e16c628c4b2be310f75780fdeef94a75", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279552, "uuid": "00db970c-839c-47d6-893c-89a7d7db4e32", "comment": "Malware payload", "value": "d18f87c4b237ee2fe8cd55a09036a74de1234304072e0ae718b756ae8bb28e47", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279552, "uuid": "56bea8d9-53c6-4866-bea9-48460beaa4fe", "comment": "Malware payload", "value": "4614912f98fdf5874b0d8c7993110e9c8f52a7cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687279552, "uuid": "795d3162-2159-48cf-b212-bafc53f5c19c", "comment": "Malware payload", "value": "c1276e6f54cb2d46c732c0ad97406dc8dd8cbad7745eca2e9b64445162d8732c0b536c4caef297b6e829dd65926c6b63", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279552, "uuid": "58068f44-e685-4700-990c-8835b5bf2b03", "value": "T1335193B2E181E1E3D49A53B942664BFEBA3542308F4182D3CB1559B215017F8BE3206C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279552, "uuid": "65402fd1-060d-4af8-a19e-707c0d652639", "value": "48:jXWae+lEpWzRdIw8UNUaNg4OGfeg8TK/j5PNBltENsfI+wGs:hq4zRdIwrXNWO18TmjRNBltq+vs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687279552, "uuid": "bffcd234-8462-4c64-a66d-3658b40333aa", "value": 3072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687279552, "uuid": "d15b5a58-6566-47cd-b060-2dcf75c1600e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687279552, "uuid": "8a663193-4b00-40a2-a9d2-ea05bac7032f", "value": "Photo.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf56ae7d-0f37-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687244287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244287, "uuid": "9beff01c-914e-4d03-b9c7-e08b05d9fb9e", "comment": "Malware payload", "value": "5f434da2bc0d99564245134053096ae9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244287, "uuid": "6860a4d6-a80f-4531-8fb9-7704982c3e08", "comment": "Malware payload", "value": "d2bb215fd6b8b1a2267d12bf5525259720825bf9764d5bfb5fc2dd5dbd077ce7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244287, "uuid": "de7dde71-5235-4531-acfb-dd0a952e4ae0", "comment": "Malware payload", "value": "2c8418ec64bd5893e898a4dbb0acfc3d007851c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244287, "uuid": "304097c4-2cd1-4829-84ed-e6c4b36aa114", "comment": "Malware payload", "value": "c3e6a8e6a9eb032845cafb1e735379346db585942495e9d7c5270386f38c7e396beb9c0f32b397f8184a999243781995", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244287, "uuid": "f42b60e3-5a27-493c-8b5a-5e41bc839287", "value": "T18236D021E2449069F2B220B5577A4AACA49CBE204718D4EF23C47F9F84397D5FE35B93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244287, "uuid": "2c7014a7-8fa2-4c04-97e6-f44739251df1", "value": "907b82b2b08b88aeb254227a991b33b1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244287, "uuid": "03cc4698-d38c-4505-a7b5-b252ddb16fd5", "value": "98304:vhqQzE9sFLNy/q1YpJ0T1u1Nq1Cg4YpJ0T1u1Nq1Cg:vhUshNyUYpJ0MXQ4YpJ0MXQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687244287, "uuid": "f7d275d9-bc8f-4cd8-b660-b82ea207aed1", "value": 5217792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687244287, "uuid": "304c9e8a-30f6-430a-b0a8-6875cc20d2be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244287, "uuid": "7874a25f-e0f5-4a29-9fd7-986f2f9bdc4a", "value": "2023.06.20#j.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01624e7e-0fa5-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687291186, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291186, "uuid": "f59be8fd-4d43-48b6-acfa-376fd40675f5", "comment": "Malware payload", "value": "0167a81e2774b42e4f43fbf817404a77", "object_relation": "md5", "Tag": [ { "name": "ASPXChopperWebShell", "colour": "#6C642E", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291186, "uuid": "874ac5b5-6baa-4796-a678-53258821ce93", "comment": "Malware payload", "value": "d2bc5a324f2e9220d172b98835fcd25c3909a38add768092b28838bf88603779", "object_relation": "sha256", "Tag": [ { "name": "ASPXChopperWebShell", "colour": "#6C642E", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291186, "uuid": "a031ce34-b8f2-4f9c-99b9-a8b22021d5c5", "comment": "Malware payload", "value": "15ede0eb901e6641733cec72737527c7f99947d8", "object_relation": "sha1", "Tag": [ { "name": "ASPXChopperWebShell", "colour": "#6C642E", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687291186, "uuid": "5f8c3156-5509-4b1b-b07f-47b554a2fa57", "comment": "Malware payload", "value": "62908b834a440cdadc93e96609b48d3bc540deb8670e4d4102a843f4afea8f7e39769033a126fc0a1e61c15ae9ce5ef9", "object_relation": "sha3-384", "Tag": [ { "name": "ASPXChopperWebShell", "colour": "#6C642E", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687291186, "uuid": "3b49528e-46f6-4f5a-a9c6-e5797d5bf4ab", "value": "T1D6F02004AB24DD84810107142CCEA0EADD3C3B790D2EAC8D62C3FC4AD22CAB121B3F68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687291186, "uuid": "082fa544-3f11-4e46-8ea0-8b38030acb45", "value": "12:XS7HLgyacwVwQEKIKF2sjBVllzLgyacwVwQEKIKF2UEblLP+Uugko7sL:iTLDwOQEKIKF2sH3zLDwOQEKIKF2UEby", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687291186, "uuid": "062ef82c-baca-4c97-8dd8-ed0875067b3d", "value": 536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687291186, "uuid": "01ef05ce-b8a0-48de-a939-2c30f37d7bd6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687291186, "uuid": "93c40701-0204-4184-9643-c2f31ff0214c", "value": "5tn9e0Br.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "258d11d2-0f44-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1687249585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249585, "uuid": "8cd86bf0-0aab-40b4-ac01-c5904541867d", "comment": "Malware payload (DCRat)", "value": "a7475925ab9471ba945cb6b41c06fec3", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249585, "uuid": "f5953d3d-b9b1-4704-b7fc-17e8b68ed799", "comment": "Malware payload (DCRat)", "value": "d3aa2214e9de23a7486f157fb914e96b463dd6745b437b75565cd99b3c680d22", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249585, "uuid": "d1dd5b8d-a764-40b0-b654-2fedbc5fc5af", "comment": "Malware payload (DCRat)", "value": "2344cf11db20c5b27275df037d92700c55262cb5", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249585, "uuid": "3fa3ea33-72e9-4c96-9f52-5ede172d02f0", "comment": "Malware payload (DCRat)", "value": "e93a78a64be84e588a158572e7540979039693f3984976ddf1b69240b961cd882204cb48acb7a2b5ac8135a5ac5ad3fe", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249585, "uuid": "f6c313c9-5292-498a-9d54-ee6a93c43c22", "value": "T1229533178A490B87CEDB1E7A29D004465BE093B277E9467A84C5EFF09E2D319A3C1FC5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249585, "uuid": "e2036969-10e5-4819-89a1-83a8d9197274", "value": "2e5467cba76f44a088d39f78c5e807b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249585, "uuid": "79e98ed3-f735-4909-a498-55cfed370d35", "value": "49152:5cOgaPbXAjy1h/QFAYk/iV2W4bJxzE62RvYWD:5VD4uHWeuxvD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249585, "uuid": "57ea16c3-b4ab-4d0e-a6db-44e594ae7ae3", "value": 1995264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249585, "uuid": "f990edde-97da-4266-a870-32bb65eafc8c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249585, "uuid": "8a45e8c8-b3e0-41d0-bd8f-6dad775f0f34", "value": "a7475925ab9471ba945cb6b41c06fec3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3f974dd-0f3f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687247784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247784, "uuid": "a4365d83-6f6b-4bb6-8b03-3c15e989ddc7", "comment": "Malware payload (AgentTesla)", "value": "644c6f3e6a898961485d4a32b4f930c9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247784, "uuid": "361fea7e-11b6-49ab-88b0-229462385ad0", "comment": "Malware payload (AgentTesla)", "value": "d4264243a654d20c02868be25b719d96a421bc9ebc227e48ffc729183206cda8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247784, "uuid": "15d01704-a414-41c0-b512-d7f33f920065", "comment": "Malware payload (AgentTesla)", "value": "0e15292a840aab69d4b4bb3cbec3b88c9250567e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247784, "uuid": "30c933ea-71f0-4c00-a128-bdcf8abd1295", "comment": "Malware payload (AgentTesla)", "value": "dcdbb3b490932e3b68ceee1e56c79968f0c887a09e593e751f6c143ed9e4af0e1e086c6c58b0126a0e5423d96d881500", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247784, "uuid": "686996e7-8ffb-4171-8687-3ee3db3d98ed", "value": "T17F55120C06E4521FD2672BB48A69B7B9473FAE067637E32E3D6870C76E117680E42335", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247784, "uuid": "49946801-6cef-4f27-89ca-13d0c55509be", "value": "12288:gn40wo/dVouXMPfcbXRF21wqzsYeFjpPqDQJZK7tYq7J3At5iHOq+ZQ:g40nLouc8bhFaZIYu0cJZSYqtm8OqK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687247784, "uuid": "04969fd5-1163-4ddb-94d8-9957920a9ebc", "value": 1310720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687247784, "uuid": "755faabc-10b7-45b8-9a43-42bdce37220a", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247784, "uuid": "e21ddb5f-a69e-422b-9624-5f912df22954", "value": "402-094-03-074(1102090450000461(113592)_1.IMG", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e55ccece-0f58-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687258497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258497, "uuid": "bc9fe093-52cb-4887-a6a3-449699368cc2", "comment": "Malware payload (Gafgyt)", "value": "e657224c3b205a023c5305fe6cf5ea12", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258497, "uuid": "8e035157-ebef-4258-9523-f0aef18f23dd", "comment": "Malware payload (Gafgyt)", "value": "d4485aef1c39003e874f76fab675dc2e6586b39ed5d74222f36a47021f3ff73e", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258497, "uuid": "e9be960a-b388-4595-8dd1-a2d556f2d511", "comment": "Malware payload (Gafgyt)", "value": "8e0f1abc81cc35367cd6691591bc86bbddda3382", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258497, "uuid": "0746872c-c15c-40b9-9613-ed626c2b9178", "comment": "Malware payload (Gafgyt)", "value": "619b02ee831b61ebf1793b574bc94dd49fbbfd2d241888af512a653ea4194cbf586102b6bddcef70209d3f20c28b35c5", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258497, "uuid": "032c9737-6c06-4df4-b63b-9f180d341f0f", "value": "T1BFF33905B657C5F3C8820FB602A369DD0B2ABC355A7EDE44F32D7CB40A76498B91E318", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258497, "uuid": "bc13d8e1-e197-4fc5-a98e-baf4a3107d4b", "value": "3072:NEGwedjX2Dj9YxXXvw/raFYxXMD/mZeLCj/PYpXE/THBe5:N95XXUra+2bmZeLCj/PYpXE/THBe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258497, "uuid": "56255fa9-2e44-466b-8429-8c8a5214ea29", "value": 167524, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258497, "uuid": "8ca99720-c568-4ede-9b22-e84e7b6d1523", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258497, "uuid": "4fea0c56-9c68-4537-8527-12f2ab267aa8", "value": "XDzdfxzf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a483d58-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241486, "uuid": "f5f8c0a9-ab3d-4988-980f-6a51429a5860", "comment": "Malware payload (RedLineStealer)", "value": "f9b2c7acda50ccb8ed2668b6ab4f848e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241486, "uuid": "97cc4710-6960-4c9c-9250-38921a6065bf", "comment": "Malware payload (RedLineStealer)", "value": "d485c3cdf5f5e8389541664e4ba7d259800f5026428cf563d9556b0dd9348da2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241486, "uuid": "6e3c3f66-d2fe-4285-acfb-4d0161e87b2b", "comment": "Malware payload (RedLineStealer)", "value": "174b4ca13992a61797f44ee8ae368780518c0865", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241486, "uuid": "03af0f9d-e369-433d-8134-84c9edaaf09b", "comment": "Malware payload (RedLineStealer)", "value": "96b59c0baec82ad5bcd301c8a0e21c7ba5a7ccb092a7dce3b1cfc6708487162d9fb8bc49611f7b39a3590396ec559b8d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241486, "uuid": "84be1405-59f8-4b36-9008-92376ebf278f", "value": "T140F41281B4C4B271DE321631AC6ABA637D6CF8E08F20DDAF3F50331D4A654E1B4B5669", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241486, "uuid": "ef375ecc-fb0d-4e73-9555-2572c9a2e478", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241486, "uuid": "c8523884-a17a-4a5f-a7f7-e0f99777291a", "value": "12288:9DhbERXv7fWlu+T/kiOpz3srRC+Z9+X+f+HwIHk1/ZKEtFR5Lf:9aR/7fIu1iOh6p+X2t1hKER5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241486, "uuid": "f4adb0cf-f5b1-4bd3-b04c-2ee5e652e1eb", "value": 760320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241486, "uuid": "3a0135f4-aa47-489c-a644-439a5f9cc814", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241486, "uuid": "11842d1b-d166-4ce8-ac6e-6cc961946084", "value": "f9b2c7acda50ccb8ed2668b6ab4f848e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fce65b5-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241174, "uuid": "03fc2282-712b-420b-bfba-7b4ba9613bbe", "comment": "Malware payload (RedLineStealer)", "value": "9faa666867f0b470fe72bc51d6970e4b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241174, "uuid": "2ce7a8a2-8b9a-47e9-b634-84c7de24e3b2", "comment": "Malware payload (RedLineStealer)", "value": "d53d10752ff7b2a821d41237a8584bb79d4d347885e96dae598109cc78e1e1dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241174, "uuid": "b18e5746-cf4f-42f6-b94c-9daf967c024a", "comment": "Malware payload (RedLineStealer)", "value": "85a1c8e229d2db288bda17b2928dac4deca3e284", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241174, "uuid": "b2ff2dba-8c54-4484-9561-5a42ce20d25f", "comment": "Malware payload (RedLineStealer)", "value": "145d73f98889883b29998d0cc3901360078b011b0765cec6b74c2a5a6a381d49ff5a035ea689e1dac39e9237ace6bc35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241174, "uuid": "0545493a-db36-416c-b49a-338f08c58238", "value": "T1B1F41241F4C5B134E9360A31BD297A826EADF8A04A30D8AF3F94371D4BB66D074B456F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241174, "uuid": "10388ea2-d19a-4474-8b6b-9d6398b8ce87", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241174, "uuid": "49030406-7f4c-42a0-b30c-8dbae35d30a2", "value": "12288:gVJC39R8v7fWlu+T/YRmPrsjbglEAiKPPxCukQICjzuaHqVQEiMohkc87fJ5XRNl:giNR47fIurmPrsjkIC3tKVQE6kco5RNl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241174, "uuid": "76e0244d-dd82-48ff-b01e-ab62ca7c99a7", "value": 728064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241174, "uuid": "9e9b270e-e988-41ae-8506-b9bb47792851", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241174, "uuid": "fdac6936-032c-49d7-b943-94c757f64a65", "value": "9faa666867f0b470fe72bc51d6970e4b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2946dee-0f32-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242171, "uuid": "3bf12062-3b94-4d7c-b5ef-22349cfc58a2", "comment": "Malware payload (AgentTesla)", "value": "4a3c8bd60db631e9a466e52b47553a0f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242171, "uuid": "ec053cee-7c19-4f65-aacb-ce6ce4bd907a", "comment": "Malware payload (AgentTesla)", "value": "d561074d1b656f683409a4a812f324f964b18d11b8847cd97bd12c2e31f78085", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242171, "uuid": "527b871e-4f3c-4e5f-a944-211c06250ef5", "comment": "Malware payload (AgentTesla)", "value": "1cf5b21b8c8fe173ecc1764cc231fa7de696b812", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242171, "uuid": "a3d82f2a-76ae-4d8b-9d8b-ecd7c4059f02", "comment": "Malware payload (AgentTesla)", "value": "fd230eeb01c246ce5288dfcbb50aab298d6e9fb33afdeeaba94f84306b880aa947a41200f7dc3e30257493ca15c74f57", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242171, "uuid": "68384322-7c08-45a9-a347-be05f17eeca0", "value": "T1D1047220FA47CC7AFA1146303795F16202526C637959CE562EC3B20E07F7B506DBAE9E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242171, "uuid": "0771c4fa-43ca-4020-9e36-60c935fd4f26", "value": "3072:RWkZ+RwPONXoRjDhIcp0fDlaGGx+cL26nAIXN22280s0cK9ih2MTnSAQiIGBY9j:lZ+RwPONXoRjDhIcp0fDlavx+W26nAIw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242171, "uuid": "d2f87183-7558-40b9-bdaa-696bf370de99", "value": 173056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242171, "uuid": "273ee014-d721-46c8-b413-b756216a635a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242171, "uuid": "a3c81729-7f87-4445-8078-05c17987e49b", "value": "Outstanding Invoices.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c70c969-0f43-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687249275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249275, "uuid": "541a1193-82ec-4fa4-b9a0-202580ddfc59", "comment": "Malware payload (RedLineStealer)", "value": "71990650d4165ef4def35c25e3fad696", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249275, "uuid": "4e9e6bf9-9902-42e0-bed9-a32634a46c57", "comment": "Malware payload (RedLineStealer)", "value": "d57c4024e38380f7ea82beb5f01fa6c36e15178cd228802466b3f742dc41e834", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249275, "uuid": "df4c7e75-8bc1-4de6-9cf4-37d9bdd4dd2c", "comment": "Malware payload (RedLineStealer)", "value": "72d0c5246a57aa823ca140f9deccac148003ec69", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249275, "uuid": "d2a2228b-4624-40d9-9b88-a8fde6db7292", "comment": "Malware payload (RedLineStealer)", "value": "3e59e687174c4d196e99f28a1a7ccbd83691461f8f5e451c317bea33725211e32208445a3cc5b9256ceaef51867c8dc1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249275, "uuid": "38975898-9242-42cf-b577-550767945f0b", "value": "T1D5F40241F4C4B135DA321530AD6A7A42AE7CF8908F70CDAF3F5837194BA58C0B9B596E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249275, "uuid": "6b5184c3-ef8a-4134-89da-e523ef741321", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249275, "uuid": "f53b90d2-4da6-4e61-9bd1-8e21aa16463a", "value": "12288:Cdq6VRov7fWlu+T/h52t5e6QLw3/XwpqeSXAQM3ahYPS:ChR07fIui2re6Qk32SwTa7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249275, "uuid": "d377166c-1f23-4d41-83c5-da13b8a9b70d", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249275, "uuid": "815c4a92-5bae-4c13-83d0-8eb57ae80376", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249275, "uuid": "be1fe85c-1b3c-40ef-804a-1542e000083d", "value": "71990650d4165ef4def35c25e3fad696.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cab1a7e1-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (UACModuleSmokeLoader)", "timestamp": 1687243849, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243849, "uuid": "bae090b0-1607-431d-9b14-4e0398102e14", "comment": "Malware payload (UACModuleSmokeLoader)", "value": "1bbdcda863cc95cc3c8cc9a2ac10f458", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "UACModuleSmokeLoader", "colour": "#8170F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243849, "uuid": "34309e37-c293-442b-97da-3bd8d7e8228b", "comment": "Malware payload (UACModuleSmokeLoader)", "value": "d5c8774514eb2cc1883334b07730c0e3d5752b39ac900d06333e1fac92d8ea81", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "UACModuleSmokeLoader", "colour": "#8170F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243849, "uuid": "864b9bad-fca2-4359-82db-e9d63eecd2cf", "comment": "Malware payload (UACModuleSmokeLoader)", "value": "1913466704ecc68336995d7d2068ce7f2619496d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "UACModuleSmokeLoader", "colour": "#8170F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243849, "uuid": "f3c6b9b3-153c-48d5-a469-447ce867891e", "comment": "Malware payload (UACModuleSmokeLoader)", "value": "34be6e738feb31d597d2e70e2c3a875293f8dcdd7eec5cb9511505205adbf13b69d0317deccc386ac0488a8fdc1f35c8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "UACModuleSmokeLoader", "colour": "#8170F4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243849, "uuid": "dd0cf668-3828-4bfe-b947-c1402558b452", "value": "T143D47D8392E13D95FA278B72AF1FC6E8764DF6508F49777A12189A2F04B11B6C1B3710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243849, "uuid": "1480d319-652b-4862-8cac-864e4a071870", "value": "2678d64d9aab251c39f4a926feb15079", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243849, "uuid": "a91d3274-f4ab-434d-8860-dd878e0e7e26", "value": "12288:ZD1n4dWQwFptt17PUE/yvq6qXD9q4fgf13hrgDvJ:wUQuLWE/yvfqXif13hy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243849, "uuid": "975b974c-b7a6-41cc-8e59-96f90517c82b", "value": 614912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243849, "uuid": "0e0f3e12-f756-4455-b163-678067628f47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243849, "uuid": "ac29f3e5-9beb-4a8b-b241-83b9c5f86f93", "value": "1bbdcda863cc95cc3c8cc9a2ac10f458.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a4c3b9d-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241164, "uuid": "a17481c7-1a52-4fe4-86cf-57b041956146", "comment": "Malware payload (Amadey)", "value": "b98f2f1749dcbba2f0f88a057163b082", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241164, "uuid": "c7024ebd-7909-4fcd-8597-a9277908c46a", "comment": "Malware payload (Amadey)", "value": "d63bf72b297bcc8ce771baadfe5b30afc519703e3950f4086054236536aa42c3", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241164, "uuid": "4b2a601c-f106-49c2-9c4b-313afa313905", "comment": "Malware payload (Amadey)", "value": "d5c0ddc0a48724752a85fdff46869923619ddd50", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241164, "uuid": "0d20c383-679d-47ea-a29b-6a96a69e567b", "comment": "Malware payload (Amadey)", "value": "829c2e8727614318ec3b307d515450bfc4b14703072262bfe4fbf2b869ddd63dc981ffd743abd671b738d2ebcabf29aa", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241164, "uuid": "05c6b1b5-a805-4721-ae0e-bbdc74f80e93", "value": "T1B7052313E7E58032ECA52B7468F713871A32BC908D34465B379BDD699CB22C4A4B537E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241164, "uuid": "27105918-d40d-4a22-bf81-1f4ea0f8712c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241164, "uuid": "87fcb2be-9660-43f7-952e-1cf861603f05", "value": "12288:hMray90EUhWDJmLw53J2TdjFMCl55dry1o2CZbUuevR8yG9pJ0cwY5H:ryjUhsVGxflzu+b1euD9pDhx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241164, "uuid": "1e94c81f-2b9c-4838-9932-abbd0483b78b", "value": 825856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241164, "uuid": "cf50676d-470e-476d-a1c3-167459a3b7c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241164, "uuid": "e5ca7121-72c7-4c82-9c99-f36ae0f4b7dd", "value": "b98f2f1749dcbba2f0f88a057163b082.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "515ef4ec-0f84-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687277147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277147, "uuid": "981b0429-a61c-4fbb-a2be-d6bcb8195127", "comment": "Malware payload (RedLineStealer)", "value": "de0841059650ad33fe3705b19efc256c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277147, "uuid": "c31649e2-1615-43ab-91b3-905270721252", "comment": "Malware payload (RedLineStealer)", "value": "d6ac4e2048a472ce214edc4cc03a2fe9ce696561a4a908f9124b177448d02d71", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277147, "uuid": "ab579875-df34-4aa8-988f-5724c8560a38", "comment": "Malware payload (RedLineStealer)", "value": "0ce6f2a245b1c05726891777ccad8870c0068bc7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687277147, "uuid": "02c17487-b8d7-4824-a925-941b120d7617", "comment": "Malware payload (RedLineStealer)", "value": "3cb277a84190a8856a8abeba0175f041abfc5a60b176af786f9df68c13434b102d2e7cf2c474d371b91d86d57c615e3f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277147, "uuid": "e0d6e81c-309f-4252-abb0-69a5e47f291b", "value": "T16F84170382E23D85F9658F739E1FC3E8760EF2508E497B75521CAA6F14B81B2D167B11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277147, "uuid": "0c966e1b-de6c-42fb-a0e3-1f1b4cf0927d", "value": "2e2bff69e94ccbf1f33f60d20c98521f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277147, "uuid": "c7a2a8dc-69ac-47bc-be37-85ace1962f63", "value": "6144:4t7VBlKnxfgomELaeI/uMdGf1xdBnCZyr7WUt:41VBUxLpXdxbnHnP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687277147, "uuid": "fa4c83e1-b1bd-42ca-a193-23f11ecd6bc7", "value": 401408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687277147, "uuid": "1df97cf5-f774-4d4b-9a95-422b85e3e721", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687277147, "uuid": "0ac8421a-3d12-4277-94bf-9122d3de6b12", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e253aa7f-0f66-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687264505, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264505, "uuid": "48fee93c-1a92-459f-be9f-d7aeb69e78ed", "comment": "Malware payload (Formbook)", "value": "c260d7afd91e9243b37f601fdf7226bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264505, "uuid": "17673042-acc9-491d-a1ab-252f1a8b7f7a", "comment": "Malware payload (Formbook)", "value": "d6fc1cb115ba92328c7be966ad4a2f85c015555934898cadc108715aa4c8eda9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264505, "uuid": "7617eb1e-dad0-415c-b4ab-0dd579db0fa5", "comment": "Malware payload (Formbook)", "value": "43bb2cd41baf19aa24d8f0a8269b96c81de87255", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264505, "uuid": "bdb08d11-e843-4308-a7da-f57dedd2b2ee", "comment": "Malware payload (Formbook)", "value": "cbac0d5a694354c13f5c75d11dc6833d6401b82f93b3f7eb3f95ad7233595c6b42f627e331f3ecf44e0a17e75c656a67", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264505, "uuid": "4714d0db-b203-413c-a7b0-0db87bf05e28", "value": "T16F05125896D8A32FD66B1B799F54BB78073FEB45BA27E32A0D60B0C31C527444B12732", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264505, "uuid": "7e2c2947-2422-406c-8bf9-6d32abae331f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264505, "uuid": "3f608e3a-a91e-4cf4-a36c-0d8e0e118860", "value": "12288:FRFT1NVsFOohCmD8DHv9F4PFEYRNVQKTtYq7J3At5iHOq+ZQc:FRFJTsFOGCmSvEPWYRN2K5Yqtm8OqK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687264505, "uuid": "c3c9358f-3db2-4fcb-841f-ed21fb3b6c6f", "value": 795648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687264505, "uuid": "947a4384-7f7c-4d2e-aca0-6f11ae8c7975", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264505, "uuid": "49468ca6-6c94-41ab-9517-f66da6a0dfbf", "value": "Remittance_90633_03.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71d63f58-0f66-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687264316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264316, "uuid": "de9562d0-4b69-4e81-b079-ae5f7661ba38", "comment": "Malware payload (Amadey)", "value": "551ac9791f113bb496b368c470f95d0c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264316, "uuid": "11381786-5e90-4d11-8632-a3fdc79316de", "comment": "Malware payload (Amadey)", "value": "d735886796f7cba7f8cccedf0ad57359ac9f8c7f7de832b07e9c226da6e8c3a2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264316, "uuid": "b2266457-9488-4dd0-a003-c10b4b56273a", "comment": "Malware payload (Amadey)", "value": "490c7c79ca09778a4c30b6279eeb5f8310b78251", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264316, "uuid": "952e3914-8cc0-46de-a45d-230a1e2e0d7b", "comment": "Malware payload (Amadey)", "value": "a7fb474758f177ef7e7ccfc03b3a37290fbf1521c0af42dd979a2b3811918f3f97704dcf2bab5320611f53eeff7dd5cc", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264316, "uuid": "5d30b9f2-b265-452a-b69d-d7c7781f34dc", "value": "T12B64C54382E13D86E9668F739F1FC3E8760EF6508F497B65121CAA2F14B40B2D267B15", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264316, "uuid": "98808d3b-f6ac-4d7c-97cf-76ff840f710a", "value": "7240fa76536531357d99f937a15ee51c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264316, "uuid": "7aba231a-d902-4acf-b986-ceb674dfd32c", "value": "3072:Nrz2+wVYY+0tYIkT9D9HWBsMvCGyIBHkUJsOR0D9c1/7/:5yfVYYZYFevvHkUCDWt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687264316, "uuid": "41e1ec6f-643e-449b-ba6d-4e308c9133b9", "value": 316928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687264316, "uuid": "4092a409-f431-4fa7-a5d9-01ab46c246ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264316, "uuid": "b0378d57-c494-43a5-95ff-48668a83b9df", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95ed3c87-0f4c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687253210, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253210, "uuid": "6408ac84-53a8-4163-bdbf-e5d77b356b3a", "comment": "Malware payload (Gafgyt)", "value": "468684982227119decc79b5dae62f5fb", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253210, "uuid": "ac81e4a4-7bc4-4624-a72c-dba7201728c1", "comment": "Malware payload (Gafgyt)", "value": "d79ff4439211fb109459bf079b73f48bbff8b8f3aee84d7d536e74d3fde5e355", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253210, "uuid": "463e3176-d44a-4640-9129-b649aae28265", "comment": "Malware payload (Gafgyt)", "value": "a57ea283d3fbb570808a650a3f46b1b70f642a8e", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253210, "uuid": "02a693e5-ffbd-4809-b5a0-6b380de4dbb9", "comment": "Malware payload (Gafgyt)", "value": "736d0f6d14f7a087b117a90003b95df49f9695dd6f19e125707a4f68e0c7d4cc86d9b01ea335ddffb25a7a6c6a95715b", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253210, "uuid": "b4cf9b95-0bbe-4c45-901e-9ca9a53e4950", "value": "T1FBB31813B7B1DABEC08252B12BDB92F19423FD7D0732622B33957DA51B388D96D59302", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253210, "uuid": "06d11b42-7c49-4c19-a0a2-7f92bb9aa224", "value": "3072:od0w4SAewzi+Xn+8Uhw6W+aPGJmDk1c8xF6KjW:zfO8IBXJmDk1c8xF6KjW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253210, "uuid": "b6b1ecb6-3b2c-4810-a528-475afaf42dbe", "value": 114825, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253210, "uuid": "8693e950-d17f-474e-8ff5-243dd516fbbf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253210, "uuid": "613c7e4f-eddd-4492-a706-64a68cc700cc", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10160d98-0f58-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Pikabot)", "timestamp": 1687258139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258139, "uuid": "e1304fbb-5543-4181-8447-0f0a3ab9803d", "comment": "Malware payload (Pikabot)", "value": "bc83972a1d04dd357059972f77114102", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258139, "uuid": "419fe9ba-444b-41db-9440-2f2f65d08c01", "comment": "Malware payload (Pikabot)", "value": "d8b0c0821492e1a4f923df2f1f36cd029e1bb0148928a3b571da354eefdca0f4", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258139, "uuid": "5bc3c03c-82e6-4fb3-813a-5fa53a0ba94d", "comment": "Malware payload (Pikabot)", "value": "a60691a81c8a7586d2eae4e4eb34dd6724be5357", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258139, "uuid": "ec4a233c-3f52-4df2-aef7-7f064da3085c", "comment": "Malware payload (Pikabot)", "value": "47523945789ce92921404090121d24197aed1366102b624cf2c55c676c7cd0b96ebfd1f0b80535e8eb4675f4847c03db", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258139, "uuid": "a29eb3fc-5ecf-44c8-8b3b-332a5a6dbe9d", "value": "T1F894D9808F6AD89140B753F7FF5260ECDB689E15B00894A9F41C6A78BF6C560B0B3DB5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258139, "uuid": "cab34b47-b153-4921-b842-e688a272b4a6", "value": "12288:7zL2tluoE1y4V/g3AdAAdgLvS3c0wis/0Y5ZFWv2YjtrmHiw3SRVE:HI9AdAAdgLcw/0gZOJy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258139, "uuid": "59a88f5c-08e9-4815-a8a5-9819832a9342", "value": 422435, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258139, "uuid": "899998dd-8581-4bbe-b10c-1d75f03fdfa7", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258139, "uuid": "9bdd8c1c-458b-478c-99dc-8d1a9c930fe6", "value": "Ud.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85d81f4b-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241157, "uuid": "9000ad59-07d8-4ca9-965c-45f165cd4cf3", "comment": "Malware payload (RedLineStealer)", "value": "87ee15046af7cafed25de09f8217ef92", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241157, "uuid": "07ad8589-03ec-4385-8ac3-c99b7565e36a", "comment": "Malware payload (RedLineStealer)", "value": "d8b6140650c8115019c12295f3d341f02e58238b0de6b109e159c90e31174e3b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241157, "uuid": "35661287-30e5-4a39-8b15-73a6cb0d9815", "comment": "Malware payload (RedLineStealer)", "value": "8ab48e0020d7316fbd409115ad0c88568ba4d108", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241157, "uuid": "16569f88-2458-41bc-8db0-34681470c3b6", "comment": "Malware payload (RedLineStealer)", "value": "1465e062cfb7fffe10ea63c0169b566c0f7fd41dcb8c506dc0bbbc4e222599b6c92293f6287845c879616fbe79e077d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241157, "uuid": "ce1e80f1-5694-434a-a3cd-bc92695d42c2", "value": "T127E41240B4C4B138D9710931AD6A7AA37E7CF4909E25CDAF3F94230D4EB69D0B4B166E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241157, "uuid": "689f28bc-a1fe-482a-ae0a-5bf49818ec97", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241157, "uuid": "f9977a97-fc07-47f1-88e3-539b7d2a75f7", "value": "12288:wG0HyR/v7fWlu+T/lLAVNP/xjU2nyYz7lUMm+zpF7iLzwF4s2zkANnDDcmS0clt:wCRH7fIuy+PBZnvz7lUkzpF7u87j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241157, "uuid": "0906427a-3cb9-4c33-8cdc-e541711c7427", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241157, "uuid": "323496dd-5ee0-4ac5-b08e-969d0704ec35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241157, "uuid": "cfb60b0e-585a-4c42-b1e0-ac30e9eb32e6", "value": "87ee15046af7cafed25de09f8217ef92.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbe876a3-0f82-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687276493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276493, "uuid": "31397512-e224-428a-aceb-b5e89ba1442a", "comment": "Malware payload (RedLineStealer)", "value": "df4443f2b68d1afacc99afff77a3064c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276493, "uuid": "5ceb5a6a-5ec2-409e-8f56-d4895465de9a", "comment": "Malware payload (RedLineStealer)", "value": "d9564be583fec8af7ac5fb532bb03c69261bac05c7d13c8b2f6203f7eaa990e6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276493, "uuid": "6373388e-a4b2-4f98-b039-f99a2634df5c", "comment": "Malware payload (RedLineStealer)", "value": "c3c1371db4715fe2da8edf60427a7d01868d14cf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276493, "uuid": "fe1a9fea-80d1-4c03-a33e-e558d1d238bd", "comment": "Malware payload (RedLineStealer)", "value": "4594eaf802c50c796ef5bc8d0060a29d71213b4a9cb458310e03511c91c9452618012ec911e49e1b00807b102beb764e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276493, "uuid": "8f478424-5497-4612-b065-3f26eb68bb95", "value": "T10684280383A03D85E9658F739F1FC3E8760EF6508E497B79221CAA6F10B61B2D167B51", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276493, "uuid": "5b987ff3-5d38-4e0f-96a9-f9b1e0a3cd1b", "value": "7240fa76536531357d99f937a15ee51c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276493, "uuid": "24e7761c-4552-4a82-8e91-7662e4ec38b7", "value": "6144:5u7zn99DxiyLfNTmtIZXNG4F4jtgfPV8bJXrj3LjSkOivp7PE5jibWqO:kz9hwmfxmtCYhafd8bFv348NqCu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687276493, "uuid": "8c7ce887-48ee-408a-a016-4c762ddd0d8e", "value": 401408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687276493, "uuid": "e25800b2-5974-4976-aa72-e1bc3d1db082", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276493, "uuid": "2f04c0cd-8b8b-4f81-9a06-0b18c76327f4", "value": "df4443f2b68d1afacc99afff77a3064c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97d08835-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Neshta)", "timestamp": 1687242475, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242475, "uuid": "572baa48-6d9a-4274-822e-fcf4fe76e0e6", "comment": "Malware payload (Neshta)", "value": "88480611405924f09910d72561c9d29c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242475, "uuid": "58ee350b-7606-409a-b304-30f08743210d", "comment": "Malware payload (Neshta)", "value": "d964a65d39458176447fdb930e03e6534c19dcc556abde4cb522fa2aeb8289e8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242475, "uuid": "70469561-3c59-4e54-bbf9-5cf0411ba14b", "comment": "Malware payload (Neshta)", "value": "eda2cbeed176961918e29f8ba27b482d05f52778", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242475, "uuid": "9983ffe0-2043-43a0-8169-55cafddeb44f", "comment": "Malware payload (Neshta)", "value": "beebd1a59633fd720534421650468d4b6fd70ea4ab4130db8ec9ef0d848429b5468cc408b0df363226547f453beee9ef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Neshta", "colour": "#F5FD90", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242475, "uuid": "a5e603a5-5f7a-4eaa-b2f7-d80cb4705bab", "value": "T18D2523241BE7962BE08B0B341410E734D27D5DDA7252C7AB2DCB7D9B7B267C50A30A1E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242475, "uuid": "4023423b-b98d-4f3a-b2b6-3dd5dfb0c07f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242475, "uuid": "90a64228-ebd0-4b4c-8fb4-88c0acda4b41", "value": "24576:ab903Y3zu4CZdON3vvwkze17dNc71RgvuaMUdO:az6ZYBvwkzc7dNcpHaM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242475, "uuid": "0c6bc4f1-62a2-4213-add5-194b0fc12c6a", "value": 1035776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242475, "uuid": "b8d18bb6-081a-48b0-90ab-bb13effca784", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242475, "uuid": "3e8f2698-2250-4174-bd1b-0bd2cc1ff756", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "485ac238-0f6e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1687267682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267682, "uuid": "13af4475-3140-41b6-87ba-279d94b15952", "comment": "Malware payload (AsyncRAT)", "value": "0adc91cfcff99f8dc67760b3dc6a7556", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267682, "uuid": "1b781ebf-0106-43c7-8491-4aa4339c544a", "comment": "Malware payload (AsyncRAT)", "value": "d9b58487d96d7da8ffc4001a417d02a954954d4e068051b0534a657027a662f9", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267682, "uuid": "17cdb696-b710-4b6c-9695-eac11b8f710a", "comment": "Malware payload (AsyncRAT)", "value": "4fbbfdf56812b33cdc0a2e9125eeeef103cb9413", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687267682, "uuid": "f90c0de6-7f96-4d42-96ba-9351adfb3ea3", "comment": "Malware payload (AsyncRAT)", "value": "2b7186b6cfd262d6ac7535c333c67ff5e0b0c6b3c2f8c837df0ce3d76df84a0aa3c1134a8dc203902f9ca32f0333e7dd", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267682, "uuid": "788b1c22-b63a-41d1-a8f8-ae8ed95f3e3a", "value": "T195621A03FA514DB2D79042B90576EB5582BAB7781F20DBC3EB99A81D0E612E1FC3650F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267682, "uuid": "41db09fe-1bbb-4d0e-b8f1-31d8528dce8f", "value": "1838dd6bc3d816283fb8e71f14e86bf1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267682, "uuid": "4110d0fe-2060-40af-9d1c-985b851a4c5a", "value": "384:HTaaI3d28aNucpP4zgJLLbF2j85NytI2f0+hL:HqdjAPMqLbLNv2Dh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687267682, "uuid": "9ce40167-1340-40e0-8797-1097e95cd297", "value": 15872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687267682, "uuid": "8f7f82ca-a3f7-4ace-9656-c531ade66ee7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687267682, "uuid": "ae94efaf-e698-4abc-968f-58be0157dbf4", "value": "fapiao01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aecb26ad-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687242514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242514, "uuid": "f8d018a6-cdac-4b81-8a46-c77ac949b43e", "comment": "Malware payload (RemcosRAT)", "value": "c2e5db327fac3911b72d5e6428b7008e", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242514, "uuid": "0acdaaea-7619-4e12-a89d-e77b6c9739ee", "comment": "Malware payload (RemcosRAT)", "value": "d9d1f571b96e6a1c3e688a81f5973150fa85d1499740de1c98e48f0fcdd98b4c", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242514, "uuid": "bf87ae2e-f6f0-45a9-95ed-fbbe818b1a0b", "comment": "Malware payload (RemcosRAT)", "value": "971965bbd14a83d4b9b628a4b93ef3bd48a87fa9", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242514, "uuid": "8ac90f03-b5fa-49bd-9f93-ec3f06d78807", "comment": "Malware payload (RemcosRAT)", "value": "0ccaeeb3f0b895c50fb0fe3c8f088aa88e5e3e0f9cf9f95593df4b1f50ac01383df0cf9d8911f3225a2924c316f068cc", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242514, "uuid": "e9f474e2-e657-4eca-8a68-cc2a61351617", "value": "T189E459513F5F30F4E1A6AAD70BE860E48B0FA6025739E14E508D561B3BA7E535CA4F32", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242514, "uuid": "2512e033-f6a8-4be6-b07c-8cd777ba88af", "value": "6144:s78z7QwFonbn4njnjnRnQnwnznOn4nsnknJnqnnnJ/STZqZ:s78z7QwLqZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242514, "uuid": "d3e9b161-fa7a-4dd5-9768-ddf62e618715", "value": 684104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242514, "uuid": "15046c97-1b8f-4efa-84a1-4cd3ccc4eef7", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242514, "uuid": "bb63105e-a604-4c08-844f-54155b661064", "value": "ZSS BOARD PACK FOR BOARD MEETING ON 22 JUNE 2023.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4566807a-0f90-11ee-b3cf-42010a9c0076", "comment": "Malware payload (LummaStealer)", "timestamp": 1687282280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282280, "uuid": "3e0a199c-2119-4265-b96e-38c73d3b17b3", "comment": "Malware payload (LummaStealer)", "value": "e3712d22893f309738fd59d00ced152f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282280, "uuid": "93af0a19-50f0-4c72-a475-9a468a8580b7", "comment": "Malware payload (LummaStealer)", "value": "d9e54f6fa96be453706495c9282a926667f750d348bdb9ea47c4a9fa93f80ab2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282280, "uuid": "bf054eb8-a8c1-4ac2-8d50-dd0bcc8e00c1", "comment": "Malware payload (LummaStealer)", "value": "5209f98d9c90224aeb29ad4223c778d602a1c4b2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282280, "uuid": "22805f89-6e45-4e9c-b5b1-f22f24c71cd7", "comment": "Malware payload (LummaStealer)", "value": "5bf32290789ae1b3d59bb1e188b5fc69bfc56eb41fadadc4e78a6f23c20f397a4089dd9823a069359a00dd381c8b4167", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282280, "uuid": "1f17160c-7948-45e5-990f-d53bed14ad4d", "value": "T1A73612D23A819DE0C5B21673DCBE457197693C38CA2189DBDFCC325C1E719C99224BEA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282280, "uuid": "8e5b80bc-05cc-4a74-a576-c1c4aee8c00e", "value": "069f6c9fc62e38acc1fe87eb9669ac66", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282280, "uuid": "7258e13a-123f-468b-8046-62213848a7af", "value": "49152:xpfdVYHLKk3+0U0cP8F1iHO73/wl/PVjeWVDz:xpfdKekuF06+1UO8VjeWt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687282280, "uuid": "73e269dc-49b6-4b70-a731-40b27defb440", "value": 5201720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687282280, "uuid": "f9f072bc-69e7-47ed-ae47-feb7f87a10ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282280, "uuid": "b4add5bd-676b-4289-8e1a-79392ad0eb07", "value": "SecuriteInfo.com.Trojan.GenericKD.67641847.20774.9542", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f720f366-0f4d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687253802, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253802, "uuid": "420f56d5-05f2-46a2-a7f9-9925fabe1c0c", "comment": "Malware payload (Gafgyt)", "value": "7f516f01e1eaaf3bf945561e81e31b41", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253802, "uuid": "eddeec92-04cc-4d3d-b5e6-2c3076ce2f3b", "comment": "Malware payload (Gafgyt)", "value": "da6535c8302257da8920e0f91193abf00b67b861ff8a834b8d0912c4c831d2e0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253802, "uuid": "5c3cf6f2-081d-42d3-8988-2de40ab28191", "comment": "Malware payload (Gafgyt)", "value": "0a8e7f49358353bf161b9b560d6985107d2e56da", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253802, "uuid": "c996d27a-38dc-46ce-be52-e0adf81db56a", "comment": "Malware payload (Gafgyt)", "value": "b89add110d2a745599779133a1335645bb5b2ee4434e8e25900c957d1b2a1ef34039f7ebb8666e11dbe7866f3995bc2c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253802, "uuid": "ca001209-0615-4bba-8fb1-586f895371ad", "value": "T15F933B56A780D5B3D14305B316979B620033FE7B1A5EAE0AE35E7CF18F3A0987221B5D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253802, "uuid": "547f093c-6167-45f1-bdb3-0376c06e75ca", "value": "1536:msqmQTbw7U+OU0Cf5UI8E8WwP6kHzgk81VwcG2emHGMUNLe5um7WAgcVjmZIcBI:msi2UVUtBUI8GwPfHkk8rNeLesmqAgcr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253802, "uuid": "937df8b5-3c9e-42d8-93ca-7b3d5dd4474c", "value": 96268, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253802, "uuid": "38c6d90e-4199-4cdb-b9ae-8c756e8e80a4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253802, "uuid": "1987d3e6-9d6b-4832-8afd-bca26b2ffb08", "value": "7f516f01e1eaaf3bf945561e81e31b41", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2406ab3c-0f43-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687249153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249153, "uuid": "e4e2aa36-b291-49bc-983f-3a32601615d0", "comment": "Malware payload (Formbook)", "value": "75cd99356f375ae6c1eaeca54ac5a04b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249153, "uuid": "b04e0e0c-1e02-4ae6-ad99-e30351b6e3ce", "comment": "Malware payload (Formbook)", "value": "da9ce816092043ded7f22e3368f1beaa75577190bdab4da16936d7c1bf774e84", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249153, "uuid": "9057150d-eea1-4e6b-bc72-94af0ee57fbe", "comment": "Malware payload (Formbook)", "value": "12875d0332caf07ba9e997b89783208ed6cf4bd8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249153, "uuid": "060ad146-c0e0-4b41-a74c-facf8d768d0c", "comment": "Malware payload (Formbook)", "value": "5f69842b6bd25a4c31cb0715b42f7f7ec6443799220f44cf7b89f5c8a1dd30900eb9f80b052278515665eaa1003cccbd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249153, "uuid": "2efe1ef1-f1c9-4929-8e56-67130c6adee4", "value": "T13605F11022B84F57E13E87FC1450237083BD9A5B702AD78ACEC7B4CE2EA5FD1065AA57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249153, "uuid": "442c014a-645d-4d7f-be65-fc065971d9f7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249153, "uuid": "eb265b64-c5a5-45da-99af-85b97a8a8b46", "value": "12288:42qlXcvPM7q6bpw4dcZda/igKya7xsu1NVHuvvnUJsT0yr+hc8CoDm0a4i41csEA:acuzu4CZdOWsu/lg1wh8oDH1PFyZy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249153, "uuid": "e45492a1-b0ce-4509-8e93-e0648fe0738d", "value": 874496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249153, "uuid": "0636cb9d-2ec8-4174-a1c9-c5e29323c265", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249153, "uuid": "0e65740a-b890-4663-b3cb-437f97766a26", "value": "sat\u0131n alma emri pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4696651f-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241480, "uuid": "fa012cf4-cf06-405b-80a9-4a7904a73b5e", "comment": "Malware payload (RedLineStealer)", "value": "f196770ce092af89e17eb8155d255e3b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241480, "uuid": "90e3f414-a71b-42e4-abe6-0281a7ecbbbd", "comment": "Malware payload (RedLineStealer)", "value": "db2216b7d3c61c95d041079ca906856e144e924710517a4064113118b036ac6b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241480, "uuid": "ddec42af-6d9a-4e48-95e4-9602a8247086", "comment": "Malware payload (RedLineStealer)", "value": "7d532ab033eccdc797e61eb085e296dc515c4b3a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241480, "uuid": "6e774fea-fdee-4cc3-9867-0a4a47736348", "comment": "Malware payload (RedLineStealer)", "value": "5ab224272eeb5e0dcc954a342faada0412fc20482ff69f929ea2ef306058a5a551a0648d9a5a21011be79e4c97a2591f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241480, "uuid": "9fece8ff-b04e-4239-9812-66e807b28710", "value": "T15B544B0FB5C50336E471103D2BB02956ECEDBC910D34EDB73A6CC369156ABE2A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241480, "uuid": "178b79c4-5683-4a9b-b80f-afacfc213968", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241480, "uuid": "0b09b789-6017-4a71-91de-8c9d3ff12da3", "value": "6144:pd6rSE25YQ0FKHgKNRBH13TLxNP9T0x+SRMB:KS2QzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241480, "uuid": "f5f64132-15b5-4e7b-8a7e-3d1d003ecbd7", "value": 279558, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241480, "uuid": "1af3b860-7de1-4c7e-b4b6-89183c76526d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241480, "uuid": "1de78717-cb04-4a3d-bf77-20d620ffb6cd", "value": "f196770ce092af89e17eb8155d255e3b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b97e570-0f48-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687251367, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251367, "uuid": "f89c6896-4a49-490b-9aa8-4651b8e5ac3e", "comment": "Malware payload (Formbook)", "value": "6e1ccefeebb484f67302994fdc4b8747", "object_relation": "md5", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251367, "uuid": "552cada4-18a3-415e-8fda-8c63e581d126", "comment": "Malware payload (Formbook)", "value": "db39808e4c72472d6c8e8c1b4a0eb3c0000666aae739c606a11c65fdf612c545", "object_relation": "sha256", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251367, "uuid": "7911762e-3373-4d74-88dc-97dc8216bdfc", "comment": "Malware payload (Formbook)", "value": "cc651634947ff423c9f8170fc12cf5b6e2d663ce", "object_relation": "sha1", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251367, "uuid": "c97a1190-a98b-4da5-8751-e10015d12c1e", "comment": "Malware payload (Formbook)", "value": "47c359a4a9159615c174512497fb6ea5f74a0ceaa51b357b8c7ecbd14ad0e454c643cf1954bc5d62cb4baaadaac95921", "object_relation": "sha3-384", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251367, "uuid": "7de7b22e-8cef-4737-8928-292e6ca3c41b", "value": "T1CC4423C344BC4A72ACC9313B22D4F45218772F3D57DB072FA557FAA992C39210A4F5AA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251367, "uuid": "fca9953a-79b4-47c5-9ed1-5020f3b5e0dc", "value": "6144:fStQhwHpHhfvENitxU+rVUNeeuFlLmAQfOY6OXRJCRFpng:at1JBfvoiteaIeew2f6OXROTg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687251367, "uuid": "88433acd-2df2-418f-9978-8402d6cb4197", "value": 262543, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687251367, "uuid": "9f1ec2aa-a19a-4478-8723-a095af207af7", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251367, "uuid": "f944efd0-2d71-4b4a-bdaa-b2575b8b0d2e", "value": "23-QAI-OPS-0067 (7000000061)DOCS.arj", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30a9534f-0f43-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687249174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249174, "uuid": "105eb9e3-b17c-4513-89ed-968201a45859", "comment": "Malware payload (AgentTesla)", "value": "1efd6df65cb56f0cde65b1581fe2859d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249174, "uuid": "8d09ab07-217b-4129-a41a-b8a49fb7c139", "comment": "Malware payload (AgentTesla)", "value": "db80f8d52a3921c00ac03a2be314c9e6e818322aade67df6550c1039a8be9abe", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249174, "uuid": "ee73b547-98ea-4703-a227-10066716a32c", "comment": "Malware payload (AgentTesla)", "value": "ba8b24690dd605ea81f00ee2eabcfd1f82521e49", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249174, "uuid": "97833e0e-2231-42ec-9e92-fed0495a5a4b", "comment": "Malware payload (AgentTesla)", "value": "f3a6ca4115c5bc46578ad08406a1a243b4c64a2e036f15dd8cdec7e6e16f42bdb7c0cfbc5d486ffc188bbf6530610b88", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249174, "uuid": "a3c310e0-f485-464a-9e2e-0bf87989b46e", "value": "T1D221E06D1674F5A041EBF041927E460668F398AEFE38A114950A295032247ECBFBDBCB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249174, "uuid": "2fe50d4b-e6c9-47fb-b4d6-b6ce83103935", "value": "24:3EtPrnHT93rbokYqC8pEssi38258s50aW4DY6prAZmEaRSOb:Ezz97bobqnSTA4Ihtamf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249174, "uuid": "559273ac-e9af-4e0b-b121-0d239f14dc70", "value": 1217, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249174, "uuid": "36d1ea76-74d6-4f3c-8de9-98a891058595", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249174, "uuid": "2f46d541-d4e3-4585-8aee-b26b810f7596", "value": "Factura con IVA.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19205a7d-0f48-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687251282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251282, "uuid": "7c22982b-d1dd-429c-a402-ae48166ecd9c", "comment": "Malware payload (AgentTesla)", "value": "bd7ce7fbc5f79253ab94ddd89f03ceb9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251282, "uuid": "d2c36961-ed2a-4150-be73-3b0db957d601", "comment": "Malware payload (AgentTesla)", "value": "dc9981c270f03abc66b47ce6e5c6cd1759b9744ee60fae4cf8580ff3a26719c1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251282, "uuid": "9d70b88b-4cdb-40e1-a4a2-9cb2c94294ca", "comment": "Malware payload (AgentTesla)", "value": "1064ef685a80ae393fd9455752d7fad4ead01bfc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687251282, "uuid": "891682f4-5eb8-4371-8bd3-740a26a32a1e", "comment": "Malware payload (AgentTesla)", "value": "3b0281f606345354cf089d21295186a548b3f8d0d2cd84a14890dcbe981e16125404ec4a1bef7d395ed79ec83fd97f20", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251282, "uuid": "79e837fd-30f5-4c2a-98c2-903f22a9d526", "value": "T1D654233B43B295C285D95AF339EDAE99FD8ABB8975472812444CED4F839373C8C5C089", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251282, "uuid": "31ececa4-d43f-47f0-9106-f402789b28a2", "value": "6144:Vcu4cYyPUYR1c75EaGmIRQ5RFSa5/1j/eYf7thWTo4cackRLHCfgHFz1cgQ/00W:L7BP5Y77XIdc5HJhWTSacktSgHZQ/00W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687251282, "uuid": "408616ea-d7e6-4474-81c4-de3939936ac8", "value": 304679, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687251282, "uuid": "97312802-9153-4af2-a521-de0c988dbf41", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687251282, "uuid": "e8552420-bc9f-41b0-8e97-a36dda641c56", "value": "PRE-ALERT HAWB ANL2209036.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "117647ee-0f59-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687258571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258571, "uuid": "2c36ed51-19ff-4218-a160-eb394bf09dfe", "comment": "Malware payload (Gafgyt)", "value": "6235ff9faa6630ec0338233b9c2d5513", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258571, "uuid": "5e5d6f89-f645-421e-aff4-6417e776d83a", "comment": "Malware payload (Gafgyt)", "value": "dd2cb7a0f95dbd648b756aa212eb15ad520416e7674ad0198cfbeefdf6c2d9d1", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258571, "uuid": "c616f6b2-dc0e-44f9-9436-a1aa6b386a5b", "comment": "Malware payload (Gafgyt)", "value": "c3119b6d3e9b60d433b39787c885af7ec92dae03", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258571, "uuid": "5c8165ab-14a0-47d2-944f-cbda436cad2d", "comment": "Malware payload (Gafgyt)", "value": "d12b7fe0d1c019e32a6c25bb1f37f38bfea3088de8c699247987b24e40521f340631d0f2fd3771b0e7344b2b511935fd", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258571, "uuid": "62630d3a-8a89-44df-9be6-101ab79afec5", "value": "T19644A40A6BA18EB7D89FCD7B02EA851110CDE84A119CBB2B73B4E61CE75E94F44C3D54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258571, "uuid": "4a6e9771-5291-4147-a958-3bdd5770750f", "value": "6144:5fg550cUh1E0wDwh4m3mk8rLaIYXjR1uwrfvG:dgb0B3w5m3mk8rLaIYXjR1uwrfvG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258571, "uuid": "aefd4f56-6bab-4a67-8132-a23405d4ff5b", "value": 258916, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258571, "uuid": "b9db8fcb-f4ff-4409-9593-5e96b965305e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258571, "uuid": "a44b2f71-e824-4910-82df-9b3f76f2720f", "value": "JIPJIPJj", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4320760b-0f51-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Spambot.Kelihos)", "timestamp": 1687255218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255218, "uuid": "bdba5e47-455b-40b0-818b-330152913b23", "comment": "Malware payload (Spambot.Kelihos)", "value": "cf7587a6e0bf853250e291305dcd895e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Spambot.Kelihos", "colour": "#408350", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255218, "uuid": "54df36c7-ca0d-443e-95a8-b1154cbab46d", "comment": "Malware payload (Spambot.Kelihos)", "value": "dd528eb464db46cd69a3a373f5cde4c4e48afb7116fb8e91eea3a1caacc800f5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Spambot.Kelihos", "colour": "#408350", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255218, "uuid": "817d132b-988f-423a-8b7f-4b8c6e03645b", "comment": "Malware payload (Spambot.Kelihos)", "value": "b98f3c9b8edf17a9b696efd8c54508ab45f3537e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Spambot.Kelihos", "colour": "#408350", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255218, "uuid": "5f2acfc8-20a3-4432-8b18-67a851905bbf", "comment": "Malware payload (Spambot.Kelihos)", "value": "6abbe2d8e9eaf9c838b1cb57a682a6d72d041f305b025861a258180509f16799e14545283b4c60d648ca859352127f94", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Spambot.Kelihos", "colour": "#408350", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255218, "uuid": "f5a320b8-2df7-4e17-a8e6-a96aba3b0a39", "value": "T1EF158B0D3B80943ECFA794374E55FEA96279A12E071240EBB3D519DA0F33BA19630F59", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255218, "uuid": "0ce7430f-50de-4d8a-b2f7-ad5bc38cdaf1", "value": "d3bef53bd3b1af06f068902986513bdf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255218, "uuid": "c144bc90-6e2c-4812-b437-38cdc1f8900f", "value": "24576:RIJo17WrRfZZEKC/VFBC2NF6zpYw7XfDHx:RIHrRfZZEKC/VFMuF6ffHx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687255218, "uuid": "d9c4ac64-b720-47c7-8eba-0a3ec61d2301", "value": 922040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687255218, "uuid": "93a459d1-ab9b-497e-b753-663666cc6492", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255218, "uuid": "1a3eec9c-36b7-4973-b47b-75cab1b32512", "value": "cf7587a6e0bf853250e291305dcd895e.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d78bdf17-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1687288109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288109, "uuid": "aaf18a7d-b7eb-4035-a121-aa3a932674d7", "comment": "Malware payload (Stop)", "value": "ef78227385212e695aad69ebf4cf57f0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288109, "uuid": "63956e60-75ef-47de-ac86-ec87706766d7", "comment": "Malware payload (Stop)", "value": "dd602553a168ced037c65973c341a96a2ed995c4ac397f71f0426fcb75ce5d09", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288109, "uuid": "244149da-1a8f-4b69-97f3-9251b5ac2ddd", "comment": "Malware payload (Stop)", "value": "cc88d248d6358fa9da593cf170899f915b13abfc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288109, "uuid": "d5131ac7-ee90-40ab-9bbe-46bee2941fe0", "comment": "Malware payload (Stop)", "value": "b003837783426f05525c696672632b0de0e4d6c03a2e2cfaff266cf1230e2a3e54cc4afe0b8260495a7ed1d4e18e2972", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288109, "uuid": "802e1b48-f22b-461b-b343-ec54580a6c05", "value": "T19E05BE4382A13D85EA658F339F1FC3E8720EF7508E497B76122CAA6F14B8172D167B51", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288109, "uuid": "6e23e6b5-d1ba-4489-b9e9-a6d1678eccce", "value": "2e2bff69e94ccbf1f33f60d20c98521f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288109, "uuid": "dea3b322-989a-4e87-8319-9977dd0bfbad", "value": "12288:B2tdjZfS2UAp4ny0vKk9zypxbErcgVBf2NcdlCkAOY2QUzkcTpRGUD/x:WvS2My0yk9WxbEAgVp8cdlnAOY1U5D5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288109, "uuid": "b09a8ba4-f8c5-4e30-b340-e177b33bf847", "value": 830464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288109, "uuid": "a3fd56fa-c4dc-4ac4-bd6b-d3da9697e868", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288109, "uuid": "d4ad882a-15e3-4086-98cb-9dc3360aa565", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c5fa5a3-0f76-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687271045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271045, "uuid": "cad2e8f0-77d9-48d4-9358-61c9218adadb", "comment": "Malware payload (RedLineStealer)", "value": "e67c3579198e6b84e85ffe74efc921dd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271045, "uuid": "d4670003-d8ba-4c9c-b2f9-d63e8256fa14", "comment": "Malware payload (RedLineStealer)", "value": "dd7559d441f5207d13dd4e8486af5146085c326b27e0ba2b4a72acbcd2a60984", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271045, "uuid": "5a74a8d8-fcff-4c24-99d8-21f4fef5ed69", "comment": "Malware payload (RedLineStealer)", "value": "01204728c00c8103254b988ce44a1a9ab02ca8e3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271045, "uuid": "ec75eb91-a73b-4c79-b3e4-7971ffaea367", "comment": "Malware payload (RedLineStealer)", "value": "de6d1cb9359ad6abae0e398634133d76102b6c86bd0f83457303e82fae2eb4270ea6fe74798e88227a31bd0cf91f82c4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271045, "uuid": "4b59c78a-562e-4eda-b3d3-030fb2cf8b94", "value": "T12B04D658364BA57ECA6F883D9C700CE4667CAC671246AB079D8EF0E43D3B7919B051F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271045, "uuid": "a47f9e7d-f300-4b97-bd11-3f489d8af2ad", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271045, "uuid": "2114ae07-ae52-4eb5-879b-b20bf96000de", "value": "3072:EL33Lwu1GhyzOPwZxNhaB2m/gw69b8e8hD:sLaJwnW/gw69b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687271045, "uuid": "c468114f-97b8-4d22-af5a-811fa2bcc26f", "value": 176640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687271045, "uuid": "3ee5e923-bf78-4e06-9a3a-895e3093df90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271045, "uuid": "7434b2c0-249f-4125-87f5-fad07f9261f1", "value": "e67c3579198e6b84e85ffe74efc921dd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31832e83-0f05-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687222547, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222547, "uuid": "4c515cd5-75ce-4552-848c-99c438a6c596", "comment": "Malware payload (Amadey)", "value": "7f4ca445938786c8b438c55ad5ff2902", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222547, "uuid": "4897f727-fb8f-4b31-aa0b-d8dc58203334", "comment": "Malware payload (Amadey)", "value": "df10082c3a331ae4397182a70858a1502bc8d8f0f70bed7e3f0d5e656c15e4bc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222547, "uuid": "697a6551-815c-4ef6-8193-ba04ea370646", "comment": "Malware payload (Amadey)", "value": "0247720ddb27c08beada90ed1544be7f2f259c2a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222547, "uuid": "c2f2c3df-088f-4856-a8de-cb7615f1d91e", "comment": "Malware payload (Amadey)", "value": "3ba9ad0d804afd2e7cce834be70ce396d84ff9b46d364394fb4dc97c7de67ee4743cbb9205899dacf7fb5316a9548899", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222547, "uuid": "03ed86f5-648a-4219-81da-24d32f15e845", "value": "T1DF051282BAD98532DCB567B11CFA0BD30B32BDE519B893371741995E0D729CC983A327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222547, "uuid": "1260106d-ca64-4046-99b3-edbc4ebe66fc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222547, "uuid": "d4de8d7e-daa7-42c1-8893-2f9e2967f801", "value": "12288:DMrky90feC27D7L8mfYEFZfkSrWMvhhe7VKygvwL+klNOrxD0nQnePiI6XOq5CGQ:3yOR2n7LZgIAQk5NCD2UpcG7hK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687222547, "uuid": "934f1637-e47d-4793-804a-8fe698c45690", "value": 823808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687222547, "uuid": "5b8f2fc5-2b8e-4c30-a813-3c22a95937c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222547, "uuid": "2d1d9833-243d-4231-911e-b8aa84929103", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab815e03-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687242509, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242509, "uuid": "65d55f2c-cfef-44e2-aabb-90c841ad59a0", "comment": "Malware payload (Formbook)", "value": "c81a96f64e2d039e1c395e7ed00f41f0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242509, "uuid": "087a75ad-1840-4869-94ba-13714b1e6329", "comment": "Malware payload (Formbook)", "value": "dfb7eb655f8cbe6c8ccf45d167e7554141ddcdd1046603ad485ddb9b6f40ad8e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242509, "uuid": "7488951c-19db-4573-be89-73fc84f4ccd2", "comment": "Malware payload (Formbook)", "value": "f9bf9cf2a12fd401757becbf7a0cce70cd0ad447", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242509, "uuid": "dabf4ba3-9437-4dbb-b080-4eff91d54adf", "comment": "Malware payload (Formbook)", "value": "96d08fe3f719cdb7f0fe1ac969e64424a44b5111d369eab93c708f4bb32e7db3c3cfed8253957acf0a11d3ac746bc764", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242509, "uuid": "a7fef88f-c967-4cf1-a95d-1c96044a8dd7", "value": "T1CE64121CFAA0C4F7E8620A7244AE4F916AFBC52528F48707D7585A1C7E07981E79E733", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242509, "uuid": "8dcfc9b4-44e4-47c5-8100-2c347217d132", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242509, "uuid": "3bad0aad-3f86-4b4a-88d1-e07555480dd7", "value": "6144:lYa6TQVAH/HkhuRy7SjrcyCgnfbVe3IrN2Vd+hZCEkfote1sttBnn6eWH/A0Da:lYgAH/kARyScyCGuIB2VUWEkfotemtV1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242509, "uuid": "ffd5ebc4-bb13-4550-9be9-6c0252f2b9b8", "value": 310676, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242509, "uuid": "4c05eac6-46ae-4963-8bee-c286b80b377f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242509, "uuid": "16569515-57e1-4361-bef7-bfb404717c43", "value": "Maersk_Bill of Lading_Commercial Invoice_Packinglist_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc9968fa-0f9d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1687288171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288171, "uuid": "c40e672d-398d-4317-b497-e2a6f72aa53f", "comment": "Malware payload (NanoCore)", "value": "e052e7de9592d69a07411a1d2bb182b6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288171, "uuid": "252c3f47-ed8d-4885-afe6-bb91f69ec37b", "comment": "Malware payload (NanoCore)", "value": "e001f869409aab2a43e2472af86813a98f35f9d4cf8e267de5b1ed06d0a3ae1c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288171, "uuid": "41eb4069-f54e-4a76-a2a8-b5b344874ff8", "comment": "Malware payload (NanoCore)", "value": "2100cea0f23143c598a64eba04d6830bd0cb23e3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687288171, "uuid": "e2949023-9475-48c0-a718-d2ebf4584c73", "comment": "Malware payload (NanoCore)", "value": "2e75c1ef521c126a3e9458bc2ccba01a8905f39a27a044a67063a3b20febba25b424de65eeff068643a48e7093d60e59", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288171, "uuid": "9f38c007-60f2-4ca7-afc0-19eee14fed8c", "value": "T1F225231275D4C3B6C9B3153140E6CA369D39B1614B7A62CB7B8D5BFBAE302C19B352C8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288171, "uuid": "0d82f091-b653-462e-b486-67ef1f4b72ad", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288171, "uuid": "5dfcab8f-5256-41f2-a6f9-62e491a149c8", "value": "24576:Pk70Trcbd9EYZ3z1EYCtt5NDWIwqX+wwdW11p4OvGqX1eMV:PkQTAbDlZ372ANxwkY34qXbV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687288171, "uuid": "de0382be-f0b4-43a2-82d2-a3c7fce4e71a", "value": 1049088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687288171, "uuid": "a53f08b9-177d-47ec-8d56-7e21574add07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687288171, "uuid": "4cb224f4-d6e0-45b0-8c08-e38c6bd77a17", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5486e4e6-0f87-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687278440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278440, "uuid": "0beb9547-964d-4c70-a9a8-b895e902f67d", "comment": "Malware payload (RedLineStealer)", "value": "4e35372a59f22635fc2ef3c41c4cd234", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278440, "uuid": "535b419b-f4cd-472b-9f63-7ef46893effb", "comment": "Malware payload (RedLineStealer)", "value": "e0407cf04fc57039808f1420cb0013c1cd6e27cc49f424aa16ab7551d8fdf3ad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278440, "uuid": "135790b8-572c-4e17-87a7-6444fee58c4c", "comment": "Malware payload (RedLineStealer)", "value": "fb2b5e27e6100a05d9f9deda1f90cc8e485b8f07", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687278440, "uuid": "d3728200-9eae-41f1-b311-56d2bca78ea9", "comment": "Malware payload (RedLineStealer)", "value": "4a7f7371d7047c9d99f43fdb5c80dbc4b04bb69ef02609eba899d723d98f82a32aaa0356161d99fee501083914a4a649", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278440, "uuid": "8f527450-c2fc-4030-95f3-ad12ccd428c4", "value": "T12494394382A13D86EA658F739F2FCBF8761EF6108E4D3B66121CAA5F10B5172D163B11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278440, "uuid": "62057205-6b88-402e-8ad6-73b8162b7b4b", "value": "2e2bff69e94ccbf1f33f60d20c98521f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278440, "uuid": "0eb71ec1-9155-4f22-ab4a-95f390ebb1f4", "value": "6144:2vNjNJ/FB7tCQTaOZWMj4Bv2/j1fQYY3TcpevK+fWsVqR:WlNJ/TvZNVlyVU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687278440, "uuid": "cf0bb47e-e78b-41c6-92ba-30770ef89322", "value": 409088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687278440, "uuid": "3d6db8ae-1a78-4abf-9be0-1e946acf0ece", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687278440, "uuid": "7d4ed3c5-4f61-40a4-9c28-e99d580c1587", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5019602-0f3f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687247786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247786, "uuid": "967eb32b-4dfa-4d54-aa1c-1949ba5d67eb", "comment": "Malware payload (AgentTesla)", "value": "5c981599b43d8cad41fb913f83584e3f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247786, "uuid": "0c2c0c0b-52b5-4ceb-9d90-4bb89232433f", "comment": "Malware payload (AgentTesla)", "value": "e08afe506a39a4bb08a3e299b56382cf4c1ef488b723fb45525dfaac2451d2b9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247786, "uuid": "01ee88c6-44e4-44a7-8d15-71b3aa774679", "comment": "Malware payload (AgentTesla)", "value": "24cfb504114bda46bb2cd55caca20e6c8ef7f988", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687247786, "uuid": "896f0925-3077-4951-a539-8502c237bbfd", "comment": "Malware payload (AgentTesla)", "value": "b556e442733448f7d223dabbcc1701a43d0177d0e37191c1840ef263fd2fb859c34a2429e279da3c7de50f7e9177012a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247786, "uuid": "d18d6049-937b-4b91-93f8-98a4ea97eb2e", "value": "T1A5F4121C06E8521FD2676BB4CA69B7B9472FAE167637F32E2D6070D76C127280E42371", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247786, "uuid": "7c0df510-efce-47b3-898d-5cb2c650fbee", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247786, "uuid": "cd7fcdcc-31bd-4052-835c-5157ec9ca1d3", "value": "12288:Zn40wo/dVouXMPfcbXRF21wqzsYeFjpPqDQJZK7tYq7J3At5iHOq+ZQ:Z40nLouc8bhFaZIYu0cJZSYqtm8OqK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687247786, "uuid": "5e15cd82-cd2a-4af5-856a-c21b7c526e0a", "value": 763392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687247786, "uuid": "80d02453-feb6-464b-a5bb-3dd5b227919e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687247786, "uuid": "d2183cb2-7825-46e8-bf23-78511a1a3661", "value": "402-094-03-074(1102090450000461(113592).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "040e89ac-0f60-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687261555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261555, "uuid": "bb491a1b-4d56-4834-b44c-d7243305e244", "comment": "Malware payload (Mirai)", "value": "166fb304b04477298a26cab816f2106c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261555, "uuid": "cd3d7456-7a1e-4170-8aff-4bd3053ae33d", "comment": "Malware payload (Mirai)", "value": "e10cd845cf901022b07bc1f4713b0f25f20ae08509178b0a1a909ea9d7cd6605", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261555, "uuid": "468c9cd6-ec2e-46cb-a1d8-322063258e1e", "comment": "Malware payload (Mirai)", "value": "5be6b0b45084802d5a923499b088eb75dcddd99d", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687261555, "uuid": "4a5010a1-484c-4e82-91da-7b60581e366e", "comment": "Malware payload (Mirai)", "value": "a1d84b6b719044413d3302f40e2e0599620c11f09cd3e776db93a93978e766e02940156742a5e9b656ac0f7903700d5f", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687261555, "uuid": "1aa7bfad-bf0c-46e7-b816-85f9108ae30d", "value": "T166A2E015BF1886CBC832693545E9F6D21256FC62F2ECCC192940C15FB4A33A96874F8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687261555, "uuid": "d2df9a2c-666f-4ec2-810f-c9ee9636f2bd", "value": "384:Mg/Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaqOKV14b+502F2vwA9dWuMW21bAKq:598o08kxofBE+ZkXaqGbp2F2TWul0c53", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687261555, "uuid": "637999bb-f0e3-4553-9539-e14783b6faee", "value": 21500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687261555, "uuid": "0087bd92-ee05-425f-bf75-931fe96aa01d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687261555, "uuid": "b47530ce-01ef-4abf-9591-e8e7f9585964", "value": "boatnet.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce034e79-0f8d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687281221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281221, "uuid": "794af329-6367-4d82-81cb-14652d3eb221", "comment": "Malware payload", "value": "fa759d8c563d218800e6dba85a443685", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281221, "uuid": "3c45bea7-4131-4a71-bee0-62ecd467646b", "comment": "Malware payload", "value": "e13544dde885fd05e325b442c0f02d093a64099abd85d01e0a5f6c3328c9c1c5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281221, "uuid": "7820fdd2-ca0d-41a9-8053-f6b4686f15a8", "comment": "Malware payload", "value": "dc9c2c4b7a26dd786b052ebd322821c61ba03f93", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687281221, "uuid": "79096d3c-344b-4550-8201-5f6cc0e6660b", "comment": "Malware payload", "value": "50d18713094c4178d925e86c25f3886fe0881c596a5d24f8c2ab9afc9d75b7998e8869c2dcd1c12654d62e6f3cd2126e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama269", "colour": "#91C6F2", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281221, "uuid": "a37042aa-d008-4689-828c-e2d3083c99f4", "value": "T1E5956D33BA40C23BD5E05076896D593B202DDC250768A1C3B28A1B2A3E779D35F7679F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281221, "uuid": "ab1c5875-9c61-437a-bb29-b76b77fda73f", "value": "879cbe3308eb2bcc0ac7823fb46c53ab", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281221, "uuid": "acae2a0f-c1f6-466c-a7e7-5ad6f98361ac", "value": "24576:SA2fv3u6Bi9VqNOso4wIfgDmn6mYMy2pMDz/HrCwpTyk:SA2H3li98M14jZYMyt3rCdk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687281221, "uuid": "1a40bab7-c56a-418d-a5b8-83d72787d35e", "value": 1929216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687281221, "uuid": "ef7c871b-cfff-42b2-983d-1d4503043782", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687281221, "uuid": "f2c5d75c-da66-4224-839c-e64ceebf655a", "value": "Lditm.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6026eb8-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241775, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241775, "uuid": "40860cb6-1303-485f-ae9e-68861b5340ca", "comment": "Malware payload (RedLineStealer)", "value": "68092044486188f5775bede6f5414f39", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241775, "uuid": "91c8b3ad-be72-4985-80d5-3f1a8a597beb", "comment": "Malware payload (RedLineStealer)", "value": "e1be7e259c026d9165d24c215e87a06d95a9130c8c17b8d7da9e31ee727835ed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241775, "uuid": "a27d0f35-779a-48c7-a193-66f922867555", "comment": "Malware payload (RedLineStealer)", "value": "c133d9d507ebf6a443bf4b0711c4cd31e8e7dab4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241775, "uuid": "046f1def-aee6-4f57-9ab3-9d6d0bf8a35a", "comment": "Malware payload (RedLineStealer)", "value": "b10b2fe8158b7a0ba8ac485e5cefa9ef1a11f6f8a1be98d432a09956151d63f4f619e2b3bd803cb14a74664b88e4f477", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241775, "uuid": "267b4c2c-baf3-4940-abb1-cdd853621070", "value": "T152F41250B8C4B234D9720631AC5A7997BEBCF4A55E20DC6F3F54331D8AB29D0B9B112E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241775, "uuid": "c4c0a998-6643-4191-a02c-b1ba10606136", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241775, "uuid": "6cc8010b-3521-4b63-a7c7-c7a70d32f0a2", "value": "12288:TCq0IXR/v7fWlu+T/mrE/VwYfQnjV4RQ3rxmCCpixoxxGGSHIvaj0bt:TC4RH7fIuPExoq0rxmFpiqHVS2agb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241775, "uuid": "b667263c-6e17-4272-b6e4-aa43686098c2", "value": 760832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241775, "uuid": "83107c2a-f001-4b66-864d-d9153d39051d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241775, "uuid": "c677f54c-e0c2-4c39-ab5a-af8fbfa39ed4", "value": "68092044486188f5775bede6f5414f39.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bfacd3f7-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687243831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243831, "uuid": "8403ff24-da28-4416-9ff0-9726ecde1c9c", "comment": "Malware payload (RemcosRAT)", "value": "75c279006f649b36303f4167f5617c53", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243831, "uuid": "39c7bcf3-22a5-4284-8c5c-5ba091696716", "comment": "Malware payload (RemcosRAT)", "value": "e1cf35a98cc9a3e08243dce9b26b0aa4468cdfa06b4a3f7615f7e088e195bdc4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243831, "uuid": "cf8c5548-5f74-492f-84aa-2256a148dbdb", "comment": "Malware payload (RemcosRAT)", "value": "dabf8c63c10b4770cf1c8d587df16a2c12143360", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243831, "uuid": "14318860-2a8f-4fbc-a172-aaff438c2a6a", "comment": "Malware payload (RemcosRAT)", "value": "c9926d7d330a48c67c40bd067ddc60ad12e5dfb2c0869d950e4f00ab022a231d324c9ffb2d78c2bd7fb12ef7c985f207", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243831, "uuid": "5687c32c-4d63-42f8-9c92-0aded4a9c23a", "value": "T1B495336B6548572DD59FD930E8DE0E3AFBB57B822B37C52B0510D2860BCB6C09F258D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243831, "uuid": "eddfc430-fc66-4683-aad1-190b7925059c", "value": "49152:5WfOzgIZkaVVqb8cwaEf6019rG3ysy0iXTc:5WfOYaPc2VrSBytY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243831, "uuid": "cedb1fe6-fc8b-4857-a856-ceef1a9b7cb7", "value": 1880640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243831, "uuid": "e9fdf066-c9f4-42c0-81ca-da9182f2b943", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243831, "uuid": "58283537-9988-4504-95c3-4266ff930ff7", "value": "75c279006f649b36303f4167f5617c53.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7963a54b-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242424, "uuid": "c1202383-087e-4528-9a92-31efb5e634c2", "comment": "Malware payload (AgentTesla)", "value": "f8e6681aac042e1242a0a4173604632a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242424, "uuid": "0c346019-b50e-46f3-ae6c-947eadbc5304", "comment": "Malware payload (AgentTesla)", "value": "e33e4865fd5388cb8d3b67d1919d3ec2ee596463012327798fed93a2a282e4bb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242424, "uuid": "81e117f9-79fd-4492-908f-004a24a4bfa6", "comment": "Malware payload (AgentTesla)", "value": "cc74a266d270d8bc3a5e3d2227c1d610886ba00b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242424, "uuid": "51a97944-7af5-436e-9786-ad55c711fb1d", "comment": "Malware payload (AgentTesla)", "value": "7e2c00753db5978d2e8f69f6a3d0eb95a4daf64f048c16388a58acb2587ae2c66a97923a8b5dc4bdd22445af6508cc1a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242424, "uuid": "8457984a-0f74-43a3-8f55-b71d58fb0c23", "value": "T170F412641A9B5B1BD0570F340450F774A2BD5EDA7A22C39F0DCBBCD7BA26BC9093064A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242424, "uuid": "595eeeba-67d3-45b9-b0d1-b3da98f14168", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242424, "uuid": "cc8c7e44-d883-43a2-aecc-2e73fdd231e5", "value": "12288:fb903YamuPM7q6bpw4dcZda/igJmHyhq+jGVgXxUEiQSRh+wR8ysa+J+WLvrO6T:fb903Yjzu4CZdOLA4G4lIh78s+J+WTrO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242424, "uuid": "461ac44c-7c94-4ffe-98d8-b53623afcc01", "value": 744448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242424, "uuid": "bc1fec49-57b8-4452-86f0-3a19a0405239", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242424, "uuid": "1836ff13-8a7f-4269-bf4d-9f60a8dcb72a", "value": "Proforma Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f57e0d4-0fa9-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687292981, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687292981, "uuid": "77ef26c1-4c8f-449a-bd99-53c06f0fdfb9", "comment": "Malware payload", "value": "c448d63be31c2df2e4703d46649116b4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687292981, "uuid": "9698afee-b267-477a-ad84-9a9065861092", "comment": "Malware payload", "value": "e3f8420b7feb3ef36f87015e9bbdd863c652b9f8dc03303307b3938d0e3dec3c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687292981, "uuid": "a35fd42b-2d90-4367-8860-7eda1fdd7dff", "comment": "Malware payload", "value": "9a6da86ccd52f4dc77a3280a0a0a1450e2c51d4b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687292981, "uuid": "fc2fcc00-e3d0-415d-a6b6-8cd13f26ac88", "comment": "Malware payload", "value": "82d657e5c9f7451ddee94703ae1c2b8ae687619cc43e91250abeedd59f5720eb51104edd227b3ae33b0597988fa67124", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687292981, "uuid": "f837586f-3375-4388-aee8-aa48b65ae9cf", "value": "T15464CF5039E0D161E4FE46346572C3DB0A6E39314F81BEDBFF04A67A4F7D681A12A839", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687292981, "uuid": "94a0798c-c3d1-4779-bae2-e9c854c0ce75", "value": "55e4edc3fdbba34851414d76b9c66d91", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687292981, "uuid": "1e394460-c592-42fb-b485-a6673b14c67b", "value": "6144:/dO53w81N6tvIltPJnj5+S3jmaVIMvPn8zJpENfEqtnVKrpim3YLsv:/dO53l6tgltPlkQjmaCMvv8XeJZIrpiq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687292981, "uuid": "7f3da762-f76e-4a8c-b490-ff904a114887", "value": 324608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687292981, "uuid": "6b4948c7-a082-4554-b9a7-3d68649c6190", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687292981, "uuid": "bb7254dd-aef2-42e4-a53f-7bcbffd309d0", "value": "SecuriteInfo.com.DeepScan.Generic.Trojan.Genesis.Marte.A.7524BBD2.2904.1693", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8af69ce1-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687242454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242454, "uuid": "c86a6c85-742b-4ee9-bbe2-aa1dae5ca808", "comment": "Malware payload (Formbook)", "value": "684e35d56a3924aa06525dc361ca0cd5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242454, "uuid": "129b1b18-513d-4953-8208-eee0a9ec8c01", "comment": "Malware payload (Formbook)", "value": "e4b4fc5835b50ef6622212ffed755e26c9b7c1a5f9d19ba691efcc69e197d92d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242454, "uuid": "7bf6651d-0cd4-4b00-a6b6-6c781edb30e4", "comment": "Malware payload (Formbook)", "value": "b19083c4bbf3b40acd5dfe9d36f9941d1f3e1758", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242454, "uuid": "8fdeaedb-797e-4e85-80a3-9760caeb65c7", "comment": "Malware payload (Formbook)", "value": "aeb859598cb8a648ac08373a48315ecc1b927ea1c78862ec8d70ced4667169543d7e5e7f673dfa18404390f2533f9a08", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242454, "uuid": "3f73631a-ed59-4b82-a9d1-081459976328", "value": "T12F15F0607A781F56D03D93F94552A63117BA6E2B383ED3184EC3B0DB1AA2F440E92F17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242454, "uuid": "cc37a280-f42f-4950-99f6-aca24162c3b0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242454, "uuid": "bbf0730d-2de1-4c15-868e-9a22cc9bec1d", "value": "24576:qQYqtm8OqKkOonzSnJ1kLNDe+rNE2BaEmCE:3+8OxwSn/yprNfBD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242454, "uuid": "ac14c559-9759-4a99-b190-0ce4e635c344", "value": 929280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242454, "uuid": "9bd26a9e-7663-475f-aa22-35105ba91f7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242454, "uuid": "95a066c1-db7d-46db-8ed5-a460ed7fbd01", "value": "JUNE SOA_INVS09076501.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfdde940-0f76-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687271346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271346, "uuid": "1946fc28-3fad-4662-9839-2e35bf711ad2", "comment": "Malware payload (AgentTesla)", "value": "07a224fc3d9edcaa5327490083bc7284", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271346, "uuid": "dd850eb9-6ccb-499e-ba06-5324addb39c6", "comment": "Malware payload (AgentTesla)", "value": "e4c100441418455c82b3f63363875ce36ce69f9b50af3daa37389929733391cf", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271346, "uuid": "c2b44003-1a12-4263-a2f1-1f892ff27496", "comment": "Malware payload (AgentTesla)", "value": "d7f4ee80f14eb5d71db4958cb25f15c002279cbf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687271346, "uuid": "9a067736-6dfb-4a92-affb-6074724ee3d8", "comment": "Malware payload (AgentTesla)", "value": "8803421fb7a60f0da30090189cfbbc349544184043bec94842ed968ddf00950e606e007ad6b83c62022f62434eb0d502", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271346, "uuid": "06c3f732-f8a6-4cd2-b2a4-649eac21d47c", "value": "T1066423416B50FE47DDF207351ABEA66BE5E3AC124854CB0B13819B56B676680E30F3B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271346, "uuid": "a66d1962-5ec1-4cc3-bf59-0dbc265a6601", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271346, "uuid": "0b30be35-c173-4af1-8079-f7a12f2be96c", "value": "6144:/Ya6LEodmnVDzNDkY8rpCA1ReIX+BptuVQxnPpXhLO/urOlDR:/YBEodIVnNDkY8rpCOo4cBxWsWDR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687271346, "uuid": "83a522a4-e0aa-46c0-aaf2-6ab4ce4e166c", "value": 308808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687271346, "uuid": "63800b98-e4f7-4aff-bb26-af073be610b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687271346, "uuid": "43556ba3-61ac-46cf-ba49-abd7c4036bf0", "value": "07a224fc3d9edcaa5327490083bc7284", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "430714aa-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241474, "uuid": "fe9fa311-4832-41ca-8e74-8ab5e84204f2", "comment": "Malware payload (RedLineStealer)", "value": "f0bb91a0eb0e993215fdc56eaf430755", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241474, "uuid": "343e0244-53ef-45ec-82a5-9a06dad7cf80", "comment": "Malware payload (RedLineStealer)", "value": "e4e167242f7a49d66adb960b4aab086f0ed6b6a21ff6eb32b606551d19ee4e42", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241474, "uuid": "ec0fde9a-af70-45ad-9002-0aa7b12519ad", "comment": "Malware payload (RedLineStealer)", "value": "2efbc3b8d523f6f6b0fa1a33ce0d4bba740bb120", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241474, "uuid": "3f8f6ab7-96d2-4348-b3fd-8eb42a8b69d5", "comment": "Malware payload (RedLineStealer)", "value": "8826639015d7f21958d212f6d6f7fe713fa30e02f91aa96d3a0cac43dabeb82a25f21338aa5000dc7548916ec00710f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241474, "uuid": "0f636c99-c4a6-4f2d-8b38-b5b80b9e834f", "value": "T1BC051213B7D9C022EEB8577058FB0B834739BC61493C635F3389A46E1972695A43A37B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241474, "uuid": "cef4456e-874b-4500-bc53-d4750e8dd87c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241474, "uuid": "dfbfb6a5-a505-4f4d-8a50-ea39a11c5698", "value": "12288:OMrCy90Aq8FQzoXD/Bp2iaKzpfSDrNqqTZSu6g3JO:gyHq8T/2iaEpfhqIuXM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241474, "uuid": "9ca6ed6b-d9e9-41d7-87dc-aeaedb2075b8", "value": 824832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241474, "uuid": "72f67297-84a9-4c45-b4d1-d1a00ac7103c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241474, "uuid": "ed3f9e5b-2207-4cb7-9942-4566ac81796f", "value": "f0bb91a0eb0e993215fdc56eaf430755.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bc7fbbf-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687243636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243636, "uuid": "14faba4a-180d-4f39-8878-bc15fd69beef", "comment": "Malware payload (GCleaner)", "value": "a205fffac317ff27810c7a971bc00d7f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243636, "uuid": "64fc5c26-b151-4e45-af9c-cedaa80e2ab1", "comment": "Malware payload (GCleaner)", "value": "e67c8eefef5dc312f393630e50f12225009bf4ffd01f7be2b3ebe403bae6a3ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243636, "uuid": "e92e322b-e258-42f3-ae30-31cfc1bc0806", "comment": "Malware payload (GCleaner)", "value": "7d2972d333ae691267dad51b42081073614ada59", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243636, "uuid": "061a5f38-cca8-4ae1-8a99-467bf6474a54", "comment": "Malware payload (GCleaner)", "value": "000c3d77450a9e717c6b9c6e10e4cfde469cd5fd39eac016141631a0be916e9a616fd82c287570eec5b042d8fec238ef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243636, "uuid": "03d8c438-74b4-4582-89f8-d949f5ff6ac2", "value": "T18364B02362907C30D51E5B32CE2EC6E57A9EFA508F1977AA623C6F1F09B11E1C5B2351", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243636, "uuid": "f3132b1d-94a4-4665-9eb5-f3b0be27d34d", "value": "c1947b9846baf229e0c776cadd6d408b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243636, "uuid": "128b026e-8de9-4543-852c-80b220845cf8", "value": "6144:oj2JIOcUif3xacBt+FVEPy5/SB8hxwFgoLPW9D:oipctpaEt+FCPISB8/wFgGuN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243636, "uuid": "5d68c9a6-a8f3-45c6-a523-58e49405d10a", "value": 317440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243636, "uuid": "28b1ab64-fdc6-463b-ae62-0cfb2787e24e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243636, "uuid": "e759de2f-6c16-4a41-b597-f6fcf7fbe8b0", "value": "a205fffac317ff27810c7a971bc00d7f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "000f68cd-0f05-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687222464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222464, "uuid": "a2b1bf6d-ecfc-4d80-99ab-3e9f1c85b1b8", "comment": "Malware payload (RedLineStealer)", "value": "f2d3e1e1f71d8b3ecbab31bec9ace3b5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222464, "uuid": "fea601a6-82be-4b69-ae12-5814e49dc946", "comment": "Malware payload (RedLineStealer)", "value": "e6e9b2996939b2b53882d860a20106ac2e0f8098cdb8409974721fe59cf5cef1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222464, "uuid": "d08e470c-e7b8-42af-93fa-d87474e98e70", "comment": "Malware payload (RedLineStealer)", "value": "93e27d39cccfbc94cba1ba246699a2d8deff3bdf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222464, "uuid": "e07d7615-cc1b-41d1-a8ca-c0206ae60817", "comment": "Malware payload (RedLineStealer)", "value": "8fa27093702373bb012f647c912bb76ded4d09e1df0773df74adacc397e9213498593d12c6dd0be10c59cc5383c77c18", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222464, "uuid": "1cdb62c5-f631-4274-bdba-4a819b892a45", "value": "T1B9F41240B8C4B224E9B206316C6B79937E6CF0D44F64DCAF3F94321A4B714E1BAB565E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222464, "uuid": "edb7b8be-7e18-47b8-b38a-c7853538cd72", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222464, "uuid": "39dbc341-a4f4-4faa-bd42-32baa36c8f5c", "value": "12288:Ixp8V2R6v7fWlu+T/wQRmp96e1JAy/DJcwE66wF/X3kHYMWPSQk3FBgO6aDf2Cs7:I9RC7fIu196ezAyjE6JEHEPNsjD2Co", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687222464, "uuid": "7f27bb52-1428-425b-9053-6e6759dc2ff9", "value": 728064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687222464, "uuid": "220a2f6b-cb87-4b42-9fde-bf0a58a9bc41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222464, "uuid": "757034b2-3cd1-4708-aa36-6d509d4c9128", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "455efe11-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241478, "uuid": "d7e47bc0-8065-464d-9a3a-9c2badacc115", "comment": "Malware payload (RedLineStealer)", "value": "f28044da3403680300a9f47553761956", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241478, "uuid": "23c8ecad-e6b4-4e95-900a-83b65a5c5286", "comment": "Malware payload (RedLineStealer)", "value": "e72b0845b603eabfcd29fa778c43c5cce2e1172a8b86b71c4c89f7535da8dbaa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241478, "uuid": "64cc7658-fbe7-4ac4-afa6-f8b1a8eb439c", "comment": "Malware payload (RedLineStealer)", "value": "4a9f011c0bf8d2d8c802cc242f4959147db1acea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241478, "uuid": "01a08789-38ee-4b16-8b9f-aaa54bb93c33", "comment": "Malware payload (RedLineStealer)", "value": "c836ca650f3b9f67184190e9cc4deae355c2be44daf63a7bb2ce96a5389be96448c8023044bc6a37ebc6099987cfd103", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241478, "uuid": "ed2d51fa-36a1-4bc0-b274-81e14a3b08be", "value": "T15DF41280B0C4B278DD6256309C6675423EBCF4A48A659EBF3F50331E8BB29E079F551E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241478, "uuid": "f7a46fa9-9001-426c-9e0f-5c9ba794f4b6", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241478, "uuid": "375b69c3-be97-4f96-9a3a-291e409fdd33", "value": "12288:F54rR3v7fWlu+T/ZXs9pD3c3haDzijpz/WATBJsAmQDVv+1mH3c5ouTYi:wRf7fIuCczGjpz+AmQDUas5j8i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241478, "uuid": "88ca6008-0f05-4375-9862-d4fe721d006f", "value": 760832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241478, "uuid": "2e4f0023-950e-461f-8858-62da107696b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241478, "uuid": "252a7f4a-c5fd-48b6-8fb4-eac57d176291", "value": "f28044da3403680300a9f47553761956.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "161eb7e5-0f4f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Quakbot)", "timestamp": 1687254284, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254284, "uuid": "772bdf35-cb00-46cd-92c1-5bb66feaff03", "comment": "Malware payload (Quakbot)", "value": "fe2f17174c5cbb9cdabe70dce4b51b8e", "object_relation": "md5", "Tag": [ { "name": "1687242247", "colour": "#C82D8D", "exportable": true, "hide_tag": false }, { "name": "BB33", "colour": "#ABD1D6", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254284, "uuid": "abc22634-2778-4ce3-8a47-a3cbe117f327", "comment": "Malware payload (Quakbot)", "value": "e7bb9d7465c2b26925434980de273231481d1cc532530201d65ba834e3f1953c", "object_relation": "sha256", "Tag": [ { "name": "1687242247", "colour": "#C82D8D", "exportable": true, "hide_tag": false }, { "name": "BB33", "colour": "#ABD1D6", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254284, "uuid": "45137a36-4d2d-4ab2-bdb1-bf47801cd02d", "comment": "Malware payload (Quakbot)", "value": "d5336386af73689a8f4dc2fcbe3d7bd422469d4d", "object_relation": "sha1", "Tag": [ { "name": "1687242247", "colour": "#C82D8D", "exportable": true, "hide_tag": false }, { "name": "BB33", "colour": "#ABD1D6", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254284, "uuid": "ac010564-c6e3-42d5-8c59-30cb7bf06483", "comment": "Malware payload (Quakbot)", "value": "f50ce9a10933e8755337632543ea5fa61c6347a4a8c43936103121a89d8a3477792444b40729e58180373628df19d9a7", "object_relation": "sha3-384", "Tag": [ { "name": "1687242247", "colour": "#C82D8D", "exportable": true, "hide_tag": false }, { "name": "BB33", "colour": "#ABD1D6", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254284, "uuid": "ee29f498-05df-4053-bfdf-fef69c823000", "value": "T1C2956D33BA40C23BD4E15076896D593B202DDC250768A1C3B28A1B2A3E779D35F7679F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254284, "uuid": "a9a073b5-ab1c-4f45-b5b1-c53def6fe080", "value": "879cbe3308eb2bcc0ac7823fb46c53ab", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254284, "uuid": "5cdf0729-e16d-42cb-9eb4-5ea62fadcae4", "value": "24576:WA2fv3u6Bi9VqNOso4wItgDmn6mYMy2JXSwu9jpTyk:WA2H3li98M141ZYMyiSl8k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687254284, "uuid": "fe656b17-c90f-4dea-9f15-5a5ca6c3a966", "value": 1947688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687254284, "uuid": "1c5582f2-71b2-46c8-962d-5aec848f4cab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254284, "uuid": "d3e3f2b3-2d69-4726-a770-b4a7377d2bf3", "value": "Marechal.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbe66ad0-0f83-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687276923, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276923, "uuid": "e0f73c1a-589c-4455-850d-c8a8251fffd2", "comment": "Malware payload", "value": "86b71fb0db7cb3efa5cd8cbcb161ba48", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276923, "uuid": "67f2a93b-a83f-49b8-af55-5e169a927e18", "comment": "Malware payload", "value": "e7c001a8fd35c2fa781a98a2077ef639b3ef9311abd34405fda446a31db2c17e", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276923, "uuid": "9c03dda5-4107-4a81-bcfe-d7b1c6065511", "comment": "Malware payload", "value": "b9f851e977195612f8b9ed672e03caab2c6d059f", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687276923, "uuid": "e49485f3-2a63-4f29-a85e-3239924fb9b3", "comment": "Malware payload", "value": "e1df2ae2b9f7b142b7882fa3f920846bea1da7a71d8db94ac49fc35d672dcc0b61a509b4c5e4a35b71d612ac357741db", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276923, "uuid": "50c5e6f8-fbea-4b27-8c41-759dfaac495f", "value": "T10AA467E217D05098555723E17E68E9B4E0186A09B5C58C9FF26C67B0FFB821137BBCB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276923, "uuid": "9d0e760f-424f-4e9e-92ae-44faedbbeae1", "value": "12288:2zx2tJuoE1y4V/gzAdoAdTtow2hlcu5IVV:gQdAdoAdTtow2hlcu5e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687276923, "uuid": "46592376-7fa9-42e1-8a17-f62ea1f7d575", "value": 482407, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687276923, "uuid": "9d36288c-a2c3-45f3-a941-e7626594aacb", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687276923, "uuid": "92e43a6c-61bf-46b9-a349-2afcd1539bcc", "value": "Vj.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dea735d3-0f5a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259345, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259345, "uuid": "7647287c-418f-46e4-8418-d78788818441", "comment": "Malware payload (Mirai)", "value": "fdc2a64f70cf149d6ad156540e30aaa3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259345, "uuid": "9ee3b082-8896-4844-a157-dc8f4f908387", "comment": "Malware payload (Mirai)", "value": "e8f7f18b5ae2a8a0eb876525b2c02a3015850fcc4128cabeb83cd2b312e23b04", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259345, "uuid": "1aeba9bb-414d-4667-a293-a7e8302eac19", "comment": "Malware payload (Mirai)", "value": "6fed5f5854ae49de7203dfa6bf33cd18d8a69e08", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259345, "uuid": "dd2fcd58-b9fd-48d0-b78a-3c506570fa02", "comment": "Malware payload (Mirai)", "value": "9c20d7d658c9fcf289e72fdbc1916e4181f5a168820279fd0af68e2e9c2f398055922c577db94595f080747d47b050c9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259345, "uuid": "1a5d886a-e7fb-4c75-8e9f-d444af9fb8a8", "value": "T1DFC3F772B804DF66F40AD6B604D38B227E30BFA70E631662B31739669D331D52867F49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259345, "uuid": "daa84d73-d838-4db3-bacd-ee88831e2f0a", "value": "3072:L+YUpmc5hIof5UM7XgYjykKd3mm/QcuLB126DNb:LwU1of5UMPyk23mm/QcuLB126DNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259345, "uuid": "c863339e-7064-47ff-8eac-6eeb73b9d949", "value": 118319, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259345, "uuid": "582acd4b-deb9-4f0d-a059-1b4dbf90a5f6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259345, "uuid": "ccbf8ded-40bf-4e8b-9402-2e5f4df3615a", "value": "fdc2a64f70cf149d6ad156540e30aaa3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa2a1821-0f5b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1687259686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259686, "uuid": "b09f2586-7bd0-42d4-afbe-f14e5541fcc1", "comment": "Malware payload (Mirai)", "value": "018048038d873e625bcba2193b71ae8f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259686, "uuid": "e381e0f6-f4c2-4811-b32d-0a60f5846089", "comment": "Malware payload (Mirai)", "value": "e95b28451413aa4fba4b8cc40a2c9ac01dd43cbd2de19d6080280742e2bee7b3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259686, "uuid": "913c91bb-6fcc-4139-8276-9af1f9ac9570", "comment": "Malware payload (Mirai)", "value": "cb3032adaf4df66eba4d3f9051771deed5ede15d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259686, "uuid": "4f685daa-9c26-4508-90b6-9006f0c90257", "comment": "Malware payload (Mirai)", "value": "c3194cd5e0019e7502b5ef5163962e5eee94de7f67f9ed290da402adde9a8260463a1f1910dc4b53e5855b8f5cf9e016", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259686, "uuid": "bed55fd8-5887-4020-bb76-fe32b1cbfc14", "value": "T1A1B32B37A61C0B43C49B55F02CB77BF24F69AEA312A611C4A309FED04B73AB12551F99", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259686, "uuid": "ee019afb-1547-49cf-9e64-be9ccb54db77", "value": "3072:Uvc29uyIcxE/sZxw+OqKKZmm/QcuLmH26PNb:Uvl9jIg4sZxjOL4mm/QcuLmH26PNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259686, "uuid": "d24c0906-4543-4d7c-9ae8-cb8acbb9a6ad", "value": 117027, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259686, "uuid": "83b2f71d-4840-4f63-82f1-ef6f6bc5cc55", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259686, "uuid": "44316619-b230-4de8-be77-eda5ee80117c", "value": "018048038d873e625bcba2193b71ae8f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0882314-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687240853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240853, "uuid": "4f275c0f-8906-483c-9c0f-defd8f7f1686", "comment": "Malware payload (Amadey)", "value": "26a3168e20274eb14c45afc1fe8fef2e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240853, "uuid": "e7141395-4820-44de-98c8-ef212a3add99", "comment": "Malware payload (Amadey)", "value": "ea31ada5d78734e8ea320b458a5a3e60b573d37382f199d3b591615c966a415e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240853, "uuid": "bace0c05-930a-4b08-9454-0095618b3c94", "comment": "Malware payload (Amadey)", "value": "dc6a72470e99412d667525b70287d5ed022f7050", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240853, "uuid": "6db35ed5-1c1e-4b4a-beea-5eec800ad234", "comment": "Malware payload (Amadey)", "value": "3873003daa3c81873fab63f943b977e4d02f60a6eabea2094afcb60d3754828a65dee9acbc62db7d7204d2ba64b5e17a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240853, "uuid": "ea728853-3772-4add-9e86-979f95889223", "value": "T1B6F41280B5D4B635EC251132AC6979936DACF8900E20DDBF3F98370E4AB65D1B8F05AD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240853, "uuid": "f4ffd2f5-e08a-448a-a550-59cb051eae87", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240853, "uuid": "53c462e4-404c-4d33-a12b-ababfccae571", "value": "12288:7+fyiR9v7fWlu+T/GgA1CLP5CJgBhF6sLe0VkTA3Hp9qewdp6tcDPl+:w/RJ7fIug57e0VKA3Kb6uLl+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240853, "uuid": "c721a29a-b6b2-4ffa-9f25-c9f7da3ba872", "value": 728576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240853, "uuid": "b48b7b3e-dea7-4411-9001-14dd270c1103", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240853, "uuid": "c59e0906-2d9c-49de-8981-314c42403a69", "value": "26a3168e20274eb14c45afc1fe8fef2e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6cb21f0-0f51-11ee-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1687255520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255520, "uuid": "b5597bfb-00f4-47f9-8406-032356f252d2", "comment": "Malware payload (NanoCore)", "value": "a463cb54554537b9a2c7769b42c38b2b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255520, "uuid": "e56a457f-aabe-4f06-9c46-7ded6b2688b7", "comment": "Malware payload (NanoCore)", "value": "ea63894996a5718998b72c52a99f0f0ced812a161fbd45236b0d20e588954461", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255520, "uuid": "6c311f76-5eed-475a-9bec-9de682e7d704", "comment": "Malware payload (NanoCore)", "value": "efbe222f3e47bad74e6288244be572d5b99c98e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687255520, "uuid": "326d956f-554d-44ce-95c5-0d45b07de1d5", "comment": "Malware payload (NanoCore)", "value": "a18e80b5c818e593a1a212d3966bb17b2b375a346990b23a2e051a48e6008f167d18675940ae5c3ad5086ffe3c8f54cb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255520, "uuid": "edac4744-77a3-4fed-a55c-01948a4aa4e4", "value": "T1DE858D0C57C0BA9FD036833DF87688256378A3687F17C793474EA135A74E7858DE22A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255520, "uuid": "42da125f-634a-432e-ac26-0c39d17184bd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255520, "uuid": "52d111e0-178e-4ee8-bb06-675bbfb4fa4a", "value": "24576:AzgECuls29XIoR4/8LIueWkZDSkyBmouj2obo66tPOmrlUohHN876LX:SgECuuoR+8Muex0ZsxzbydfWohHN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687255520, "uuid": "b9b83147-32fa-4689-87e9-ccc123230990", "value": 1830400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687255520, "uuid": "394ba393-21a4-43b1-9869-26bed22378c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687255520, "uuid": "7ec76611-175e-44dd-8a32-e54f3bc25d6e", "value": "a463cb54554537b9a2c7769b42c38b2b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a6dd172-0f4f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Pikabot)", "timestamp": 1687254264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254264, "uuid": "d158bed9-9d9e-4fff-b5e7-cd7cb456e9c1", "comment": "Malware payload (Pikabot)", "value": "4831a9f11223d5127e24de12383d91e0", "object_relation": "md5", "Tag": [ { "name": "1687242247", "colour": "#C82D8D", "exportable": true, "hide_tag": false }, { "name": "BB33", "colour": "#ABD1D6", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254264, "uuid": "c9ddda28-7994-40ec-9a84-e61ba5458cf0", "comment": "Malware payload (Pikabot)", "value": "eaefb1011356a28132ed5e6139bed4155c6a61eff85cc0967fda0ad441131fd6", "object_relation": "sha256", "Tag": [ { "name": "1687242247", "colour": "#C82D8D", "exportable": true, "hide_tag": false }, { "name": "BB33", "colour": "#ABD1D6", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254264, "uuid": "fb020a99-fa41-4d4d-8a12-32c18440ddd6", "comment": "Malware payload (Pikabot)", "value": "686e53e40234ab4f2a13bf06365392c16f5338f8", "object_relation": "sha1", "Tag": [ { "name": "1687242247", "colour": "#C82D8D", "exportable": true, "hide_tag": false }, { "name": "BB33", "colour": "#ABD1D6", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687254264, "uuid": "870b853a-3019-475a-a2d1-2a0e05a327a6", "comment": "Malware payload (Pikabot)", "value": "7f67a175316198c6a40687ef1a599c27ed13dbda536945ed375f118b6237ee0b94abe3b2c17ed3cde39ed85de03d451f", "object_relation": "sha3-384", "Tag": [ { "name": "1687242247", "colour": "#C82D8D", "exportable": true, "hide_tag": false }, { "name": "BB33", "colour": "#ABD1D6", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254264, "uuid": "6edb3efe-4f13-4351-ac5f-1e456a1ec444", "value": "T1C174D9E49B82D4B2592327A3DF17C5A0DB694D1930C849AAF11C6278FF1C98C74BBD78", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254264, "uuid": "969c2b91-814a-4472-9e1e-b778f63d7b30", "value": "6144:/zz2t0uoE1y4V/gwAdoAd8ovIq8qjrBIM7d4LjGr0p2QnkqhlK7T/KJJIgABewXT:/zz2t0uoE1y4V/gwAdoAdJvIls1Y/TcX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687254264, "uuid": "9e9041d7-492c-491f-96e4-b56efc959e34", "value": 364955, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687254264, "uuid": "f81d1f4f-3521-44d4-a251-ed26f9f90a90", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687254264, "uuid": "ebfb0d89-78b2-459f-9ec6-04b5e49be3de", "value": "Tsnuw.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2713fa32-0f57-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687257748, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257748, "uuid": "0e0592dd-9dd4-4505-8590-406d6ec28293", "comment": "Malware payload (Amadey)", "value": "bb3522e13badefbb08134a341600311c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257748, "uuid": "993b7ebf-11ec-4beb-8a93-09cce599d86c", "comment": "Malware payload (Amadey)", "value": "eb7924cb8392e363a2f4557905c414d0175eabe1e8c09a08e513346e9ac008be", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257748, "uuid": "9a41e3de-4c18-4126-baa5-cfe6e0c19a42", "comment": "Malware payload (Amadey)", "value": "f94204eab38aa43aa4c9978d7d77f4c146b4e861", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687257748, "uuid": "73caa245-e223-45af-92f8-f255a49c8e71", "comment": "Malware payload (Amadey)", "value": "db7aaaa5a01635ba788c57c08c258cd22529013a36ac2e228413c639ccfe8568496d5c1f04e7f77ed3ba57533ce8a885", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257748, "uuid": "49863bd1-9218-44ed-8514-5b1dca3486b3", "value": "T199E41240B4D87135DA3206319C6A7D5B3EBCF8A58E10E9AF3F94330D4A725E0B5B4A5E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257748, "uuid": "6f100c3b-fa90-43a5-8d8d-65f1b89185f3", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257748, "uuid": "5c7fed9d-17dc-4f04-a5b4-b72d1c4323d9", "value": "12288:UEpARPv7fWlu+T/jKpaUMXOA88XTQjbfSEgwYPuUhkPbmi0W01Ww:sR37fIu+GaxeA8EUuEPCuPSiW1p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687257748, "uuid": "506a9f52-0882-4453-af40-21f6c69036fe", "value": 719872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687257748, "uuid": "7a5d94e8-1bca-4765-b7ab-e6c7f40cb528", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687257748, "uuid": "b84e84df-ffaa-4907-9a78-8332f4989cd1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea13140e-0f5a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687259364, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259364, "uuid": "2dded738-5362-4fe2-9c8b-6239376caf3d", "comment": "Malware payload (Formbook)", "value": "51c791aa81dc4c83db6075b0034f395d", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259364, "uuid": "1b5564ca-a93c-48c8-b952-6acbc68c2ba3", "comment": "Malware payload (Formbook)", "value": "ec04c014e5ae03920d39d0f5f2b4ace7f1a945ac6fc62b9d8fdab2461b3ce7c5", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259364, "uuid": "6a983659-187c-4a56-b9e3-d75c446ff950", "comment": "Malware payload (Formbook)", "value": "b087d612090a61fd15488966323338894342816f", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259364, "uuid": "8f054566-75b3-4318-85bf-858260f14589", "comment": "Malware payload (Formbook)", "value": "46a9bfee1a80d442c16f900e00ee49c16f11caba9716e0103c63de465b905639d64b5c2e1e4100fd6de6482e3e2eac4b", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259364, "uuid": "52d3bbab-63a2-4154-82fa-719c1945dbe9", "value": "T12D85011DE104977CF6450BB41992B19D901CBCB67FC899823686770F6E33FBA69E24C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259364, "uuid": "a960f283-ff62-4fdc-9eb6-6540a0d8f56b", "value": "49152:pQmmQ30LggFjB62QmmQ30yggFjB6OsA+Aqv5X:ppmQk8ujB62pmQktujB6Op+Aqv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259364, "uuid": "8acefd28-a573-44d5-8c35-b7951df84ccc", "value": 1800704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259364, "uuid": "6315da4b-5441-45f9-a753-e03dd61cf592", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259364, "uuid": "b2a1b0c2-ed8c-4b20-a0c0-8417b9472ac7", "value": "202385 dated 20.06.2023 - \u0421PS Grupp, LLC.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4da66c5-0f34-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242954, "uuid": "f9584573-e5ea-4a99-94b8-1ea8054c5b5a", "comment": "Malware payload (AgentTesla)", "value": "ae9123fdb03227375ae2879e6eb5d41e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242954, "uuid": "0c47c7a4-7e15-4a10-967a-5a589f9a921e", "comment": "Malware payload (AgentTesla)", "value": "ecd1a26f055d72d96cc2e9f347fad5a1bca592ce368270b592c970682e26c43b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242954, "uuid": "fc0dd33b-228f-4b19-8840-51f16cd1672e", "comment": "Malware payload (AgentTesla)", "value": "1539d7f5655225b93792943e4dcf6a0a0c714192", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242954, "uuid": "ce34d1de-4768-4673-9d3c-c136367a503b", "comment": "Malware payload (AgentTesla)", "value": "d846ca1ae0f7cd2b6476a23ccf54923ecf999c3d285250f7cd044680de0e378e419bd1d133da97c3211fd362c9b07eac", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242954, "uuid": "32f458aa-905b-4b52-802c-792df4e3f646", "value": "T151E4235615F8FD265B43BBB912EA00600C02CD17A8DA3CF73F9B648B61686DA33E5173", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242954, "uuid": "621cc405-75ab-4b94-bfdb-dfe2fb549c7c", "value": "12288:px6KOITBqdi2u4rPUeiG/I8lxtkgiqf4Bkb/z6TMtxn6pXnk6:px6epKPHlM1qfCjYtxn6pk6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242954, "uuid": "a6999ad6-dc3f-4f63-acc4-d5fa397d0d16", "value": 673658, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242954, "uuid": "9cf4bae6-fea2-448b-beaa-54569d0f4249", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242954, "uuid": "7663124f-c0d3-4f46-96a3-ad250e8cde40", "value": "IMG-Scan_PO_#KRMU-TUTICORIN _YMHG7th PO#QSB-8927393,QSB-94_2023 & QSB-95_2023.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d9524ce-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687243586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243586, "uuid": "aeab50b3-d0a6-4952-b23f-7098d0dd39dc", "comment": "Malware payload (RedLineStealer)", "value": "55a1b0270a46ebff8aa83f64ec78b3c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243586, "uuid": "562b495c-1ba1-4e37-8d21-778b5bda3ebb", "comment": "Malware payload (RedLineStealer)", "value": "ed1e306e4038f7933b76cac66e6f1a4813a9d7daba673c54b79218bedb5ed55d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243586, "uuid": "2aaf7faa-01e8-4715-b0eb-4578f58dc83f", "comment": "Malware payload (RedLineStealer)", "value": "ed6aab163b7c66930f11c3b278dfd26a6413dfdd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243586, "uuid": "f5e60cc2-1f26-4e9f-9606-f6876eb64175", "comment": "Malware payload (RedLineStealer)", "value": "61b7de32cb01e0d0ee0bc6a70fee310aada3c71df652293e88bf0fd3788ed6465e7371ab8d0cb419b5e4a57b0bd4abe0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243586, "uuid": "33599ea1-f822-479a-9614-fa5ef8c3ced5", "value": "T16D64B02262A07C34E52E8B72CD3EC6E8769DF5D24F1977A722386F1F09B11A1C5B2705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243586, "uuid": "a0b07e86-58ee-4a5a-8256-bdb5b13c891b", "value": "68fdcfb9187c8890bc2889c7f70b139c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243586, "uuid": "72bbb111-29fc-479a-98a2-6922ecce5f62", "value": "6144:XEQ8OHqvBVUM191wGqleXJs6jSTRVCBalpKi5gWUXI:X77HCBv1oNf1U6TUXI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243586, "uuid": "6a5608aa-5a37-4256-8ca9-f1b8c4110401", "value": 324608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243586, "uuid": "1573ca44-5087-4560-836e-05d8ebd4bdd2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243586, "uuid": "852f210a-d6ec-4569-8523-77a7bfea1bef", "value": "55a1b0270a46ebff8aa83f64ec78b3c0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ebe787e-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241172, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241172, "uuid": "8674dda3-1dcc-4a33-90e2-acf5a80487d9", "comment": "Malware payload (RedLineStealer)", "value": "635f2bc9255387a6ff07794883bf98e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241172, "uuid": "de20a95a-4426-4886-a12d-85d234f556b5", "comment": "Malware payload (RedLineStealer)", "value": "ed3ea48f83361d11ae059e7e2ee11fd209ad83614aef69c751b78af60edf744d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241172, "uuid": "051e3b8d-265c-42cd-bb05-2b8121d2a86d", "comment": "Malware payload (RedLineStealer)", "value": "eea7f0116d580851dec0c539cfa8852c73dc2b3f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241172, "uuid": "a847429b-b7db-45d5-bec3-24a73fb8e483", "comment": "Malware payload (RedLineStealer)", "value": "253ccf698d20808e2b15cbd1ec40463a1dbcf9c0a9aa9ff9afefa804e5678930be8300b47de6d6b9fdaf6899a2b8c913", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241172, "uuid": "5e391268-fc18-4de3-9225-15362ae7632d", "value": "T1CCF41241B8C4B124E93206317D6A79837EBDF8A48E65D86F3F98331E4A75AD078B141F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241172, "uuid": "c5cfd1f1-d9ab-44f7-9205-e57517a631ce", "value": "d91fa928c738702455bfa66ac3685503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241172, "uuid": "3807582d-b435-4e7c-ac75-46b51593b794", "value": "12288:kzdGR6v7fWlu+T/tLthEyZKgOnQlmqKbniYFBo9TfBMsGZCF+cx7pl:zRC7fIuML8yin6Gji1zBMqFD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241172, "uuid": "e3193a95-27ca-40e5-a582-7c35beb262ee", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241172, "uuid": "f6f55bb4-49ea-45cd-a2f9-00b9c2ccb3a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241172, "uuid": "8d916a69-cb28-4f95-8ec4-526122885ee2", "value": "635f2bc9255387a6ff07794883bf98e7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "969cf282-0fa0-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687289289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687289289, "uuid": "16c35168-d79a-4619-aa54-46850ccc5360", "comment": "Malware payload", "value": "9e58f18b05c5c6c0e1fb852a73729740", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687289289, "uuid": "3e99759d-d2c8-4aa6-b280-12298715660f", "comment": "Malware payload", "value": "ed570698ccddfc346f65b5b86045d8af239e0d2400acd5836818b95e7b658cff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687289289, "uuid": "3629ec1f-b8ed-4e18-82f9-52210db9873a", "comment": "Malware payload", "value": "777086002de941f80e2379c9ff3849c7ad168223", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687289289, "uuid": "9eadae68-f20b-404b-9cd7-2d621e1f8cf0", "comment": "Malware payload", "value": "79ebd4c82645a524ffd8cea7753f7991971ea99c596e7df2626b0ecfbcd9dd4ccc27dfadaeda3bfe422e32b2b83a64cf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687289289, "uuid": "5f9ab5e2-364d-4ced-81bc-26ea36d83d15", "value": "T176F41229116F692BC4161FB115057BB003FE5EE97862D3C70C9BBDD1BAEABED080152B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687289289, "uuid": "1e031180-a9ae-4988-af8f-83730d0d3572", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687289289, "uuid": "8e44d538-003d-482c-aae4-ab87cd7b9262", "value": "12288:MmhGPM7q6bpw4dcZda/ig4V/LN5Hq07P2cRh0gtLEL/820JHvTCcUE1hGQIL2Oyl:Nzu4CZdOO5HDecz59M/8/ZRUkQQIi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687289289, "uuid": "e16ce572-098d-46e2-bf96-9d06cd0ebf5f", "value": 742400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687289289, "uuid": "b0707fff-c54d-46f8-9d88-1199c4633c9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687289289, "uuid": "adad7466-d67b-42b8-b866-4018400b05d8", "value": "SecuriteInfo.com.Win32.Malware-gen.12211.18162", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8db7e47-0f44-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687249832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249832, "uuid": "86c600bf-3e19-4c2f-af4d-e432767d6f53", "comment": "Malware payload (RedLineStealer)", "value": "8779a40f8811d8d5caf0b2a83af037be", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249832, "uuid": "6233e022-ea61-4b98-9566-15e788e1d937", "comment": "Malware payload (RedLineStealer)", "value": "edce8c5b8aa50d798f34655aab5a9e987bc5cac9622f8bc013e006b4a8230862", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249832, "uuid": "be83c7e5-440b-4c81-83c5-27ab9e3d864b", "comment": "Malware payload (RedLineStealer)", "value": "d53c90e518066821a0055c0a2daa454366cc37c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687249832, "uuid": "1caa1825-99be-4c9f-8c4f-fb8c92265c52", "comment": "Malware payload (RedLineStealer)", "value": "e518c0becd88442698fdbcf194c0e7ba823f28aa56a70b3662b7d2d4a679eae4202646ce90eeac60bdbd697de8ab5c79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249832, "uuid": "95ba6aa5-88ad-41ab-87e3-5592c5820bd5", "value": "T11715BF017580D072D4BFD3334EAAD670957DB6B10B12F9EBA3E0691E4F21AE1A631772", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249832, "uuid": "a92974d1-0367-440a-9af7-202fa8e4bd1e", "value": "d3bef53bd3b1af06f068902986513bdf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249832, "uuid": "d2ac13a0-548e-4ce5-9dd1-c1e9b539cf25", "value": "12288:KVTqJo17O5rRfZZExSnCTWM/VFtwIHwyUGAYMi9t9D:KYJo17WrRfZZEKC/VFBQyUGrDHx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687249832, "uuid": "05e96be2-77d5-4a8b-a651-97ee5689887a", "value": 875448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687249832, "uuid": "3066234a-996d-4658-a209-ebc612f688ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687249832, "uuid": "ed796b40-cb60-46a7-a792-faf26c8f03e4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28059502-0f67-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687264622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264622, "uuid": "c34fadb2-6925-477a-8dc9-0e0de59f2446", "comment": "Malware payload (RedLineStealer)", "value": "4cb06dd0c4a2b877978987204fe04930", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264622, "uuid": "0dd88035-5cd1-4418-8567-52de0ca1aa64", "comment": "Malware payload (RedLineStealer)", "value": "eef774db6e994d00b8846a6cabbdeb9d3ba3259d017ce27ca3709abc601c5c2b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264622, "uuid": "0406769b-9c18-447f-bedb-900f40f96af1", "comment": "Malware payload (RedLineStealer)", "value": "32ae6dbe137e1623c9e6377d923b475afffb719d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687264622, "uuid": "2f74288e-4f63-4db2-9b28-26d46e45080c", "comment": "Malware payload (RedLineStealer)", "value": "7d04a2b72a8379efa50e1f7f9a4d696e0b0f5bee37b5f9c06741db1149540ffb49a43984babeb3a76bc99e99190075a7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264622, "uuid": "a20281c4-58b7-482b-a38f-53213e165f88", "value": "T12CE40281B0C0B279DE3215319D6A7C82ADADF8A18F20DCAF3B54732D4A714E176F466D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264622, "uuid": "d7945624-b31b-4d0a-819e-b1bb69c079a6", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264622, "uuid": "853fdc68-8ef5-4240-a07d-d5049a7beded", "value": "12288:6cAd9rRRv7fWlu+T/PmcOEBNwbfun8fGv7XNAHLbiERThHwq7oE/VjpNZF8fCBHG:6c4R97fIuaOEA28oS3tQsN9F8fT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687264622, "uuid": "e41bad8d-9dba-40bb-86b0-76975e7a1103", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687264622, "uuid": "23ac8231-cbdf-4839-ad0c-571b8895d3c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687264622, "uuid": "1abf24e4-0d91-4435-a4a6-792dc66ae854", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66cc7445-0f3b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687245829, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245829, "uuid": "3afe852d-9f34-4195-ad25-d53760c48b04", "comment": "Malware payload (AgentTesla)", "value": "52e82226b7aa762bf8b2e95fa4e0d390", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245829, "uuid": "d27c3845-f307-4fca-bc38-6390bcc02304", "comment": "Malware payload (AgentTesla)", "value": "ef86481331001cd4497cb214c0f0b6e5d180edbc37ed9e7e7620b8532cc22f4a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245829, "uuid": "2ad63b0e-a8ae-45be-8883-93d7b01dfbce", "comment": "Malware payload (AgentTesla)", "value": "0d0dae381fee5fcd4c01f0a7ebde0f4585144f27", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687245829, "uuid": "8ba40781-daa9-4582-8723-c1749c0ebe2b", "comment": "Malware payload (AgentTesla)", "value": "0e80e2bd76fcd094ae39222023ff0bd3895f765f553a69c6e31f41093f929cc7be51c8ab9d4c1e0c8e92585658f46737", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245829, "uuid": "49ecac0c-702d-4dae-adf9-fb7a2c8ac1ec", "value": "T18F641299A3E4C4EFCE858AB25D7E07BA1EF1C440149E5A0F53904F0A3E769519C1F7B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245829, "uuid": "3ffa9743-67c1-4867-8fba-f939d17f4c2c", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245829, "uuid": "11eac791-8b0d-4516-8514-959ef3214410", "value": "6144:pYa6wX458ZyyyHUY4kiRuFL5ebkDp0YZRI1IuP6KaLd3VIGCO0XjzsirSyYQa+zq:pYC45jnUYoqLuYZW1XC3LMO0Tzij+q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687245829, "uuid": "57969d22-0a63-45fd-a4d7-77e4f9d08356", "value": 313758, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687245829, "uuid": "0edd4800-9b9d-467e-8f75-fe522e313b34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687245829, "uuid": "715ce42c-9fcb-448f-a63f-b6e5365091cf", "value": "WHL050C538369.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "290c3427-0f4e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1687253886, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253886, "uuid": "a3ed17f6-0068-430f-860b-e6a354aa1955", "comment": "Malware payload (Formbook)", "value": "2e888f471d5be28c1f4e6e2d93b8d392", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253886, "uuid": "66b2ffb3-3771-4731-94f6-8d0cd79215df", "comment": "Malware payload (Formbook)", "value": "f0cd9d141194b4081974323fdfc622ba83bfa9552585867681386bd462b94023", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253886, "uuid": "4828f4b4-8f99-4dff-ba4f-ff74a8d46a53", "comment": "Malware payload (Formbook)", "value": "6faea96df6e11baebdeecbd06868b4770e615c86", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687253886, "uuid": "48168a66-08c3-4e20-a3e7-80840432bc8e", "comment": "Malware payload (Formbook)", "value": "d92a2f8a7eaeb33270d5ebcc499b23ffd0c784e142f38c39b3c349d0b84328757c720ce5864184a06a7a570e9e074a11", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253886, "uuid": "0eeb6baf-2da7-4f8c-86a0-8d8e13ca8941", "value": "T1D7335A5AE78F0264CF511277531A0E899ABDB23EB35151B278AC533433EDC3D42669BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253886, "uuid": "4967fc84-a26f-431a-bfb6-cc076e9da4a1", "value": "768:LFx0XaIsnPRIa4fwJMhNpUFasNAv7MgYVMc0D+F+lDH5C:Lf0Xvx3EMhNH7Mp/F+lVC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687253886, "uuid": "77ed14c8-b525-48d1-9ff8-c870270432ce", "value": 50566, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687253886, "uuid": "6e2e1ea1-8dd4-4dc4-8ac2-3be16d229c90", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687253886, "uuid": "babcc875-04c1-4361-839e-3ded43941f51", "value": "OpTransactionHistory 20-06-2023.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8670ef9-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687243899, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243899, "uuid": "29bd1dec-f857-4a28-8a9d-497602e9d1e9", "comment": "Malware payload", "value": "d721027e9eb8d25f9d5059b2af36fe14", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243899, "uuid": "a5e9fd32-31a9-494b-ae2c-9d026e0846d9", "comment": "Malware payload", "value": "f0ef867f683009e43ee04e5e12ade1da6cce5710a5c294c1df2443cd5df1750f", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243899, "uuid": "50f5a2e0-fd55-4a58-a30a-f35ceba10b1c", "comment": "Malware payload", "value": "e7c31f0e0bde5af8f757056eec29840b2fc4bf09", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243899, "uuid": "caa86861-3fcf-4ea9-be31-2358c22e2d9f", "comment": "Malware payload", "value": "4eaed3e926a47d4d8c4ef51a6fae2f5c75e7845de696a7800f4fc471700bc85f7e6125d60b26ffa2640201ce9cf783db", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243899, "uuid": "2a15fd84-6545-45c4-9719-dc35b854f634", "value": "T166D17D9DB7B724D5C5869079E4154DC2F50CC64BA20DF612A4A0F287BB0AEC12B3F638", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243899, "uuid": "1cf7b03c-8e7a-44b1-842a-637bb57d04c4", "value": "96:vs5nEyVAmqFhqul+Jqi99P7UuxYoB6+oRV/mPJ6+VcblD+QV5rshtd:vgnEyqmqFhqFhDUuxY26+WMvIlNQ/d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243899, "uuid": "17866258-f619-4411-aaba-ed0e558f8002", "value": 6191, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243899, "uuid": "ce48519c-666c-4c6d-b321-c1d9dfc21b36", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243899, "uuid": "f67f36b7-58e4-4b29-a606-42b058d021cd", "value": "Braemar MTM Report.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c69b6324-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1687243842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243842, "uuid": "8fe934a1-e5d9-4a97-81ab-433b9f0b49c7", "comment": "Malware payload (Smoke Loader)", "value": "f85aec29fe50398aab8fe31c38266ee7", "object_relation": "md5", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243842, "uuid": "991ba215-59cd-4ee6-b2c2-e2ad046d145b", "comment": "Malware payload (Smoke Loader)", "value": "f17c1768a5e90a965ced09f5e3112052796230cc53673fb88c563be94bf64a5e", "object_relation": "sha256", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243842, "uuid": "a8c3d4f9-c21c-4d01-b070-3f9bcbaf264a", "comment": "Malware payload (Smoke Loader)", "value": "25cdf56154ad0e1bfd141aa64f48fb1fb4ac5c62", "object_relation": "sha1", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243842, "uuid": "d95bfa4f-9723-465d-a362-3550a1feb47a", "comment": "Malware payload (Smoke Loader)", "value": "99c71272454b1c3214d9419cbeea212a29c9459fc488cd5f85835eaf78c736fc5397352f6f81f8fb188552279a34bb9e", "object_relation": "sha3-384", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243842, "uuid": "85b0c547-c0fa-4daf-900d-bb05c68642b1", "value": "T1F7347C2262A07C31D52E5B72CE6EC6E47E9DFD508E1937AB22386B1F09B11B1C5B3315", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243842, "uuid": "8e7454eb-bd25-4e72-a969-2ca1b5590a4f", "value": "68fdcfb9187c8890bc2889c7f70b139c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243842, "uuid": "eceb07f3-f5cd-43a1-84bb-1b3a6ecd189c", "value": "3072:yd+MDFtZOhN7FCryQiiiiiiiiDf6sePrCVzIVpAJFZH6BhdlTWMPxkjAs1o4:yMm7ZOhN7FXRDCVzIrOZHA1WGW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243842, "uuid": "00d666e7-6927-4c5c-8363-635740443caa", "value": 233472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243842, "uuid": "55d2e788-6e9e-4ebb-82c5-265aa4b147df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243842, "uuid": "9007ef0e-02c4-4d9d-bd09-f5d2cc2c9991", "value": "f85aec29fe50398aab8fe31c38266ee7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c21ed33-0f90-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1687282426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282426, "uuid": "e7600135-f83c-4bd8-ac5d-2eb051b7f017", "comment": "Malware payload (RemcosRAT)", "value": "ac9e836f751cd76101bf095009c27233", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282426, "uuid": "be30a1ae-cdbf-4371-a726-c1bafb265993", "comment": "Malware payload (RemcosRAT)", "value": "f2b2a8bc43696328f9650d218fe0e57e7c55c0e4799a1f28721b85e37e85eaf4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282426, "uuid": "a7401442-78e8-4927-9bdf-97af4aace73e", "comment": "Malware payload (RemcosRAT)", "value": "dd5851a6fcfbada4a1b085ffa388552a45c3c12f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282426, "uuid": "613afaa9-70f7-44d8-9b90-665592506b56", "comment": "Malware payload (RemcosRAT)", "value": "8875d829dbbaa62147870c72edfc0f63e570ed31de65157d8393c7849e1ee3b63c7c2304b51c7794e7e98e8086edee77", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282426, "uuid": "ae28dc59-4431-4228-a1fb-78544695230d", "value": "T1BBB45B9382E13D94F9278B72AF2FC6E8764DF2508F497B6522189E1F04B11B6C1B3B51", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282426, "uuid": "8d218c83-cd37-4e74-a0d4-feabb456b12c", "value": "17e5230c5cf4f4448b3cb8e448bbcc70", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282426, "uuid": "2c580085-1e26-49a8-96e8-136299885d1e", "value": "12288:LNohofhVqellqx2etypiTySFFrhc+Q30N:ief+elU2PpMtFI+QE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687282426, "uuid": "4f318946-9adc-4930-9855-2392f4433880", "value": 517632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687282426, "uuid": "d2f31d64-1a90-4225-896d-0a52b0139ce5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282426, "uuid": "34d6cd56-888c-45d2-8fc6-64d08180d61e", "value": "z98Enquiryformachineparts.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ada5256f-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687242512, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242512, "uuid": "8f5eaf85-0d4a-4fc6-abe8-213e91807b8c", "comment": "Malware payload", "value": "9695b5ce2d8287bcf9760d3c3d9a5c5f", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242512, "uuid": "98f2c312-233c-4cc1-9bf3-b7a2542a1e88", "comment": "Malware payload", "value": "f31978cf3b26ba7790f3aed74c1347672b8605be9124cd2b96ecea91f412960b", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242512, "uuid": "3d0e0ed4-c4a6-4a7e-8ed4-c9748f20a7a0", "comment": "Malware payload", "value": "257ffd4a7ca3cffeaef6b6643afae2c7bf763654", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242512, "uuid": "4bae3b82-702d-44bc-b89a-7efb67856134", "comment": "Malware payload", "value": "e69fc16a4be13833f0d946fcc15d00962d76463e5ffc8af8e22106e0246f5ccd558f1184a827077e63f30651e26603e8", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242512, "uuid": "025d1eda-a261-49fd-ba05-a8846af88c3e", "value": "T19284E18EF38C5496C961F73179B3CE252277FC27A92D274F32197A296E732420066937", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242512, "uuid": "455e9cb7-0ef6-4aa6-b342-88c23c084c6a", "value": "e160ef8e55bb9d162da4e266afd9eef3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242512, "uuid": "0ac0ee27-04c5-414d-8dc5-ff1e00b72098", "value": "6144:PsKxNX1AvyxrEpiY/nwCYuntAnpRQY3OI92OWM/RSM3jr0tSI6a1UsI+xP:7WvyxrEkIKIGpRQ/I92ON/Rz3fgycVxP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242512, "uuid": "042440d7-7b03-49a1-ab79-049421dc1bf1", "value": 389068, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242512, "uuid": "f2e28652-49f3-4a41-ac27-cce4505cca40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242512, "uuid": "71675986-c43e-4424-8e6f-6c03209d61c1", "value": "DHL Tax Invoice 400921102111.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1c8d57d-0f2f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1687240908, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240908, "uuid": "29054fc3-4afe-430a-8be2-829180e4af75", "comment": "Malware payload (SnakeKeylogger)", "value": "12a5f2c315411e7dc7d0120c4a63c0a7", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240908, "uuid": "7a7d95d6-1340-4d93-8209-0e46dd8c3668", "comment": "Malware payload (SnakeKeylogger)", "value": "f35eac16ffd4ad6864764a6eea0b8108615aca7d0695f0a6d312a8c739ca4a99", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240908, "uuid": "5502a09a-9a65-4a63-bebf-f102b706c178", "comment": "Malware payload (SnakeKeylogger)", "value": "082df366068f99d9840a0587315660384107ac85", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687240908, "uuid": "563ad985-3f81-44f4-bd23-b63cbc6997d2", "comment": "Malware payload (SnakeKeylogger)", "value": "dae7a99a8344eca7ef538169751a5f527e5a5782aaa41e318f8653345105b41e698a5d50a88bbd352c339ef999db14a2", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240908, "uuid": "9824fb4b-e5ce-4bbd-9670-7b41cd3be24e", "value": "T140F2A356E78E02B44F5112B6671E0BC9AA7DB13E735150A1386C837833EDC2D46B6AFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240908, "uuid": "05c1fd0d-0d40-4292-b7c3-ec759de58678", "value": "768:QFx0XaIsnPRIa4fwJMKfJC40PE+h7PrUeaE8JbmuZpThy3VBp:Qf0Xvx3EMKR10Pc03bp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687240908, "uuid": "a1e60675-d4ff-4f3a-9e20-1a4dd1ca07be", "value": 34752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687240908, "uuid": "9f5ce1b2-058e-4690-b271-cd4404052daa", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687240908, "uuid": "5505a35c-a5a8-4591-934d-da4d7d8c92eb", "value": "SWIFT.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b02c3b9-0f95-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687284572, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284572, "uuid": "fa56150d-f9b9-49e2-ab48-43cafe8d9903", "comment": "Malware payload", "value": "51cf24a22d87cc67b818890fb89f1ff3", "object_relation": "md5", "Tag": [ { "name": "bjkataraedu-in", "colour": "#23A69F", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tryag", "colour": "#F6A303", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284572, "uuid": "2022ce73-1d00-4bbc-b71b-61992685d2a5", "comment": "Malware payload", "value": "f63fc42706b15482b3bcbfb2ed7b976830b375dab1342ee8c7d6cf0038ca6819", "object_relation": "sha256", "Tag": [ { "name": "bjkataraedu-in", "colour": "#23A69F", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tryag", "colour": "#F6A303", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284572, "uuid": "54f75b50-122e-47a1-b7d5-5c6c62a870aa", "comment": "Malware payload", "value": "5f5e3a333a543b3aad9071e175578b6b976d576d", "object_relation": "sha1", "Tag": [ { "name": "bjkataraedu-in", "colour": "#23A69F", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tryag", "colour": "#F6A303", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687284572, "uuid": "5c9fce85-970c-40a9-ad6a-cfa70360ef20", "comment": "Malware payload", "value": "2c96d4629ae57a5c80dfa315d333b7cb861f5548dbae5f93c8628a4aec1b365fb97a561a3813e21323cedc9470dd83b4", "object_relation": "sha3-384", "Tag": [ { "name": "bjkataraedu-in", "colour": "#23A69F", "exportable": true, "hide_tag": false }, { "name": "D-ReaL-PuNiShEr", "colour": "#E832E8", "exportable": true, "hide_tag": false }, { "name": "D_ReaL_PuNiShEr", "colour": "#6073E2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tryag", "colour": "#F6A303", "exportable": true, "hide_tag": false }, { "name": "WebShellNirsoft", "colour": "#2127D2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284572, "uuid": "c4be0423-7f12-42e9-b443-7eec3f944a52", "value": "T10235F14E930404ABE424A9B1C0AFBF9006A12D7D3D53C7B9FC287643BA727DA9473579", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284572, "uuid": "c3c6f40e-26ae-42b6-a733-00cf3b5faa88", "value": "b9083dd82a429a49d949568d3647ca0d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284572, "uuid": "99963fc5-e140-451f-94df-03b295775809", "value": "24576:glhloDX0XOf4lLZPs0usbD35uYRJ4Be/4gUL2wZuI:glhloJf6FFuspEp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687284572, "uuid": "32c75aa2-53d5-42cf-8c6e-2eb9ffb8ca4b", "value": 1149440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687284572, "uuid": "440ebe9e-cf0b-43b8-910b-33c3cc1f6856", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687284572, "uuid": "0777c6e6-005a-43cd-87e4-ac50f6f1dffa", "value": "Acrobat.Pro.2023.x32.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2e03fbb-0f63-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687263110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263110, "uuid": "8d205c72-9a03-4e32-bccb-55fcd4e2e3ae", "comment": "Malware payload (AgentTesla)", "value": "8c2bcfdcac85d19e90b472736ba3f28d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263110, "uuid": "8a692870-5284-456a-a957-e82aa23380ee", "comment": "Malware payload (AgentTesla)", "value": "f680c98c411aa4f05cee596740786e343d48769abc460899218e624f0d7ebca8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263110, "uuid": "bf06e6ca-56dc-4757-9f00-dad18c165f70", "comment": "Malware payload (AgentTesla)", "value": "79b9b9e2534bdc6e0d440416a5d306216abcfc6f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263110, "uuid": "5108632f-72fa-4165-b592-c463fe3c2497", "comment": "Malware payload (AgentTesla)", "value": "c9a6d830c2fb12d71b164c569fac1a8b0166b95ff63a0b97e96a7f4eba574d6acb40b0d56ffb5dc10e8ec6f6fdf5cf14", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263110, "uuid": "91aaffe3-b787-4dae-9b82-b80128ef1cd2", "value": "T18EF41214AA965B2BC05B0B785560F370E23C5ECAB712C68F5DCB7CCBBE967C90534A09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263110, "uuid": "f3363ca6-a426-4623-98d6-0dae0176cf64", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263110, "uuid": "08d25ff8-211e-4c71-b625-a5071428f797", "value": "12288:mb903YOXuPM7q6bpw4dcZda/igJny/AZWb6fZ2Dh4F2N+RxF8:mb903Ywzu4CZdOJZ22Z3RxF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687263110, "uuid": "e0eb33bd-39dd-4068-8922-9e14f2552d50", "value": 745984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687263110, "uuid": "8cf0b25f-bc99-40a0-a046-5ad73b764d7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263110, "uuid": "7d4357d1-7c83-4c4f-970e-ad6125c1992e", "value": "z1DeclarationandFinalRelease_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dde1ca1-0f3d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687246593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246593, "uuid": "b2897ae5-3731-4dae-aa39-af0e69e2a0e4", "comment": "Malware payload", "value": "17a5bf542a7ca2d6ad0ca92f8fb40055", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Player", "colour": "#7349AF", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246593, "uuid": "c511ee08-b5d4-410e-8b6a-7269addddd78", "comment": "Malware payload", "value": "f69430654e11b8a6590964ea3c45a7c68cd15f20558eaedefdcd60549dcddd0e", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Player", "colour": "#7349AF", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246593, "uuid": "07480b1f-5f8b-45f0-93aa-96d12d4a81c4", "comment": "Malware payload", "value": "dcdf6ffe0c4f38a0096ab3fc24492bed0d6b741a", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Player", "colour": "#7349AF", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687246593, "uuid": "a51df604-1524-4243-be25-58011225158f", "comment": "Malware payload", "value": "7204efadc476219999d60e5136f031604e8d932fd97d292b229e2c953df34a551a57315ba53c87b246876ffc09c72fb6", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Player", "colour": "#7349AF", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246593, "uuid": "769cce7b-0acd-43ff-b42d-175cdb5c1592", "value": "T1E104D083BB59E4E7F7B396330E1242E755336C596F02C7973B82761C14BA7908B1A98C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246593, "uuid": "14363065-d4d1-4067-8454-2447707e3aed", "value": "3072:/ytWAWnhtOdVL61zsZeTU5HRS/DIycUimWpQVCtpV12u8i+aCN3pVn:qtWAaydwKZcaHRSEyXi18CtpV4CCN3/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687246593, "uuid": "8401f9ec-ef98-4607-849c-4fa6a05fad7c", "value": 177668, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687246593, "uuid": "022ae53e-b444-46b0-9ba5-9d7750fcd9cf", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687246593, "uuid": "0a63f6d4-dcf8-49bf-b0df-8cddfc3b2717", "value": "Player.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e7cf736-0f37-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687244017, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244017, "uuid": "f788a8b5-f3f4-4947-9bfe-e256f56b88b7", "comment": "Malware payload (AgentTesla)", "value": "7644186b60520f7f47559eb1e146aaad", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244017, "uuid": "616bbaca-7c91-47dd-ac2c-d4c1d01da97f", "comment": "Malware payload (AgentTesla)", "value": "f71faec1c3d9cbc917b586365ed11ca82af6cc0641bfe568e51b91241249404f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244017, "uuid": "971a166e-b725-460a-9406-29d7f4ff6984", "comment": "Malware payload (AgentTesla)", "value": "8e6ce8d913b420f1eb613d66e7c02f6b6e5c6f3b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244017, "uuid": "9de57252-ab4d-442c-9c9b-b5c90707e056", "comment": "Malware payload (AgentTesla)", "value": "95786742b83d91450bc4cc1b0691e36244e25ec34a68692b17967a48ba8cbabdd889d6da5e75860f5ca412effb16f6f0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244017, "uuid": "d1824a29-f11f-40d6-98c3-e9e4bd1f2ad0", "value": "T12E5423B0B66223D9A65E061C991DAEB1C883407D35574917E4BE2CEE76BF2F00BA5D08", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244017, "uuid": "b98c947e-0f46-4efc-aa91-7df2ee5e9ac7", "value": "6144:hMW3vYo3J5B8O31XM9ymAC8UrLH5c4y1APuzhkIyzefHF6K2s0EX1NY+3uEm3:hMW3R3Jn3BMIm/LZc4y1o8guHFUBEX12", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687244017, "uuid": "526af18b-eee8-4991-9492-d6b13ed450ad", "value": 292825, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687244017, "uuid": "74bc31a7-637a-49db-be10-44f4f4dfc230", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244017, "uuid": "40d59d1e-49ec-407a-aa84-a153aa62e670", "value": "WORLDPACK (PO 20225181).PDF.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f16a769-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241146, "uuid": "3fcfd6e4-0142-459a-83f4-18c9904e2651", "comment": "Malware payload (RedLineStealer)", "value": "42279e40eeb9ed22cd123f08fcf2aed7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241146, "uuid": "5468873f-7500-4345-849c-7f38c34fa3c8", "comment": "Malware payload (RedLineStealer)", "value": "f737cf2b95b50ba16f808732cb02a4cba7ca1e8b39f7a6fa51a34ac3f4ee5314", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241146, "uuid": "ea24d095-c0f4-4dbb-8907-e9c14fc7b48a", "comment": "Malware payload (RedLineStealer)", "value": "77f451557afac04a453598b529c22e8753889b3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241146, "uuid": "918208dc-9fe2-4ee7-b22b-db835610a546", "comment": "Malware payload (RedLineStealer)", "value": "73cbe34cf36c78cdb4319c7d8bb9e13aa5f57f9f855bf993eb9774d38aa7d1357cfbcbd219150270e3e549e75d81a2ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241146, "uuid": "3187ca7b-e0d0-444f-accb-16babf136778", "value": "T1E3F40280F0C8B131DA310A30A86A79537DBDF4A54A74CDAF3B54762E8EB5AD1B4F052D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241146, "uuid": "c0405224-5466-4b4c-9f7a-53e4c51a8c39", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241146, "uuid": "1e155e63-fdee-42d2-8418-dd5395691422", "value": "12288:777Me9qRMv7fWlu+T/EAlw/rHbC27+MJ2mh4gvpEIJIAfaevqYYowuB4:77XMRo7fIu8wbb7+Q4CpEIJNv3Ye", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241146, "uuid": "8f938a14-5447-4c68-b676-4a99af6a796b", "value": 729088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241146, "uuid": "da280130-5472-4cba-9674-1e8cc99af4aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241146, "uuid": "241b418e-01fd-4c04-846b-05d499b1661d", "value": "42279e40eeb9ed22cd123f08fcf2aed7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbc149de-0f5a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1687259313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259313, "uuid": "fc7039a9-d8a7-4e87-bc57-f988e1ca4744", "comment": "Malware payload (GuLoader)", "value": "050c6b896d05b90bcc459349a3404abe", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259313, "uuid": "504681ec-a0ac-4f84-98a5-0493d7f9b2de", "comment": "Malware payload (GuLoader)", "value": "f76ed04ecaa805b1b4f7550f294ce2eb83ef50ca2918e65a0be6af4d2f9fd42b", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259313, "uuid": "d0ff06b6-93a0-478d-a703-481d34c8d2ae", "comment": "Malware payload (GuLoader)", "value": "5caf529995098616729c91e756794a48a60d961d", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687259313, "uuid": "0a392a21-9b3e-49e2-9162-b0fc16f934da", "comment": "Malware payload (GuLoader)", "value": "7fa1ca928f980f46c99dede57c137f7ad3538fab963aff05602e3d3e8fe4e60936c740cd07cba6ac42b9043eb6de8b49", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259313, "uuid": "e6e88dc1-6d08-4594-9a06-210724ddfe36", "value": "T15D6423FCC095A94CABB670DA31BCA0D00FD25BEB9745F7484B661D0964DA34CCAC6B2D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259313, "uuid": "15667958-6acb-4de6-ac29-6b83bfbc130e", "value": "6144:jPvhrBpIOp/E+mAH3KPkHo8uvm4j4l4mJ9io5/MO2jjYZanSMEKSaHz8I6wRczB1:jH1I4E5pMGv1j4GmOCM5ganSvKSaHYwY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687259313, "uuid": "b87f0565-a298-4297-b171-ac2fccc15b26", "value": 315689, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687259313, "uuid": "aca5a93b-9329-41f6-a1c8-aa636d3ad89d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687259313, "uuid": "ec21eea6-dbd4-4e46-a3ac-991c11dd356d", "value": "Original Shipments Documents - AWB 5938370362.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40b5ece1-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1687241470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241470, "uuid": "e91cf9fd-cf3f-4bc7-ac59-9621c4ffa80b", "comment": "Malware payload (Amadey)", "value": "971a32bceee828dbd1e4c567ac8fa55e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241470, "uuid": "d678e780-87d5-4d8a-9d62-e239353ec582", "comment": "Malware payload (Amadey)", "value": "f79f7f76e04296b15b89deeb82c75266ce12358210b380f75bc0f744fa4be4d4", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241470, "uuid": "b2537fde-2740-42a8-aadf-be0e1cd730b4", "comment": "Malware payload (Amadey)", "value": "f5720d9aee3d67665fef498183f755ad13910b2c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241470, "uuid": "134f659a-3977-48e9-959b-2a56b4fd1f4d", "comment": "Malware payload (Amadey)", "value": "a89f1a520941a91742e5947564c3d05c64713f0f65497dd6f6c2b8a2ed40172ea087194a7b3e4c1ff05e3b138feb81ff", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241470, "uuid": "08ab6903-8bff-4bda-882b-a4704f88f417", "value": "T1C8052223FAD88067E8F5277184FA038316367E716C7C837B2799681A4CF2690697477B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241470, "uuid": "603adb91-63b8-48ae-992a-1653313f0084", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241470, "uuid": "f5ace28b-957b-4681-91c0-a6a0cc8c5fbe", "value": "12288:8Mryy90boxYeZeQ0SXQS7L5Bh9/ZE0oHWpOB6jkYTLhW2Ap433USo0c1jtrKVAu2:+yrZqMF9+fWpq6zY/1jtrr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241470, "uuid": "0dfda408-370b-4834-b523-8c0ca8991efe", "value": 824320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241470, "uuid": "39d85113-20e6-49fe-8220-c6b2a34b5e97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241470, "uuid": "9f9487dc-b689-47ac-8201-d0075a478df6", "value": "971a32bceee828dbd1e4c567ac8fa55e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46b6f22c-0f90-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687282283, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282283, "uuid": "aca08122-5a40-4df1-874e-0a2b8a4cb8cc", "comment": "Malware payload", "value": "0a7f4cbae6d2381e894c50f770ca8030", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282283, "uuid": "20527b98-02a5-4489-a419-cdb0edda83b3", "comment": "Malware payload", "value": "f7af325446e7d1df9d55aaa753c7c7c68968386208849d575834b358d82a36e3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282283, "uuid": "01a9e27a-c351-4d27-bdbb-94215aa2b109", "comment": "Malware payload", "value": "047f32b7350a2aa17c701eb1f68b487175efdfc0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687282283, "uuid": "249a854e-9bbf-4d0d-a868-c8d277f03289", "comment": "Malware payload", "value": "ff88ccb1b1a0062bd5892aad40dbf733efd0c21216b12eae90d3de385e32845b5af6c7c7b3260bf96ea9860b62b060c0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282283, "uuid": "d13dc965-3955-4e55-8835-a0706d55af11", "value": "T106A4CF0070809036D4BF2A355878DBEB296CA9304F697CFB27D859BF6EF12C19B32565", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282283, "uuid": "4065e188-b9ee-4b1b-a07a-8a6eed423baa", "value": "f5b40982021a53116e9eff9917e9db35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282283, "uuid": "dbba5484-d497-4d7b-96c7-4b38f873f609", "value": "6144:Z22607OpiESnemEcwc2TnmphhuHyHEbRyDHwt6u1fexkELAOv:Y2607OpijjjbhAyKRQHwtw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687282283, "uuid": "209e8264-841e-4564-8cfe-4d5bb3ab1269", "value": 453632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687282283, "uuid": "fbba23c9-5c00-47bf-a635-f5f73e97a8be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687282283, "uuid": "0e4ff5c8-9f9f-47a2-817f-2b70730bf612", "value": "SecuriteInfo.com.DeepScan.Generic.Trojan.Genesis.Marte.A.DCCF9ED8.15194.28408", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f9176ee-0f31-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687241468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241468, "uuid": "ce4a67b6-8e21-443c-bd74-42957553163e", "comment": "Malware payload (RedLineStealer)", "value": "f38c67037dc643ac9e896f13047867da", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241468, "uuid": "f59de1a8-d62d-408b-819f-389ca8117627", "comment": "Malware payload (RedLineStealer)", "value": "f8213782aa4acd823fd5866defe816fff5308289c67d730ba9f52a7c92c4042e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241468, "uuid": "ed68ef3f-39a7-49b7-ab66-5ccc88a24226", "comment": "Malware payload (RedLineStealer)", "value": "5dcc4998f9bd9629675377e7fd371b3126e32842", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241468, "uuid": "a12facfd-9b19-4ac7-abf5-d852e5e59cc4", "comment": "Malware payload (RedLineStealer)", "value": "de92c8f11b4a8fc1b6d722419ea7563144dc063280e955113ba41c7d918364fd1b28fb6a8662f6ba643eac6e7c80fb83", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241468, "uuid": "1dcae43c-7786-4987-80cc-f2cbd4d84dc6", "value": "T10B544B0FB5C50336E471103D2BB06956ECEDBC910D34EDB73A6CC329156ABE2A9690DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241468, "uuid": "52408cb9-14de-4aa8-a029-d65468f1e98b", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241468, "uuid": "a6b5e906-01f5-4bf6-80aa-29ee4b920de6", "value": "6144:Gn1LI6Z2eQ0FKHgKNRBH13TLxNP9T0x+SRMp:2I65QzgMLxNFYv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241468, "uuid": "a9dbf0cf-e178-4235-a417-869c5b46e3e9", "value": 279042, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241468, "uuid": "795c2d4c-33ae-497a-bd14-abcbe7f4f881", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241468, "uuid": "92547370-be84-4912-82dd-57792e993181", "value": "f38c67037dc643ac9e896f13047867da.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99757121-0f30-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687241190, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241190, "uuid": "28076b25-430c-4eba-b4f9-ff629bc5b924", "comment": "Malware payload (AgentTesla)", "value": "518abf16b8f9c3aa9a1e6cf2987c8d2e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241190, "uuid": "207c5786-2bbd-4ea5-b6aa-e57a362f03cb", "comment": "Malware payload (AgentTesla)", "value": "f8c91d5c6dd452a15af5ecaf3ac6c9c076955708fc351ae4b8e2dbda928043fa", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241190, "uuid": "c81ceb5c-8bb0-4974-b328-fdb14cd0c0c3", "comment": "Malware payload (AgentTesla)", "value": "a8f5af4521992ae4030eb6ec6797a9ab77afbb61", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687241190, "uuid": "3424060d-74c3-4ec3-933f-20f70309fe54", "comment": "Malware payload (AgentTesla)", "value": "660821b8e315d6c5726be896d4634902b0358c86d66739013a23c827457e372dbc75654bd7f4360837a50489910b674a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241190, "uuid": "9cf58f64-7543-40ac-8df1-6d82c0a51440", "value": "T1C115125C9ED4161FE5B61A749B62F6BD1B2ACF05B936D33B2C91B0C79D12B089B00336", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241190, "uuid": "f729c38a-0ac7-4b60-abeb-8e01f75b54c2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241190, "uuid": "c451190b-cdbc-4845-8613-3572d3dd3302", "value": "12288:23ieILAXXlYduzgJ0btjbMWoUKcOEyvnV8GDBm/Y7LyDZ+1ZtYq7J3At5iHOq+ZQ:2SeIMXVYx05JSVe/Y7Ll9Yqtm8OqK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687241190, "uuid": "32b7e1df-9982-4d09-a1c6-9de2accea469", "value": 959488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687241190, "uuid": "0ed9eb7f-7f78-44f9-9fa9-694552bf86fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687241190, "uuid": "57fdbb5b-d37a-4ae4-ad56-a22200fc3663", "value": "CONFIRME O PAGAMENTO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c1f334f-0f58-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1687258132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258132, "uuid": "e92c2999-18f6-4883-95c2-18e2b3287d56", "comment": "Malware payload", "value": "c44f108197b7b0b2a1f5fe5ffe1e8743", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258132, "uuid": "724d5e89-6306-4ebc-96ae-b194da9e6c08", "comment": "Malware payload", "value": "f92695f29c11eed7607949e15ed40c2d6de909adbf3e04dc75b6b34f44ad07f9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258132, "uuid": "ee1c95bf-14db-40b1-9e20-a9efcd5b771b", "comment": "Malware payload", "value": "5eed44c07b1ae8a9248da2c25c2b4c472c1a83a2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687258132, "uuid": "ac46819c-1d15-433e-b548-dcc8523012a0", "comment": "Malware payload", "value": "19e86fe16fbfb795d7668fdf8ac8f467d85c1daed0553169b4dbe62fd45ba155ca0e9fc8b472564c930a9dfa55e77633", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258132, "uuid": "64824460-2d86-49e1-ab17-c6db4a826cbf", "value": "T1E885CF3FF268A13EC56E1B3245739220997BBA61B81A8C1E07FC344DCF765601E3B656", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258132, "uuid": "cf1d843c-4e65-419f-9ecc-a51e2b00244e", "value": "e569e6f445d32ba23766ad67d1e3787f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258132, "uuid": "d6dbe808-e0a6-48ae-81be-bd582f92476d", "value": "24576:s7FUDowAyrTVE3U5F/v4qKKjzKic6QL3E2vVsjECUAQT45deRV9R3:sBuZrEUkmKIy029s4C1eH95", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687258132, "uuid": "f681adee-30f6-4132-a8b3-23ccbe6aeb00", "value": 1765316, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687258132, "uuid": "5c616104-290c-40a9-be86-a20872c78f2d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687258132, "uuid": "69439510-b1bf-4ca9-b951-cff9bf6fd1d4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66bf9fd1-0f68-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Pikabot)", "timestamp": 1687265156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265156, "uuid": "7d6984f8-2408-4e51-b097-a3ee0025d975", "comment": "Malware payload (Pikabot)", "value": "23ebaae6294cf0f81526c66a9b0dbb34", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265156, "uuid": "f6e176e7-f6ec-428b-9d67-3334586539a1", "comment": "Malware payload (Pikabot)", "value": "f9e3da6bf75c2bcea94ce16ac4ce1b9d1ddb10edc6843ab99b8dabab130175a7", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265156, "uuid": "17d75dbc-4224-4b63-b338-83ab643449f3", "comment": "Malware payload (Pikabot)", "value": "e070264491d3db385be13ae84c9761929568c968", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687265156, "uuid": "4c3ff757-d2f1-4d8d-8d7c-1142d2281f9f", "comment": "Malware payload (Pikabot)", "value": "cf46a9f552e4c97ebfd83b585d094a55079a18275c5ab45d700c74fae37015e1d0bb142a9cef5a02072eb30b87422b5e", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Pikabot", "colour": "#4EF562", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265156, "uuid": "438b24bc-203b-4f81-896b-137ea9dee540", "value": "T16F74A68097C490952A673762AF16E044EF192D2979C44A58F85C3770DF9C8CCBABFDB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265156, "uuid": "4a43e119-c82e-4639-9060-b74bbef4220f", "value": "6144:Jzm2t6uoE1y4V/gsAdUAd0/Lw6dw1mkGiSEiRTPjTyJK8Y5g5qW71V6:Jzm2t6uoE1y4V/gsAdUAdULweMmkGiSB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687265156, "uuid": "fa47bcd6-4018-4e40-ba42-80e3641bfe91", "value": 351977, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687265156, "uuid": "71cb464c-f886-4f99-9d77-329668be923d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687265156, "uuid": "18429d20-4cc2-4927-a525-832f7294424f", "value": "Hzc.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0269c16d-0f39-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687244802, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244802, "uuid": "778a5c1c-caa4-4c5f-81c5-9f67f20ac712", "comment": "Malware payload (AgentTesla)", "value": "1acb656af3fa8012b31dab6d92165e04", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244802, "uuid": "c626505a-5525-499d-bf9a-db1f5b842f4e", "comment": "Malware payload (AgentTesla)", "value": "fab0d00f4e574755697ed6c09c3e7d4418f6dcd6c148ad97a5213e085f8ce853", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244802, "uuid": "d1611b0f-bf5a-4593-ad1d-81932ac81e65", "comment": "Malware payload (AgentTesla)", "value": "2d8bde17dfbf2218cf2a773243a45745bff7f3ce", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687244802, "uuid": "b70a9406-2e40-4ad5-be61-9b26c9b891dd", "comment": "Malware payload (AgentTesla)", "value": "b7701648d4958fc324af2c24cb3a19ef917915347d9686311d3a6ce61e643403626a392b60f9eb9d089d27795f85af52", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244802, "uuid": "da3b443e-426a-484d-9336-0f9dc4d99ba7", "value": "T1DDE423C3F759A68C471D32CB124E5BFE59AC0C5B6570A2DAAC24E1D4CD06CD0ABF06E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244802, "uuid": "13402df2-9bb4-42b5-a86e-0e0e40b3d7a1", "value": "12288:KwE2TogWp4G7fvn77DTP5MwuRu5s406GSVT6/Clo0jXxqDLw5QXnr:8P5pJ7fP73TW+yovl3TxqJr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687244802, "uuid": "0fa921b0-42b5-4350-abb2-97a7e5e3bcab", "value": 720693, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687244802, "uuid": "e18f95e1-3487-4566-8066-c3bf16a2c7e5", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687244802, "uuid": "1608cd3d-0e1d-492c-b7f3-b337de821768", "value": "New Order.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d7d8969-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242431, "uuid": "f2151182-d46d-4e6b-a294-5295b501ae5f", "comment": "Malware payload (AgentTesla)", "value": "2b95546c30d8422bccca2f4d5ff82fba", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242431, "uuid": "3106cb3f-04d7-483f-81ac-eab137e76e78", "comment": "Malware payload (AgentTesla)", "value": "fac4132b5be4248c8f6108ca534249ce3e1ff0d162cdb15c6c551bc137425a1d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242431, "uuid": "6fbb37a7-4f7a-4eda-a223-22cbd873bb75", "comment": "Malware payload (AgentTesla)", "value": "7692239d2df4ea0eecaab360bd341190867609a7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242431, "uuid": "c31973eb-d38f-4c28-a876-6c78fb71ee71", "comment": "Malware payload (AgentTesla)", "value": "5249c4673f92f6148615e2100bd98962fee6f706fc1a438970ba02ace826af35d7acd3a301ab4efffefab686b4732edb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242431, "uuid": "65162768-fdcf-427d-850a-280702c1b00a", "value": "T18AF4124C4BE8521FEAA76B78DBA1F779173FAA41BA33E3262D60B0D39C117140B05365", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242431, "uuid": "63e97fcb-cd07-42cf-85ba-f625f95efda6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242431, "uuid": "4deb8e56-21d5-4268-ba9b-4689b9608a4b", "value": "12288:v4uLxNb1ryLTFhOTZzbxjXb0WvSQO/Gq7RrXq7w+lYWI+8tYq7J3At5iHOq+ZQ1:vTnHTZ5brIfNXq7waM7Yqtm8OqK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242431, "uuid": "61adbf93-9b1b-4d14-9a80-94289c6bff0b", "value": 765440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242431, "uuid": "b7f5f600-67b2-4221-abbc-e105e8567d6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242431, "uuid": "c6b1734b-0d37-4547-b702-ea921a365137", "value": "Payment Advice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76425af8-0f35-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687243278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243278, "uuid": "55c98143-b260-4c2f-b856-94c9af858c77", "comment": "Malware payload (RedLineStealer)", "value": "e24f75b392115dc3de49f053bec1a054", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243278, "uuid": "bde96de9-95ee-4f8e-8bc9-74383f3ef211", "comment": "Malware payload (RedLineStealer)", "value": "fc036053c8d116d9afa0cf900cf326162b8537d8de26274571709ded1b5e4c0e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243278, "uuid": "a2c28085-10a5-4ce1-92b6-d61e93e820f6", "comment": "Malware payload (RedLineStealer)", "value": "ee66d6b7d92767ef4e848bc5c86057eede3e1511", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243278, "uuid": "1ee6ce0e-c55d-4f82-99cc-2661af46411d", "comment": "Malware payload (RedLineStealer)", "value": "d89f198f7b7f3bdea4efd0b0ddde6a9fa812cb8a50bc92e4603d8825df630429184f5a8b7ecc8b7c3b766316e10f4bb5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243278, "uuid": "6a2a33ce-45bc-403b-9356-59e0f1bba870", "value": "T1CEF41282F4C4F235EC310931ADA97D42AD7DF8950B20DD6F3B542B1F8AA25E075B162E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243278, "uuid": "17f4da8a-3510-4172-b6e8-8646d543cf11", "value": "afd3d49c95dff180e14b1d2081e826d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243278, "uuid": "b56e1fe2-6959-404e-90c6-6261d383395d", "value": "12288:11KHYRrv7fWlu+T/YarkkLWG4IC8U45Ztb/qJk7LZqLBjQYMfNyKOA7LtO47AbaV:i4Rz7fIuTkLWG04rtby+7d4BnajnRO4B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243278, "uuid": "680a6d45-2608-4677-aead-e4816b789ee6", "value": 759808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243278, "uuid": "8c9f938e-2050-47d1-b6dc-719191daf265", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243278, "uuid": "12920bba-e009-48da-830c-60feb22e2181", "value": "e24f75b392115dc3de49f053bec1a054.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa004a9c-0f33-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1687242506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242506, "uuid": "03535fbb-cbe3-4f18-a3fc-0510fd997bf6", "comment": "Malware payload (Loki)", "value": "9ecfc76d0149d62cbb96502698b65500", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242506, "uuid": "ffd8e4fc-5751-4162-90d4-61a76231bb9f", "comment": "Malware payload (Loki)", "value": "fc15e945d8f642f13960c48e212d2cbff3e9e3890cbac0b17ace14273cac0458", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242506, "uuid": "14105a85-3b0b-49bb-bcb9-358c131b32aa", "comment": "Malware payload (Loki)", "value": "593d3cdfdf36dafbab30a066cf47c2de7e8c1655", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242506, "uuid": "a3f970c8-8082-4fd9-b2b2-c2358fc2323e", "comment": "Malware payload (Loki)", "value": "4fbe09fd5fadf99560f2e4d712d62ae6d9d3296bad38cfd42b530293ad501c900763296347e9da9b51326faa180deee7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242506, "uuid": "3a4f8cce-e72b-437a-8f62-8b6a8d3a9d0d", "value": "T181E402106A928A2BC22B4F394460E3B4917C8DDABB12D69F4DCB7DD77E137D90A3111B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242506, "uuid": "08617391-de65-488a-ae2b-e3985585d640", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242506, "uuid": "4dd189e5-f63d-4f69-a5ef-91bd2ffc6f7d", "value": "12288:Db903YmeuPM7q6bpw4dcZda/igJFMyfRBpFT/1+Wmu6LV+QNEr9pYXSBff:Db903Yjzu4CZdOo8/pFT1ooQaoCB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242506, "uuid": "5628afc4-d831-4a0f-9596-af916524043b", "value": 673792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242506, "uuid": "f0c7a18e-a7b8-4cee-8b5b-6f961773da51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242506, "uuid": "ee3adb13-73e9-4572-93b2-05ba2ebdb2f2", "value": "Maersk Shipping DOC,Invoice & Packing List.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "330a44f6-0f64-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687263352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263352, "uuid": "6acb828f-9060-4e96-b4a8-9549b5738849", "comment": "Malware payload (AgentTesla)", "value": "a8eb2857a603f79b61b2dbe34acba35d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263352, "uuid": "18a349a9-d182-4d16-8378-262fc474be58", "comment": "Malware payload (AgentTesla)", "value": "fc808ad3657e1769714de458d50a1cabaf009f300b1de3e1755c32c4e6eba95d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263352, "uuid": "7adfa3a8-4bbe-42e6-974f-7ff09f7a7d22", "comment": "Malware payload (AgentTesla)", "value": "7aff55a2ffc640f219b73dfef1124d2b78214801", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687263352, "uuid": "24845886-2d57-4dab-9e1f-c5bb83f4c5e7", "comment": "Malware payload (AgentTesla)", "value": "8210eaad63fab966bb65c513bc46891bb3cfee04d173eac239a27576224e2c19fdefaf7f6475c3705331c49f5894c42d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263352, "uuid": "5c99cfbc-6d0c-484f-956e-a12f380a7adc", "value": "T1D40502109A92862BC0264B7844A0E374A27E5D9A7772C7CB6DCFBDC7BB277C40635706", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263352, "uuid": "c9fc92c5-0efe-4c8d-90f4-1af89f1bdfa4", "value": "12288:Zb903Y8auPM7q6bpw4dcZda/igJrV49lCoBGmWvCc5OMu2+8NS26i24D0lMp9:Zb903Y9zu4CZdO1YRT6CgOM5Vn24Dp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687263352, "uuid": "a70d5ebd-cecd-423a-a29e-7f1c8f9246dc", "value": 808960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687263352, "uuid": "4ed8e2ca-86c0-48d4-a30f-38bc366bbbad", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687263352, "uuid": "61909fa5-9584-471c-85d8-a50ef3ce3231", "value": "nCV.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc24c544-0f34-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1687242966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242966, "uuid": "0f06fb1c-9367-48a4-93d7-3345e624c1fc", "comment": "Malware payload (AgentTesla)", "value": "8fd20c12edfd81733c5324ea3e64f35d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242966, "uuid": "5050c90c-01c3-45aa-8776-a6aa751cb0eb", "comment": "Malware payload (AgentTesla)", "value": "fe347f1277a88e11b531380a4bb8e0c27a86cfa2597554453d06d3291697d287", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242966, "uuid": "941f928b-7b37-4aad-ad0b-6576a75decf6", "comment": "Malware payload (AgentTesla)", "value": "3643e645b65294880e617d6b780c95db8c77e899", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687242966, "uuid": "7752c95a-5874-4e48-ac9f-b1e97e9b4341", "comment": "Malware payload (AgentTesla)", "value": "324feee2868011f7d04439a13cb8374c48a2a1eddc6b839ff602aa162933a91471d9b8232a43b4e2e83e9908734f2c08", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242966, "uuid": "86b6fb8f-019d-420b-93ba-b943bd49db5a", "value": "T11C456B1033B55309F43B87F5083655C0A3FB3A5BB61DD79D6D8622CE2A72B428B11E6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242966, "uuid": "b90323de-b46b-4508-85d1-fc421d98c716", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242966, "uuid": "993305a2-312a-4e11-b085-c3648a0e83db", "value": "24576:KRLD9huWoTDrhOhBs5d/pcd9saZwI3fd3:KRNQjOm/p2J/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687242966, "uuid": "e4eba7b0-6f8b-4e39-a3c5-e555edee6ace", "value": 1178624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687242966, "uuid": "c22d1f1e-e4ec-4492-ba89-2144212a0b27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687242966, "uuid": "67a2580b-38fd-433b-be32-b645597ffa61", "value": "IMG_MV HOVERLA EPDA REVISED _SOA APRIL & MAY 23'.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9712001c-0f36-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1687243763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243763, "uuid": "f731029a-e505-47ed-a1a5-9daf2fe4f0b4", "comment": "Malware payload (GCleaner)", "value": "cdcb3efde15d39b8650325eb0d6b1886", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243763, "uuid": "6bc73e3f-abea-480c-a0d2-8cbbc3d2d8ab", "comment": "Malware payload (GCleaner)", "value": "fe93b9a0c817fc6da2acfc2d37809eda1f5474a08219e5503d9666671f1faf2e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243763, "uuid": "1abe6285-eaf4-42e6-a47f-44923373e4af", "comment": "Malware payload (GCleaner)", "value": "c827e7629d1662aa5758fb663f8d4cdb7de14df1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687243763, "uuid": "9eb920a9-9aa6-4251-9baa-9fd8d73b4aec", "comment": "Malware payload (GCleaner)", "value": "a59ae24e174e5627b6e5e4f02fa68727330dbbc445a0110126a97d4d4a2fe7d701900194974f64aa107a28903640910c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243763, "uuid": "fd7f6688-f7cf-42a7-b9fb-5b5d99896b04", "value": "T1DC64BF2362907C31E92E9B73CD3EC6E5779DF9508E593BA6223C6B1F09B11A1C5B2311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243763, "uuid": "84903d03-162c-459e-84e2-0fc9de00512a", "value": "c1947b9846baf229e0c776cadd6d408b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243763, "uuid": "772b30ae-359f-4fa6-8ed6-cc9b45b17138", "value": "6144:Y47MOJSHnigXsOCFmPWhHX+2XivzF+CHmWs:YMLJSHdXsrFJ8bgCHZs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687243763, "uuid": "c3b80f09-77a5-4708-8280-1861f6e387a8", "value": 316416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687243763, "uuid": "54942146-10d5-463b-a572-a4287685aba4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687243763, "uuid": "b275e8ce-adb7-4bcf-be61-c0b12ddcff13", "value": "cdcb3efde15d39b8650325eb0d6b1886.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae9aca57-0f54-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gafgyt)", "timestamp": 1687256687, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256687, "uuid": "4fd49058-d6f9-465e-b9a9-3c69839ce199", "comment": "Malware payload (Gafgyt)", "value": "547b45c3d9ae95f4e9097268e0cf456d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256687, "uuid": "5090fe66-4d8a-4c60-a805-608cf4975755", "comment": "Malware payload (Gafgyt)", "value": "feca0b6fd6bec792c79d3a4dcf4e43aea9e5ff978d5b688e0a77b593144ac569", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256687, "uuid": "b4eab388-47b6-49a8-91c3-0e672810d495", "comment": "Malware payload (Gafgyt)", "value": "62ebed4bfea45b47cfaeeda76e39bb1ee4c16e3d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687256687, "uuid": "cca61464-f937-4b4c-bd18-c4119a3eb18a", "comment": "Malware payload (Gafgyt)", "value": "0db4d0956d9be94e16e5184947e7260602163c591c6d2bfd0a6bac68d8af409d45c868df41458924fd0a7528503c495b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256687, "uuid": "4ee72a37-407a-49d4-9c4a-288a9d966b70", "value": "T15C03F852BCE29A6BC6D023BABB3E168C33667398C2DF3313D8141765278A55E4D33E45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256687, "uuid": "df878357-b07e-4533-a3aa-797682389df3", "value": "768:Kf8ys2Cl2q8gjUG5iDxjHbDg1Kh1N5WnhPHOnPBnzaJM6zKo9g34:6TC4DgQG5iJoot5WhvOPBnIFzG4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687256687, "uuid": "0d987efa-561a-4d72-b419-ea99c894648a", "value": 38768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687256687, "uuid": "52ece6b8-c394-4892-98bd-ae41249fc1a7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687256687, "uuid": "11325ba9-ba74-4fa5-9bb9-970705342f67", "value": "547b45c3d9ae95f4e9097268e0cf456d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aff88ade-0f05-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687222759, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222759, "uuid": "a8745fef-5dbc-4dfc-b923-f1de7e8fb179", "comment": "Malware payload (RedLineStealer)", "value": "0047d6e1dca6ba6bef32845d886de178", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222759, "uuid": "efe749a7-cde2-4c37-a40f-e3e03a7426bb", "comment": "Malware payload (RedLineStealer)", "value": "ff649dabdf1b8263b1c5e79426687e9b7137c195df618c8eab013523c36ede7c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222759, "uuid": "a577f3a7-4ab1-4bfe-8da0-3540954560b5", "comment": "Malware payload (RedLineStealer)", "value": "2acdb2f8e703cf34a341e95bbbe1d36c1f4b772d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687222759, "uuid": "300d5963-c2f0-4e96-bd9a-fef04c54cd2b", "comment": "Malware payload (RedLineStealer)", "value": "3d235018c09c8dacb6ec3d6528220e5b19d4a759917cb41f061c862089118670ed2465f543bef5208146e1ebd1fc5d74", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222759, "uuid": "d8f0f648-e32c-48f5-b180-282549af2267", "value": "T15BB6AE4AF6FACB73C165363D35208E66296DE7B0CAF9C9D717484CF58BA0180C125EB6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222759, "uuid": "f8df0fc6-7be2-4544-aa89-257bc6b12c87", "value": "e41d459fe48a0f1750c9122e1018ce53", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222759, "uuid": "561b9dc4-40b3-4be4-bc04-e6932dc503a4", "value": "3072:9xDBnN6cFLaGbsZ5MPczPg8zWZX79eANug/2vb5GsveiCaSrIUXqNkpinMegot88:9ZK6LNSgDIgevtGsveiyrIUXX0nM5op", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687222759, "uuid": "20ea5b52-a7e8-4abe-9721-32b4a4ab88a4", "value": 10485760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687222759, "uuid": "c84fe01f-b087-4444-b0e6-17336c28be87", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687222759, "uuid": "9193399d-cd7d-4435-b175-8dbee934ac31", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }