{ "Event": { "published": true, "date": "2023-05-10", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-05-10", "timestamp": 1683763381, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "0fae06ed-7f0f-46c6-b62e-0d9c02f745be", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2e6fa74-eef8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683698824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698824, "uuid": "2d8942f7-8c3c-4063-8b33-1885f7e6cf1c", "comment": "Malware payload (Formbook)", "value": "4b17f606b2eddd053028c26d7a1ee868", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698824, "uuid": "2e5d94c7-f52e-4968-9326-ab0628ecf843", "comment": "Malware payload (Formbook)", "value": "0003b5d6c92e1466b6f734da9175b9cfc65ebd4d576b73f92100b0b2e899bb3b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698824, "uuid": "bfcb6dff-4ae6-4504-a7bb-edc22dd66b65", "comment": "Malware payload (Formbook)", "value": "5b3ccb91fddd944eb32cbac70480af9c4a452e19", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698824, "uuid": "89a2fce9-ffb6-4e87-a2c3-fd90ae422566", "comment": "Malware payload (Formbook)", "value": "8ddcc0d7b3e07e9caf8524704c1b6fa4f810784466304b97c56b17e7a6ad523b723b6d71b4d699ad52f9990ac91e1269", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698824, "uuid": "23396b0b-85df-4490-8582-f4af8cd88d8b", "value": "T1E1F4DF54B22BA823CB7846FF0628154503746222AD9FE2F93DCF69CE98E1FF15947607", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698824, "uuid": "1ed58dca-c61e-469e-a147-17c807851e96", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698824, "uuid": "b545f724-380d-4947-b9db-837e5b0dace7", "value": "12288:32bnKyAZfGjMOrAeoJ+oaM1OrCuE5Veinf2erkNM:V8MUA+ovsNE5Rf2HM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698824, "uuid": "220e086a-03b0-4d42-a512-d8193bb709d7", "value": 729600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698824, "uuid": "23d98a54-c542-42a9-a0c8-59d10265fcfe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698824, "uuid": "16aa56cf-39d0-4785-90d6-64235def3060", "value": "Swift Copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ffdf95c-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683729018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729018, "uuid": "ec413ccd-ce41-49da-819f-6da99a47ecc2", "comment": "Malware payload (Mirai)", "value": "2e272a4827fba3d96bc955ee27f0ca7b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729018, "uuid": "98bf6d2a-2c0e-409a-8846-c5be4dd19228", "comment": "Malware payload (Mirai)", "value": "00c1d212652373032caa6e63f19e494e2a2e5c089d917447de3f3cb6afac75f1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729018, "uuid": "15668e40-283b-443d-b9b4-0f87ebdcd74b", "comment": "Malware payload (Mirai)", "value": "ceb87c7d24f2b6121b14e90a75ec3e2e2cd59769", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729018, "uuid": "a831d4a6-0773-429d-905d-fdabc00f3e90", "comment": "Malware payload (Mirai)", "value": "dfa31b897250c15a2d5faed9acbb0a8619bbb9a5008a6534a0e3388bcf086c63090a7c62788ecc3719b94a65f1bf5d9d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729018, "uuid": "e52a79dc-f3d6-47bb-90ab-3da3aac9a79a", "value": "T1AEE32A30D4504B17C2D213FAA79E825E3F221F9793DB33115B38BAB41FE279A1D69924", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729018, "uuid": "f5a4e245-628c-4a5f-b469-a004d2118290", "value": "3072:Cv/WwsLgaq353qHiCOvhOpNqkDQHbeskmhxQwoVSUNu:KPLaq351hOpNqkLskmhxQwoVSUNu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729018, "uuid": "cd644ce6-623a-4bd9-8fcd-d263bab3e8ab", "value": 143019, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729018, "uuid": "7cf33dc8-a7ee-47cd-8c83-3534da785b13", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729018, "uuid": "425c9dfe-777d-421e-9336-ed6aac0c1e27", "value": "2e272a4827fba3d96bc955ee27f0ca7b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f10d468-ef70-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683750035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750035, "uuid": "a580a6b5-412f-465f-a2b7-4b8fb76708c5", "comment": "Malware payload", "value": "2e1b2d72f4290194c4e7fc84edab827b", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750035, "uuid": "350439af-0acd-44fb-b68f-e58a3167487d", "comment": "Malware payload", "value": "016a21d3849a58ced9ee6da989415f6a7819ec4dd63a92b377f34a8e3eea1617", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750035, "uuid": "4db2f384-25cb-42e7-81de-7e42a2a3d281", "comment": "Malware payload", "value": "120d0134bea7916b77d71e8a43707f8129dd6007", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750035, "uuid": "b11c8790-1b04-4044-9122-06df8227453b", "comment": "Malware payload", "value": "747027901d7a72cf9ae0db27a78a6c034aa80ddbe980ad3067368c140d83204765b6acf5b153068257414b52ce9ac32d", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750035, "uuid": "dcfce2b4-6da8-498e-93ef-8f8493b9f26a", "value": "T11A7523DBBDD987BCD36BB3396D241C27840E28FAACC9C45B14B735429500A5DB3CA789", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750035, "uuid": "c5645668-ae1b-4f66-b800-6c8f86a7fab5", "value": "49152:pInIMsj6CspSLoTAUhcchS29qcYUTWyieoecgz4V:t6TpCUhcMS2RYUTfTLi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750035, "uuid": "2bb55b0e-5877-4ae3-bc84-e2b3ce85bae9", "value": 1618166, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750035, "uuid": "e6e8d918-26c6-42ed-a33f-6d65f7a03923", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750035, "uuid": "c5628a89-a81e-44f6-ba9c-396401b49649", "value": "2022 1099-NEC.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58b26f1c-ef40-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683729516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729516, "uuid": "fee7638e-5805-44a8-8454-8ecdb69a0118", "comment": "Malware payload (AgentTesla)", "value": "4a7f818874a86fc5f981e46733b2d7f5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729516, "uuid": "c763057e-a2cd-4a07-8e40-89fce45c7fca", "comment": "Malware payload (AgentTesla)", "value": "021cfdac35b7f0cb8f6ba460a33994d0128883ad281812b380978bc5127abbbc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729516, "uuid": "25e337e5-5694-47a3-95d2-27bad792bef1", "comment": "Malware payload (AgentTesla)", "value": "901f65348b82ee9006a56f077e8849eb7bf0b460", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729516, "uuid": "7e3a1589-03fe-4aee-b3e0-1d2db7f6e290", "comment": "Malware payload (AgentTesla)", "value": "e0ba092b0f946e875d796158736873a9ec6a026037673a035a535f3b2af1751840e181451cd00c158abc641dc29731af", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729516, "uuid": "8c30b2ab-a8e2-4331-922e-b6b56989462e", "value": "T19EF4E111722A9B2BC7A843FF0628454113B87716BD67E23C6EDF11CDEC22F504A65EA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729516, "uuid": "84ce09d5-07c2-4f38-aaec-30caaab27160", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729516, "uuid": "9eac120f-c140-456e-a334-dd7c6e100bf1", "value": "12288:qQ8ZfT/bdwhH5inDFFQUSdEPsuIJxfc2nWpChzAWK58mxQL+:n6LDGhZiBFQFuP4/UG5K+VL+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729516, "uuid": "09914899-1a17-4764-91c8-2c7601c1b175", "value": 790528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729516, "uuid": "7df5924a-c7e2-46b2-ae57-4988d1c97add", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729516, "uuid": "740b783d-5ace-4220-baf3-25a313087d6d", "value": "NEW ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "416640cf-eeca-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683678796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678796, "uuid": "1e2254bf-630a-4a77-8db9-0a28770ca3c8", "comment": "Malware payload (RedLineStealer)", "value": "a1797d59ef1c52c65f288814c5e44f89", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678796, "uuid": "bc672082-bc9e-429b-91c4-dc02042aa5b2", "comment": "Malware payload (RedLineStealer)", "value": "024bfe0a05c6e6790d67c8e32e075fa551a1bb0bec80d53f293b105d5ac29f05", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678796, "uuid": "a1262090-aaf6-4086-9351-93cea7df780b", "comment": "Malware payload (RedLineStealer)", "value": "46a4eb275de1150c003ebe77cbac330600e88ade", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678796, "uuid": "135956d1-4805-40bd-a01d-b99120f355ff", "comment": "Malware payload (RedLineStealer)", "value": "c078783d27cf4fc35bec0e82f444dcbeb1bc57723c37b0bbb410276a80341cb460bb4ce5e6cdd1c8c77456bcf261f984", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678796, "uuid": "6e947742-dd64-41b5-b1d7-9283df48a361", "value": "T18DB41212EBE48572DCB2177065FA11C71A36BDA04CB84B7B37522E8E0D736A0A935737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678796, "uuid": "93a09d18-c33c-4d15-992e-bca92a182291", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678796, "uuid": "4163d397-88dc-47f6-886c-efc45ce8f8cb", "value": "12288:FMrRy90lwiX9hCbNkXpvOoBoLSXObWswV2hVShf:Myy/99Zv0LDzef", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678796, "uuid": "336974d8-22ce-4509-9f32-09852557fb99", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678796, "uuid": "d295a3bb-5c2e-4d78-8b51-306c487f10c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678796, "uuid": "0c622722-bce9-4cf1-961f-a7051cc04fbf", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6234025d-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683699897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699897, "uuid": "c09c8cba-b306-4cb6-8624-1ca5d89216cc", "comment": "Malware payload (AgentTesla)", "value": "903c3f1e5b6bb1af29c8ff3902ba18ee", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699897, "uuid": "9c6cf89c-fe0c-44b8-a6c8-455e5f8e8b5b", "comment": "Malware payload (AgentTesla)", "value": "02a554f861b98958680322db4c6e2145ac535c820869ed06ce37fbaa61932fb6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699897, "uuid": "26089466-1cb7-4240-91c4-a5418f6c2493", "comment": "Malware payload (AgentTesla)", "value": "d6e9bc3f873cbeb28f0e1edb1f1211d45aea7f0d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699897, "uuid": "b0cc6c52-25e2-4e48-a8b8-526b9eec7e22", "comment": "Malware payload (AgentTesla)", "value": "db45d9883da79d39dd8481f025bc6332ce01be38c025579e251e6f158ef096a1ef8df517e30f03830f34643e3e41b269", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699897, "uuid": "6933c92f-6146-458d-945f-d857397569b3", "value": "T1A225E0B34BD53FA6F9398E39D2723C1913FDEC1810A5E6496DEBF0D18AB3E050A91614", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699897, "uuid": "16005626-2fe4-4b50-ac4a-4f7a91cefdd9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699897, "uuid": "38853201-9274-4c24-9740-b71c3d62ae26", "value": "12288:W8Paty5w0F1ttBTLpJcuwiHjHfsyJl0EufrpIWjgkeCuvysJthK:nPatmw0F1tDVDsy5irpJEkCL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683699897, "uuid": "8600ad5c-2d91-475f-8563-32a36d5cb08d", "value": 1000448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683699897, "uuid": "5561f7e1-7f27-4763-8ff6-6dfe64885812", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699897, "uuid": "7ada00de-ab02-49ef-a85e-e797df4b3e98", "value": "903c3f1e5b6bb1af29c8ff3902ba18ee", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02a0d160-eecb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1683679120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679120, "uuid": "252fc64a-5825-43c6-9488-2e0c79fbed93", "comment": "Malware payload (Rhadamanthys)", "value": "0bf4802d6222aa624709e90092916233", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679120, "uuid": "63ef4136-c3f4-4483-ba20-5c65caa1c2e2", "comment": "Malware payload (Rhadamanthys)", "value": "032e861138d0a304d5a51bc7614f867b04d558596be03cf69ff9fd63098bc46d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679120, "uuid": "1ecf8953-c088-44f0-8f07-c07dab49c3c1", "comment": "Malware payload (Rhadamanthys)", "value": "1434523ea8f30bfdd051570badb258f36c8eaa05", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679120, "uuid": "17691a18-bcb8-4239-a3fb-7eeac43865ab", "comment": "Malware payload (Rhadamanthys)", "value": "4f4e04fb57059653734cf7d63048b684fdc6a5bd5e096bc10c8cb618c99e95ce579f4948c21653cc68de0cf118f6d64a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679120, "uuid": "2d721d4c-ec28-4dcc-a203-231be047c2f4", "value": "T12184AF0273E0B872E6770B318E2AC6E4762EFC508F5566EB1A496A3F09706F1C572753", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679120, "uuid": "0337aeaf-6afe-49b7-bc57-8745558a5ce4", "value": "2f859ca72f4146453ae321b5dff2ebd9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679120, "uuid": "35f16efe-2dcc-469f-8740-423c841402ae", "value": "6144:98Q7t/ifdZQR1u4U3QScXaviBoGnGoTCOhwK:mS/if6VScXaaagCzK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683679120, "uuid": "3a5a0acd-4e2c-4860-a100-af3ac68eec20", "value": 373760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683679120, "uuid": "d3c9f976-c444-414e-9daf-d8f724642db4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679120, "uuid": "507f36dd-d521-47ec-a2e6-020c45b55503", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44e1455b-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683744515, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744515, "uuid": "f25f9981-b91e-41de-ba4a-f77fde581963", "comment": "Malware payload (AgentTesla)", "value": "30de779f0f46680ca5486a0bfa989639", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744515, "uuid": "772b935c-3961-4cf2-a248-0aecb26a5e32", "comment": "Malware payload (AgentTesla)", "value": "03cd9b875668d603ac396a9b2efe1b13871513cbb693413497bb674b5df22af2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744515, "uuid": "4fb0e6de-c913-41cf-8785-b8c2809e2e0a", "comment": "Malware payload (AgentTesla)", "value": "bb9579e90935d89756d38ea8782b82587b528e5b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744515, "uuid": "5c365eb2-8e6b-4970-b765-61902768e8d2", "comment": "Malware payload (AgentTesla)", "value": "a8ddb0a8ab1cb2840cc69c653785bb50272e141612d2aa4dead156c860785d88161c03e78dc3963e30ab0ab8e40cf7d2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744515, "uuid": "3906d136-9ff9-46c1-bd73-8d94f0f3dd54", "value": "T148A4238656EC470904D7F70413E98A29D2EC6E843653CC2FF50C7E82BBF44A15BDA87A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744515, "uuid": "87a2d8a2-4e3d-431f-aa37-3a1b992c0439", "value": "12288:0wKdLpBeK/X67i3isvj/Kr+IDSbE5ArOoNdaqZXnK:1Wresn3iVyI6hy2Z3K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744515, "uuid": "a6d8d4c3-8fea-4f17-9aee-29979e2f811f", "value": 460067, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744515, "uuid": "5f3053d2-3d1b-4e2e-be14-041b2a3f0fef", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744515, "uuid": "d873ac76-b70a-4d91-bbee-34bb1479c25e", "value": "Payments.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d057f04-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731268, "uuid": "6bf52964-3a70-42b2-8a86-4399b458fc09", "comment": "Malware payload (Mirai)", "value": "a40a57b10e4e33a2dd756fca5bb4353a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731268, "uuid": "81cf133c-6d0e-46e7-af4c-334be32cf31a", "comment": "Malware payload (Mirai)", "value": "049b06043e91b943471f0595eb3e2c70c9cadeedb054f6dfbc4cbdcf84eb9d73", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731268, "uuid": "79a4b8fd-5f0b-493a-8de9-7236fb629062", "comment": "Malware payload (Mirai)", "value": "0cabc7eb78e34f95efd239b87d3131dcba01f4fb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731268, "uuid": "f2caefd8-4df2-41f8-bb35-9b614c3794fa", "comment": "Malware payload (Mirai)", "value": "aaf6eefefcbf911a2ad71b44982f4167e5b95864daddf09a1a223e6fadb144d552b43e03e0f783e250f476802bb03aaf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731268, "uuid": "0ef2966c-3372-45f5-ab75-115d2afc8bdf", "value": "T179B2E1ACE48CEEBDC0E757335CA8C38373A51B5E3797C6A5919AC30242152569DCAAC4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731268, "uuid": "496c2414-b833-46ba-ae70-1b6b905da7d0", "value": "384:nOJw33+kf10fd8FHhnLlXsXIdYVtR/UTXut/Blk6hKBLbLqqrV+j3mqsduJKZxoR:n8wn+G0F85XsX6YwXG/BjhmbWq03jwx8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731268, "uuid": "d504071f-3156-43a5-beb8-e8e46400c348", "value": 23904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731268, "uuid": "c9cdeb9b-af9d-4953-a73b-8938e968356c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731268, "uuid": "31de18f6-1dfd-4e0f-8453-9474870092db", "value": "a40a57b10e4e33a2dd756fca5bb4353a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86001883-ef43-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1683730880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730880, "uuid": "dbcf0718-4f9e-45bb-90e0-bb377df4f9d9", "comment": "Malware payload (GuLoader)", "value": "43a6a66fb89e618f4e47a02af4d8da2f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730880, "uuid": "1fa97bba-67f2-455b-aab7-9e8aac37455a", "comment": "Malware payload (GuLoader)", "value": "07079c49949ed4619204d3b640c590e102156526e9796c4966ead639b992385d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730880, "uuid": "867ccca6-6e5b-427b-acd5-f2fc921d3b9e", "comment": "Malware payload (GuLoader)", "value": "b8b546cd42d34141646ad983b9880abaa48891c6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730880, "uuid": "9ca4e43d-69b8-48ae-89e7-faf04f3b36c1", "comment": "Malware payload (GuLoader)", "value": "a873ae4187a4c6b5c9e9031ecb3c877d0edd0da1dba6b5cf888a13ca8391207df9dcfb0214b16cb01fbb061e2397c0bd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730880, "uuid": "f549288d-fdcd-47c2-95db-51325dc09944", "value": "T1B09413403320E513EDED07B165759A2B7A73E71C57E0560BA7943EDD3A32A818B2EB0D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730880, "uuid": "2d3e2e11-5937-4ae2-9ff0-2743c41781d4", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730880, "uuid": "1a895ac2-b719-4742-9526-f08133b2c60a", "value": "12288:4xSIHpxLIVSH5LiPP84cH7RgGxS34bd4H:4xbIVUMcLb2GC4m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683730880, "uuid": "e85163f1-3b74-44be-ad6b-c1066ed8a004", "value": 442792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683730880, "uuid": "efb72644-7022-45ff-ab21-c9f8e51170fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730880, "uuid": "42da6148-07db-4983-bfa5-24f5d7caab9e", "value": "NEW ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e146083-ef21-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683716184, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716184, "uuid": "e8535e58-1805-4773-87e6-85f585d0b08e", "comment": "Malware payload (RedLineStealer)", "value": "553eff0ddc4b9b1c6787ebee99b2b2ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716184, "uuid": "05c63f4c-7b1c-4f78-8a89-6d2aca2d31df", "comment": "Malware payload (RedLineStealer)", "value": "0774333fa07a5fbf06d0bb8f974b172d93cb9ed871eec5d497828dd458379171", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716184, "uuid": "24fb7d0c-2039-4778-a2de-132d32eb4647", "comment": "Malware payload (RedLineStealer)", "value": "fb6c31500797d8ce79b304a0a0de7bc9a4e8f9c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716184, "uuid": "2fa16a4d-f63c-46ad-9f3b-82d4eeef6237", "comment": "Malware payload (RedLineStealer)", "value": "a30c837e4e42e81e0b5e37b7e7f03af36603d538d2936e149fc680b491d9133ecd12cb54845b3d9fc3c8062345863a6a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716184, "uuid": "951b3857-57cd-444a-8496-a4f63dd33f8c", "value": "T1E3947C0B62DC7C64E6275A319E3E86E8765EF9518F5937AF22186B3F04B01B2C172F11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716184, "uuid": "a76e0cd6-6d03-4bb7-ac70-e902971a6e5d", "value": "01f37df613d55b4b4b8899ff2305631e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716184, "uuid": "257b4384-edf0-41c5-b8a6-0b5846a2e867", "value": "6144:9/VLyCE1Bk+svF16SlhbndqC47R+oWKikk18ra/b5C:XLyj1BrK6Knn4431H/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683716184, "uuid": "077025dd-c8c1-4095-85f8-8f7033fe3df5", "value": 441344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683716184, "uuid": "d2e1e107-4fe9-45b2-b532-ad4d4c93415c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716184, "uuid": "9879326a-a59b-4ed1-a0d3-0da0d54e18be", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9eeff7c4-ef0e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683708159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708159, "uuid": "b3a667b7-3142-460c-b5bb-e136870f580d", "comment": "Malware payload (RedLineStealer)", "value": "4fb1056ea610a4c902599e4ee5208b36", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708159, "uuid": "2ff6b475-8448-43c7-a8e7-28378b19293b", "comment": "Malware payload (RedLineStealer)", "value": "07d2a39f5c3d310fc233d63a5db81605fbc76e9ddc73bafd46990400e686ee22", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708159, "uuid": "bdce6ef4-dadf-4b66-9cf9-5908c00d0e83", "comment": "Malware payload (RedLineStealer)", "value": "580e84db72a91b97053d852b765b848124b1e6a6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708159, "uuid": "0f660fbf-2133-4a81-ad7c-0891af162805", "comment": "Malware payload (RedLineStealer)", "value": "81542cb1c8d99eb1b76c574d9cfee6dcfd5c37fb13c092225639134a4f7e70bc844433285b8a0fed79e2aad661bfd378", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708159, "uuid": "1799ed56-41fa-49cf-8b56-8258436fdc45", "value": "T191948D1362E1BD64E62747728E2EC2F8765EB5204F5977AF2E189B2F44B10B2C172F11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708159, "uuid": "74b51a5e-3850-4723-bd48-cfbd8ec7f74a", "value": "6847c4a23533c8db62ddf8eb8d214ba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708159, "uuid": "d9a140cb-9d78-447d-b9d7-1cea75cb6d36", "value": "6144:QlyxeLzMX8A1JHXokOVa7szdfoHXEYX3uu:2yxoztQ5YkOVOszdfEUg3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683708159, "uuid": "5a81e381-cbd6-45c0-a40f-246b7aad3c47", "value": 439296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683708159, "uuid": "d40d84ac-0d2f-4cfa-9fc2-a7091a154c62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708159, "uuid": "ae0dd1d3-5270-4e1a-b637-4f057ea2be05", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fab1e71-ef60-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683743245, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743245, "uuid": "25918041-048c-432a-968a-872bc94d8123", "comment": "Malware payload (AgentTesla)", "value": "d88fc1f23009d945ef6096b14a2b52ff", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743245, "uuid": "09b22445-30f6-41d4-9e2d-b3f2b8a5ea5d", "comment": "Malware payload (AgentTesla)", "value": "099355d506f15966ba946cd6f58a72f6c02c73232349cf7f2d6af5641eed0ceb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743245, "uuid": "73114442-20ce-429f-bb73-d11a32eb07eb", "comment": "Malware payload (AgentTesla)", "value": "c1a7e896034692aa6ae337d9034aa09baedac9d8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743245, "uuid": "8f71c895-4da4-429c-9785-226283774b66", "comment": "Malware payload (AgentTesla)", "value": "7bb5c3a442badcc20efdc065372a14a97d9ffd53c451395913ce230b9dd3ce70b276454cb7f5e2bc6b0c15412af53edf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743245, "uuid": "a159b7ea-52c3-4c57-929c-6631a5d7c37f", "value": "T1C954E05F9382EFE1C756CA70182843B19974E8019531EFB36CCB2A16DD63AF6909CED4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743245, "uuid": "0ee2df71-cb16-4d89-a6b0-981dbc939f95", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743245, "uuid": "67d0b1af-faea-475c-9936-a865661cafcf", "value": "6144:/thH4bzgXvWApfRS55SR7KFdWSuzW2oQyI6PHC5D6XGC:l+cXvxpZY4WDuzWCY2C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683743245, "uuid": "2801dbe6-6660-4a7c-90b4-d4ff7aec3504", "value": 303104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683743245, "uuid": "bab7d490-5ad3-4479-96d2-2957916fe789", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743245, "uuid": "a0a866fa-22ff-42ea-98b6-e99b84b79170", "value": "SecuriteInfo.com.IL.Trojan.MSILZilla.15323.32474.4309", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e910634c-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Vidar)", "timestamp": 1683729329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729329, "uuid": "162f2abd-3b32-4a7c-9ed0-92541d003cdb", "comment": "Malware payload (Vidar)", "value": "07115c6b49834bbe5d8cd88c9858bd61", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729329, "uuid": "697e1758-6d2c-48ce-b226-fb792da24282", "comment": "Malware payload (Vidar)", "value": "09fa4342b6a984a007d4ecbb233731aa59c5c8e58b6cb16a6cedb3ae63be0387", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729329, "uuid": "c30cd717-8269-4cdb-9021-42ae0b2ec94b", "comment": "Malware payload (Vidar)", "value": "c6b821a7a55d781d1cdb546736f6d0db9ced940a", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729329, "uuid": "cf0d98d0-a5e5-4f8d-a51b-5719cc207a3e", "comment": "Malware payload (Vidar)", "value": "4444281d1dbb0099ac4161e3fb8cb9a6b209a5abcea1999e3cf5a37eebb187992dea928176b5053fbaf441036f8da5ff", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729329, "uuid": "2d1e1ab7-fc6f-4547-9add-9ef4a98aaa98", "value": "T10154CE81FB55EC12CC25A2327623395917B0ACB50CB4C71226EEFC5E4EB3B462C8575B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729329, "uuid": "aa774f25-4343-4618-9481-e60cf802df13", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729329, "uuid": "a23a499a-95dd-44ef-8025-9b14a5246bb1", "value": "6144:sd03vSrfSN1A5tdAx/IGWaG+0RxxyrwO+f1IOq:sd03vSm1oAlOkra14", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729329, "uuid": "8f83e0bb-3362-4fdd-b558-3def610b4004", "value": 287784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729329, "uuid": "a85c5168-e15d-494e-9db5-30c2a9205964", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729329, "uuid": "3aec2bdb-e557-4111-8b72-d15cc0152284", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df69ebe0-eec9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Vidar)", "timestamp": 1683678632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678632, "uuid": "0278287f-8eed-4bdf-b19b-9eb2caa21190", "comment": "Malware payload (Vidar)", "value": "32315675719766fc2a9d6a1301426e92", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678632, "uuid": "54622ba4-b9fd-4ef8-af8a-a7222dc4f671", "comment": "Malware payload (Vidar)", "value": "0ab70f9d6b40bfb958cedb2288ee9852cb0976f56a86b4adabd3bdc6464e66dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678632, "uuid": "b7f92468-4121-474a-80cf-e10a2baa500c", "comment": "Malware payload (Vidar)", "value": "53a2fc3205c94d9c8a8495b74dba41fe2dd8cecc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678632, "uuid": "915cfb86-3ff8-47e5-9a2f-98939efd3104", "comment": "Malware payload (Vidar)", "value": "942043a0be39a2ca622c0b7960e5bcd505063813ed11be0c4b6140a99eb53c99952b46f398c394f977bf7598180820c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678632, "uuid": "9911ee6d-8c79-40bd-84f4-4d560e2eab85", "value": "T1ACB41246E7F4A033D8B11B7044F702A31A36FD71AC7882AB3B449D5B49B3698547277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678632, "uuid": "1416ee6e-49e2-4dc3-83e3-3b68113d9f04", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678632, "uuid": "7592795f-d8f1-4d5e-86d4-8db8d4731e78", "value": "12288:PMrOy90wZ1hB+gvRcyOZu57S3iIBKM5rpONc9VO4UlUYJT+M85p:hyBZ1hQGJ5G3i5WXOj/szL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678632, "uuid": "623af97f-ac7a-498a-a162-0020e99cb64e", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678632, "uuid": "300a0edb-d845-41a4-94ea-837e6050fc35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678632, "uuid": "a846a5e2-3fd9-4341-b15f-a4b061be2dc8", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9dc772d-ef33-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683724095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724095, "uuid": "2c7f2c02-e60b-426e-bcc9-ebe69856b934", "comment": "Malware payload (Amadey)", "value": "abafa537f707b58810eaaa6b3d18e814", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724095, "uuid": "e3a4c998-30d9-4259-91c3-bd44635a67ea", "comment": "Malware payload (Amadey)", "value": "0b28322cd6b29229600304276441ed89f0362aa2dc6e9ca101c3f27fa7b3b4ec", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724095, "uuid": "7f10170d-c10c-4bb7-ba02-bce6d11d512e", "comment": "Malware payload (Amadey)", "value": "fda334d50e4eb0c576f452e4106bead0f5777b10", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724095, "uuid": "c70bcaa9-096a-4b18-b68a-f2d486ce2170", "comment": "Malware payload (Amadey)", "value": "c0b49814cc446d1c4357c9a932c247b657c0f21dc30219ceadc50924b14b2bc81e2bbea57d5d079a2668f2eda226de6b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724095, "uuid": "cc8db4c1-4189-48b1-b8a3-b8466a96c2db", "value": "T1CD242A4392E13D45FA26AB739E2F82E8761EF3518F19776932189B5B04F21B6C173B01", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724095, "uuid": "bc5c1ad6-9b6e-4c03-b9a3-06461ddb9faf", "value": "f0a1adf2f5b7a4f0da06f0ae432d3dc6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724095, "uuid": "c09a9e7f-8104-4ae2-8bdb-90fc39145d03", "value": "3072:fJFY1QXc5Iw3RFffUXXjLO+zOFtbsil5gETZ5qtDk0o:xI++IwhFffUHjLo/bTrqtDM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683724095, "uuid": "39d7aeef-b0f3-48de-b538-925d419eca51", "value": 221696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683724095, "uuid": "fc3d58f4-f679-49ac-ba9d-e8b8d0422ae1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724095, "uuid": "a337456f-ab12-4e5b-a082-14069994ffa3", "value": "0b28322cd6b29229600304276441ed89f0362aa2dc6e9ca101c3f27fa7b3b4ec", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8bca132-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683700149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700149, "uuid": "c4d5d9da-e4e3-44be-a9d0-34b340954866", "comment": "Malware payload", "value": "a805dba04af8c0e62f1f8e90c441b6e1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700149, "uuid": "a4a3bcef-6ac7-4ed1-81ae-a9bffb86fc71", "comment": "Malware payload", "value": "0c8fcb4201e67579906b7a3512f0f093297231ecad2b949a7b41d377f22b5d56", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700149, "uuid": "ea8e033c-05b7-436c-88fa-ad828324be6f", "comment": "Malware payload", "value": "18e6b6444187e12f5feb13a1613ae62ca77624b6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700149, "uuid": "897f3626-b214-4cd9-92da-8a524ddca037", "comment": "Malware payload", "value": "67086c1e8d3fa01988534f3a7f289a798970b4748858c93d2c4cdbd397e3332ce832ea3232046eb997338b6504a3bb61", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700149, "uuid": "edc6dc2a-9d50-4560-9114-bcac8e8b2d56", "value": "T119D4C003E2D17D60E66607728FEE86F8765EB5518F0937AF22189B1F09B20B1C562F1D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700149, "uuid": "2b33c76c-ee75-45b7-8a4e-144ce70fe3fe", "value": "6847c4a23533c8db62ddf8eb8d214ba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700149, "uuid": "8aa625e4-5078-4592-9214-b5dc0baaa4c0", "value": "12288:fY6enbKvRFuNvyOQZmAMbmBG4iCwsJ41:fYDOvLuNaOnz4iCHJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700149, "uuid": "6d21eca5-4e0e-48ed-b0e6-c089c907438a", "value": 652800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700149, "uuid": "7463abf1-ee74-4bdf-b096-a6f812db4b75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700149, "uuid": "055fa924-b7db-4d9b-a8d9-fdc7b2894960", "value": "a805dba04af8c0e62f1f8e90c441b6e1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d426a33-ef35-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683724772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724772, "uuid": "c58844e0-6c7e-4db3-a479-cddba9f05ae6", "comment": "Malware payload (AgentTesla)", "value": "3d3c71b93ef4cd41766cd368bf4a51ec", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724772, "uuid": "dc423b39-64dc-4756-8960-f3143635a12c", "comment": "Malware payload (AgentTesla)", "value": "0ce3968db7ddfd0142e51e303fc4159f3ec0be7c97f3af7a23f2004023840fce", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724772, "uuid": "5420f465-5e8f-4668-a855-90dbb36c181a", "comment": "Malware payload (AgentTesla)", "value": "b0316210167869244d0afa37ca3eb214532336bb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724772, "uuid": "6f42e685-8110-4bf9-a2f1-eba4b85498e7", "comment": "Malware payload (AgentTesla)", "value": "9061cafae7c4aa2b697ebf9b8859f6e77fe77b25e33dc73ea54ed99e01ef1975ef202785361aec5de0ad712d21e6a92a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724772, "uuid": "cb2e260e-8177-47d9-bef7-e41364daa760", "value": "T18FE4E074D0AE44F2E10E89709C78BDA61F7270D3F9F546343B3D6544CBABA943A8874A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724772, "uuid": "7da9ddcb-6a0c-47c6-b462-672374e1fc23", "value": "12288:CAPNj5AyHHwQLFpmPg6pnSb8YIQjIgtN5H+Hlth:X3hsRpnVQUk5U/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683724772, "uuid": "a785523f-587d-4f9c-96c6-53d98e3160e4", "value": 690176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683724772, "uuid": "2351f4f0-8856-4467-8a5a-ba4a6adc0a84", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724772, "uuid": "3581b854-2cd3-4ced-a09b-e1cd89b35c7d", "value": "nnew_po_202318731001_urgent_quote_request.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3f077e7-ef09-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683706047, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706047, "uuid": "c698802c-0c9d-46eb-a363-d5e80e7eb6b5", "comment": "Malware payload (AgentTesla)", "value": "b1779162ee18fdff9a550e23bec9b2c4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706047, "uuid": "9a0c98cd-ae0b-479d-a395-6c5b5840802b", "comment": "Malware payload (AgentTesla)", "value": "0d04d01b0189a6d129f0f8dab1afdd3aeef49eafad1d208c93f7bc3dc0b36394", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706047, "uuid": "ff8a5790-33a9-4d55-aca9-0adac80a7196", "comment": "Malware payload (AgentTesla)", "value": "94b91e117243fd7ef019dfa8f89fdf48bdaf3a51", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706047, "uuid": "2eab865d-0f2a-4a1c-809c-f9c334ece04b", "comment": "Malware payload (AgentTesla)", "value": "e0eec70850476fe5d36d91a42d1e3d436d7bf2f28feb47be327f21f9376ddfc53314114e1bc7bacc6ef0e93c86308e76", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706047, "uuid": "b57c7e1f-a3b7-4ce3-9ed5-50a3ccf53590", "value": "T1D24412107984C52FC6D3833B58BB6A161F6A612B9278670B5F509F0EB922F017F0D79B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706047, "uuid": "13a90d0b-59c2-4f97-974a-02ed552f75fd", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706047, "uuid": "68bb3e46-df1d-49ad-91ad-ef31552ba784", "value": "6144:vYa6yoYgwghim5gI7wPUqeXKCV3KDiyEvdiYLsqgTBW/4:vYkoLzsm5gfm3YEliYIBWg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683706047, "uuid": "728d20e5-f442-48a8-bd3b-a9480fbb8ed7", "value": 274287, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683706047, "uuid": "551a82e2-658c-472e-a8a3-e3cfa5b4f137", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706047, "uuid": "af2854cf-2dd2-49ca-ba95-0f740bde0647", "value": "b1779162ee18fdff9a550e23bec9b2c4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ee9bdc7-ef70-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683750035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750035, "uuid": "c3765cb2-b861-41fd-b298-f5741e921329", "comment": "Malware payload (RedLineStealer)", "value": "59549c22be50d96be933d5e5b7cb8b58", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750035, "uuid": "82d69c3e-b5f5-4d6d-a1c2-0ea221b94696", "comment": "Malware payload (RedLineStealer)", "value": "0d0fa8f27461ba22f67c0f01438f07d5b4d21408fb6814c1e20229937e54856e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750035, "uuid": "7985d16e-f697-4f44-be76-09f903fb7f35", "comment": "Malware payload (RedLineStealer)", "value": "c762ac6b3c3f97e7114ad3a8339bc90eacac7c65", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750035, "uuid": "8885575f-6f75-41fa-8025-9c5bc9192916", "comment": "Malware payload (RedLineStealer)", "value": "10079b46850a8c19178e9a0456eb3adf3a3cebaea2812b5e88b49d6d646eecca57610e7b0186a65144ca637fa3f102b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750035, "uuid": "f32784e4-2a70-4889-a235-f6363dca3767", "value": "T1E0B40252A7E88472EDB7177058F603D70A357DE19E3847BB374658894CB3290AA7233B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750035, "uuid": "ab3f7c94-5d47-400b-a639-db1528f3e600", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750035, "uuid": "8f2b73d1-8fc3-4a3a-87f6-04cd2068fa44", "value": "12288:rMrey90EjZ3HhdlQ3pWSX6LTcqKLWpu00rFm8kqS:FyfVq5wdk0yP/S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750035, "uuid": "ba7e6e37-59e9-4581-9caf-6e798fb202f2", "value": 510976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750035, "uuid": "fd93a1df-aa56-4183-a820-330aceb5a066", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750035, "uuid": "d22a9616-70ed-4219-b138-fabf6cdfb0f1", "value": "59549c22be50d96be933d5e5b7cb8b58.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3935c550-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683744495, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744495, "uuid": "af3f32ed-b33f-476e-bcb2-8de33f6d115c", "comment": "Malware payload (Formbook)", "value": "26ec8c56bbc594081afcee37dcb2ba4d", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744495, "uuid": "ca72726d-bea2-4741-9e62-fe9474e676d2", "comment": "Malware payload (Formbook)", "value": "0d697faaa434aab1f13b7b2fe781352880ae9ceda6b9430f6af0950f5ca832e3", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744495, "uuid": "bf0827fb-7dfc-4332-9505-9798c4329728", "comment": "Malware payload (Formbook)", "value": "6da3ea27a818969fc2831ef8c3bb7430341e75b7", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744495, "uuid": "0965eb2b-6095-45a1-a801-20f64e8577a5", "comment": "Malware payload (Formbook)", "value": "3860168861e8a3575837a6cb460ba512ee38d0ada778afb36fed211dff39972112d3ad374a1d56206f916d8f7580c94b", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744495, "uuid": "b4fbaff8-0ff9-4ce0-a1d4-840be28d4502", "value": "T14AA4230493A76C9782165BCF363B94EF78B3E0ED1B711B188103BE528C91DAF9991787", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744495, "uuid": "828acece-d5e8-48f5-b7d6-ea9d4b565b02", "value": "12288:tDRy+0jLbF7YR4/V8POSggNkk9Nlih89ksTWyMxS:1c+qlsQq1rRG4v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744495, "uuid": "420291fb-d518-4817-9621-bb39905b54da", "value": 486847, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744495, "uuid": "1fb73da3-5a9e-4726-bd56-525c59fbb556", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744495, "uuid": "9684dd74-3b56-4625-8952-f140175457b1", "value": "092726376263728.DOC.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b15ee4d3-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688433, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688433, "uuid": "4c2dfab3-a7f0-4868-a8c6-6b6f944b7e46", "comment": "Malware payload (Kovter)", "value": "21ba47cee02f4b2fa523f4acc81539d0", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688433, "uuid": "4f612b61-d47e-4b4a-ad57-52ed00f17f83", "comment": "Malware payload (Kovter)", "value": "0f54e0f3c3408647bf9844f9d97b64dbc62278091280b3d7bf1db5bdde3fc436", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688433, "uuid": "17fd06c0-8af9-4f8e-87b8-bf37b81c22a5", "comment": "Malware payload (Kovter)", "value": "fa0a9c6a10aa5cb581cd9422afeb9dcf739c414c", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688433, "uuid": "6c954383-7833-4ff7-96c9-fe393b8b0fa1", "comment": "Malware payload (Kovter)", "value": "d04d1c62bb463cdc65c7b60be886967021de5e6f0026a9d1390431a78453844eca1552ff9274e81825f751ba61d8c7db", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688433, "uuid": "e198f1c8-f91d-44c9-8340-9c5cd6d575ed", "value": "T1EE742836F640E637D42259FCDD0FD2E4A579F6302E381D47BAE51F0C98B5193AA1AA03", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688433, "uuid": "3b842474-9773-4502-94e8-edb4a363fb74", "value": "6144:QlgEenwKdnC0rrdGSkFFMMy0qzpBMYlDB/PA1K/Nk6F3wYQRq83a:xEsbE0rRQep5lxN3FAYHd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688433, "uuid": "b0028e03-acd5-468b-b681-704f44981448", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688433, "uuid": "298bfd7f-3520-4d2c-82ca-7a3d916c2161", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688433, "uuid": "02b61d00-b769-4b2a-b0cd-10ac1d62240e", "value": "2023-05-09_21ba47cee02f4b2fa523f4acc81539d0_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e5fd2e8-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683744504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744504, "uuid": "3eeac777-c962-4ad9-8c63-75e6f0358669", "comment": "Malware payload (SnakeKeylogger)", "value": "f9ed1fc8fff7a46011c425de115f358e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744504, "uuid": "deb9b9b9-f9ed-4c0e-bad7-fa548d2c2111", "comment": "Malware payload (SnakeKeylogger)", "value": "0f629b4e11087c4e000457daa326269c1ed26198d5a5e8f963d10e0be9dd77a7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744504, "uuid": "04bb983c-22b5-4f0b-9735-b8b75dd211e2", "comment": "Malware payload (SnakeKeylogger)", "value": "a6f8d4bee37a0e0f69f768089e5a67f9c73f7ad8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744504, "uuid": "ecba9989-2c5e-488f-acdb-df6b53a3188f", "comment": "Malware payload (SnakeKeylogger)", "value": "9b7c53ca02c90d4377160fdfa913cecc690cd588fa88afedf8e0f0498649e1914c72729858df24f78f70434a331a8c52", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744504, "uuid": "95596191-af88-49c4-be21-c8d4a887fd4e", "value": "T14EF4E011321A5B27D7A843FF0A28894513B87B16FD6BD27C2EDF21CDDD12B104A61EA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744504, "uuid": "17f36956-7557-465d-99d8-dd5f371f175b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744504, "uuid": "e6d3e717-9d76-486b-968a-5ab78a51ff17", "value": "12288:ckZfTH32IYTeU6dq5mtLN3bcyRs7yjkp8WQ4vDPuP/SlBS3:cyLHmICVSLRbcyR/jkp8WQ4vy/SPS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744504, "uuid": "cd49c52e-cad6-4037-9cb6-72cefae07e8e", "value": 749568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744504, "uuid": "cf201a9d-8d97-41c5-9bc3-894f23e9ad71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744504, "uuid": "839a32f2-77ad-43f7-8a39-112ec61e8c78", "value": "#ENQ-1885-23-TCR-AL-AWALIA-2023-RFE-5504.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c8f311e-eefe-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683701122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701122, "uuid": "48a2f8cf-ab25-4e6d-8f27-aa47a29cf817", "comment": "Malware payload (Amadey)", "value": "b644bf5241508dc88f935ba976e1527d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701122, "uuid": "83006771-f58b-4bb5-a16f-530ac11f153e", "comment": "Malware payload (Amadey)", "value": "0f91f82218d734d2f86b6a1fa0b6c8743e031caf1ce6481e138201309eaf224f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701122, "uuid": "ad88ed34-5680-45e1-b6ce-189c732bba9b", "comment": "Malware payload (Amadey)", "value": "95181a7faabdc6cb90b3e541ed7eebff0abf4880", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701122, "uuid": "609a678c-add7-44ce-9762-ee5e04c05c6e", "comment": "Malware payload (Amadey)", "value": "ec576ae1b4e41bb41d01edd5b2dbb6c7a72d30608effffa4359c3b908605106e9e090f31956264834f3b86d4598ce361", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701122, "uuid": "905e8fa7-73d4-4d14-aa84-532e7cdef120", "value": "T1F3A40103FBE55076D8B93B3068F606C70B39BDA1597847AE6B81599A0C736C0B43673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701122, "uuid": "d1a44b91-0f64-4e71-8094-5009c620b487", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701122, "uuid": "858cc1e9-a3b5-4dd1-a357-14e7b6d42222", "value": "12288:5Mriy90il13NkSElGbfA+WxxZFPqsM8gAaW9:Tyb13alMBR3Ap9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683701122, "uuid": "27b42846-a9d3-47ba-ab09-c8ee4a63dfeb", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683701122, "uuid": "85d16d3c-f434-42a2-aa60-40a4fa43a628", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701122, "uuid": "4fbf99bd-040f-448e-9279-97f218b0ce39", "value": "b644bf5241508dc88f935ba976e1527d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65fb5942-ef10-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683708922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708922, "uuid": "7d29ebb3-2139-4bb4-b1f9-b59beb2250a5", "comment": "Malware payload (RedLineStealer)", "value": "c9043d441e9126afa7fa4a05b59e6e26", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708922, "uuid": "33012e88-d71c-4fa3-a7d6-76b35a9653b8", "comment": "Malware payload (RedLineStealer)", "value": "0fc03c83991a6536ea19827f36b9293e26fa5d16b0a9ced638a8c11ab51c5248", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708922, "uuid": "7d6ca4f0-e6e8-4009-b289-b4984c670963", "comment": "Malware payload (RedLineStealer)", "value": "14f34c4c8151def86394c66b69280e598dc10513", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708922, "uuid": "2d1433b2-858d-465b-9d94-2ad254d2fbb2", "comment": "Malware payload (RedLineStealer)", "value": "edb80cebaed1b07223b3ed7000799d6fea00f440eaac6eddf4624ad19108f87babac7a950df64aac725a415d00104dc2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708922, "uuid": "3ed29684-332b-453b-aefa-cd649043bc51", "value": "T1BAA3285C33A430EEC467C039C9A55C25DAB17436130692EF51D386BD9E1EAC3DF396A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708922, "uuid": "7963a5ab-5709-4b58-a941-5f9d0612c36a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708922, "uuid": "936a8abd-814c-445c-a8be-7910fe1375ca", "value": "1536:Z8yV1ZGvOZnnlJ5t9UxrAwIVtdSDMvNcNIOOnQl+sdZkjbsCo90+E:9Vf5nj1wIvdSDMvNcNIObQsYjbs8+E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683708922, "uuid": "58b9b2e5-deba-404b-ab01-49bfc52e4940", "value": 106496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683708922, "uuid": "01310db7-b73f-4937-876b-47acd8de7a23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708922, "uuid": "b8ee261d-f43c-4456-8fa3-1f28bb76f23e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3442262d-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707121, "uuid": "6fda0934-7c61-4d58-9516-a8194535cc31", "comment": "Malware payload", "value": "46f3fb699c5db6c3c5a000dc04d5ff54", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707121, "uuid": "caaa8954-c5d6-4cf8-afda-97442ca01b17", "comment": "Malware payload", "value": "10008dd46c6c1e54876a6c3cf347c4eec743db7094fa1b062b246a49fff5a95a", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707121, "uuid": "377d3528-f6d2-4a97-a6ac-5e20b2149a35", "comment": "Malware payload", "value": "80fe1fd6d09cb0107f9692d95d7c981f076563a5", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707121, "uuid": "c20929ab-f28a-47e2-882a-aa67912b73d1", "comment": "Malware payload", "value": "da38c133c8b3b0ba698c6ce3f96f02b99c3eea22e0b77520137fa507860abf10615b8febb8dac7bfc5b1d45b6c37a98c", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707121, "uuid": "00d323e6-504c-42b1-9822-392510c76d40", "value": "T12855DF721A8FFDE62FF80E44E8A226480D88BCA75368D5D5FC8C53CB64B44A4ED55DB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707121, "uuid": "3335f2ae-8663-4fb5-8ea0-d218c6bd4096", "value": "24576:TYclnoYNOVGgVhb1uU3UfNwVEOfbcAbDUc1f15HYZT+lXPhxIlVkN:TPBbNfOVhlUc17H0GX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707121, "uuid": "bb6f9846-992b-4ef8-b7c1-f84f9e9c13c8", "value": 1324376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707121, "uuid": "94e436d1-cc69-46c4-9c9f-fb8b2f4c81a5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707121, "uuid": "803e73b2-9b0c-4d70-bee9-517c17cb4b4f", "value": "Qjsbkwevgr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1214747-eef8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683698794, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698794, "uuid": "c96e614d-9588-426e-ad01-c92d6e6c650e", "comment": "Malware payload (Loki)", "value": "99ff0bb3b61759a56dfd2d87c5287955", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698794, "uuid": "de10d40c-65c2-4784-a13c-89864d50968c", "comment": "Malware payload (Loki)", "value": "108ad52223146f11df1f746b5b2fa805905c183d0fab1ed35cabaa0226df91de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698794, "uuid": "17148884-2808-4b93-8360-f782b2fbfc51", "comment": "Malware payload (Loki)", "value": "2584eaa31d5560d06e374b2e88b9cb3acd70121c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698794, "uuid": "1bb85712-f85b-4ba0-88f0-40b69657c2fb", "comment": "Malware payload (Loki)", "value": "c914b272dbdfd28d6b02dc5a271304d9fa96095d988bb5ff2e445cf175a91004bc26a4b806b83f985b2796a43fbc724e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698794, "uuid": "a31add6c-89f1-4486-ab35-0a7b06e04059", "value": "T101058C3C21DA5C26C71673FA8989C5E103356F00AEABD26A227E30CD8D71BA3ED5551F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698794, "uuid": "5c6fddf7-71a4-474c-8456-895c95be5abd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698794, "uuid": "10a71c91-890c-494d-a98f-19955ada10b2", "value": "12288:jWd/gchqZfOtXy1zDSMh41RXWC5sl+UCFVX1BDRsCpM3ocmjp:jgggIqXIDSMy1NB5pUCbXTDKCpM4TV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698794, "uuid": "8286bd41-8634-4b29-baa8-e03ca21a89f6", "value": 802304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698794, "uuid": "f303b63a-9893-4bae-8d38-65c90bf3fc59", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698794, "uuid": "052a13b1-19a0-4642-b95d-5f049d117804", "value": "UktzFRSFxM46kdM.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "befe33ec-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688456, "uuid": "f61b8f0b-b1d2-45ba-b48d-6e7d25550a49", "comment": "Malware payload (Kovter)", "value": "b1cc84bd5876c8248a0d6df9a5fca310", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688456, "uuid": "5c14f841-c01f-4340-b67d-fb11f2dc4d25", "comment": "Malware payload (Kovter)", "value": "108eca1ca07bcea72dc58de2eabb9b4b693bb1a558758be02a262a07fdacc9ea", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688456, "uuid": "880f471f-b35a-4755-a8d8-dbefcc16aec1", "comment": "Malware payload (Kovter)", "value": "7b6e94d840f78f66925b57ceadf840aa8904a4c9", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688456, "uuid": "018bfba7-54b5-4b02-a207-980446145879", "comment": "Malware payload (Kovter)", "value": "307184450bc98b13060f63fac971d8a4195ff5160c5f8858b2ec7cc8a07ced305e2d53a24e6667cfc696f73ea285497f", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688456, "uuid": "3a8eb4df-d89c-4b1d-9daa-63c018bae518", "value": "T19A744B39F241E537C43519BC9E0FE2D5A579FA302E341947B6E51F4C88F91836A2BA83", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688456, "uuid": "f4cbabef-4097-496b-8b48-d47559bee0f6", "value": "6144:c2GAmvFSH/S2R95l4GBknTScyIE1GgXa0PF9PjwFi/FfPLYYcAQRqukg:ZGAmvFc/53rqqGgJPXFfPLaAjc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688456, "uuid": "1b17cbf3-5c81-4bd5-8a7d-80706cb5f964", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688456, "uuid": "53cf4fdf-168d-4062-adc2-5a3f7424e4dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688456, "uuid": "f8173c93-cbca-457b-b3a4-f66ed12ea0b9", "value": "2023-05-09_b1cc84bd5876c8248a0d6df9a5fca310_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85e188a7-ef4f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683736034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736034, "uuid": "8fde8b7e-3936-414f-b7b5-3ba41346031a", "comment": "Malware payload (Formbook)", "value": "fe3365e83f4a43d63e0394450e1e284d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736034, "uuid": "34129bed-abf8-4b91-ba29-0743252b5068", "comment": "Malware payload (Formbook)", "value": "114f4e62ec2b81ab45799a56b183ef282b2bc5c172fd9831af33c154b23034ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736034, "uuid": "08c3d3c7-19f9-4ca1-89aa-c697382d8bff", "comment": "Malware payload (Formbook)", "value": "f36a3148c6220bb10b0c828cf9818e75676d920f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736034, "uuid": "eb5a5c36-5297-4f99-b4cf-7c3c401bec1b", "comment": "Malware payload (Formbook)", "value": "9b938d9d9a700d42a60d8184fb6454c4bcbff267647b7394cc44e8e1ffa10e78798311ac301a53a76581bd7dfffa90cf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736034, "uuid": "9d7feb39-b2bb-43c7-915a-63bddc387604", "value": "T1A2F4E011721AAB2BC76943FF0628494513B87716FD6BE23C2EDF21CDDC26F504A21A67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736034, "uuid": "f48f675d-8418-489d-8abf-3e8ad9e3b858", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736034, "uuid": "039a898e-6d67-4338-b819-21eb23357676", "value": "12288:xdZfTbsC8pAhY42pX13LLA2qpDJzn70NsF/qBth53rSdxj:xfLb78qhIF3LLRkzF/qh536xj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683736034, "uuid": "c421d983-5a42-41b9-b302-46133c8d4aaa", "value": 792064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683736034, "uuid": "68516244-240e-4688-a1e8-577f809fd655", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736034, "uuid": "d1dc8c20-fcc9-4f09-91d8-c7ba4f3293f1", "value": "PI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cfac576-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683704102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704102, "uuid": "2e66190f-3f17-4e83-bc24-9689ade4bc6d", "comment": "Malware payload (RedLineStealer)", "value": "ed9ce92213145c8199327c50f952f02d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704102, "uuid": "ec3a5fe8-b2ba-4aac-9996-8938acbc20f5", "comment": "Malware payload (RedLineStealer)", "value": "127331248be3658c2f1156be9b8df2462ae511a94f73d3251f76ff294424b2cb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704102, "uuid": "9fe5de3d-62f3-42ec-a979-35d4d27cee0b", "comment": "Malware payload (RedLineStealer)", "value": "d2e229ffc6f4c597b605d7f4b8d688682aabb383", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704102, "uuid": "e5de9e63-8272-4d72-aa63-ec4dc44a8056", "comment": "Malware payload (RedLineStealer)", "value": "0b17c78e3900cdbcff01c82fffb8018523500127ea92af89468184e881cab6bfd55ca5dccc8bcc8b9b832513ac5518c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704102, "uuid": "dfc6bf7a-c77f-477b-afe2-06ccc618b877", "value": "T1FAA40213FAD84132E9B5277069F702830B35BEE0493887AB378A554B1CB2784B5317BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704102, "uuid": "fe05f5b9-5ca4-4c98-beca-288ef38b2a54", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704102, "uuid": "73f90bf7-d567-4dd2-b75c-fd9ce851b6f7", "value": "12288:sMr2y90VJMqiIM8zPCz8JfzjzQZ8cuzTy4Vz/h/wx3DOn:aywJMqiIVqQ+8caTls2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704102, "uuid": "cf710c4d-7a84-4d39-82c4-e1c45393ae9a", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704102, "uuid": "e8c474b7-4ea5-4b57-9fac-8ce7db057007", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704102, "uuid": "1044605c-ada2-4036-b714-381415dd902a", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8cd2dd7-ef10-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683709115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709115, "uuid": "de678c40-7724-4303-a008-5e66dcb8b4d5", "comment": "Malware payload (SnakeKeylogger)", "value": "14d85f94e567f4ee70aefd4095dbbab2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709115, "uuid": "e1336663-149a-4d79-a28f-34e039e21db9", "comment": "Malware payload (SnakeKeylogger)", "value": "14bb9061c88edb4893743b336e0737f43f922cd6714cb78fb7939fa825da64a2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709115, "uuid": "ac619809-556b-4d24-bd8b-bf4275ee7a67", "comment": "Malware payload (SnakeKeylogger)", "value": "f22ea24d8a4e145e70fc10d2eb661c23ee86d689", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709115, "uuid": "6efa7789-8c45-4701-9db9-4a87e3e554ed", "comment": "Malware payload (SnakeKeylogger)", "value": "ad6233452dc72e706ae8bf50818deb4a5664b501ddfe38ac0f5825f4cd57badde5a7843187bf5ee3f7841a1ac54b25b1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709115, "uuid": "e5f6f8ad-e14f-4011-b104-e46ddba4ef92", "value": "T1E6058C3D61DA5C26C31573FA8998C9E103356F10AFABD22A227E30CC99B1B93ED5154F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709115, "uuid": "1b1a31ba-6507-48c6-ab58-221ffda0ad4a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709115, "uuid": "a940038e-daef-468b-9b53-08223615d5cd", "value": "12288:YnSD9qZfOtXyXJJt9kQw0HEYXnay/8Vc6nNFEVAtFJQCKtZn:YSD9IqXMY0EQnaHa6NFwAbJ3M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683709115, "uuid": "23a53d84-b011-45a6-927e-fe47cc383370", "value": 833024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683709115, "uuid": "7987a0ba-ea93-4d1f-a56f-83b2c09608fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709115, "uuid": "0abb898d-62d7-46d7-ba49-3ea63faf4709", "value": "wire receipt-doc0000022020321.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6b8ac71-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683705702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705702, "uuid": "5d7f6583-b87f-4fcd-8751-192ce9482b42", "comment": "Malware payload", "value": "9921beee3244115698e599d2a7447976", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705702, "uuid": "a85c600e-a24a-4414-8699-76da92d08458", "comment": "Malware payload", "value": "15990ee40fd498a235c0a28b0e359f99c8ec57ccaddfe8893f3de1352246159c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705702, "uuid": "ae1f36b1-3fc9-42b2-bd66-611760ef7661", "comment": "Malware payload", "value": "68a1f113326cb39d0d3028019d94a5c2339f902b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705702, "uuid": "d8491e7f-91d1-4af3-a5d7-5035fd7145f2", "comment": "Malware payload", "value": "3acc7b181d3bf7c67a1d2710d50bbce634060bef63247b669c2c79ea2701aaf8596a3aa5dcc4c2750aaced8f1ff9d1b1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705702, "uuid": "539f6e40-57f7-4026-aaba-39eddbe6fb7f", "value": "T16114BE13A1A2ECB1CA674671886AC764763FB2204F656BDB27651B2E0F702F1DB37305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705702, "uuid": "016de706-2f07-4d11-b201-16835820b26f", "value": "d6e38e93e2c03e762f36d5d472ed334b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705702, "uuid": "55df1721-a3df-4740-93ca-c3f8895036b7", "value": "3072:SpXOihHJEfLXke/dzgLKWkCxBrCe6UZQrlvPvm/mKO5wR:OOihpEfLXk4djCxclvPlqR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705702, "uuid": "47d42478-f2bf-4ff2-a10d-ad3a613c5e6b", "value": 193439, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705702, "uuid": "834bf3af-6d65-4167-b882-06c94c44d5e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705702, "uuid": "fcbe9441-f976-4cea-881c-1af2685e8e74", "value": "9921beee3244115698e599d2a7447976.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "365c96f2-eef0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (XWorm)", "timestamp": 1683695098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683695098, "uuid": "f7561869-ceff-4251-a830-d1c819133798", "comment": "Malware payload (XWorm)", "value": "5681f190a1d7c696efa487fa0100e96b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683695098, "uuid": "67f27bd6-949c-4c3c-a895-8fbadb830bc3", "comment": "Malware payload (XWorm)", "value": "16fe58bfaee64cce35f0f9470ccfd136ee9916f5befb7e599e21cff53d4506d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683695098, "uuid": "ef28c7e2-44bb-488b-935f-bf7172f2bd33", "comment": "Malware payload (XWorm)", "value": "b1e121e5f9bd86547cfbfd21b371d1f5ce31302d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683695098, "uuid": "588f3964-32b9-4fd4-9937-68f1cf17f689", "comment": "Malware payload (XWorm)", "value": "c89881ca77ac5a554229a39bbd07d77bda502a84d0d8782cf9f9af1d8bc67da0162f27fd7726d69ee43cfe45c127d86a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683695098, "uuid": "591f80ca-1254-4183-a619-48865c7a08e5", "value": "T176C3C910267A207EE0238F775ED8FDB589FCE9236A0B71B6206193164772E06DC5D8B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683695098, "uuid": "d4a30530-c8bb-4315-b69a-4c7bbd915a1b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683695098, "uuid": "d9b7e3f2-ab21-498d-87d1-fe42d5b22380", "value": "1536:9tTCNFtdNwCjK9n9guC19+xf3WDvzzrqYbcvn:9tTeFnjK9n9pb3c3rqocf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683695098, "uuid": "0af4a9c0-7ea3-468c-9d1d-2ac86ab2f6f0", "value": 128512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683695098, "uuid": "16dfdb4c-f5e2-4741-ae51-019c69d40c47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683695098, "uuid": "46617ef8-7eea-4c46-bf6f-5bad8a7138c3", "value": "WindowsApp6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20be07e9-ef1e-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683714819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714819, "uuid": "589f9178-8e67-462f-9d3a-fb06a0875b1f", "comment": "Malware payload", "value": "ffdf510dac759b90ec0e44b755fdb09a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714819, "uuid": "9b765726-df8c-4297-883a-caed24faa8f3", "comment": "Malware payload", "value": "17745cf313048c8618b348f3ed48abf6dc440e956a33ffdb252e53d6c05062a4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714819, "uuid": "7b3d336f-025a-4219-9008-9f2b62b7d550", "comment": "Malware payload", "value": "d86e028a183b97eb25b6be420ba2bc31c3363239", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714819, "uuid": "966c5eb9-298c-453b-a203-3250abc9bba4", "comment": "Malware payload", "value": "eece5879d392b8b9b96c03905210111e004b25f593c95e038dcaea95415b11bd82eabb8f3a7df02398ae29167d37c941", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714819, "uuid": "39c6b6aa-d279-45e1-9723-ccd45081b3c1", "value": "T173D4C00363D57D24E9674B328E2EC2F8265EF9604F5977AF22589F2F09B11A2D172F01", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714819, "uuid": "8b0de175-980b-42a9-9197-f172af45c57b", "value": "6847c4a23533c8db62ddf8eb8d214ba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714819, "uuid": "6355f732-708d-4576-8a28-f626c987482f", "value": "12288:5mRIQ0u3hUFKWMK5TLC+t/bon0hGiH+4Kzuxzx:5mRssUFDMwPCI/xMIVKMz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683714819, "uuid": "02a2e321-ea51-470f-8bdf-2e048f60aa24", "value": 652288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683714819, "uuid": "f216d353-e69d-4fbe-858b-8d6187fc5dc4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714819, "uuid": "205cdd73-08e2-4f52-9f36-7cbfc439cee0", "value": "SecuriteInfo.com.Win32.TrojanX-gen.5053.19713", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e07635d6-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683705692, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705692, "uuid": "a54e4723-3726-425f-a98a-4f5ca71a66cf", "comment": "Malware payload (AgentTesla)", "value": "07fe4a4ed7d69821cbcc216c3ff3b109", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705692, "uuid": "d6f875d1-6891-4db1-a0b0-0b4335cf7d52", "comment": "Malware payload (AgentTesla)", "value": "1815892a1d6a47e7d5c2108743f78e20cf5b2283ceba13f232c780dddc3c5324", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705692, "uuid": "38db7cfa-a058-4efc-9a8d-f6f4bcda0a42", "comment": "Malware payload (AgentTesla)", "value": "a00e2c8f2c531b2656695eec954fbf99969b8314", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705692, "uuid": "05938ee0-4eae-44de-9a80-f1da31086e6b", "comment": "Malware payload (AgentTesla)", "value": "c3065c2b6026fedc19469f94502d5f0a51a2e96ac98b2ae137c26b25aec2110fdefd384e3ff077ff3ae1376b3d81305e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705692, "uuid": "d0417f84-9c39-4933-be2c-0712b37ed1e9", "value": "T10105E111316AAB2BD7A843FE0A28454513B87716FD57E23D6EDF21CCDC22F004A66E67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705692, "uuid": "55498edd-096e-4961-927a-f04400635a6b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705692, "uuid": "412288a4-7b1b-49e9-975b-80d22b114ba3", "value": "12288:70rZfTQXyyH0bUnOy+/kR3FJXdfETh3LoBkqA0urM9RCUiw+LJkSiI:7OLQ9Hw5kRFZdsThkBXReHkSi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705692, "uuid": "0ef1cebe-73e3-4a10-ba57-63220479507e", "value": 804864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705692, "uuid": "ead00e02-0784-4066-a9fc-a70533d478bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705692, "uuid": "82018102-3068-4b49-857b-eb6de1f48576", "value": "Request for payment confirmation for Invoice # ISB-49677 for the month of May 2023.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77f92f01-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731286, "uuid": "97fcb48b-78bf-4e2d-b32d-f0a5c79f5c0a", "comment": "Malware payload (Mirai)", "value": "5a8dd83a1349dd3f37fa60972587935f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731286, "uuid": "f51e7afa-bb58-423a-8b01-247e1ac32b89", "comment": "Malware payload (Mirai)", "value": "1992a1e9920a0a787515c84926a4ce2aabf436bf670927cc9003c66f46ac93a8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731286, "uuid": "17b19616-9855-454d-b71b-ca46d239acd5", "comment": "Malware payload (Mirai)", "value": "bdc568d119289b12d600cc28d0fccacdc91b8e63", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731286, "uuid": "43c06fe5-c35c-4a4b-bee0-9c9fa5c2223b", "comment": "Malware payload (Mirai)", "value": "e59531a0b319c41fb352f74eb68015edcc1bc00b771bf203d57290a314b14cf32af3c378a7a98646eb738e1cf3a25ee2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731286, "uuid": "e106a46a-d87e-4c8a-b81c-3f60362511f8", "value": "T1752302B0FD11ECE3C6F41CB4979E0D86A3590774EBD2E17962096D663E41C062B756C2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731286, "uuid": "1dde49c8-527e-448e-be41-ce893a7313c0", "value": "768:DVdAj4YZBOgzktnEzUULV4n7/1r9q3UELaHZo8c/X6FzbotFK3jRi:DTAj4YPLQhE5qsLa5o8sX6FXotFw8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731286, "uuid": "ab2c3b88-b7e2-48e2-b4ec-648c0375e30f", "value": 48700, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731286, "uuid": "1b551ff5-4a74-4a76-afd6-fc4872803a31", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731286, "uuid": "ece56214-c2b9-4d96-93c3-cac679d22595", "value": "5a8dd83a1349dd3f37fa60972587935f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e18dba74-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683704405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704405, "uuid": "faa3f24e-af2b-4d6f-a579-cd4140f292ca", "comment": "Malware payload (SnakeKeylogger)", "value": "f73ed82e60c5ec6c519a73953a03685f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704405, "uuid": "783c6729-7cf6-460b-bd30-c6d66d2ff28a", "comment": "Malware payload (SnakeKeylogger)", "value": "1a3b961a9b5d76e0028382423f14a35192cda3d3a6dee88fb812c90b1971bf2a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704405, "uuid": "87b1dd6d-ddf6-4240-9bb8-d4e7df3d58b0", "comment": "Malware payload (SnakeKeylogger)", "value": "7a551ae433be61b104ec3703c1d15f492ff45e29", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704405, "uuid": "21aaa750-deba-4a4a-862d-cc053d642340", "comment": "Malware payload (SnakeKeylogger)", "value": "508a58a818b1406492297fb54cc38dfcfdcc75c8c76d7fa7d7ba827d7ae37511ea9471d1973fe051e4914fbe4ecbb2f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704405, "uuid": "b8616fab-7cc3-4388-a001-618a695e3a78", "value": "T197254C91B1508997DB6B47F26D29553012B67E5CACABC10C1ADE77CB66B3302209FE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704405, "uuid": "75408624-5ef5-482f-983b-c4d1cc26a3e6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704405, "uuid": "411e1497-f449-4b5a-94bf-2588f12dba37", "value": "12288:gP/AZfaGjLaj2BDJf/o9fZ+8wL8BIzG5hFo/NEH1A7:geCG2MN4OLXahFoU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704405, "uuid": "1567f7e5-85f4-4b7f-8c4c-19c5cef2ad80", "value": 971264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704405, "uuid": "2f5b360f-3cf5-4cb8-8735-4cafe858474f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704405, "uuid": "5b28adb5-68d0-4c8e-8306-d3c3302b3209", "value": "PO RPB203 & 208.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26a556c5-ef3a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683726855, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726855, "uuid": "402fd714-897e-41a7-b7cc-803c8980574c", "comment": "Malware payload (AgentTesla)", "value": "4ec732f973db5082b1ad262c6a5c2fec", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726855, "uuid": "a3a8d329-9965-4c94-94ea-f9b29ea16ef9", "comment": "Malware payload (AgentTesla)", "value": "1a6889803b766ce102a10973126f946e3618a0f80c1cee6d902304d2ffae06c5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726855, "uuid": "3b8848db-23ea-4155-92b1-aaf512a75138", "comment": "Malware payload (AgentTesla)", "value": "7badaaf813643819cd9d1b8036ccf138a3b74a71", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726855, "uuid": "c3468d74-7e0a-4264-89b1-e6d2128b2f2c", "comment": "Malware payload (AgentTesla)", "value": "0abdfbae2f44044efffe27915fa110cab3af3733019176d6bbbe07f4cc22be4757831198b6bcc666c01315f47453e5da", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726855, "uuid": "0aa75084-fe58-468e-a970-a047b1a900f7", "value": "T10585CF219AF51D4BE022ABBFD8E3735666B8F7F20327D6971980578E5906AC0DDC0723", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726855, "uuid": "5f71dd5f-1249-46d3-932a-f1eb3ca5aa94", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726855, "uuid": "28a675c7-3465-495e-88b2-580801c8f757", "value": "12288:h6lAgQ7UpYpFz7pUl1xXb4RQju+TtRlMt5DTPaiJ2cH3RnnrgYs3a:jPaiYOBrfGa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726855, "uuid": "fac8b41e-ee8e-4f45-a2f7-7ba75079cc79", "value": 1859072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726855, "uuid": "02c1af3f-1c70-463f-b9fa-3ce3160dcb07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726855, "uuid": "07f95f92-e213-4dcb-98fc-fc86daf26861", "value": "po file 778654390.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dc10250-ef25-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683717847, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717847, "uuid": "efc5252a-67db-4a74-b54f-34687e78eb79", "comment": "Malware payload", "value": "cbe2da059fbe988d3818b6efa856d604", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PUA:Win32/MediaArena", "colour": "#3F917F", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717847, "uuid": "6f62a9e6-26b2-4bf1-a2e5-a12a5bdf3faf", "comment": "Malware payload", "value": "1a942595fb67ff75457c24a6ad753ad3c13aa41abc9ba6cb09c5e02d7863e758", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PUA:Win32/MediaArena", "colour": "#3F917F", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717847, "uuid": "31724596-2b18-412c-aaf0-27bb267d0894", "comment": "Malware payload", "value": "7ab5f0ce5f9fc8ebd460f37a784ca2086153e919", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PUA:Win32/MediaArena", "colour": "#3F917F", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717847, "uuid": "eaeafcd8-67eb-4d1f-8cf7-c33199d8d9ed", "comment": "Malware payload", "value": "0e0df45b66de73cb7a2d0dfb652d2693bad714b84eded0bc497662d807b9b5aadd5e76b3b2341f2b355f3c77ba8338bf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PUA:Win32/MediaArena", "colour": "#3F917F", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717847, "uuid": "3a4f1127-cacc-4c28-babc-b29bb994a010", "value": "T11E26F152E39C5B76C04FEA787D711D6266F7F84B903997CA1A04C97A08EB7808B24737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717847, "uuid": "1bb98671-52da-4ab0-9abb-0c94d34812f5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717847, "uuid": "bbafd61e-f12f-4099-9c80-556b1e4d474f", "value": "49152:FW2R4AnaxLJw9KIDDzu8MDi4+GICz/VYiNIBd4NXyPr/Sx4fnepVA4GORoEcmamb:LR4JJR8hlG/75NIvPex4vi1n6/AYTv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683717847, "uuid": "b0eed938-7594-4fb5-8958-8bb8d1a468fc", "value": 4637432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683717847, "uuid": "de9381c4-5a7a-4c3d-b096-6d59530e951a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717847, "uuid": "57732d1c-d564-4a91-8c6c-79a1df2d4e8b", "value": "pdfmagic.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a44bd6d-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683744497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744497, "uuid": "7169542f-13ea-4b55-bd99-bdefc04d3438", "comment": "Malware payload (Formbook)", "value": "98ec1de92ac3b5aa27834d926a89face", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744497, "uuid": "9e8a0bf5-8838-4095-a4da-748e53ff95ea", "comment": "Malware payload (Formbook)", "value": "1bf2322dc86d0a5eb65a3bd7dd1df705fd8510cf08873cf19ba55f237e361e50", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744497, "uuid": "3abcfd35-3792-4d7a-8807-bb8b669d7399", "comment": "Malware payload (Formbook)", "value": "6e7ead6c3d5a7a0a73c1f2099ccc993a6900bfe9", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744497, "uuid": "97d6d6c8-bbdb-453b-b609-05468fb9363c", "comment": "Malware payload (Formbook)", "value": "952a23e4555281910d54d0d1051a1b62df4ad8e74371ca61624ace173b7f888d020a4367402cd4e72ff0311e9aca9d42", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744497, "uuid": "314c3038-e5bd-4624-9cbd-a570cab2ad8a", "value": "T116A4234453A358E2C1495B5B372FA0EBB4B3E09D2A721F189503B643CDA0FAF95E1787", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744497, "uuid": "850ba04b-964a-4b7e-b4bc-cd55d920d915", "value": "12288:oDRy+0jLbF7YR4/V8POSggNkk9Nlih89ksT/1gLxs:Ec+qlsQq1rRG49z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744497, "uuid": "abbde334-ed26-4902-8343-7fcd95a6adcb", "value": 486858, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744497, "uuid": "40ee2a0f-a623-4c07-98e6-3fbb3d914b12", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744497, "uuid": "e6d95640-62ff-45dd-a9b6-0cfdea38533a", "value": "Bankovni podaci u prilogu_1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44f309fc-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683729053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729053, "uuid": "ff694257-f6ca-45ca-bce6-17b1da2eed4b", "comment": "Malware payload (Mirai)", "value": "1eb3f74c69d6b7859211d3c739ace0ad", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729053, "uuid": "a14e02bf-4b7f-4006-a5d8-61fd806aa342", "comment": "Malware payload (Mirai)", "value": "1d253c7ed2347eb7708a31b5ae798593064131acfe514fd0449d4c901be59bc3", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729053, "uuid": "9e329983-eb80-453f-80ea-fbade57d3832", "comment": "Malware payload (Mirai)", "value": "aefd5edff1738d041a627d2e3341373418322c7f", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729053, "uuid": "427ccbbb-1150-466a-b7d2-5e781cfd770f", "comment": "Malware payload (Mirai)", "value": "58e61d686a7e61f4e819f6fd258b74315618dbdf2b8eeb1e053e6dd21077de4797aa37b73128df159f1fd54f8c7e2efc", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729053, "uuid": "117c53a1-273c-4ae1-baee-9cbe884895cb", "value": "T1CBB33B376251C97AC08356F427EBC5729D13BCBB0B32219A33D47D60AF368DA1E99B05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729053, "uuid": "68d30870-c99c-486d-89e3-d806b899401b", "value": "3072:kiry859a2ADJf9wHYqbgFFo8+HeAx+TRCm7FnVqfJXFWbNb:T9a2aLqkrMMsm7FnVqfJXFWbNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729053, "uuid": "17e9568d-4210-42ef-bfae-d7a97bf26a1d", "value": 116503, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729053, "uuid": "8eea0e80-1978-4323-a47d-f54c31e59571", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729053, "uuid": "81398a06-9cf0-46c3-9384-45f8173d2517", "value": "1eb3f74c69d6b7859211d3c739ace0ad", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3dbd609-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (WannaCry)", "timestamp": 1683688437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688437, "uuid": "69a12b5f-f93b-4d16-8d34-13de2f075989", "comment": "Malware payload (WannaCry)", "value": "356388cdb4f74188812fa44c0aef000b", "object_relation": "md5", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688437, "uuid": "972f6f9a-fd2b-478e-8aae-d3e3dc978fe9", "comment": "Malware payload (WannaCry)", "value": "1d51d46e07d1aaaf34b8b43371bb71aa87812b226341944ab661c286e66de4cd", "object_relation": "sha256", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688437, "uuid": "cc93b53d-4974-46e0-8cf1-b97de4f1cab9", "comment": "Malware payload (WannaCry)", "value": "59130f7b2e63422da6f620fa29cc6837903584cb", "object_relation": "sha1", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688437, "uuid": "3f42d4a7-0744-4471-b2f0-ef9df4d3da03", "comment": "Malware payload (WannaCry)", "value": "33534c62fd573c55e3ad901837bbe24f30d3963c0dba4cf976c7cef37c0e03f88835fe8f7d8c80e542192cd1f481092f", "object_relation": "sha3-384", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688437, "uuid": "f066b5e6-9ea4-41ea-a358-85852872d7a7", "value": "T128663364652CA2FCE1450EB84473896AB7B33C55A6FF5E1F8B8086660D53F9BBFC0601", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688437, "uuid": "95d30463-89c5-41a4-a3cf-c066d787157c", "value": "9ecee117164e0b870a53dd187cdd7174", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688437, "uuid": "2503e28d-947d-46ec-897d-fc1c187be504", "value": "98304:f/qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8jHI:f/qPe1Cxcxk3ZAEUadzR8jHI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688437, "uuid": "51001d8e-22a8-4d69-98ca-0937a5abfa4b", "value": 6729728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688437, "uuid": "923f5630-62c0-4830-b46b-d27bdf0589bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688437, "uuid": "a81391ad-2dc2-4f91-80b6-cfd83141faf4", "value": "2023-05-09_356388cdb4f74188812fa44c0aef000b_wannacry", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1df1c0d1-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707083, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707083, "uuid": "0ed94bd3-8451-40ad-adf4-631bd44c7fd3", "comment": "Malware payload", "value": "e8dab2e9e4a76c34a8fd6b98dc46b868", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707083, "uuid": "687ddc7c-088c-42fa-b61d-f933f80b6755", "comment": "Malware payload", "value": "1de205e147dcedbf8699bd3e813157d7d5bdedd6169864edaa9dfa4aacc478e3", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707083, "uuid": "cd15c673-bf0f-4b63-9cf7-177a40f2ad31", "comment": "Malware payload", "value": "6943e1a348a1526e4f34acf284e86bfa186cb438", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707083, "uuid": "64fa23fd-57e6-4804-a24c-13c85feda848", "comment": "Malware payload", "value": "30e06d9786ca4e828624624e524db05174da7b7ab38fc1bdce69059bc46188f74abbd7ba5bced810ae0c1cfd10c3e452", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707083, "uuid": "5fdd010d-0f3b-4c79-98e6-7acc5126da2f", "value": "T1AF55E0321B92FFEE3B6D1C88E8D616441C846BBF52A88094FAC8455B6EB54B4FC75C70", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707083, "uuid": "5ac4190c-986d-49ab-98a5-1444c92a30ef", "value": "24576:JAz3U0lvA90MR4zCeKOq/QeNOpOFSL5MdYpFmogOYRQw:pxib56YmfOYl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707083, "uuid": "eda4be2e-7780-467e-847a-64cd0fc02aff", "value": 1325740, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707083, "uuid": "bf3f74cf-f82d-4be0-87a7-9a49a9a72da6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707083, "uuid": "023d059c-3bfe-4a22-a796-465e65e843dd", "value": "Vkzrsdaxtrw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4c9af77-ef39-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683726771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726771, "uuid": "06f3b0e1-00d1-4701-baea-c27baeb449d1", "comment": "Malware payload (Formbook)", "value": "21db3846dce3d8465d9bfcb8e1a89eb3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726771, "uuid": "65c32505-a568-44e6-9aa0-2fd9e0ff9f28", "comment": "Malware payload (Formbook)", "value": "1f3e2e4828e5254eb321e357600476932a047e8f1083ce39d4f2f919b25314b0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726771, "uuid": "edc5f43d-1468-4f9b-b1d2-754d038557a3", "comment": "Malware payload (Formbook)", "value": "fe8f854b498067a4b498004e228e104ff061f47b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726771, "uuid": "e99d3afe-0ffc-427a-a848-0fc932ac816e", "comment": "Malware payload (Formbook)", "value": "e2d2777c32914b5d8aca5a7ca5960786f0f13d230ac3d019842c167dce0628fcb7d924fb211d15a986e4c834e47990f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726771, "uuid": "37ab994e-d7e5-49b5-9c91-831c0336f099", "value": "T119158C3C62CA5C26C75673FA8998C5E003356F00AFABD26A267E30CD8971B93ED5154F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726771, "uuid": "667d701c-00f5-49a4-8e57-996e2c28a739", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726771, "uuid": "2f48447a-03da-4b22-a4aa-b696934714a2", "value": "12288:P9y8nqqZfOiXylBpZYHsV77UBgjXXMwiw7KkgOdbCyhHSXQMsGR+5:PdnqItXGYHsVUBgjXXMwLWkgyyXlPk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726771, "uuid": "ef943b3a-a303-4cfb-9943-f09a9370babf", "value": 899072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726771, "uuid": "90a17279-fcf8-4c12-ac65-9d40425ed641", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726771, "uuid": "4d71fe42-7bec-4426-9c6b-78030c62fb17", "value": "CTM REQUEST BIRTHSHIP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e80872a5-ef0d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683707852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707852, "uuid": "df070c80-0153-4618-9be1-baa8e45458f8", "comment": "Malware payload (Amadey)", "value": "d986a839923680a15dc8fcb26750f46f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707852, "uuid": "c91df267-9f50-4259-9000-f300b3164394", "comment": "Malware payload (Amadey)", "value": "21047bc590e65416363e5b0053449d3e91777e7cc05610f4e06a3ce3a05544dc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707852, "uuid": "1ec8a553-8df4-4eae-bc16-74aa4f655ebd", "comment": "Malware payload (Amadey)", "value": "e5c9936d61e23b222d6aad1f2333d8488a7fabc6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707852, "uuid": "da74fb21-9480-4bfa-9b0a-10621e292bb8", "comment": "Malware payload (Amadey)", "value": "7596080240bd6bfa2e141540c685d9fd98aab350e85e0cc2dca23c4f7a935adb3e5091125081fe3b79f51b545cbf767b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707852, "uuid": "2bf60f8b-354b-4975-9acc-eb6d2c910e77", "value": "T1C6644B03E2E07D54E62646729EEE82F8765EF5A14F0937AF22189B1F04B15B2C172F1D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707852, "uuid": "2715005e-d67f-43ab-b222-f3e0c52af218", "value": "6847c4a23533c8db62ddf8eb8d214ba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707852, "uuid": "c1303aa4-c8fb-42ba-b2d7-b6f7054bb751", "value": "3072:hJb01RX4DkE4NaMAFuvmX/6DDNZZzYeJD0Asd5apvt07gstiFCoTXDKkE2Zo:iRAyFAQvFDDNrzYfKqM5FCvu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707852, "uuid": "a202d1e6-630c-4f53-830d-de1d67abea7b", "value": 334848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707852, "uuid": "9da4d7cd-d57e-4aa0-91b7-431c0b9056e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707852, "uuid": "59e7b86c-23f3-4f36-91e9-1949f152c87e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "254ec99b-ef28-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683719122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719122, "uuid": "6f4babd7-bda7-414c-ba05-32c0c1fc02e1", "comment": "Malware payload (RedLineStealer)", "value": "ba58700ec1dba49cab617382527deb84", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719122, "uuid": "c0632667-07a0-49ab-b1c1-8e1216d1d9f3", "comment": "Malware payload (RedLineStealer)", "value": "215ff148c1cdc4079f431232f061bf3bbd876d3b7725acb300d44dfed6f90072", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719122, "uuid": "11d1ead2-5057-4841-b0f4-ccac79302f28", "comment": "Malware payload (RedLineStealer)", "value": "7ba91b6ab989af35d0a557aa05b81634daa24734", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719122, "uuid": "08e4870c-decd-4856-a3fd-a8d8572662b8", "comment": "Malware payload (RedLineStealer)", "value": "5c56abd3fb515c2ed7eafb1e89b1cc7c2aef47a9d971b4e8e4a391f027270dd35540eaa3af701b66c4a218c132cd872d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719122, "uuid": "d8c41502-cd36-43f4-bff8-eec87d00785f", "value": "T130A40216FBD841A3E9B11B7088F713C30B36BD605D38836B2795A95E0C72AD4A57272F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719122, "uuid": "77cb1888-5a99-444c-b585-be08d0b11df8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719122, "uuid": "c2a8db14-948d-4e55-8399-e21117a758c5", "value": "6144:KJy+bnr+8p0yN90QEBOgNVVEGAdAblm/k53ueGwtfhSbwFZdikKwvwsent/9XEVK:/Mrky90/OgYAs/kd5GwFFKkKiS7XE01", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683719122, "uuid": "84826a2e-8170-459d-ac2c-a7bfc86a1ca1", "value": 489984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683719122, "uuid": "e46ab762-9ec2-456b-9c29-56d3cb536e0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719122, "uuid": "4eea3db4-c537-4b8c-963c-7840299b6213", "value": "ba58700ec1dba49cab617382527deb84.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbb9a520-ef3b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1683727642, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727642, "uuid": "6752e564-097e-4193-afe7-cc72db7abdd0", "comment": "Malware payload (NanoCore)", "value": "d11eea96b4e3c98c72eaec00d1b9317e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727642, "uuid": "09b9a6bd-bcba-43c7-bd15-14fb70605a5e", "comment": "Malware payload (NanoCore)", "value": "217b48c748e06681c43e86e191f0e3c018d49f419900d97793ae7656630eab6c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727642, "uuid": "7e883b00-c231-4ebc-b1b4-afa078595e78", "comment": "Malware payload (NanoCore)", "value": "0872186032874dd1ad4dda8c641516cc0d3effe8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727642, "uuid": "c817bfa5-8179-4144-a943-4a11c0cf09a4", "comment": "Malware payload (NanoCore)", "value": "c80b9a01721ea6e6feaa5ad20e79c258a5e0a9e6bcc7d61895c36a8372b8ee05e3614cae2af16d6aad0222baf5b9629d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727642, "uuid": "d5190ab2-6122-4d69-8969-916b46312518", "value": "T1B124CF1A37A98A2FE18E86BD601202129779C2E7D9C3F3EF58D454B78F567E106071D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727642, "uuid": "8e1d1c5e-b1f3-4566-88d3-9a7d9c6eab45", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727642, "uuid": "403beac2-dfb5-4b2a-ac05-7427d1034426", "value": "6144:kLV6Bta6dtJmakIM5Ttp3yLopPRx5QKjv:kLV6Btpmkkp3yLopb5Njv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683727642, "uuid": "a291fdaf-3132-4cb8-9e6c-b17fd9dc0796", "value": 214528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683727642, "uuid": "90c0d3b7-4c91-43ce-8dc4-1924265a322a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727642, "uuid": "a5ae195e-99b4-46d5-b4ac-dbd78bbad60d", "value": "bM0q.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33dd562c-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683704543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704543, "uuid": "7704ac92-e4d4-474c-98e4-195c9bf4146d", "comment": "Malware payload (AgentTesla)", "value": "6acceb88e7f0414bba61b1be34f24d80", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704543, "uuid": "94a95371-958d-4624-9ab9-72656555c7b3", "comment": "Malware payload (AgentTesla)", "value": "21a5e58e2fe39e481f9977f94a94d352c4c492e9bd6d79d4ae3bbf4cc4a2d751", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704543, "uuid": "ee542840-5f78-45e7-bff4-89294a10a502", "comment": "Malware payload (AgentTesla)", "value": "65b09eabf90394a48f01de0e9fb6ffc63a92d8f5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704543, "uuid": "d6a274e4-8bea-4599-bd13-7393171feb07", "comment": "Malware payload (AgentTesla)", "value": "b11293a31f20fc4527abb8b9ebfa810a035177870c78ce39b17972b0f9da68b58be8c903c3ec18ade304921e6ed11401", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704543, "uuid": "b96cad85-049f-4a25-9d05-e5dae7dc8218", "value": "T128059D3C61DA5C22C31677FA8999C5E103356F00AFABD26A26BE30CC8971B93ED5154F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704543, "uuid": "68690e9f-efb2-450f-9239-f1216dfb45b0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704543, "uuid": "678a807b-7af6-4dae-8992-f9b77baf7abb", "value": "12288:GAGPGguAqZfOtxy8IQIDA3sglIwywsjz59k/3uVS7YxwMwTnLfcY7S:GBGAIqxXlnlEFjz59lV6oAnDS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704543, "uuid": "52b4567c-a404-49cd-8e68-757e3d4f721a", "value": 873472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704543, "uuid": "50203250-e106-4497-86dd-ce5d206ce11d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704543, "uuid": "cf7f5021-ae5b-41ad-8fd1-77eeadf0003c", "value": "Payment for March.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ce8ceeb-ef0f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683708343, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708343, "uuid": "568acba3-7855-4535-af9f-949014df793b", "comment": "Malware payload (Loki)", "value": "906095752970580abc9cabb800275187", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708343, "uuid": "7f943fb8-a6a2-4a8d-8628-f632aca70e1f", "comment": "Malware payload (Loki)", "value": "21e0ec96d06a0b1e71712fd34ce50e1e4c5a937e8fe8c21f89c5eade948affd5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708343, "uuid": "bd3640e3-6763-4695-9f83-304133bc48d0", "comment": "Malware payload (Loki)", "value": "3554a5888cc20205550faf1bc27fa3590081f8c3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708343, "uuid": "331f1dbc-0ebc-4dd1-87b8-af69913a8d17", "comment": "Malware payload (Loki)", "value": "90edf4ba194c2be53a7f74499f5720b764f1922b349b64b16f1d7873ec65ef35172107b5add22d6a3ef20f08c33fffc2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708343, "uuid": "afb98481-c3c6-432f-8cc8-7fa0ae4cf1d9", "value": "T1CF641B9386F13C44E9264B728F2FD6E87A5EF1918F49376A2618DE2F04B12B1C173715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708343, "uuid": "fef40513-6546-4496-bfd5-6bd446cef6ad", "value": "f638bba0028bbeebea7ddd6400ec7cc1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708343, "uuid": "67112670-f677-4554-a7ce-2861a20bba4b", "value": "6144:75eMULO4RRcb7XHmmGnFdvDUQGkNIsPUNvGG4:7DUq4RRC7XGmudvDiuIjvG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683708343, "uuid": "0633ac45-d9eb-433a-858f-980aedde2ba4", "value": 328192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683708343, "uuid": "e2465da8-2dec-4089-919f-43c4bf2706e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708343, "uuid": "30f7aee0-2bd0-43e8-b1ec-308ef4648b3a", "value": "906095752970580abc9cabb800275187", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1acef130-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683704501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704501, "uuid": "c11b8817-6b6f-4960-b564-82883171c377", "comment": "Malware payload (Loki)", "value": "28fb524335c3900742888649270103e8", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704501, "uuid": "a775418b-d508-4160-95f2-388747ca54fd", "comment": "Malware payload (Loki)", "value": "221c3d38f6a2daf5f9d21fa33d571c227bc21534980d7cd24b9c2d1345641caf", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704501, "uuid": "1b62a926-18dc-4681-9f9b-106b4823ccbd", "comment": "Malware payload (Loki)", "value": "2ff68b1f3064d0539228e838ad30793141a4dfa7", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704501, "uuid": "9e421126-8a4e-49af-9dd7-de9c2259d5f3", "comment": "Malware payload (Loki)", "value": "c460161e6ec8156309d8cd6c5e417a421fb87bae2f2af672cf488c7ef567a7be113b09a34fa34996e3cc732f1bd3a006", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704501, "uuid": "404e54d1-661d-48f2-ae67-e3752bafb008", "value": "T165350107A588CE8AE18247F67B62B84D430DBE3336C470D63A5C774BAB31E7A458B50D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704501, "uuid": "b1c15922-b635-4388-a2c3-a821b77d432a", "value": "24576:gLKjWQmmav30xICT+MXUuWQmmav30xaba+MXUEtdjuMjcl0ZfsSfO028qgxQ:gLKCQmmQ30z+MXqQmmQ30R+MX9tdSGrk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704501, "uuid": "424c4c79-5667-48a7-811b-8a171f173197", "value": 1082880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704501, "uuid": "2e3e359d-e943-474f-9fdb-d8f8ef58d657", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704501, "uuid": "34b1ebb2-d8da-444a-8152-f5c149cbc473", "value": "SOA Upto April 30.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d58c368-ef34-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683724477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724477, "uuid": "5312f992-f169-4fdf-b850-c0a0ed2901d6", "comment": "Malware payload (Formbook)", "value": "cdb77d834ac9d0f28f260fe971260bf3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724477, "uuid": "04db75e6-b455-4a9b-8891-b053c1ce6c63", "comment": "Malware payload (Formbook)", "value": "229acb9011d2cf600c9112b5f7d19cba56d9bf5ecc20880a6c760e10f685b244", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724477, "uuid": "f51c2474-0d51-42dd-851c-18f5d42d5789", "comment": "Malware payload (Formbook)", "value": "f374d78931f371dbe7de1997c813466ea88bd0a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724477, "uuid": "8da7413b-fafa-43a7-9494-1f41a481537a", "comment": "Malware payload (Formbook)", "value": "b50c227d1324175833da17419d6fa6c1d06afe802c4a9d38e2674e74b70d3ba9cc0383acf322a2cde6afd795c3ea82f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724477, "uuid": "afbfc3ba-0dcf-48ec-9e85-77f9e8748517", "value": "T16D05CF71A2E15037D077387C9D479306F829BED01D28335AAEE9BD0E6B7D5A1382A353", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724477, "uuid": "01df8594-83f6-4083-982a-121001a2eafe", "value": "2eb49758b652eedff910503837727781", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724477, "uuid": "1092d9c5-5769-4529-8ea4-46dd492603d4", "value": "12288:TNLhcjoS4FC7ITh3IBPmOt50Pbkttml53kbXJ2zl/j0:T9hcsFCMTaFCKIsbZ2h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683724477, "uuid": "249ad994-f28f-42b7-b56e-6b7d2869d191", "value": 817152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683724477, "uuid": "9ebb9e18-61da-41d3-a5fc-ec44c456d86b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724477, "uuid": "9ed75131-7645-4570-bbd3-75da393ff62f", "value": "z75Bankovnipodaciuprilogu.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b6e412f-ef19-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683712824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712824, "uuid": "7a8e8cc5-d512-43a5-8f13-e4dafcd1d580", "comment": "Malware payload (RedLineStealer)", "value": "1789934e3f3f870ab38fb363701f5b88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712824, "uuid": "8780c24d-df17-4b8f-8b79-58ee14c038f6", "comment": "Malware payload (RedLineStealer)", "value": "23486011905dbe13c3dcfb1766083e604090cefdcd7620bccb7f3bb4c9380b1c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712824, "uuid": "7e7c3e64-f1ab-49c5-b14b-29db71d60ce5", "comment": "Malware payload (RedLineStealer)", "value": "77ef01d0f07f2c033a9403297ee393a139e2f009", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712824, "uuid": "eb6f92c4-566c-4271-b822-0e9389d38d56", "comment": "Malware payload (RedLineStealer)", "value": "b1b7b941030bdcf22ad7a408650339a68cb6b98683a394ccf02812e67d84d2db60190555542853b9f80cd9d0f8583c31", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712824, "uuid": "edb56dbd-2173-44f0-aecb-5403650e325b", "value": "T1D5A34B3027EC9B29EAFD0E3564B2512543F2F08650D1FB4E4EC1A4EA1F62B875D266F1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712824, "uuid": "e03ef610-4ba0-4e24-8547-78099c69ae97", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712824, "uuid": "4bda5089-a1f2-4e32-b601-8e837b93fa68", "value": "1536:iWHiAldSUG6jejoigIcGqEVamw/GSPqL4IWOO/AIdbfHSCv0uuXyyedOF3tCgfLu:iFAldDYcM49uNvByvr0ueyzddJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683712824, "uuid": "f5285fb2-d8b2-4516-93cb-88645a6448d6", "value": 102912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683712824, "uuid": "25fefe98-303d-4cdb-8890-08f782e801ff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712824, "uuid": "92021972-99d8-4058-9562-9c88aca0033c", "value": "1789934e3f3f870ab38fb363701f5b88.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76aa7cc9-eefc-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683700360, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700360, "uuid": "590549df-9369-4d08-a5fe-fac19037e802", "comment": "Malware payload (Formbook)", "value": "f4ae3e5ad806f1198fa6fb532ecc3383", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700360, "uuid": "a4798df1-ebc3-4499-b465-b19c6c958fb2", "comment": "Malware payload (Formbook)", "value": "2484f3b9e112f39471b0375d98ac190b4ffe3e29a295bcecdb8fd7b71af0094b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700360, "uuid": "c47e916f-58c1-4abe-8bf6-74964c92d6f8", "comment": "Malware payload (Formbook)", "value": "16da7b61453f35d7b280281e119d1d59e54d1925", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700360, "uuid": "3add4f1c-9182-46eb-b45c-542e561e1f72", "comment": "Malware payload (Formbook)", "value": "2ecb8a8d97181ecbfb8158c298a1689d8764b65e7ad9518d1cc3fbe41f418d2d42e0ff06cdc63c64f92ab24ec81de5fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700360, "uuid": "ccd1f432-bf6d-4e5f-a3cc-fad1de031d14", "value": "T182159C3D22CA5C26C35573FA8989C5E103356F106FABD26A267E30CC89B1B93ED5164F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700360, "uuid": "42e0facc-4762-4293-b195-2582c3f9ec01", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700360, "uuid": "b6576297-3afd-409e-b3b5-d93e7490e333", "value": "24576:aL5bqeIWXLLnAVJSNgmYQ7W4tPTS5Dsd96:g3XLLnAvSCQ7WSPTS5U96", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700360, "uuid": "7b7d23a8-0614-4d36-b26e-d38d5d8eaed4", "value": 897024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700360, "uuid": "e65845ec-11fe-4e37-81ce-2974e993574f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700360, "uuid": "31e1d2db-600f-4a52-80b2-76d0a5a46cf6", "value": "Inv_7623980.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba44379e-eefa-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683699615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699615, "uuid": "00ef827f-2bd0-4417-95fd-f309fdd7dfdd", "comment": "Malware payload (AgentTesla)", "value": "41e6396e3fb7c2ee5676acd85978f671", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699615, "uuid": "af9c1250-306a-4017-b605-6bba38c4271b", "comment": "Malware payload (AgentTesla)", "value": "254f4b6fa822ccaaedbd58d35706fe01b39b3b2b07de1c7eccf00119290dcf2d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699615, "uuid": "8522bbe5-6618-44ef-a7c4-a2d1b3832519", "comment": "Malware payload (AgentTesla)", "value": "1a91df92e658d64528138ff06983010b3258ff53", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699615, "uuid": "86f0cfa8-7a0f-4ca2-9a2b-79b066b12561", "comment": "Malware payload (AgentTesla)", "value": "49b60406c0dd4e2d05e23317a826a3b49a9d6300755c54fc8b5557cf72f05c78c00a1a35152f54f6c3cf3d4ea8f55d49", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699615, "uuid": "d8c2cd70-89b3-4749-9fda-caae85fe8399", "value": "T1B5C2E2965B8C4C61F299E8B7865EE00E49BCF23630C255C4BD9DE2707B7D14E0B6B1B8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699615, "uuid": "85992558-0b3a-4feb-845e-cdbbc68891f9", "value": "768:rUS5G5mPJi24HHE4pdkncG0+xqtJhbfifpQl0XqC6mdoHvdsoUj:rP62OH1YnJnxqtK00XimdMv+oUj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683699615, "uuid": "21f562d0-71a3-41c6-90e5-3a20b1039c16", "value": 26690, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683699615, "uuid": "56dc4357-b403-486f-87c6-b4cdbf2007d0", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699615, "uuid": "2f799dc4-c92f-4c75-9ded-612407bbb73d", "value": "41e6396e3fb7c2ee5676acd85978f671", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e9cb808-ef1c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683714118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714118, "uuid": "420753c9-f288-4927-b46c-e03b5ca623ee", "comment": "Malware payload (AgentTesla)", "value": "e4a4bff8c862d1506f4d6f3a7075b102", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714118, "uuid": "fd8563d9-201d-4c59-9a29-b44a3086dee6", "comment": "Malware payload (AgentTesla)", "value": "25f6d614b2f6f1cf5b2723524be81a6ae6f1d79b221b62e3b3d05dc79a8ca770", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714118, "uuid": "89f8b3cf-ca32-49b5-89ff-9a8d6bb69ba5", "comment": "Malware payload (AgentTesla)", "value": "f5962743cb0fd54233fb46de3db0275c69db4f37", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714118, "uuid": "8a6021ec-0303-4437-bb27-c0c904dd2904", "comment": "Malware payload (AgentTesla)", "value": "6e3f5c3643a3e1473384b984a965d998ddf01cbc79d958327cd4e96b1075b0b69fb7761a30418675e7a168918664f10b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714118, "uuid": "ef982270-7210-45e8-8bb5-6c6b6a4f879d", "value": "T19E15373C19BDE22BD1B8C7A58FD18427F790A46B3115EEE5ACD64391432AE1235C723E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714118, "uuid": "9fe3c357-db6c-4ae6-b9da-7c88196d7c5f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714118, "uuid": "c78f1eb4-5923-4d97-b8e0-a81bb673573f", "value": "12288:PXlj+8Ff1fX4M0A87/vX1EXeu60t6uQnwXdRETcKYO9Bx+X8Ui0p73X+Yw9qZetk:vc8Tf+AyseuN6Xnwnm6OrxtUiy+Y40z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683714118, "uuid": "091f0bcc-103b-4da1-8f48-974bf73262dc", "value": 905216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683714118, "uuid": "4ec3c901-647d-489d-9040-d7d1c4ba0364", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714118, "uuid": "4856b7c0-3ca6-4b57-a7a3-1143355168f0", "value": "25f6d614b2f6f1cf5b2723524be81a6ae6f1d79b221b62e3b3d05dc79a8ca770", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e07f9d3c-ef32-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1683723731, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723731, "uuid": "4db1f316-2699-4f4d-9ff0-e64ea1c7eeff", "comment": "Malware payload (GuLoader)", "value": "c11f0e0fec2f0b3540b79b30986f42a6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723731, "uuid": "05b47d76-1e72-43c7-bddf-0d7cb4f146f5", "comment": "Malware payload (GuLoader)", "value": "27067fb67db005cb58c65f2c9f66837211c9f98d2727c9dda27942397fdcd52b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723731, "uuid": "5b8c3441-a0bc-48cc-a5af-8be5a1009a53", "comment": "Malware payload (GuLoader)", "value": "06621d1a2829b0ce2c6ae1c42bf5139ae7c541b6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723731, "uuid": "7e580280-fa5a-4113-94bc-d886a76f8cec", "comment": "Malware payload (GuLoader)", "value": "a9daa4d76eb751bebaf3d5034c9123a67c901977998d971a40812c14cd2c6e79ca785e6b2a2e5976729101ca0330788a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723731, "uuid": "529ddb8e-e72a-46a7-862f-432c06e91614", "value": "T17204019333E05167F943CF304566EAB1F7BAAE005D14568BBF607F6F28323635A66281", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723731, "uuid": "2be6a838-f258-4ede-9b91-12af460355a2", "value": "e160ef8e55bb9d162da4e266afd9eef3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723731, "uuid": "25d1e252-9aaa-4c2d-a163-9493f0719c49", "value": "3072:EwJ52Y7ZoH5XJaqKz8HIoLmMtw1n7IfaZoEdNdPxF4WI+xqFJErLgS9kRRK:EwHysqKzL8tEEidNdpzIyOIQRE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683723731, "uuid": "eb75ebd0-0376-41e3-acac-4b20ab2b4d89", "value": 185751, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683723731, "uuid": "f7a607c6-06ca-4110-85a3-ec6119dc7810", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723731, "uuid": "27677481-89b9-4185-8080-db5ae066f2e4", "value": "CA AW23 Orders Info.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c24ffed0-ef2f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Pykspa)", "timestamp": 1683722392, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722392, "uuid": "9e744094-89ee-4984-b8ad-e8cf5f03b73a", "comment": "Malware payload (Pykspa)", "value": "0a34eb2a621b84749610d26055f7d4d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pykspa", "colour": "#9E62D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722392, "uuid": "92fe1e84-e030-4972-b246-2c5f66a7e8ad", "comment": "Malware payload (Pykspa)", "value": "27da775fd83752ff9789b5092fb32ef66d53e6285f27c5b98c1b0c7dbfd67894", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pykspa", "colour": "#9E62D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722392, "uuid": "92c95de5-87e5-4791-aff7-594d1d9bf468", "comment": "Malware payload (Pykspa)", "value": "04b94509856cc107a8cf8532a006bb5ab7999af0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pykspa", "colour": "#9E62D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722392, "uuid": "5be26cce-ca4a-4c22-8a00-729ae2efe138", "comment": "Malware payload (Pykspa)", "value": "208a7e04d3f54e5a4d6bd4eeb59d22960afac8c4433d9944e3fff12c4c969e052ba0a8c9d595671945bcb7688b65556e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pykspa", "colour": "#9E62D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722392, "uuid": "0fc31956-b5b6-432f-a964-b6d9503762cc", "value": "T14864C03AB780C8F2C485803176996E136EF56C701625EA67DB60CE0A3EF55E4D72A34F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722392, "uuid": "bdcfd35e-c883-4881-a0c9-a8f25f892669", "value": "a1161b9f4081312e64af594f73664c29", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722392, "uuid": "24a8ddd1-4fea-4641-b463-88a7da52f031", "value": "6144:4Twvo1IV3puaibGKFHi0mofhaH05kipz016580bHFKT686JQPDHDdx/QtqR:WVgvmzFHi0mo5aH0qMzd5807FvPJQPDV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683722392, "uuid": "8120755c-ed0a-4b0f-82b4-d57f99fe7c85", "value": 327680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683722392, "uuid": "7db7898a-8a02-4360-993f-7a28ff1920b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722392, "uuid": "1c771adf-a88d-4b3c-b65a-0ec3f53118e1", "value": "27da775fd83752ff9789b5092fb32ef66d53e6285f27c5b98c1b0c7dbfd67894", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c10f4de7-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (QuasarRAT)", "timestamp": 1683705639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705639, "uuid": "0f95a7a2-13bf-4421-8a89-842dd095b4dd", "comment": "Malware payload (QuasarRAT)", "value": "41aa98e70d32813667a018ba6d4bbd4c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705639, "uuid": "e5624bb4-f9c3-4c2c-9e7c-60c4f845c9fd", "comment": "Malware payload (QuasarRAT)", "value": "28229a2ce2ed4265f4389b7228fb0065ef8656502ca833ef77fe2927a9f85fd8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705639, "uuid": "c37c9c9f-7945-4da8-8750-d3d947ea52e8", "comment": "Malware payload (QuasarRAT)", "value": "2db6f28a7f8f931a419c46777424f03d88d7c231", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705639, "uuid": "a6f1a041-bf8c-4d00-8429-ea6d6bbbe32e", "comment": "Malware payload (QuasarRAT)", "value": "ac0d3ce9cfb8f825cdd98063a7c825754b534b543ee5049a82a6148c53258784bdb874e837b6a16c8cb0551031868dc7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705639, "uuid": "bbd55600-f888-4ba2-bd20-32bbc18f440f", "value": "T14906E131BBE17D9AC2BF1A74E456060C0D78EC8B7609CB6AB84C70D91FF17148D26A76", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705639, "uuid": "e57f395f-c052-476f-873d-eefb42f64d4c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705639, "uuid": "34c6ec63-1c74-4310-8b0b-fb59cc9b13c6", "value": "49152:xB1xIGegkjibf9nN1VeP+gKvmuR0Ex63ZXk3yBkMdpQ5P2A8NrrxT5AXg38W:fE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705639, "uuid": "3dc79b5c-4ccf-41fc-89ee-8d0af60c7445", "value": 3803136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705639, "uuid": "08219d14-74aa-4597-abe8-ea7681d05c7f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705639, "uuid": "fa5d55cc-058e-44b3-89fb-ad633b0284f9", "value": "41aa98e70d32813667a018ba6d4bbd4c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1749ac5-eef7-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683698419, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698419, "uuid": "39166810-35f4-4453-8eb3-585b9b660b30", "comment": "Malware payload (RedLineStealer)", "value": "4a66fd2b58eb00745c0c247dc68f72a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698419, "uuid": "f0bcc09a-16f4-4df7-b0df-7716cc18407d", "comment": "Malware payload (RedLineStealer)", "value": "28d3195daf8b48fa262cc9be185e9dd402f79be472874b4070dd0516744b8a63", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698419, "uuid": "3a4c884b-3918-417e-a543-a68309895d05", "comment": "Malware payload (RedLineStealer)", "value": "fcc333bf5024084518cfa3b3abab71685242b4e4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698419, "uuid": "7ced0edd-8d4b-4b6e-a417-f8b8bd56f28e", "comment": "Malware payload (RedLineStealer)", "value": "3a98c58fc7d8ecc15216463bef258d8f70fee6260f386a6155cf7602adb06d730440d9892ad56de1d0bf5e0f6e55cd50", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698419, "uuid": "c4a404de-f52e-4878-bc1f-60d02d9ab1d2", "value": "T13BA41202BBE88472E9F417B418F607831A35BDA19C78126A3B456D5F09B3AC4A4B537F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698419, "uuid": "a82641f5-2831-443a-af75-6fee9427f539", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698419, "uuid": "3f322aaa-8f09-4111-8b56-830ddecf494a", "value": "12288:AMrQy90vr3ST2Nj+H56GO6FYuEaImv7sbIW2Fu:AymKH5+bS7bW1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698419, "uuid": "ea9f4606-47af-43c1-a610-5c53f47d2efd", "value": 491008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698419, "uuid": "4a84737a-a68d-4cff-9afd-d4d17c23c8f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698419, "uuid": "8fdad5a4-fb9d-4019-bfd4-e64db6136370", "value": "4a66fd2b58eb00745c0c247dc68f72a1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aff4493b-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688431, "uuid": "157c970e-fc06-4ef2-99d3-c2f0a87fbe7b", "comment": "Malware payload (Kovter)", "value": "1e3771b9750172f7ebe846e1b35d3237", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688431, "uuid": "4552af70-d501-4227-9142-c8ad51865ce4", "comment": "Malware payload (Kovter)", "value": "28e2e2b198f2befd187e0cd414c1d7d560f29de1f8cbd42ecc113a218150e088", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688431, "uuid": "5dd000db-4195-4a18-b835-c2d147672650", "comment": "Malware payload (Kovter)", "value": "d4a81a457eba46eecfaef863b5e0d4d29a24d2a1", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688431, "uuid": "098d3ecb-561c-4c53-988d-af13ceee150b", "comment": "Malware payload (Kovter)", "value": "42724a656ef77b9e9ac859ea2ac77c1a7969572933ea342792a230e5cc09e81bb970651c41cf2be2aaa93b9d99a1b5a9", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688431, "uuid": "b9cef743-6c96-445f-8134-7f6b52f8bafa", "value": "T114743A39F640E237D4329CBC9C5FD2D56579B2302E382957B6E12F0C88B55939A2BB43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688431, "uuid": "d7969188-4693-427e-8b15-261f83135c71", "value": "6144:IoeFRoywp/LUa7WkOQnsqu6s1rT/9EGuvJjxu2Nvj/CwanUpr2/QZq8Fb3P:bA2bpfdi/9AvljCwae6/H8Fr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688431, "uuid": "3dcb0f67-6c58-47be-8603-288c96c07cf4", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688431, "uuid": "3320beca-7282-450f-a5fd-a57a5d64200e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688431, "uuid": "b9eaca1d-8a1b-4e12-9bbe-998bfef53d23", "value": "2023-05-09_1e3771b9750172f7ebe846e1b35d3237_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cd7b7d9-ef3c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683727832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727832, "uuid": "c0d3b0bd-d5f9-49ec-8a76-60554e58606f", "comment": "Malware payload (Amadey)", "value": "31beeff26d1ecb6fc67bac38c5821581", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727832, "uuid": "7fe1feee-95e4-4779-84e4-7a0d1401acaa", "comment": "Malware payload (Amadey)", "value": "29f9c72cc572c4edf578d55774bc0eec146309370c6dd221d80c059e95648271", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727832, "uuid": "2a9d2c2a-f922-4602-b95e-4f170539441e", "comment": "Malware payload (Amadey)", "value": "0d12b1a4ffa0958082d8749a4ea5eb57db5a615b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727832, "uuid": "f3f01cdc-100a-44fa-8082-48d0acc0e321", "comment": "Malware payload (Amadey)", "value": "b6ad8a34cb07faca6949f683af059ffc32d32255af9cdfdceaf753319d616e5f7b5daac699e7ae4951ef201c7cffc0e8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727832, "uuid": "a7c1d060-2fc1-41b5-816d-61f77072dc77", "value": "T172B40217B7F49073D9B027B058F703A30A36BDA16D78836B2789695F1DB3680A871367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727832, "uuid": "9e25d112-8e28-4a7a-a38e-ceb0726b8024", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727832, "uuid": "cc8b1c53-2bf0-4fdb-bd3a-0e40afc8aa27", "value": "12288:gMrLy90i9giNr51+eAQIsH2r4PLG0Y+vCg2ESImn:byZh51+rwxa+vCfmo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683727832, "uuid": "a060d0e2-e260-47fb-88cf-5157c7d12612", "value": 499712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683727832, "uuid": "5841935a-dc52-4b5a-9001-5b0a11f5de58", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727832, "uuid": "11a16d64-824d-4e3a-8e2d-d683f6f82a70", "value": "31beeff26d1ecb6fc67bac38c5821581.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3873685d-eeeb-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683692955, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692955, "uuid": "ccb4af26-6870-445a-8ccc-c3a098a7c49d", "comment": "Malware payload", "value": "e9bae2d218f4aedba5c594ef7d4d315e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692955, "uuid": "db35c7c9-cee1-4dfe-b486-24b738681dc4", "comment": "Malware payload", "value": "2aa5401f465ce356bdc30a46b0e94c69d3c66e12b9a801d589b6834de80733ee", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692955, "uuid": "4f8f42cb-dd72-43e4-970c-da277155f675", "comment": "Malware payload", "value": "f3836094e91e83872152dd3cf17d54202d1f9462", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692955, "uuid": "5183b0e3-6db1-4f4b-891c-9d8f742606fe", "comment": "Malware payload", "value": "2c081d8a3471e6d5bd72017aded91f2dbd0fd891bf0a1ee7bf3bf4a9ab2112cb5dee44172f9a390d8d2bf47bd8025626", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692955, "uuid": "de92b78f-5566-4e87-add1-4c596aeef719", "value": "T177C1A43B92830CE3DF8D4EFD0BA74D4E45A81D22015162B41B94861E1DD8623F82BFD2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692955, "uuid": "8799d9e1-f284-4771-b3a9-5fb49a129060", "value": "b41dc75efc329e0801cfd3267cab4c55", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692955, "uuid": "023d95d0-1124-4aae-9875-306e93b4b198", "value": "48:SPQrr2JIr6tMTqUDnsJ+DhNUMEcgKCk52Ew0BprPBKciSNMfwCjCAX7IhxS5y:9rhT9sHUCq270To1VfwCjd7IhxS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683692955, "uuid": "83e22dae-63d3-4479-95e2-68f8b50c01ba", "value": 5632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683692955, "uuid": "dc5adae2-e10f-48a1-96b1-993bb3a811c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692955, "uuid": "5445731b-3c81-4af5-8cd2-6127582db781", "value": "SecuriteInfo.com.Variant.Jaik.147829.15394.21464", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2304bd56-ef69-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683747035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683747035, "uuid": "89378666-9f18-4198-8efc-d55606cdfd7a", "comment": "Malware payload (RedLineStealer)", "value": "209f5eb97415fb53e495e433fceaa5cd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683747035, "uuid": "9cc8adee-8935-4033-8ae9-3773eed7185f", "comment": "Malware payload (RedLineStealer)", "value": "2b4f06b5c00bfef8e1e83bfa46f822dedb09d05779d8171ff91d59994f9bca14", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683747035, "uuid": "76faa619-216d-4596-8226-aa3732a621df", "comment": "Malware payload (RedLineStealer)", "value": "32f68a3c33e128582b2e91847168b88f394893db", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683747035, "uuid": "5136450c-8ec9-4882-af24-41985aa98715", "comment": "Malware payload (RedLineStealer)", "value": "e7bbc8d083e02faaafe2b0e7a4d5c6fe1d37689c13c72660b88c1a98ffe43a83b55e49e4e760a5b107ef71bf87de1c00", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683747035, "uuid": "281a26c2-a2e7-4759-99a6-65d08ea87437", "value": "T118B41242BAE80172D8B517B018F702D31B3B7DA25DB8537B2745A95E1CB3A84E47272F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683747035, "uuid": "b0d339f8-a8c6-4744-a041-5a78ca3ec14e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683747035, "uuid": "e80a9889-2c6f-49f2-98e3-6ec0b6fccb42", "value": "12288:2Mrcy90SELEJF+iAvO5mdp6N/CAqLSp0+i:+ylELEJEivFNcSg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683747035, "uuid": "ef54175a-a0fb-4aba-9614-81c6c231ba4b", "value": 499712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683747035, "uuid": "461a55c8-f1e4-4626-a04a-b88c408a5482", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683747035, "uuid": "fd35563a-10d8-471e-aeae-0491077f0165", "value": "209f5eb97415fb53e495e433fceaa5cd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c86017a-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683729039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729039, "uuid": "585c86bb-6481-4042-8890-1d49a5b117a5", "comment": "Malware payload (Mirai)", "value": "f64faa536d44217b980a671599ca6d5d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729039, "uuid": "c11c4b9d-f561-49c5-963d-061e6663a46d", "comment": "Malware payload (Mirai)", "value": "2bc887f44fed8650d1876de3c387ecf9aec6bc1fb4a0e5f99f90599185b37317", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729039, "uuid": "28abe528-75a2-4463-8a66-debb121b0230", "comment": "Malware payload (Mirai)", "value": "e23549cacdf58453e1a464511f625646bdd3a6f2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729039, "uuid": "18b1b99a-4917-45ee-a028-6b8dab313ebc", "comment": "Malware payload (Mirai)", "value": "1e76e875e5d20cb5005f74ab642222afb3d46f4318d9cc911c6db4270c457586edeb7a31eb31c61d52484de4410c1afd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729039, "uuid": "67633309-7239-4aa0-afba-6ba2a2eee9b4", "value": "T146A3F831A641C973D04305F212A7DB660D32FDBB1A6AAE56E32C3CB0DE360C5B565E9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729039, "uuid": "ad6e295a-1bf7-4f27-8376-1cbcf12b9bc3", "value": "3072:VK1z13U6HzHoXRtmTUhQogfEmmFVcqq0GnDZT:VK7DDeKlogfEmmFVcqq0GnDZT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729039, "uuid": "eed4e9be-a182-4b68-b537-710ed9e6edcf", "value": 100042, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729039, "uuid": "c330486c-5d44-4a6a-9e7e-02285a5f2cb4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729039, "uuid": "54c1b572-9725-4126-aae2-9e231aba4075", "value": "f64faa536d44217b980a671599ca6d5d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bfb359f6-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688457, "uuid": "4764a52d-7b9c-4884-bb27-833441b0c18f", "comment": "Malware payload (Kovter)", "value": "b91541a1b6cd987ac027099c5f66451d", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688457, "uuid": "10aa88bb-0f01-481e-a760-cff9b2a36de0", "comment": "Malware payload (Kovter)", "value": "2ecff2a27d130436799b218fd5e5faedd8a297df6d1e60c606d3c7a02a7b6cbf", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688457, "uuid": "9e7f2e77-e652-40c5-a3cb-5cb3edb3acc9", "comment": "Malware payload (Kovter)", "value": "0e314b82217f1b0e71a2b1e0771e2ac4f77929ff", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688457, "uuid": "5ba77fd0-f7c4-4b83-8632-91f2d89adecf", "comment": "Malware payload (Kovter)", "value": "a36eb6e584d796d74bd9d312be08d8aa720dba449b73e14d99b2a3f4300bd96910dfd2cc654a0a758004ccedad486c6b", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688457, "uuid": "5e68368e-d1fd-4882-a65c-03989aabac4a", "value": "T17474393AF640E637E4225CBC9C4FD3E56579B2342E381947BAE11F0C89B5583AA1B743", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688457, "uuid": "6a550f95-2a3e-4aa6-a8dd-f58be02f9409", "value": "6144:EXcL11NuPqiAXdmwp+k1g7W+Le1E/zvJKCaPZzRQyRR/HcTspB6ZQdq0Lw:wcxbuC3JjyvJqPhHcTsKZDX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688457, "uuid": "f62343ca-a27a-4524-94df-d5742e42962d", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688457, "uuid": "fcedd523-eb9b-4c46-83f2-be263905198f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688457, "uuid": "269a85b1-39be-47f8-9b97-231b366f7aba", "value": "2023-05-09_b91541a1b6cd987ac027099c5f66451d_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79c294f9-ef39-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RevengeRAT)", "timestamp": 1683726565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726565, "uuid": "7d71539c-2f84-4020-a7bc-34cb1d9cb4ae", "comment": "Malware payload (RevengeRAT)", "value": "906084f891c354df688b9b1012673cb0", "object_relation": "md5", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726565, "uuid": "c35eec7c-af6c-4733-ba39-3cc004526737", "comment": "Malware payload (RevengeRAT)", "value": "2f29c288b1c65341f982d8984a0650ad66765a3bc221bedcebbd2bc784a9da21", "object_relation": "sha256", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726565, "uuid": "fe098bdf-6817-44bf-8b68-d3b0ea6035b9", "comment": "Malware payload (RevengeRAT)", "value": "df3ac01679d444b6ae6cc81bf0f380cce79bd987", "object_relation": "sha1", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726565, "uuid": "02aae4b8-cccf-44a3-9b5c-066e8db2657d", "comment": "Malware payload (RevengeRAT)", "value": "530c9914ac3f00250254a1251bb3d56b64ee8c7b9a117608a2f632261a3b01d106fa7cd6873ea0886710c35dcbe1940c", "object_relation": "sha3-384", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726565, "uuid": "e91bc448-2cd8-4eb1-a7c3-d0db94d7957b", "value": "T17823F1A5BD6308D2C7434AB1B8AD26E07729683539B064D47D49DE513603F4D5BFD2CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726565, "uuid": "25e7fb91-0c49-47e7-9b5f-980a993e09b9", "value": "768:VPYRy7GviozfDTAR/rRSROn3sYOWTS2+1jqBoVEmErcSeykOgUGM5d/ym4csz:VgRyCR7T2/FMOncYOWXvBoV3EgS8jUGN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726565, "uuid": "172fa3aa-aee5-4595-b685-d1e5cd2b7d29", "value": 45864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726565, "uuid": "0729f98d-a863-48d0-992a-be7d1028de10", "value": "application/vnd.openxmlformats-officedocument.presentationml.presentation", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726565, "uuid": "8f24dafa-cf9b-4ed5-a039-23f61c54d8c5", "value": "nvoucher_das_reservas.ppam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2b5e87a-ef30-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BluStealer)", "timestamp": 1683722768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722768, "uuid": "03276e1f-e258-4d57-b90a-bdc12fbee549", "comment": "Malware payload (BluStealer)", "value": "03ce9015af0ef971e98d2dba83a3afd6", "object_relation": "md5", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722768, "uuid": "9c5554db-6fc9-4e09-9ebd-5b1093773756", "comment": "Malware payload (BluStealer)", "value": "2fed0d020470afbcb42ea16cbedd103a50ccf86fa10f71252a8307de740c3b9d", "object_relation": "sha256", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722768, "uuid": "882b31a7-e2e3-4750-89ae-cdcdf88f3c3d", "comment": "Malware payload (BluStealer)", "value": "1cf9797ff0f5c61dbb7efa4c6ed3e5cd10bca40c", "object_relation": "sha1", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722768, "uuid": "c0578cc8-a6f4-477a-827f-602f6ba434b6", "comment": "Malware payload (BluStealer)", "value": "3d47f8725e0e71293be48d8446af67f77d93877df73b257e10e463ac8a015cc8c8177f7e821bc1b20aa7cd31328ba2dd", "object_relation": "sha3-384", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722768, "uuid": "878290bb-3cfc-4a59-b56b-32d610d9dd6c", "value": "T1CA456A3C187D1B27C57AD7E58FD08427B664986B7920EAA49CD36BE61306F0225C363F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722768, "uuid": "cf4c1d81-bfe6-4794-b168-bf0dac19a7fa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722768, "uuid": "91d959d7-a822-408c-8fa6-b2e9d9d86697", "value": "24576:DYSY2O/D45coTCaQkN4NUlPDYI5Qqu7JFZvJY:USDO/mcoCaQSl7A/9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683722768, "uuid": "4c24dd38-aaf5-40dd-a1e0-5612c8c2e5d6", "value": 1189888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683722768, "uuid": "4bdba68f-d666-4aa0-90af-0101560b5563", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722768, "uuid": "0065b78f-5d29-421e-b0f7-932310eadf11", "value": "2fed0d020470afbcb42ea16cbedd103a50ccf86fa10f71252a8307de740c3b9d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27c55de4-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683704093, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704093, "uuid": "eeb8d01d-c467-4b05-93ea-eafe66d97061", "comment": "Malware payload (RedLineStealer)", "value": "0b843ca9c1346118205a2ec97201b0d7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704093, "uuid": "c40e0e86-edad-4f80-8ad1-bb82a3ee11c3", "comment": "Malware payload (RedLineStealer)", "value": "2ffc40538840f89e0cd93590fc184f4f168187b717631db17294bebfd3577f5a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704093, "uuid": "9da11e0e-606f-48e8-9bde-6efeb208ff04", "comment": "Malware payload (RedLineStealer)", "value": "e4d95cb77071f45c2b9ba8e822ef87d295a20ecc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704093, "uuid": "ee0878c9-d461-43e8-ade0-c9725736bc62", "comment": "Malware payload (RedLineStealer)", "value": "7f436e897a7e705d4e10f2bc9bbd59c6638afff626ef2e6da7d09f44f3542c78026059e2e29e5e6d53a61f5c45000268", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704093, "uuid": "cf298072-45a9-40ea-aacc-dc4edff5c0c7", "value": "T1EF35CF5175C1C072D17215310AF0EBB5A93EB9600B658EEF27E80F7E4F242D2E635AA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704093, "uuid": "82899a7b-7d95-49d0-82e2-446341a6cf94", "value": "12c8d8214c7bc12215b423756aab25d4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704093, "uuid": "d9aaf48b-987b-4b57-800e-849c1e589874", "value": "6144:+hWUQ96Tj3gXxyu9qwG49yAOwtkdMEoikqHpgCsoSvi:+hWULTj3gXxyEsmi+niJpEoSvi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704093, "uuid": "ddbc03bc-d0fe-4f5f-b42f-fcba3e83c508", "value": 1150976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704093, "uuid": "d3fb4733-27ad-489f-9bcb-9f3b218f3ca2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704093, "uuid": "5ad0bcd6-5282-49f7-84da-3e77aba6e7c2", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e49028b-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683704641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704641, "uuid": "eeef6595-80f5-4189-ae06-96037d3d3f23", "comment": "Malware payload", "value": "e68fcb03ac21ca8b335eb9ddf9642f17", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704641, "uuid": "6e58aa4e-6b8f-4e75-bb2f-4be1ad3077b0", "comment": "Malware payload", "value": "3047d0a3ab3d9253ba224449235ca0aba29d0827b376d3d2f690c3442bdccad2", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704641, "uuid": "cc2c8729-2271-4b29-b955-bdeccdd3b9c8", "comment": "Malware payload", "value": "8824d6d2c27d16dcc98f9318f34b7affae3a58b1", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704641, "uuid": "c5b3e7ea-e867-4f99-bf1a-b90db4e904ec", "comment": "Malware payload", "value": "49b27e2f978065934e1734baabfb65dd4ff6d5a9264d4f3287fb8df9026c463f9b0e262a529961fa36305b20bd5aacaf", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704641, "uuid": "e8e535cf-2b33-4c01-892b-a8de5294b7aa", "value": "T1103112DE3850D6EE43C2BF57163B26DAC177CD892CF49E478502E8953818539C59BE34", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704641, "uuid": "5ed17b5c-406d-457f-84e8-d4f8edebd745", "value": "24:aFD+MeoPdaTPFQFkPKCCK1utycFRNPqaOoXfsmGAkPOfPEYciuV4Cmd5M/e:aFiM6iXK1FcrxqjoXETALf8YirW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704641, "uuid": "bec6cd65-f2b5-43ff-bfd3-a2ee75e0b85c", "value": 1492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704641, "uuid": "c3e344df-c7dc-4daf-ada2-0b79cde4ec43", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704641, "uuid": "76d82065-69b5-43fe-a9e7-2fbb6c7a22a8", "value": "LC application form.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c053a977-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688458, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688458, "uuid": "d55f48bf-e187-491f-9cdc-793d3b2f259b", "comment": "Malware payload (Kovter)", "value": "b946b1cc33bcf7e0b86ef32546ed3963", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688458, "uuid": "6f5a1c38-239d-44a9-b4a5-4a36ccd9fea0", "comment": "Malware payload (Kovter)", "value": "310d5b7d7f3aff57abf13041ee05b1f38e4faf4d271c3a7132673e3d803797cb", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688458, "uuid": "c6450fe7-f3f7-4639-8c29-c6b3c388d238", "comment": "Malware payload (Kovter)", "value": "571e43af3dccd25b6153d05fdebad1040343b007", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688458, "uuid": "8965349f-3e35-48df-9ad2-311c7d281c7b", "comment": "Malware payload (Kovter)", "value": "6bec1788881c03c011945ec03c9315be1fc437a8fcbce052f320796568211661e10a63c0e694ae9044e629b9976e7c11", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688458, "uuid": "69994a41-d8d6-48a2-b12f-db536b42be1f", "value": "T10C743A39F280E537D43118BC9D1FD2E5A579B6302E385A17B6E51F0C99F91C36A2BA03", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688458, "uuid": "6db179e4-9ee4-4908-827d-5c58d0bbb7f5", "value": "6144:0vcnwBJm+4NSxmi0WkJrvUSWaMl/CAkmCPpTVCGdH/yLtVmbGGsQdqtyOQS:kcnwfmPQciGrGhsPhyvmKGsbtqS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688458, "uuid": "30e146d9-934e-43fe-8485-f2ffe57a8dd4", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688458, "uuid": "7a875e81-620d-4bd7-961d-2b7fe66e7210", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688458, "uuid": "8df7238d-448c-47c2-8852-0902bb23fb42", "value": "2023-05-09_b946b1cc33bcf7e0b86ef32546ed3963_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64c1fd1e-ef19-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RecordBreaker)", "timestamp": 1683712786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712786, "uuid": "cd65dcb1-c216-478f-a446-df334a3e1e3d", "comment": "Malware payload (RecordBreaker)", "value": "b0cec2ba22b65a3df5fcfd5ddcb24521", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712786, "uuid": "9f2676ad-5a13-482a-8ad8-e9209751f3f1", "comment": "Malware payload (RecordBreaker)", "value": "3131f31a4b39b30cc4498c17115c2d24dc588835c9d609076058772d4a96a217", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712786, "uuid": "92763cd8-0744-4406-ab13-7620f9cb8a35", "comment": "Malware payload (RecordBreaker)", "value": "edd2f6c361e04ba7cdec857cffe75443b6e771c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712786, "uuid": "6664a2e5-6f5a-49bb-bbda-1fb561260cba", "comment": "Malware payload (RecordBreaker)", "value": "2342b6efeb2fac4eb1349d04326f3d58be7f611d06b2f1d584cb1502e3934f19d3ff8622a7795550f10e8491bae98bfd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712786, "uuid": "762bf8b0-fb74-463d-9c27-26d0ad3aee41", "value": "T1F21633D0FF2DEE9AE13EA837D506E318838C15A2E5D212875DCCEA48E6F5D505706E31", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712786, "uuid": "25ea6ac6-49e6-461f-bf27-d72f31ec7520", "value": "346f1a2e788325bb50b6ed6ea7d15a57", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712786, "uuid": "06c78f1c-f9d0-485e-89e7-f461c9f874cc", "value": "98304:XUfKCK+RX3KLh12Hb8ECp0PmhaWDrJ+sASEtw9:XQXb78EKhaMV+sNWw9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683712786, "uuid": "bcf9b0d6-228d-4f1f-b150-4c8bcc5fa178", "value": 4149248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683712786, "uuid": "e8669cb7-a840-4f8c-ac5b-2b7609d62bec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712786, "uuid": "aefb6123-2aa7-4a3f-a1df-2c8ebd0390fc", "value": "3131f31a4b39b30cc4498c17115c2d24dc588835c9d609076058772d4a96a217", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b1177b0-eeca-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683678839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678839, "uuid": "46c6a4cd-d206-46c9-a534-7df6050b487c", "comment": "Malware payload (Amadey)", "value": "e7a62134165742b681b2a54567fa5e6c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678839, "uuid": "6f468679-16e9-490f-b9f4-ddf0c926834b", "comment": "Malware payload (Amadey)", "value": "324273456c3ed22910fabca9bdc9a52260e602a4adb59258ba0237eaf05142a0", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678839, "uuid": "2967eb21-768a-4be3-af71-717a269433fc", "comment": "Malware payload (Amadey)", "value": "e17e296df5f36a577b7ce37dbfcffcd08627fdc3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678839, "uuid": "281762bd-936a-44eb-9138-166c3a4886dc", "comment": "Malware payload (Amadey)", "value": "c3d90e791055b362496e7ab9f2a4b678b05658af8f29f90463e07900625636322498ae39b645d6d3d01973bc110e99bd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678839, "uuid": "f6f2dbc5-6d1f-41e1-a39e-040ade1360f6", "value": "T13EB40213FBE48172D9F5277019F716C71A36FCA06D74932B2792AC1A5CB22E4647232B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678839, "uuid": "4fabd68f-598f-4261-aa0b-f6c537e1fe11", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678839, "uuid": "a2ab15ef-dba6-474b-a74d-2b73c24d9997", "value": "12288:VMryy90TryOMoj1IZbmpncPGdLvQPL4e:Xyu7j18InckLvQke", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678839, "uuid": "f6b1742f-9671-4387-b72c-4d691526788b", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678839, "uuid": "bc9430dd-e4e3-4056-b364-4be2af4b8069", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678839, "uuid": "c2cfe780-cfd1-4022-b857-7d3a4d6e5654", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5833104-ef1e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683715149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715149, "uuid": "c3218a74-ebb0-476e-abb2-99a1926b9228", "comment": "Malware payload (AgentTesla)", "value": "721723e02b3cfd83bf46ff1abfbe9c7e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715149, "uuid": "238c6e90-8d14-4eef-8b54-5de4f698e578", "comment": "Malware payload (AgentTesla)", "value": "326032825841da4be49637c2d5f0f15049c281f31d4178ac9246c543af96d1ec", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715149, "uuid": "be0b0b27-d518-4aa8-8ac8-1390bac4911c", "comment": "Malware payload (AgentTesla)", "value": "c4022461400b1bd736b941e01efd4f88a2f3fc1f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715149, "uuid": "1097e9fb-250b-4c8f-b73d-05652c79b146", "comment": "Malware payload (AgentTesla)", "value": "02687f8409ea31fa0bc8bf7a6556ab51749438e4cfcc37f4ccf8fac482455685777896e6d84e48fb768cf0421325241e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715149, "uuid": "6ca02e4d-b133-443e-8d92-f8cc4835845b", "value": "T193D4AE525065CD4FFE2ADBB0D1B4FF55A6F1F07364E190242BB921C9CAA9F021E8C52E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715149, "uuid": "b4939706-f2ac-49ae-abee-889ee6b0bda8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715149, "uuid": "6204643e-3839-49eb-a4f2-72a7a3550ea5", "value": "12288:Qmo4Vu00mClQwO5YuCWtpL5YcLXoqkvw04/gPzjF8fHOegQVtj:QmlVuWClPOauCOLicDoRSoPXF8vl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683715149, "uuid": "9dedeee2-8186-4042-8353-5b9fc9ae6b9e", "value": 648192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683715149, "uuid": "05ea2472-1aaa-4a60-bfae-10dd603ca12f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715149, "uuid": "0cc9b0a9-0dd3-4b00-b1ed-51b4c5dec7ac", "value": "326032825841da4be49637c2d5f0f15049c281f31d4178ac9246c543af96d1ec", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1228b56a-ef0f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683708352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708352, "uuid": "861f5228-74a0-4219-a994-01d8e9ad74de", "comment": "Malware payload (AgentTesla)", "value": "953db0fa8e971527b18ae9abc387f7a2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708352, "uuid": "67d1932f-0963-4d2c-b436-df463de81278", "comment": "Malware payload (AgentTesla)", "value": "33a9d00087f57e53dec2e75f1b06f3c7d789e9e305abf68e36548430029741f5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708352, "uuid": "45cdd242-aec7-4267-a8e6-b51ebe47c38a", "comment": "Malware payload (AgentTesla)", "value": "1121563cba6a53828de3cdcba28e5caf54e50fa1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708352, "uuid": "c2baea94-b901-440e-87c8-842bb8acbe19", "comment": "Malware payload (AgentTesla)", "value": "8e814914f85cedb74cad78744c8dcc632d38500d930b063ee3035cfa82cec3f82dfdb5a0388c50de5f1fbed16a67fba6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708352, "uuid": "6933b84d-0d03-4cff-9070-5398e69cded6", "value": "T1DB05AD3C61D65C22C75673FA8599C9E10335AF00AFABD26A267E30CC8971B93EC9154F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708352, "uuid": "0178407e-2773-45ca-a094-35d937a1dbac", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708352, "uuid": "df13cb6d-5287-4b65-a8f1-4d01e83118c8", "value": "12288:2FMcqZfltXydD66g8Q1eMVuVSY2sRmgG2rrPEASeq:22cIjXSD0l1e2uVSOR02+L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683708352, "uuid": "22bbb393-3a13-4798-8ffc-5b28169df72f", "value": 872448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683708352, "uuid": "8b651bf0-7773-45ae-820b-72d05e647294", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708352, "uuid": "396a46d4-5767-4687-91e9-3b9a041152c5", "value": "953db0fa8e971527b18ae9abc387f7a2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af04935f-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688429, "uuid": "da46aaa7-f77c-463a-bbd1-4ad8bf80a0bf", "comment": "Malware payload (Kovter)", "value": "0badaa6ae1d0d3862d344650b9c690e6", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688429, "uuid": "61cc8332-9b69-4e2d-b85d-25db72442413", "comment": "Malware payload (Kovter)", "value": "33b6aed5b4eebfba3854d71112cc6a90e7915f0caf295bc3ddc96a32b1441e8d", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688429, "uuid": "91d12f8f-6e03-4cce-a017-93774a30e687", "comment": "Malware payload (Kovter)", "value": "c0cf440b48b373c8234fcdcd4a20aa7dd747b390", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688429, "uuid": "10724cd9-2ac2-418f-a928-4d42deded155", "comment": "Malware payload (Kovter)", "value": "a7c05b6c1c3aaf318b77b7126aef1d7a2d48ce4e37f780fde044312320472da173e635f1f7b94c5732d8fcca86a1d40c", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688429, "uuid": "71a06e19-74a1-4942-b749-8bf8e538e2be", "value": "T153744A39F640D637C42119BC9D0FD2E5A1B9F6306E341D1BBAE52F4C58B91836A2BB43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688429, "uuid": "262e2c18-bc7d-4639-9dc4-9401ae072411", "value": "6144:uz2xIUbpRIe7j9ntHR00krZ+ci4K9RZ+EXFhTBAd8/rcRY95fkAqsQNqWLK:ui+qpRD7jpVU6R3XrrcK95cWHH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688429, "uuid": "9bbdaba1-6d3b-4f2b-8ff1-22935bb53acf", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688429, "uuid": "ca02dd14-0f20-4d3f-98c2-b6f701357186", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688429, "uuid": "d640eac6-5b4d-4e7a-9804-55644a21935e", "value": "2023-05-09_0badaa6ae1d0d3862d344650b9c690e6_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da694781-ef53-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Quakbot)", "timestamp": 1683737894, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737894, "uuid": "53f42bd8-97e9-47f4-8d1d-c6e189cfa8e6", "comment": "Malware payload (Quakbot)", "value": "f42544fe0db583e4b836e4b8cfc52802", "object_relation": "md5", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737894, "uuid": "81f3eb2d-c49a-443f-82e6-79c405e39042", "comment": "Malware payload (Quakbot)", "value": "341632ac20540dcdf4dd6cf6675503e6db3e2f513e39bb1c99d4603e06cc8c9d", "object_relation": "sha256", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737894, "uuid": "85d2aff8-f6c4-4d5a-9346-eecea14a62b3", "comment": "Malware payload (Quakbot)", "value": "7b621dcaabd1f833f8381bbe9cc8898dd09c95b2", "object_relation": "sha1", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737894, "uuid": "bd763424-a73e-4323-a435-c17e1572858d", "comment": "Malware payload (Quakbot)", "value": "43f005c2bd069c35adc59edb41206f4a7c87efe4345ee0f7f96f5bba627e856669f630188e8219759965bb030f3f1a0e", "object_relation": "sha3-384", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737894, "uuid": "23f413a2-7513-4415-9425-7d563f167207", "value": "T19B53F89CA48CD598C9B9EBF3E752F0CAE24D737B4A8A44B271AF5FD20243D15E943841", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737894, "uuid": "22be0254-5a29-4f3d-8681-ce4500f2458c", "value": "768:K0jVjgocGH4FBncGH4FBQNsgecGH4FBscGH4FBIacGH4FBPYLnnndTVrXmm1wDsv:pXcs8csxecstcstacsaMnnn76gmAV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683737894, "uuid": "dafdae97-0122-4c98-8848-c6e41cca0a41", "value": 62173, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683737894, "uuid": "c7c92e30-2d6e-42d0-9022-1bdec0cae6bb", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737894, "uuid": "c5d03730-a8a2-4bec-a264-1a3e5e3959fb", "value": "NDA-1337-May10.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fed0e09-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683700000, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700000, "uuid": "1e131436-cf14-4b99-8b06-e06cd91af213", "comment": "Malware payload (AgentTesla)", "value": "bdd29a7719570ead894745646b29bd8a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700000, "uuid": "3575b114-f451-4580-badc-6f955211e019", "comment": "Malware payload (AgentTesla)", "value": "36033b3d2fc4a4a296c7ee367048a9c4b682674275a8e23ba76c2b1e63155f0d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700000, "uuid": "5c8e10ec-8329-4085-a8d2-a933e9af6e32", "comment": "Malware payload (AgentTesla)", "value": "49a0535fba3a7e406ea31fcce5d3828fa8199bb4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700000, "uuid": "b2639ce8-4bd9-44bf-b34f-21f30a005783", "comment": "Malware payload (AgentTesla)", "value": "0fa1836138f96b2d6355616a21bd848b058d38888f33bf188f1f31b5836592f139d589d33b6f39baa7679cb2a7e7bc80", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700000, "uuid": "db362f29-10cd-4026-ac8c-095997197002", "value": "T111E423B16F62741D02FFD6250A237996087FDF268C5F17D5C3229A6C41C465EEEF820A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700000, "uuid": "0214f355-5abe-4ecf-baaa-29b79aecf264", "value": "12288:XDbZeyTYKMjcb9B4PEPwW+sLy/oZBq75mRildXk4HSj4Xv:TcN22PE4W+7Abq758illsj4/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700000, "uuid": "e86489e6-c5fd-4a01-b8e1-ae9d5046b1f5", "value": 675601, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700000, "uuid": "f40c5ac8-5bba-4063-b40f-1bc864653736", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700000, "uuid": "8c201d06-8be3-4b50-9b3e-3f158150ff14", "value": "bank details.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16dbbc91-ef0d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683707501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707501, "uuid": "924afe71-f728-4c3f-8621-666762ff83a2", "comment": "Malware payload (AgentTesla)", "value": "d220fee87f52ef5aee5518e324def944", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707501, "uuid": "35590682-5290-4347-a79b-8e704bb42137", "comment": "Malware payload (AgentTesla)", "value": "3706066f775904b6ac4d07b179d3f7846c15c085ddeff5633c72a555d9529748", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707501, "uuid": "48a5ce13-4640-4855-be26-ac613469bd42", "comment": "Malware payload (AgentTesla)", "value": "b8d3aef7ce42625a69795703f7ec4fec9710e36b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707501, "uuid": "ca824328-e6da-47de-ac25-d5d2598a0592", "comment": "Malware payload (AgentTesla)", "value": "2da487ba1b924a501aefd47e0172aa5653e9928f9697300a2f387a0e5d84afd554f709be4c241426152b60243eb2b6df", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707501, "uuid": "d0d36198-454e-4309-bf6e-ef59532eb310", "value": "T1FB25C05072D9B6D6EBB80BFA2D1D061B0377AE536C13C01C2EDD30CAD931B5949B296B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707501, "uuid": "1d377222-bea2-49ef-aa79-a05c1a049231", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707501, "uuid": "fab69fc0-5bb3-4527-8854-59bd8e12ddac", "value": "24576:VULrxcYlB0FZfuPLvMCFl3iZN/2w1LDc:2rx7Qvuoyl3iZR2WLDc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707501, "uuid": "76b4a6c7-7a8c-4cb5-8d6f-ad2dd79e2d45", "value": 1003008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707501, "uuid": "211ee292-1f82-47e8-b597-dc6994e0da6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707501, "uuid": "2e9ef887-577f-4594-8525-9f41932b8420", "value": "41570002689_20231005_05352297_HesapOzeti.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5aa083c-ef26-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1683718585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718585, "uuid": "51053200-61a2-4b05-9ecd-82dc65ab69db", "comment": "Malware payload (RaccoonStealer)", "value": "037b7f170278d8baefa2ef8845fd88c9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718585, "uuid": "9ffd6576-c42f-4c7a-9e42-2d5a81dec242", "comment": "Malware payload (RaccoonStealer)", "value": "371b06b57c7c8ba2e52a0aea542693c4e147a18a0bc98fedcad04807186e3e79", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718585, "uuid": "9a23d19d-779b-40a0-b7cc-3f506935cb7c", "comment": "Malware payload (RaccoonStealer)", "value": "fc542ec3047a409712550f673488c07e8979ad8d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718585, "uuid": "f557687e-1271-4aa7-b080-e593dc7ecff9", "comment": "Malware payload (RaccoonStealer)", "value": "b6651e9ca1a8e75d39159f62227464dd0d2d728d8e772c82c650ce802137809ba6a48d4c72d8dab6c3292f3b77dbd436", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718585, "uuid": "a35e4510-e780-4022-abc4-4868707f8dc4", "value": "T1E6C633B33275414AD4C98D35D82BBEE030F61F228782A6BC24D7BBDD1776468F216987", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718585, "uuid": "54d91571-c8ab-4dbd-b686-c5b134fad32a", "value": "1b3911321150a9662fa1b0f22689c572", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718585, "uuid": "fe5bd083-00f0-4c2d-bacd-ecfa2487c9fc", "value": "196608:dbSIcnnDA2AcwCXvqngdtaUM0rESdQX64CjFFORXczKH4VfFvJW1J27oX6:dbqnEEtqn0aj0Qv2FFOxcN1A1JwoX6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683718585, "uuid": "0c558d55-e9f3-4a67-be55-a916ec747861", "value": 11507200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683718585, "uuid": "0beb39ff-3101-4d26-b1e4-10e1e9c80007", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718585, "uuid": "c2453302-7f9c-43e9-b5d4-06b963d621fe", "value": "371b06b57c7c8ba2e52a0aea542693c4e147a18a0bc98fedcad04807186e3e79", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45656a59-ef1f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683715310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715310, "uuid": "11c795ce-bf48-4f55-b223-78a06d2645b9", "comment": "Malware payload (AgentTesla)", "value": "5eaf4930b4c140b37696ff40d17c8378", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715310, "uuid": "b6dbce9f-f6fb-4910-8e02-3120d38f5d2b", "comment": "Malware payload (AgentTesla)", "value": "390c232ef961f72ca0a624dba0adf69ab2ad5480accb3c8c0b4f475299e4c9f7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715310, "uuid": "d56943ad-7b32-4f23-afd9-4f37546887ed", "comment": "Malware payload (AgentTesla)", "value": "3e79bba6a428e8edf2586fef7b372f2e2f20dc7e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715310, "uuid": "fa404c18-3db0-42e5-b34f-51e688a3629c", "comment": "Malware payload (AgentTesla)", "value": "447df537c510bc9c6daecb037865c4899fc8805a31645567754304a5f771744c3d3385b611294b6d71108a1d963a0859", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715310, "uuid": "38e499c3-a0a8-4f87-80e0-2e750495cdbb", "value": "T104D4AE535065CE4FFE2ADBB091B4FF55A6F1F07364D190242BB821C9CBA9F021E8D52A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715310, "uuid": "eea4e450-51ea-4b8e-88df-69cb4bd24925", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715310, "uuid": "15c25149-2eb6-43a0-b85a-d5f3f96a22e3", "value": "12288:SRQnQr0RtlTHvjKCNxDuf5eSHGVDWJg8XTtj7egQVt:SynQruTHv76VHRft", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683715310, "uuid": "d1041022-5fa7-48cb-9ff9-d14de170ddb5", "value": 653824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683715310, "uuid": "fda4cdc6-6645-4279-8b17-69fb183d3f93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715310, "uuid": "b20d2d23-0caa-4938-a513-1c5ab1570bf8", "value": "390c232ef961f72ca0a624dba0adf69ab2ad5480accb3c8c0b4f475299e4c9f7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8f68024-ef2d-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683721544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721544, "uuid": "9fd43005-9eca-46e2-86bd-9bd2d495d673", "comment": "Malware payload", "value": "f4ebd2a2d0ff857cca296b6d868e94b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721544, "uuid": "652130e2-35c1-49b5-8419-ddb5f0639c36", "comment": "Malware payload", "value": "3994c8e0aecd846d4745bee253585ab2787b6b5fe80ccac607dada63db1b4177", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721544, "uuid": "565fb868-52a8-4ce1-8e13-81b108958a44", "comment": "Malware payload", "value": "e284b010ec634795cfe4da2cb4ea376480fdb6d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721544, "uuid": "0e2e09ef-28a6-4fc9-a86c-ecbd16be67fe", "comment": "Malware payload", "value": "92c58b8f6c9eaaa6ab800193193dc0de2c9ca1b6f505521e356776c44d5a8f8a5cb19bceed87531c9b319c52d1cf8629", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721544, "uuid": "4b1e116e-9658-4e48-964b-925f571476d1", "value": "T15CE48D1E739801F8E167D179C9860902E7797846237257AF43B2879B2F6B6B05F3E321", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721544, "uuid": "edd3fb9f-7d3b-4d20-8c2b-ce22405e6a23", "value": "73d189c842cb51c1f0d99b6e94ba6f52", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721544, "uuid": "b38b9eb3-76ec-47d3-ac0c-81807835ab67", "value": "12288:Rgi0cO/aRB7kBfqQqVw2yJ5rcQm6dTxqooWjrARw75WSaLpG/4YBZRyIL9oI0+Ip:6i0vTcSaLpG/4AZfBT0+Ip", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721544, "uuid": "9d73928f-fd20-484e-a421-451ebebeda6d", "value": 683520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721544, "uuid": "b7cc7c18-c2a8-4abf-91aa-17586434a7c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721544, "uuid": "71a27a6d-838b-46e1-b494-e86d30e87ff2", "value": "H90490861252\u00acF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e022b8bc-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683704403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704403, "uuid": "35ae594d-34f9-4b83-9f5f-f883ba439d97", "comment": "Malware payload (SnakeKeylogger)", "value": "7aa2c7251f8ad8ffd7e47380091f1888", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704403, "uuid": "747476af-93fb-4347-8b07-b9553419d734", "comment": "Malware payload (SnakeKeylogger)", "value": "3ae45c91266fe6bdd2d48f8b9d6ddc09e896239545256e00960fc792a41c061e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704403, "uuid": "0e22db98-c71c-4068-a285-fb2488c392c4", "comment": "Malware payload (SnakeKeylogger)", "value": "790c88fa6123676df7641dfd528b821d2d2b5cd3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704403, "uuid": "1139cdcc-07cc-4b59-8ed8-dffc21416870", "comment": "Malware payload (SnakeKeylogger)", "value": "ee5da16ad2b7b9a9c1a228c9955e6ef4a3ff0ec60d03b4e6e23efcd25734d40fe65ecc7df93ccd34574e07ecefa7e09f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704403, "uuid": "7e62b70f-99b6-4411-82f3-fec667cabcfa", "value": "T1A7058C3C22DA5C22C35673FA8998C5E103356F10AFABD16A267E30CD8971B93ED8554F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704403, "uuid": "4a621ba4-0cbd-43f4-b937-da83b25e8008", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704403, "uuid": "c0a4646a-f806-41f3-a854-4a9359a6cfaf", "value": "12288:ej420ZfOtxytPhs+z6af1ev998AlUadIqh7IBi0tP:eU2CqxG6aAvikJ8NP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704403, "uuid": "6c28dac5-36aa-438d-826b-f656f38bbae7", "value": 833024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704403, "uuid": "840d23e1-c5c0-4ad0-abd2-000c54fad0ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704403, "uuid": "91b6999a-db48-4974-91ef-3d02850fb309", "value": "Doc 45 AAB 979 - 45 AAB 850.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b71660d-ef2a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683720098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720098, "uuid": "194cbbae-4208-4991-af8a-ee765baf7bf8", "comment": "Malware payload (Amadey)", "value": "ce51d0d164df92947a2de5df29791fbc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720098, "uuid": "e3b84d94-22fd-47a9-92f9-907f954b4b05", "comment": "Malware payload (Amadey)", "value": "3b293d31c85b84498dd6aff024ce63877607d1f6ea3a165faaa18e9447054633", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720098, "uuid": "f1a9b9cc-5ab5-4320-938a-ba9538c5f337", "comment": "Malware payload (Amadey)", "value": "f6596cceb3816973fdcf075ee092d082b8391e1c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720098, "uuid": "d1f08ff0-501f-4c98-a0b9-faf3c8710e8a", "comment": "Malware payload (Amadey)", "value": "ba850ed79ec02e98677eeca1838ced687b57b4e0647004b2119e2ef03db2e899d434d2f522065a416b99198f673101f7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720098, "uuid": "a8ba402a-8426-4533-8fce-750da113b1b1", "value": "T1C4A412435AE44477DCB51BB019F603C30F36BEB66C74862B5285696B1CB36D0EA313AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720098, "uuid": "ec12433b-0a22-42db-a8ab-3f0bc28a34f0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720098, "uuid": "bb22584e-24ef-406e-8803-a5af53d322d5", "value": "6144:Kqy+bnr+pp0yN90QEgNUIK3+63L/5ScEzKVAS8N6aT6zhXuR+fr/ALowrQ2AlKcP:WMrdy90kUrf/5xEz8jE6/uY0LfQPfeQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683720098, "uuid": "96fbf4ce-bc14-4110-bf99-e2508a76202b", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683720098, "uuid": "19a49f1a-39da-4bdc-bc4c-1a68b134f30b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720098, "uuid": "be83851a-31af-42f9-b25c-2379c96a0cff", "value": "ce51d0d164df92947a2de5df29791fbc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b970c336-ef42-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683730537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730537, "uuid": "faccad29-80a5-48da-9005-c3b0db1145c0", "comment": "Malware payload", "value": "e86f2240d1f3d1a4d4535806c2400544", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730537, "uuid": "82a59317-d76f-437a-ab6e-f730dd3ed748", "comment": "Malware payload", "value": "3bc918a9d1686f5a49c9980d3a622be3210edc88c989647a2cba65ab27331729", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730537, "uuid": "8043fe1e-4b46-4184-89d8-a6a4046d304e", "comment": "Malware payload", "value": "e0f06cde59eb8410a2d93a05dba55cf984219703", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730537, "uuid": "752257ee-981d-4c19-8962-d2280dce7014", "comment": "Malware payload", "value": "7fed56db299541d10afc952e3a7eee9edef33efeaa731af515d044b3447c34619b7de548f437f508c290760c2feb81d6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730537, "uuid": "82127485-34d6-46b1-bde7-d6e0093ae7b5", "value": "T13A056B52B3C7D1B2EFA625F2D6B493721939BC34173C89CB7390382DE8A06C16A35359", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730537, "uuid": "e9c82872-b985-4f39-adc5-dc7a4157b08c", "value": "153aa0db686aff28745c696da6ec7574", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730537, "uuid": "ee69d017-c4d7-4ffe-a31e-58b68a353a73", "value": "24576:iG2s/vZn2WTiFYCcQj/unPKa6oyzqxjvZAL:Np26yVzqBvw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683730537, "uuid": "43618325-d78a-4b85-8857-98d1328266de", "value": 836096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683730537, "uuid": "9da611a9-96cb-4a6b-92cd-5370c057f176", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730537, "uuid": "c63d5185-8a85-47ba-81b0-2132a6be1795", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af3172c4-eecb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1683679410, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679410, "uuid": "0b0e873b-ea28-4ef9-a7f9-33f81ed8d55b", "comment": "Malware payload (DCRat)", "value": "f80df8b70a0f9a1bb4076a1280edf3d0", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679410, "uuid": "cdbe2ce0-70a9-4838-b95d-393aa8d14537", "comment": "Malware payload (DCRat)", "value": "3c0149f7a435f3bd4ac52cc7c7d97188e5b817cd4df4e650c525da27f0c3b952", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679410, "uuid": "8bc9df93-94cc-431f-9e5f-7f0f6aeccc56", "comment": "Malware payload (DCRat)", "value": "3f080225ca15bf34d829fa8d4e05bc71d0a88dd2", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679410, "uuid": "0b997c1f-f1be-4637-a855-6a912fbff740", "comment": "Malware payload (DCRat)", "value": "6d6d614222c4036ef413e06be6d12f0ac2169ed99f5a922cc87011f73950cb5fbf1ec045364f6f336ec73fda566a29dd", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679410, "uuid": "2e6fbe68-2265-45e8-b762-2c042f939dac", "value": "T1F2D4A5342EEA1029F177AF7DCAE53596DA6EB6A33717994D00B102C60723B42DDD063B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679410, "uuid": "ae62f5a4-21a1-466e-a1f0-540c7e03f18a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679410, "uuid": "7a1a4211-0998-49a4-a1d5-0538357c7cb3", "value": "12288:M/2N7bg5sB3z/ur3IJLUwdxJyI34K8tRRzvKupIdReaBFTXO+x:M/2V2YLxx3OROumzeM4+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683679410, "uuid": "1264f57a-b548-448b-8763-8eff66fdd96e", "value": 646144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683679410, "uuid": "1ee0ab80-4168-451f-96ae-7ea4568ae097", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679410, "uuid": "4b3e1939-289f-4005-a758-a4757284e262", "value": "hyperNet.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18c87977-ef8c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683762050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683762050, "uuid": "cc7a0b3c-f417-4ee1-9774-a18b5eef38cf", "comment": "Malware payload (RedLineStealer)", "value": "17b7505bb857cde368ee0519e0eab7c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683762050, "uuid": "be4fc48e-1dc7-4b90-9d18-fd46c2b81a8b", "comment": "Malware payload (RedLineStealer)", "value": "3c52cc1ad7669851fc5fa310f33398c2db29fec9c41255a222ca035ce1a0c172", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683762050, "uuid": "6b5c6960-b5c9-44c5-8228-f7e1d6e61224", "comment": "Malware payload (RedLineStealer)", "value": "929cb6a266675badfda85d60163e5b7085ef0df2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683762050, "uuid": "0926e196-9a66-4939-b43e-c0fe0fe354ff", "comment": "Malware payload (RedLineStealer)", "value": "1f50ce868523d571792da7fc73d675ac236a9f0e829ee48b7655584f400b5739a8a727dcde63364c0595d8a415a51484", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683762050, "uuid": "11d5b0e4-bd23-49e3-a59b-b0b80756dea8", "value": "T1DC24F6267912C031D560A1B619F4BFF2C59CA824ABB049DB7B800F77DA122F73D61E39", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683762050, "uuid": "5c018400-b548-4621-8abf-a9f01dafb907", "value": "f8cc61ade86cb7277d0ab974de6323cb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683762050, "uuid": "a56c7e36-6a2d-4d9c-ba7c-652979bb10c6", "value": "3072:mhMCsw9/w+A4cwP+5OzutpHKGruONM4QuZA+67bi83eILfbq5kmh:5Cswq+AXYu7HGOSuZAlAILjq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683762050, "uuid": "09716781-dd80-49b2-8f05-3396a6b51513", "value": 215461, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683762050, "uuid": "f0e154ce-e699-4fc2-8532-60638e6bb05a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683762050, "uuid": "e7dc73b9-adb2-4949-80d6-f78cbcfe37a1", "value": "17b7505bb857cde368ee0519e0eab7c7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07e3c864-eec9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683678270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678270, "uuid": "89992ef3-e396-4a31-b48b-6334061a0368", "comment": "Malware payload (RedLineStealer)", "value": "2b64952eb70dbc80dd762b5571662f53", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678270, "uuid": "305ccb96-fb44-4ed8-9f56-93e53a28565b", "comment": "Malware payload (RedLineStealer)", "value": "3c7edca94de418d0a4fe84cbc39abf773a079ea281544a72ed1fe56eb911aad2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678270, "uuid": "ef228c60-91cc-449c-acef-7e10c3a4a217", "comment": "Malware payload (RedLineStealer)", "value": "a6707a7e3499683114cc79738203795335708d84", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678270, "uuid": "dfe72be6-5b6e-49cf-b95c-9e2d1e28136f", "comment": "Malware payload (RedLineStealer)", "value": "7012380cd7c8a3591bb18499f135d62d05030ea8e39136cca0f1407412269f29700dbcbb4a57076af64a6633f711c255", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678270, "uuid": "76abd8dc-669b-495c-b180-ea3a14b8d879", "value": "T14DB40217E7E89432D8F6277018F603930F31BDA19DB8525B2691695F0CB37A4E83276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678270, "uuid": "cc3f0938-c9a8-49a6-94a0-f3001cae4796", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678270, "uuid": "a4d41035-a1a3-4afe-a94e-da125205a14a", "value": "12288:pMrUy90UQFNrhpT63AY/rp3PxLV+wzpsTF:VyTihpTKpBJzpa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678270, "uuid": "d6c2db2d-9453-4cd2-94b4-a90988f46e7c", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678270, "uuid": "f604be93-188a-4502-9455-54e22b308298", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678270, "uuid": "155abb80-d393-401f-85aa-034cd953a2e7", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07986ca6-ef7c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1683755150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683755150, "uuid": "34d8ae58-f28b-487b-aab5-21851c69a6e8", "comment": "Malware payload (njrat)", "value": "0c73944aea4a73904d40c015991b83cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683755150, "uuid": "9bd42c0d-d1e1-4ff2-8f55-ed14183dd111", "comment": "Malware payload (njrat)", "value": "3d24da5c582ebfe07891b63d34c3274675bd65a995fc0506584d663961582b7c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683755150, "uuid": "4cf852db-04fb-47aa-8dc9-2576d20d1d1c", "comment": "Malware payload (njrat)", "value": "5cb8937b641433a53cc706ec4fa7ce9708abee7c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683755150, "uuid": "17e5bc09-eb93-409d-810c-8e774cb85c28", "comment": "Malware payload (njrat)", "value": "8ab609e896f768f935843497059ad45444d85e2d02c65e0996b6f5d70db2f81da74d261667f9473ebfd77cad0aa383d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683755150, "uuid": "9f608dc4-5b38-46b9-a3d0-caefe763096c", "value": "T10393D74977E56524E0BF56F79971F2004E74F48B1612E39D48F218AA0A33AC44F89FEB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683755150, "uuid": "ff736255-f5dc-48d8-b0ea-b8e781bcd9fc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683755150, "uuid": "f40fa575-0ac5-4c4b-815e-dedf96675564", "value": "768:LY3z+RhWXxyFcxovUKUJuROprXtgN8eYhYbmXxrjEtCdnl2pi1Rz4Rk3esGdpqgM:2+/WhIUKcuOJXPhBjEwzGi1dD6DqgS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683755150, "uuid": "a5187d29-c918-4fdd-83c8-f11a5f055327", "value": 95232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683755150, "uuid": "cf07d07e-0317-4619-a7fa-e632d28c8908", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683755150, "uuid": "ae84516b-4a20-4339-826d-f3b3c881084f", "value": "0c73944aea4a73904d40c015991b83cc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b84fe73d-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Autorun)", "timestamp": 1683688445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688445, "uuid": "d5d045d6-c410-4a2b-954f-397d675be5e6", "comment": "Malware payload (Autorun)", "value": "5838425c7c72b825965cb90f5d2ed7bb", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688445, "uuid": "80e5e543-2973-4521-937b-0ff8728c7cf5", "comment": "Malware payload (Autorun)", "value": "3f677fbac76b6fa26d8c735dc9507196d2de0aa3d8cb95ae14987cdcc9f88ed7", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688445, "uuid": "066cda50-e4ea-40a7-be5c-5b4621a19f7a", "comment": "Malware payload (Autorun)", "value": "8136c90fb01501049ad202f03239838bf3e27895", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688445, "uuid": "417e342b-b1d2-481a-a381-da01a3757f50", "comment": "Malware payload (Autorun)", "value": "ed97658faca5f0891a9224f19bb330eb7430b8548978583371627b32bfc5adfc4fbdf9ecde1ac94b7c1583f6849411e0", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688445, "uuid": "96f76938-3f3a-4f5d-a03c-5b3acbcfba61", "value": "T144C56D64E610D87AF3D5E978240E7F290CE579121BC23E4DA48DAB241FF0EF4E5B6294", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688445, "uuid": "6cd397f0-c0cf-4ab2-a834-81a2a1139b89", "value": "12fcd3183e0fb67f1e38925ed5c0c47c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688445, "uuid": "8adf9f35-22b6-4157-837d-2b1d9c4b3372", "value": "12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCF:eEtl9mRda12sX7hKB8NIyXbacAf0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688445, "uuid": "742fcb3c-d36c-4171-bba6-d9681fd58a9b", "value": 2631934, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688445, "uuid": "1b0a8980-ffbd-4bf5-8afa-3713fa66c4e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688445, "uuid": "f27d4168-d63f-4ce0-aca8-7984564fca28", "value": "2023-05-09_5838425c7c72b825965cb90f5d2ed7bb_ryuk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed6f5a38-ef34-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683724611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724611, "uuid": "44a83911-253a-4935-9d23-2a26adddcb28", "comment": "Malware payload (Formbook)", "value": "d9e05b26e4ba8db84e61e1042d22b920", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724611, "uuid": "e0ee163d-31e6-4bc9-8117-dc48b9b6db80", "comment": "Malware payload (Formbook)", "value": "3fe2c04c33423019af7464d50b3df0775a565e9a31e1a289b49e4e180585ab00", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724611, "uuid": "7d342e39-48c2-4737-905c-9ea079cccb32", "comment": "Malware payload (Formbook)", "value": "13fd6f491b1cafd46e51a2a53b5d62f02cdc9e53", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724611, "uuid": "283614c8-4524-4865-99ca-06e017b9213e", "comment": "Malware payload (Formbook)", "value": "d5600bd2bfe77d67448290febb6d15e867b23149c897b6c7477596ef2f5fd1833c7bea8b10a23d36ad59b2de8dda860b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724611, "uuid": "f01c0881-d5b4-4232-a438-c4a21ce16e05", "value": "T138F4E061221A5B17CB6943FF0A28494513B97716FC6BD23C6ECF20CDED22F504A62E67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724611, "uuid": "7d2d0fa4-aea0-414e-9895-daeec45fda1f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724611, "uuid": "c6125f0d-14e5-4043-a919-0ca553b662d8", "value": "12288:4IZfTA1Bgt9byODL/qAn4zlwUhGmkkEgxV3i/js2kDXHqt7A:42LA4tNyGzq4hUhG5u5Mjkb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683724611, "uuid": "52a96b89-f824-4390-bc09-a2b36700d141", "value": 793600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683724611, "uuid": "4f4b1ac9-408b-429b-bd68-f314ad7b3df8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724611, "uuid": "8cb8598f-266b-4a64-a63f-3e9e8ac56434", "value": "PAYMENT BANK DETAILS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70857a16-ef2e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683721825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721825, "uuid": "29c53325-f83a-436e-869e-da5c016eec42", "comment": "Malware payload (Amadey)", "value": "0e1cc772c7c693f1d34334752d6b99a5", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721825, "uuid": "a5cdea2d-7849-4a56-b1ce-7988a7210782", "comment": "Malware payload (Amadey)", "value": "4045c17a28b421a6d61a380554df6c3280552855f2f05a152f98639f2c03cb9f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721825, "uuid": "5000ee85-0159-4a9c-948b-56de51d9ba7e", "comment": "Malware payload (Amadey)", "value": "baebc5d8acb64e35ba5771bcf62c1dc3d0ba3610", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721825, "uuid": "06841ba7-f802-4428-9369-a12a97159b10", "comment": "Malware payload (Amadey)", "value": "13ea1bae42d9ff3ad4df1ca3ff551a8b8d058519c6d9975c21e47dfc2c23b358eae1b220b33d61f064d22c02c98025c1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721825, "uuid": "bdad9058-c25e-4ecd-a11a-89608399f100", "value": "T1EFA41212EADC8073D8B62B7048F303931B39BD92997483AB2749699F1C73589B17177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721825, "uuid": "9b05f68e-b8da-41ad-8ab6-74a9b09861bc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721825, "uuid": "72241082-54a0-4683-a7af-768f90a22214", "value": "6144:Kiy+bnr+bp0yN90QE0ANiyiGXqvsb6dJGR8+xhbd/Di/SPOCTiyhwkf+zTkduljF:WMrjy90tiausycvrOVkETV9OzMJZp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721825, "uuid": "90afd9fd-9ecd-4dec-8cd4-276dca599846", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721825, "uuid": "7124de42-e694-443e-82f4-0c96da91c357", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721825, "uuid": "ba946522-655e-4b4a-b9af-873f7df768ed", "value": "0e1cc772c7c693f1d34334752d6b99a5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39fefb9b-ef29-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683719586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719586, "uuid": "9051eeb8-239f-4d19-82d3-c1c73037818e", "comment": "Malware payload (RedLineStealer)", "value": "ce7fca1f43f244376087a93607ce32df", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719586, "uuid": "9fe784b4-77c0-4b92-b071-f248f449f84a", "comment": "Malware payload (RedLineStealer)", "value": "42795322c22e23800ec41b0180d20b31c9233be1fed8b8b45b603117c9d2912b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719586, "uuid": "e48b4af6-4654-4bb2-baa7-72b6736469ba", "comment": "Malware payload (RedLineStealer)", "value": "0ea246dcc84f0710f7da37287d77fcc8aebb6159", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719586, "uuid": "7878b7c6-9fe4-4f8c-9b4d-1b473ceceb8a", "comment": "Malware payload (RedLineStealer)", "value": "798d700cacf2b26ca506a469dafb06ebfd4ebd1b135e4d2daffded66e6c6b7b47511f5b5fded3a1c83e9b056a9a454e6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719586, "uuid": "1c01c2ed-9553-4ba8-90bb-bf6e239b31e4", "value": "T1D1A41203BBD485B2DCF6177008F713831B36BDA1BA38836B2749695A1DB3584A932777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719586, "uuid": "67b96dd8-0ddc-42cc-a988-0dc763f361e9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719586, "uuid": "f54e4ec6-0153-4835-87d7-8a7a9ddfe766", "value": "12288:ZMrgy90q3lruWlKr26EJqnT1E5ZyQRa2DA:ty/1ruTn5gvaP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683719586, "uuid": "a2b53034-2bee-4536-9f1a-747416a5d1c1", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683719586, "uuid": "c1365598-3028-4e0f-b17f-bd0a7d9e6102", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719586, "uuid": "b002e36a-c856-4c06-962f-ce5958374ec6", "value": "ce7fca1f43f244376087a93607ce32df", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac76f4a7-ef42-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683730515, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730515, "uuid": "413a9087-8d5c-42f4-aeb3-be2afbbb1bce", "comment": "Malware payload", "value": "3c5f7403acb88cbd3080985777aab4f9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730515, "uuid": "376e1398-64c3-4d6f-855d-25daff8ff72d", "comment": "Malware payload", "value": "44562ec7488a2c4dc8a113d868321cff1a1a412ff4d0b37e07678ed068395d88", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730515, "uuid": "69b80661-eca8-49ba-b0fa-10c796e5c17d", "comment": "Malware payload", "value": "a10cdda11a447d15b27f68d5e1fe76dd7bfc2591", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730515, "uuid": "8ed08701-5c88-4d4f-bd07-a67c7dc8f7e7", "comment": "Malware payload", "value": "61d0340656341a212df74ad9b9ed6427b2e4fb14b9c6843191c3f44e7007752dd9a388207285ac109f223e223524daec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730515, "uuid": "60a79dda-1346-4122-941f-a3f0e1628f12", "value": "T17B056B52B3C7D1B2EFA625F2D6B493721939BC34173C89CB7390382DE8A06C16A35359", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730515, "uuid": "59915b22-96d8-4895-9419-d1456747d3e2", "value": "153aa0db686aff28745c696da6ec7574", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730515, "uuid": "f311c28f-f90b-43fc-b395-9c1dc927f743", "value": "24576:iG2s/vZn2WTiFYCcQj/unPKa6oyzqxjvZXL:Np26yVzqBvR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683730515, "uuid": "941e71cd-c6a1-44ce-9dfb-5e8d8469259e", "value": 836096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683730515, "uuid": "c375fb11-eb61-4b03-a579-33e2ecd0a310", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730515, "uuid": "e8f561c6-7507-40cd-9f34-7808f71adf8f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1989839-ef11-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683709559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709559, "uuid": "bd49f299-3b04-4fb8-bd78-e153743d050c", "comment": "Malware payload (AgentTesla)", "value": "62ddfb121b22ceedbc44215d140e9daf", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709559, "uuid": "49c89a20-10f4-4ee6-881a-9bcaa88410ab", "comment": "Malware payload (AgentTesla)", "value": "44801cf505ecb773e76855ad7fbc2bd89c9e3badc7413dc5dbbd2c0b3a39609a", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709559, "uuid": "7325806b-14b0-4a5a-8972-a345ca39333f", "comment": "Malware payload (AgentTesla)", "value": "e445cb698afd70a4812450b237d902a6a7d18b43", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709559, "uuid": "37de9fab-1f2c-4dfb-a2fe-9ac1fece4b49", "comment": "Malware payload (AgentTesla)", "value": "12afe6a9a19e6b91547276b4b0fa9b0b52983f0ae8c9e0d2ff41513b049490dd7555832d3f1376cd26b95906301bf4c5", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709559, "uuid": "e9ec47df-5124-427e-be26-41e20ac780ce", "value": "T14DE433D9B5CAAA5A339421BDDFC73A501B2AB0DF00A73A0ECB112D92B704DB7B5017D5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709559, "uuid": "9006dff9-02bd-44c5-ad03-c787b4694617", "value": "12288:ZYNyd+LLkMwBux6KR0PYWhqYTsdPuUUo7eheIImdSoJ7+v6kEyU:ZYNykLLy4FR0gWhqY1UNAebmd+SXyU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683709559, "uuid": "d651cb8f-b4ab-4b8a-8f13-ffb5c87f695b", "value": 675786, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683709559, "uuid": "e08abc5b-c641-4dee-b297-4e6ec4cbf570", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709559, "uuid": "8531d87a-d8cb-4e1d-9d19-855a2b7b3089", "value": "PO FILE87965345 exl.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "047014e8-ef43-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Quakbot)", "timestamp": 1683730663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730663, "uuid": "ea3603c2-d278-4251-ba6b-750907f015b3", "comment": "Malware payload (Quakbot)", "value": "0275f3251f97834b35654cbc4fb0fec6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730663, "uuid": "c677a9a0-74ab-4a51-b4b6-f56d1a9c0f62", "comment": "Malware payload (Quakbot)", "value": "44cb7e236e15e6e5d09c4bc3989d163deab831210ae5183428f9c1b4779d8c10", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730663, "uuid": "1c3502ae-9403-4375-b3d4-b2b44d5c8ffc", "comment": "Malware payload (Quakbot)", "value": "71f60c53bf6e87d768b28e72144967d01fa5b553", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730663, "uuid": "ccbf279b-034a-44b1-8d92-4d01e70b75fe", "comment": "Malware payload (Quakbot)", "value": "e865549be77536ac0deb695fb3477cbeafd32f0970de44a7999b7b4f122f129b273e7c323a5cffc97c426c7cfaecfb6f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730663, "uuid": "9608f023-8a8c-4573-a38f-8d6bc900e6fb", "value": "T13E155C16E28290F3FF6128786051DB350E634F19F3669EC3D7642E95C9031DAAA3E25F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730663, "uuid": "bf0501ba-ee79-4c5f-a010-bb460c7531cf", "value": "8a51c68b360795fa270153789c839dc4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730663, "uuid": "b2f29547-4d92-44d2-b50a-c52808c0a21b", "value": "24576:ihfZnpS35SBAaIIWkmIap11vfSSUpjrquu0VMJ6tApjcxUjPtmqzSPdggvn:iR/Kfh5zSlgE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683730663, "uuid": "3e9032be-0a4d-4a9d-a8a6-6ac3f382f46b", "value": 910115, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683730663, "uuid": "e84062ec-4d02-4ac0-839a-896986d8dac0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730663, "uuid": "199489d4-0224-4b0f-9610-3dbae1714dbf", "value": "Deliberately.Frayne.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0a3a511-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688432, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688432, "uuid": "75c44056-efbd-4e78-8f55-38d3ecc3758c", "comment": "Malware payload (Kovter)", "value": "21a25f5865684f0da3e862be62451bd4", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688432, "uuid": "2291e68c-559f-47d1-aefb-09db62ce57c6", "comment": "Malware payload (Kovter)", "value": "452a9cb9c1626118c8a51e0e9624103228327cb6a60b05cbf30e073680885c75", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688432, "uuid": "1160319b-1490-4ea0-a7e0-24e88f5f329b", "comment": "Malware payload (Kovter)", "value": "fa454cf4803cf77e8c986bdf894c4506c266ee55", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688432, "uuid": "fef4318a-537b-483b-a1dd-f08f50d2accf", "comment": "Malware payload (Kovter)", "value": "7713ab73aaa76c854e9426704fa3089d3ea1310ac09e181e7f6cbfe3260022b85c51619a84a1ef6de522ad73bfca92ca", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688432, "uuid": "c2705f21-1f6d-41d3-9f99-5175bd30f93b", "value": "T1C3743936F640E637C43258BCDD4FD2E5A569F6302E346D47B6E51F0C88B91836E2AA43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688432, "uuid": "b4ece8e8-8d46-4ace-814d-b03348a69484", "value": "6144:IG/L0bfHZkuI9odcJek52uyaErDzn9aCOnZzt8CV9/8f8RpqFQhqzkYT:Po5kDKSPmn9enh8f8yF/x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688432, "uuid": "a5ab397c-bd69-447d-b86c-77aa62f9cc76", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688432, "uuid": "819b99e1-09ae-4d67-ae76-a5d09b9dfddd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688432, "uuid": "67e72115-3919-4322-93d0-00ee3f5334c8", "value": "2023-05-09_21a25f5865684f0da3e862be62451bd4_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e8de99e-eece-11ed-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1683680617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683680617, "uuid": "66fb21ce-3bee-463a-a8c4-14deaa052539", "comment": "Malware payload (DCRat)", "value": "5ae7836d681f01fa10cc29b65e4962ac", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683680617, "uuid": "492d7248-f407-44e4-9eb7-43e8cf46ccb3", "comment": "Malware payload (DCRat)", "value": "45696f25affde4061e553cd2a5ef1fd943a17e15a0ca70937008c3d59473752d", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683680617, "uuid": "d1fce91e-b9b2-4745-8493-edfb1afd850f", "comment": "Malware payload (DCRat)", "value": "596717365fcb38de21f285cd317ab5269a962410", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683680617, "uuid": "e10fb2a6-933e-49e6-8346-8d8cc6f208f0", "comment": "Malware payload (DCRat)", "value": "b2a326d5c8c18955a4adf1007fbd1eeb1ba223dbc3fc0a21ffed51bab3bcea03540add535f581dc0962812da2ba3ab07", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683680617, "uuid": "a3cd0840-1a19-427f-af25-fbe7d94bc9f6", "value": "T109555C027E45CE61F0191633C2FF450887B4A9512AA6E71B7EBA377D59123933C0DAEB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683680617, "uuid": "d5103c05-cabb-432f-b155-37acb06b552e", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683680617, "uuid": "dd5abfd0-14f4-465e-b61b-e57aacf74ad6", "value": "24576:h2G/nvxW3WiWDIwHk+erTIm5XiyqAFZ0pKsXskj48TfvSHrwNKn88CUqsA:hbA35IXE+erUYXiLAFepK648Kro8C9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683680617, "uuid": "2b06af7d-cb51-49b5-843b-51f0ac04bc5b", "value": 1396354, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683680617, "uuid": "e5569039-549b-4ae7-bf06-d621ae7fe7f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683680617, "uuid": "69c04413-b46a-4736-b481-515eb5b1a556", "value": "Liquidation Loader.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b697e5d-ef23-11ed-b3cf-42010a9c0076", "comment": "Malware payload (zgRAT)", "timestamp": 1683717172, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717172, "uuid": "3d2da116-2761-4e8b-bba3-bf1dd4284606", "comment": "Malware payload (zgRAT)", "value": "2b000935034b75849976a3c41c6d69d2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717172, "uuid": "9e7f1779-bbfc-4b7c-86a4-74684b038234", "comment": "Malware payload (zgRAT)", "value": "4580c699c885d8c6847e587381afb987f6375a5b8ed2501dc8162cd53c164750", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717172, "uuid": "7838a102-81cd-40cc-99d7-b19247f36c19", "comment": "Malware payload (zgRAT)", "value": "879b851c05737bb2e995107d3c09ea6bdbd3f850", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717172, "uuid": "3ab06a29-a1a3-4360-b074-c50a616a85ca", "comment": "Malware payload (zgRAT)", "value": "4c2955c9f369c8d3e9b8ae7e55e905533b4a579551a57977ea4ca3d72263e5c984d5ba53bdce3fed939776791c0d2d88", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717172, "uuid": "498a0b45-c410-473b-abc5-d9ce426166f9", "value": "T16E34F0273BC31E12C509567460D7162002B3F393A9B3D78E394892DA4F467D9AF9B7AC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717172, "uuid": "68208081-2056-46da-9856-913d0bfd1c8e", "value": "6144:ZSmPAaC4G13EDXqiUrjkc09gR37lfJn4:JYaPyUDXqiUrjkc737", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683717172, "uuid": "000d9337-a050-4074-a0fb-8088729cc87e", "value": 235592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683717172, "uuid": "10e0c2a6-cb8b-44f5-9bd4-87d77fed8e81", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717172, "uuid": "f0c34ff9-3fd1-4960-82c2-69f305c2d873", "value": "BBYG t.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b3d60f3-ef22-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683716689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716689, "uuid": "ddfbb2be-9aa5-4cb6-aa40-593373ee3d48", "comment": "Malware payload (AgentTesla)", "value": "cb1a89175fef9adcf11ee2065e66d656", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716689, "uuid": "5c662fde-7a7f-4545-966e-1bd51cb176ef", "comment": "Malware payload (AgentTesla)", "value": "4634594a43ca9d6f4630aecf8a17a04a1b2e942cafa3080a4064e2ec7741bd5f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716689, "uuid": "cc158d4f-5fc6-4cce-9f1b-6abe88edb6e6", "comment": "Malware payload (AgentTesla)", "value": "05302a241bb8c8594adfce417f0a8116ed00dbfd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716689, "uuid": "00bae811-370b-4cde-9aff-6fbba1ba0f48", "comment": "Malware payload (AgentTesla)", "value": "a008d0f2dcea2ca0569ced42cec629eee34384d1b82de38f664436967c13c0ce544f78ae4df6b41f0344915b6382408a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716689, "uuid": "722fa703-4308-4e13-9a1f-662cef571faa", "value": "T199059D3C61CA5C26C71677FA8998C9E103356F00AFABD25A22BE30CD8971B93ED5154F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716689, "uuid": "fb544798-e95b-4708-8c0f-8eacad429058", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716689, "uuid": "d081d00a-6185-4850-9991-68ba2b10eeaf", "value": "12288:fFP1U2IDZfOtXyacaHJTxh+i3SkfU9+tfElOfw3ley5qtAs/K8c:fZ1U2I1qXdxhPi3dOqley5qtBy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683716689, "uuid": "0125e510-45c1-4e51-bee8-be8a762036a7", "value": 871936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683716689, "uuid": "28a07fa0-5b90-4df3-ad18-15a2315ff06f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716689, "uuid": "80f249b3-1f2a-436e-ad7d-9f5443ad0459", "value": "Purchase Order.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a3a68ad-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731317, "uuid": "644709e5-265b-4e34-b316-8ec0f30fcbc2", "comment": "Malware payload (Mirai)", "value": "a077b11ebee435b6d85d730ce582713a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731317, "uuid": "d62d0c24-10bc-49c6-a159-09331d55b3ca", "comment": "Malware payload (Mirai)", "value": "466ba7e6db432c71490f14c5f4a39349f543798a504b591fd0c7d2c645249672", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731317, "uuid": "25cf0a92-71cc-4079-824e-283729a0dcb3", "comment": "Malware payload (Mirai)", "value": "b59e2f49d813d23bf3ee4fa448e298c96030121a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731317, "uuid": "e06dad98-86b3-4910-8c15-89d9bbc0373d", "comment": "Malware payload (Mirai)", "value": "4bb33215b2790993de112f5af07165e5007dbde4e6133a4150a9e93822f18966d8718af1d409f3ebf6531811dae22209", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731317, "uuid": "1072886d-63fa-4066-8bef-240af4764577", "value": "T1A5B2D0C86686DA27FB83A035D86E0D09A5F7F151A71CE3E79D01D113676789B0B83E18", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731317, "uuid": "d1c39a55-8b63-43fc-9f4c-64fa252e2f4c", "value": "768:g5DCK8a2Je1pNat3uzpsV7ddJZJGXwQQ2x:gIpXJawt3u1sFFZkm0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731317, "uuid": "a9190b32-9d86-4e75-af35-48f928a22a51", "value": 24696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731317, "uuid": "f1b288fc-1caa-4ddd-ba3b-6226d9d74005", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731317, "uuid": "0bae62cf-34d9-4a61-ae10-04b014cf17ff", "value": "a077b11ebee435b6d85d730ce582713a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91e591c7-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731330, "uuid": "03634c84-0582-443f-b1e2-93d75b8914a6", "comment": "Malware payload (Mirai)", "value": "3f607f79bccf819a97711b619925fd54", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731330, "uuid": "c3afdaa1-09f1-437f-842f-b381f14020fc", "comment": "Malware payload (Mirai)", "value": "46a2cf463eef1e7c361a594e71caf9b48fef671e781f3dfa16118e7e96f760b9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731330, "uuid": "fde15c6a-cbf4-49ae-a29c-da9e824b23dc", "comment": "Malware payload (Mirai)", "value": "041a0baf4344b10035739de6c8d5b3dddad28bf1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731330, "uuid": "c8729f44-0684-4e54-ab05-50f53f562ba5", "comment": "Malware payload (Mirai)", "value": "d1d9d4396acbe290e2723774e47b0b9337893534be15c97d6ed39c0fe545bb9ed6664c9ea4c310e02712df51d7fee872", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731330, "uuid": "e512e422-613a-402d-b07c-88fd6c6b5688", "value": "T135432A25AD792E26C0D8A57E51F78724F2F2620E26B4C65E7C721E4EFF04B0065137BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731330, "uuid": "184667e9-af25-42cb-9e79-2b8e14ad8d0f", "value": "768:TuowUh8q9hW52kto06nFP87ayTbLl6WsldJHy1ttd7DUz1fkO+B5Lt:TuPUh8ShW52kto02EayTF6vl7wtU+V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731330, "uuid": "c30b7215-9891-4ce1-aba3-001a415a5389", "value": 60268, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731330, "uuid": "4d9b7271-bbf6-424c-ab67-64043e69add3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731330, "uuid": "38cdedec-20ad-4c6c-82c9-108d70884879", "value": "3f607f79bccf819a97711b619925fd54", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8067699-ef38-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683726240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726240, "uuid": "5c6a5446-20cd-4b23-bffe-a032bb98c1fd", "comment": "Malware payload (AgentTesla)", "value": "df8ec4210f9be48a166bad85a2ebc39d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726240, "uuid": "c95673c5-9357-4791-952e-a4f30822fb2a", "comment": "Malware payload (AgentTesla)", "value": "47770137af2d627918aa3ff8e45a95c73ab026c74a8f58e506b5b01f88a9687d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726240, "uuid": "b7b5dce1-7b22-4d15-a0d2-18b6e92ce570", "comment": "Malware payload (AgentTesla)", "value": "2d0e694de0833b228722228ef7520d553db35ff5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726240, "uuid": "3e672792-e437-4b79-925e-f61f8b790b33", "comment": "Malware payload (AgentTesla)", "value": "5c52c51a31ca5db204cc8189f95a08850e90d723e2ff6c4057219ccce10e78272783c93d4b6e3d6216e7e39436606856", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726240, "uuid": "15019074-ab79-44d7-92f6-50711edb3488", "value": "T13CD4236042F992AD7F04E308F94AC787E61DD413524CF6D1B9A7C85AF0BCAE8E0574B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726240, "uuid": "064a6fcc-0971-4837-a82b-cd94f70ff4d3", "value": "12288:1yfmC5kBBrvVw8RHh2wNeUnQ9G6SG1wBMAAF4a8c/PF8/5PowW1:W5kBBrtwBwNelG6SGdAAFNx05Poh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726240, "uuid": "f60a4575-7928-4ab3-a151-da03f3653062", "value": 650428, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726240, "uuid": "4dabb683-d2c6-4293-a4d6-5e6a97b576f7", "value": "application/vnd.ms-cab-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726240, "uuid": "065aeec8-a58c-46cf-aa80-7c6400301f8f", "value": "09MAY2023_FDGPLAIN-SHEET_PO083942-pdf.cab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c75dd558-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683705650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705650, "uuid": "9f3899df-4afb-4fc7-affe-4cf66e63fc79", "comment": "Malware payload (AgentTesla)", "value": "00a01e52c1cea67f0060dc808ed99ab7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705650, "uuid": "44407113-6519-4937-bac2-15a680b5bb60", "comment": "Malware payload (AgentTesla)", "value": "479a4458768a4f2d74f3ef0b9d760ea7c4f6308ce330ecf491a008775f3f2889", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705650, "uuid": "5b01205a-068c-418e-8cd2-21619649d199", "comment": "Malware payload (AgentTesla)", "value": "5b821ae2fc02b24c646c65d36726eedd1d269c09", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705650, "uuid": "1c4de248-6331-4d9d-903c-43e694c28dd0", "comment": "Malware payload (AgentTesla)", "value": "94b6a46a2671801f119787ae43ab66388f7c3a837e7e11eacd247a6bf4ec8c72fe0c4170590f7f60cacfc0377f6c6e36", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705650, "uuid": "f338d489-163b-44cd-bc8e-103c8148bb50", "value": "T169E226A55B8C4C61F269E8B7825DA00E18FCF63634C355C4BD9DE2B47B7D10E0B661B8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705650, "uuid": "2acaf157-054c-4164-a93d-0baaddafdc64", "value": "768:VbCLwSafjZOvMdZRAb6ysw6/riRTbNpqBA/uCx52XQVvpJK7:pCcLfwvMdzAbV6/mxDqBA/uc2gVhJK7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705650, "uuid": "0a86dee7-0712-41dc-9c3e-1dd1698bd95d", "value": 32028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705650, "uuid": "e44d6c54-8ead-4bac-a8a8-aecaec2bc4f6", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705650, "uuid": "24940748-00cc-4106-8fb3-4e43992ce710", "value": "00a01e52c1cea67f0060dc808ed99ab7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b842b32-eefe-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683701120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701120, "uuid": "7cf227d8-21a8-409f-938e-2353b16139ab", "comment": "Malware payload (RedLineStealer)", "value": "33c8e79245bde325be2b92faca4b899a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701120, "uuid": "3648d279-0b65-4129-8c73-05770fd8e6ce", "comment": "Malware payload (RedLineStealer)", "value": "49ef5dfc5d3fd6c2e10a0f95381b0ee163f30653a7a6ecebd7bce2a935ec3982", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701120, "uuid": "bae888c4-576d-4751-be17-ac6427636c1f", "comment": "Malware payload (RedLineStealer)", "value": "c0688ae396c4b2215ef08e0172756c30020a86b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701120, "uuid": "a8d72407-80b6-4505-9f22-cfa04965c740", "comment": "Malware payload (RedLineStealer)", "value": "c205fe85ec95e7ced9daef95384588a1474a5dc8e5a38b8c421a47507d28ba0e3a45b60233a361cb54225c53d08970b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701120, "uuid": "c120c601-7141-4455-9a98-4a8b3ab5f84d", "value": "T1A5B40153E6EC6032DDF417705DF602931F36BDA38874426B6B85688E0DB3AC4A87176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701120, "uuid": "76216343-38a1-418a-adfa-76301a8ee083", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701120, "uuid": "0c090347-8303-48e4-b2e8-a80549eadd6f", "value": "6144:Kdy+bnr+hp0yN90QErFDA4RbeyRxQxX7zmyEyjCblrS6hbmRHTut1hXqHBZMFJe5:DMrty90g4R2xLq8iZPIziX+TvLKEYW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683701120, "uuid": "c7aa8dd6-ffba-49e7-a12e-88969df048b8", "value": 502272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683701120, "uuid": "c4fdc41e-cab4-445a-af0c-729874d7d246", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701120, "uuid": "c5eb5cfa-c2a7-4c53-8fd6-74f2f7c9291b", "value": "33c8e79245bde325be2b92faca4b899a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "224a633c-ef1a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1683713104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713104, "uuid": "6c2047f2-7cd8-4098-af10-d9450eabc9be", "comment": "Malware payload (GuLoader)", "value": "81d04abe6c3c539fc74208a60d043462", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713104, "uuid": "6e7c42db-a1db-41dd-a3f4-2b074e009fa5", "comment": "Malware payload (GuLoader)", "value": "49f8ea644b5a69f7e8569c513168fa892922cc8e3e56617d7d225c9a85e3d520", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713104, "uuid": "5d30d29a-1f1b-4270-b036-b99d0a1cbbe0", "comment": "Malware payload (GuLoader)", "value": "28e3c0b89d03a24570eb0e3c5bf568cccd8ea591", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713104, "uuid": "2e20bd33-a53c-465a-be2f-502596b240f2", "comment": "Malware payload (GuLoader)", "value": "ea384065cfb76133ad77b3e1f31434c9c8da500e998aa1697ea26b22d241fbc1f290198f76ba829522d6edac8b96c04c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713104, "uuid": "90596efe-11fd-4860-ae81-909bc29322ac", "value": "T160E4E617A21182E2C475BEB2CBCE59546E386D3E469EC16F75B8F27A28F3351450BC8C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713104, "uuid": "2192ff56-5551-40b2-803b-35d3dfc15aff", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713104, "uuid": "92f1e8e6-bee1-43aa-aa11-f312f86cc2d6", "value": "12288:kH+/vBkZcYasAtii7zXe30F668rEWHcZZYwbqhU4RhTRgI:i+/JqcL7zh668r1cZ+gqhVT9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683713104, "uuid": "48074b5b-75c6-43f7-88f6-3d8bef02bd74", "value": 693898, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683713104, "uuid": "f9cb8bd1-ad51-4fc1-abf1-e69253e4ec28", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713104, "uuid": "704ca65e-18af-4bdb-88b6-27824670f39b", "value": "49f8ea644b5a69f7e8569c513168fa892922cc8e3e56617d7d225c9a85e3d520", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c87695ac-eecb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1683679452, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679452, "uuid": "fd9d4187-79dc-4cbe-8492-18046ca5af67", "comment": "Malware payload (njrat)", "value": "615cc149033d239c08565a707fff0ef6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679452, "uuid": "43349a0a-39d9-416c-bf91-23c0d3af2173", "comment": "Malware payload (njrat)", "value": "4a2b6f59a10bff2ffbbaad5ed9fbec98f78daae5fb43e3d283975dcb5491d264", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679452, "uuid": "fad551e5-b339-44a0-8be1-0c3fd9af8e08", "comment": "Malware payload (njrat)", "value": "f559ce36894fe56802907e267d832ed863f313c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679452, "uuid": "5235b101-3b84-4884-90c5-f879950e6ac5", "comment": "Malware payload (njrat)", "value": "1a66de331fcd426d04120eb8e59fd02e1211fdb6ebb6156cb1c294fd7b920f7c756b99437e844fe81c8113d74a477d05", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679452, "uuid": "c1ec03d1-3b19-4a2f-b348-26378d80fbc7", "value": "T1E3032A4D7FE18168D5FD067B05B2D41207BAE04B6E23DD0E8EE164AA37636C18F50AF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679452, "uuid": "cf5af1bc-b013-4f55-af3f-9e40f59c6cf4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679452, "uuid": "4a13a41a-cf18-4b3d-b8cd-caf0e653842a", "value": "768:/BEMxF3lFdS7+HAnmScwrM+rMRa8NupatQ:/BpF3lPSiHAnKL+gRJN+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683679452, "uuid": "d43e7372-7992-4d6a-94cd-4408fc629583", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683679452, "uuid": "3eccd702-69a5-46b6-9102-edb366503612", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679452, "uuid": "0df631f4-6198-4425-b3c4-64b3ea0ca59c", "value": "PasswordFinder.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ea05fd9-ef7d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1683755752, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683755752, "uuid": "9c51f8e3-242f-4306-b1d7-f76aedaaf0de", "comment": "Malware payload (AveMariaRAT)", "value": "1da2de386faf3618d7b67235e07db6f7", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683755752, "uuid": "41ec8808-fa93-4796-aa39-16c6757a0dc2", "comment": "Malware payload (AveMariaRAT)", "value": "4a610d83cdb41c92017a828c6528802cecc1d428f3b1450fd274cae15459f94c", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683755752, "uuid": "da760036-7979-45fa-ae1e-510cbf9456c4", "comment": "Malware payload (AveMariaRAT)", "value": "2fcaa060a078320fd79df37507aad9db4daa3228", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683755752, "uuid": "db053a8f-e366-4d90-8d92-0227c36c66a3", "comment": "Malware payload (AveMariaRAT)", "value": "99421e63061a589ccffdd759ef7f05b9ecf17d9f88b38c464f79f50da426cdc76aa0fa6aaaac7ae83b791bae9bdcef75", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683755752, "uuid": "e0747dc5-a216-4c51-87c0-86f54546762a", "value": "T154E37D227BE54039F7B705701AF93E25D7ACBE310E31CA4B5BD4488B58B1589E9363A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683755752, "uuid": "cb16049a-ab6d-4b04-b6b5-a5d638156a0b", "value": "0145d2c473bdbcd7b46a054bd6893ec4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683755752, "uuid": "481be864-4e06-44e2-ba5e-998f99219c16", "value": "3072:2k4aHUBOO36YplMqBB3ZcPxlG+bBsDHqYzHKG0qIwj:2dx3wqz3ZcDeDKYzqG01wj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683755752, "uuid": "a27f39fb-be5c-4a05-879a-0ed937992498", "value": 144384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683755752, "uuid": "305c74e1-b428-48cd-8a1a-72003f682277", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683755752, "uuid": "a39c92f9-df5c-4acb-88d6-e1da1b8c62bf", "value": "1da2de386faf3618d7b67235e07db6f7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5d495be-ef53-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Quakbot)", "timestamp": 1683737913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737913, "uuid": "51db88be-b1d4-4690-a250-1f002378e90a", "comment": "Malware payload (Quakbot)", "value": "2b652290e80db5de823a915145eff417", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737913, "uuid": "9c12c9be-28af-4a2e-a203-86962a5c25cd", "comment": "Malware payload (Quakbot)", "value": "4b4659fafd96c2caf59c63a6a8de0179eca9e6f1421bbb32e80ad41eb3358021", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737913, "uuid": "94a744a2-e46d-47a6-b608-02021da28beb", "comment": "Malware payload (Quakbot)", "value": "8ce8c6c1345ede1c2212ea3c0eac536edc862cd1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737913, "uuid": "a94b1e0a-0414-48f2-be10-b8ca7b6ea515", "comment": "Malware payload (Quakbot)", "value": "adc62dc147491ddf9ea8870c290a8c26049b6a0b5e8b40c85c9875d0857a123e2f33cb2105c0c54af3fd2ae54818b5f9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737913, "uuid": "79b823ba-e13d-49f3-895b-8dca311aa812", "value": "T1C764CF12B872D033D1E761F061BC9791FE7EB58153A29BDA87E844A09E054E2E73D363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737913, "uuid": "71ca294d-9bf8-4604-9edf-aaed06c8f155", "value": "7de4adc3d81501f1c753437887d51969", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737913, "uuid": "9fd38ea2-aa05-4fab-aae7-18979dd5fb15", "value": "6144:z8ESLcu+wP1cIm0nX8lyvKGtlc6DyHkCefzHJNPdDX3Y6iMvF:YEPu+Y2I9MEvbi6DyHkCezJv06", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683737913, "uuid": "d8de3254-c403-4573-9131-864d1f01fa0f", "value": 320512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683737913, "uuid": "80a89977-b24d-4617-b078-722bbab5e17c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737913, "uuid": "8c745444-6afd-4b32-b374-f933c8154094", "value": "a2nZbs476.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54a80ffa-ef17-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683711900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711900, "uuid": "8b2baffd-4098-43f1-9d05-38075cbaa874", "comment": "Malware payload (AgentTesla)", "value": "ef84eedd5e5c78f1999385f69aa5616c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711900, "uuid": "d5c8b2df-f678-435e-84fe-bd229cacfeab", "comment": "Malware payload (AgentTesla)", "value": "4b7b1d6cbb04134bbf1bf01d58c50960a8696ec9aadf426b3bfa64cffeb2f96d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711900, "uuid": "d0c56ada-3b28-4f54-8fba-eafcdea6cc55", "comment": "Malware payload (AgentTesla)", "value": "a109383d51404c070f4ab7257f9456a96597f7ba", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711900, "uuid": "3353617f-8e9d-4a58-82c5-3f74963fa285", "comment": "Malware payload (AgentTesla)", "value": "2eee90593742c051be95f6bd1559807b145733853aec7c5864b602a1495bd08218e2b7e9680186d2f5f3c309543cd2db", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711900, "uuid": "2aed4d7a-d43c-4be3-9196-8956aa333341", "value": "T1C9D4AD524065CD1FFE6AEBB0D1B4FF55A6F1F07364D190241BB92289CBA9F011E8C92E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711900, "uuid": "278919bd-ba4f-4373-ae96-cd22290a5413", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711900, "uuid": "afd5720c-e4b1-4321-b470-cedf75e120ef", "value": "12288:da3a0SolZmEjpP7YWvLYTLTzxrxF6S4+8v+KHeraRFXegQVt:daKNolZmGP7YWvyrfbKHeraRF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683711900, "uuid": "37249a7b-b221-4a85-ad8a-e336e9ab80c9", "value": 647680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683711900, "uuid": "5641d435-fa5f-4d53-9377-fd6447e533db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711900, "uuid": "dfdde930-8c7e-4da5-8ef3-cde970739038", "value": "4b7b1d6cbb04134bbf1bf01d58c50960a8696ec9aadf426b3bfa64cffeb2f96d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d22dca6-eecb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1683679326, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679326, "uuid": "ce28fd61-9933-4fb9-b35e-459d98205901", "comment": "Malware payload (AveMariaRAT)", "value": "1c6e08b5f03c0c7d1455f082b1b02c64", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679326, "uuid": "230a0718-98c9-47be-b5f1-e9a7598aafd0", "comment": "Malware payload (AveMariaRAT)", "value": "4d275403b2993bb1dcf4d3262a5a70b32c0caa04e3cdb8c236420a3b1b1855b6", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679326, "uuid": "3dadf69c-17bc-4619-aaec-349bfa31f9eb", "comment": "Malware payload (AveMariaRAT)", "value": "b4fc0daad1f2ba571257eac3756f5b149ac6c81c", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679326, "uuid": "9642c15f-e2aa-4bbe-902a-5d1244543105", "comment": "Malware payload (AveMariaRAT)", "value": "cd18396b0027ea9c2b02839ee51aef2df6db8ab51945412ecf533b0d944e778a5161f1e5815fc080c15c74563c1db40c", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679326, "uuid": "66dbb88d-bbdf-48bf-8ab4-679b2885eaf5", "value": "T1D255A6106AA21024FCB11AB4501D74F46A29BDA51B24A0DB3C4D77EFA672AFC1C73F6D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679326, "uuid": "4e4cc8d5-77b8-43f8-a901-1a0537da1eb0", "value": "c01bacedafd6685527cc7a798a4d9a8b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679326, "uuid": "0c4c297f-b5f6-418b-9c2b-dd0d0078a0eb", "value": "12288:li+DvjGVRiiguuorYGFutn252EulJ5u75Xeo1jf3mGKJi7Xja/q52iFb:l76VyuuB252EulJ5OtVf3mJY7Xjrsix", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683679326, "uuid": "f4bbe265-ff15-4830-abe1-44792ddb6c60", "value": 1310208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683679326, "uuid": "cbf1a3c7-0804-489d-98cd-b1d0f49b1d22", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679326, "uuid": "fcab3e5b-7910-4096-9cd1-cb3ab8b5393c", "value": "AnyDesk.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "842777c2-ef71-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683750634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750634, "uuid": "b67b8f1e-be51-4fcd-ba74-291773bea09b", "comment": "Malware payload", "value": "bf4c8d610dabd3f7c4243e367bae084c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750634, "uuid": "1e3f60b0-f4ef-4083-a195-21186a7023c9", "comment": "Malware payload", "value": "4d43811adaca01b7c29cafd7f158e9e7ae725268cf7d7472cf8d539fa836c168", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750634, "uuid": "87e4ce60-6d3e-442b-9ba2-99a48991a3ed", "comment": "Malware payload", "value": "cfc0a9e54f3caf18ac41f88233d65d23aac13a96", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750634, "uuid": "af76739c-bffe-43ba-947c-ae701c2c6d90", "comment": "Malware payload", "value": "a9b69b7a1cbab5ecfff29bce14854444e7fbdee2bb9239b597132bef0a88266676e87a16be3a1d2d4a0ebad8d740ff69", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750634, "uuid": "d384e41f-329a-4057-82b6-aa758904f070", "value": "T1CB9412A5B3ACE54AC18E55727F25CABE9AE1DE0320CC5B130561BC9BB9391C0197DCCB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750634, "uuid": "a76e3fe9-2718-4279-a701-155a751437d5", "value": "12288:p60PYPn8JtZixhdo2dzWKY31fNL9mnWa0QihksM:M0E8RixjXzgUXPsM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750634, "uuid": "8099bc92-5e63-403f-bd62-ddea0635e493", "value": 417200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750634, "uuid": "d738a0a4-ec80-45e4-a158-984c90f3ceaa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750634, "uuid": "2533f398-d06d-4780-a08e-93e388a56651", "value": "SecuriteInfo.com.HEUR.18782.12507", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "267dc6c7-eeca-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683678751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678751, "uuid": "dd8265b7-50ec-4d6c-9437-1c3b1d89b8ea", "comment": "Malware payload (Amadey)", "value": "263ef1aa578b04f214071d7d4b118676", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678751, "uuid": "0d7ab4d3-49a8-49e4-91a0-091fa3ea6bc7", "comment": "Malware payload (Amadey)", "value": "4dc6ddb5c569e1d297d4a076e355a9f2f79030b5d2f05b24b093a32946fea0e5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678751, "uuid": "b46d13e3-6a9f-4050-b2e8-142ed3024a4e", "comment": "Malware payload (Amadey)", "value": "56e26356370e019489a328a3a37c1394dea65e21", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678751, "uuid": "126126b6-7375-427f-9588-683cf69b7c4d", "comment": "Malware payload (Amadey)", "value": "54de4dbd2bafb8f791cfd8c7ede15ed621d7ae8245fd0cd999f1e5afe930eecacc0e8ef4dd0cc67d0659b71cf5395d9e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678751, "uuid": "b8fa7b47-1857-4cec-a30e-50fd814068de", "value": "T1ACB41203E7D98473D8B523B058FA01931B3A7DA1997C476B3786954A0CB3AC4E9B173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678751, "uuid": "e2f25aaf-f51f-48b6-8ddd-92667fa2ce7d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678751, "uuid": "83127637-6178-4784-bbc0-59bf68d9d064", "value": "12288:uMray90sJR8183G5yTVhItcTM+5jrnu3hE06VW/11B6FL:oydJR135TPTMYjaX6VE1DuL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678751, "uuid": "b39f45c7-f5a3-439a-9f71-4da6a74f62f3", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678751, "uuid": "0e95a321-aad5-4214-b4ab-2ed02f662eb8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678751, "uuid": "16f6c827-d227-4fc4-add9-3d967131f18e", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e47b9ae-ef0a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1683706225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706225, "uuid": "76a175d4-d108-4ec1-9454-6406b40419bf", "comment": "Malware payload (njrat)", "value": "0be2c2cf0e7e0eeedc3032a6fc36d7d7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706225, "uuid": "6c5bd86f-6eb3-493e-b1e0-a66990ac2254", "comment": "Malware payload (njrat)", "value": "4eae104ce9464201e15a93f070516cb430e64152d1c5b690e71ef53dbbc43815", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706225, "uuid": "6efa3bc3-0320-4d59-b661-dcc7ce228bfd", "comment": "Malware payload (njrat)", "value": "c5fb9836ead4a53b5a1ff80c7dc82fe6e5770e40", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706225, "uuid": "f703ac0a-6890-4168-8105-5f7e40158448", "comment": "Malware payload (njrat)", "value": "98e2b3ba3ae0f8e9448c29e4fd00f4e62365eaffd2196f1cedc159efa607bc03365f65a22365a07ec8933c538a4d49f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706225, "uuid": "154a0b5e-8cd0-421e-9f55-4e3351e21ec2", "value": "T139D3FF728C417BCCC1C9CA78E818542974D6EF0615AD1799DDC0B38AEE31673B9F38A9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706225, "uuid": "74a1f0a0-032c-4849-acc4-4478a4b4d985", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706225, "uuid": "0722c391-f6f7-4fa7-b6cd-0292c7296ce3", "value": "1536:kv+R1CNpqUj+gRJN17vwozSUSWXZ5qTDw:kmXCPd+yJfNXX5qTDw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683706225, "uuid": "b6c903b8-8560-455b-9935-e9f8c27323bf", "value": 142336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683706225, "uuid": "413be83b-c180-4776-b69a-fb3ab04be9ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706225, "uuid": "4b42b06d-66b0-422a-851f-00f807bcfb28", "value": "0be2c2cf0e7e0eeedc3032a6fc36d7d7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8e4c30d-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683704417, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704417, "uuid": "836fc3a6-5396-4a60-92db-dd40f1808c22", "comment": "Malware payload (RedLineStealer)", "value": "c9baa6f493c047ea988df511eae16cc8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704417, "uuid": "74b54fdb-182a-4a16-a117-5cc6579ff74e", "comment": "Malware payload (RedLineStealer)", "value": "4f274a05d67342ab400d22ae228d5a42616c172b3eb1f75d156141c23470fb36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704417, "uuid": "c456fedf-1a7a-47de-b12e-9c0c51246ce6", "comment": "Malware payload (RedLineStealer)", "value": "1e04cc616d314320f4b27d2677dbccd8d2ac6c78", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704417, "uuid": "4d90ec16-2782-4411-9fe9-c39656969f8a", "comment": "Malware payload (RedLineStealer)", "value": "6c6c1e2fa04011f24ccc6d18b2b727c53fb6ce20b9294295abbdee3634422a0ee3686ae5e0ac8b7c84e5dd6862cbfc60", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704417, "uuid": "4d8880bf-7f88-4346-afbd-4ba5c2b763ff", "value": "T145A35D20679C9F19EAFD1B74B4B2012043F0E08A9091FB4B4DC1A4E71FA7B865957EF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704417, "uuid": "7d6fe70c-71c6-4d3d-aeea-28d61c3fafc9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704417, "uuid": "bcc4e64b-2897-4976-b4ae-91f0d88b94c4", "value": "1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2P3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdDY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704417, "uuid": "ed7dcbe0-4f5f-42c7-912c-d11605caacbb", "value": 97792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704417, "uuid": "b390d796-ed72-4cd7-b111-2bf620e4234d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704417, "uuid": "ce323a65-8e34-454f-b623-c146ed3a1486", "value": "c9baa6f493c047ea988df511eae16cc8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80a95319-ef35-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1683724858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724858, "uuid": "ef178a9a-0cd2-4188-b6b8-215bac1fa907", "comment": "Malware payload (RemcosRAT)", "value": "e9645995e5cbfbfdee6affbc4b7ab754", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724858, "uuid": "4a88e086-b88f-4d96-ab3e-7e6270903559", "comment": "Malware payload (RemcosRAT)", "value": "4fbb3bf81fa5622f4640afa65fcaa18cbf88da23e6018bda7d068408e9409c8a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724858, "uuid": "3ada19cf-15c2-417b-bc40-3e56e2520205", "comment": "Malware payload (RemcosRAT)", "value": "58bda2ce0b78940851a1d957b0540109e345dc2e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724858, "uuid": "6aa7208e-902c-47b9-8ac4-03a66610164b", "comment": "Malware payload (RemcosRAT)", "value": "f7f5197bb5bda59df7bf007a250e2576e196e384cc4e976199f8c8821f803d58182b2dfee79cc92ac6608f9c40c834ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724858, "uuid": "13a3ef77-1684-4fac-bfab-59d3530bf30c", "value": "T1CD45ADAC320074AFCB07CA7B8A681C64AA343566AF0BD117A16F15DCDE0DA93DF155E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724858, "uuid": "33ce13a1-ad47-4a84-8ef2-943abfb9f999", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724858, "uuid": "bd9608a8-66a8-4d44-adc6-04c15422ddd4", "value": "24576:szv6Lk8GWJV5XGe/XT+G0DkL+0x43l99TtXlpL:szvmkQjGqT+G0DkLMBT1lp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683724858, "uuid": "1b3f26e5-eddb-4da6-aa89-b1162b5bb9c5", "value": 1266688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683724858, "uuid": "68b8eaa9-8850-4bb0-9111-68040c0c18af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724858, "uuid": "66947299-95cd-4d70-82c3-13e705f486c2", "value": "709476 APL-794690470 ORDER807.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "222e177f-ef34-11ed-b3cf-42010a9c0076", "comment": "Malware payload (ModiLoader)", "timestamp": 1683724270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724270, "uuid": "4dc02a41-6e2d-4165-b15e-9b6eb7d64af6", "comment": "Malware payload (ModiLoader)", "value": "b2a16bb2099491cc7559b8ff8be10cf7", "object_relation": "md5", "Tag": [ { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724270, "uuid": "9e27af04-db96-4e1d-8b16-90aa5d103076", "comment": "Malware payload (ModiLoader)", "value": "5080cababc69ddd61e9111921c7883e1e108f5bc35bc0b630f1b50e0da7595fc", "object_relation": "sha256", "Tag": [ { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724270, "uuid": "f1623f13-71a9-4aff-9c66-21f0da625168", "comment": "Malware payload (ModiLoader)", "value": "44163bc54d77d38431cdd0f62ab88bc1c7a4ca7f", "object_relation": "sha1", "Tag": [ { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724270, "uuid": "243a85ce-d053-4cad-a5c7-16581a06b407", "comment": "Malware payload (ModiLoader)", "value": "6f06c230728c4de54078b6d6f7200362ea6efc651535af770a7e785105bfd34833cbe82800cb40123f65c9908e465909", "object_relation": "sha3-384", "Tag": [ { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724270, "uuid": "d346bb0e-5a9c-4a20-a7e2-061451f84f88", "value": "T1E59423CE7C06D5FF0B94D02EE8E8466B5665C4506D10F1B49DFFC46396A3729A832F82", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724270, "uuid": "9db2be0e-96d3-4ae2-a490-7503f79ea698", "value": "12288:Bjzl+CtDPuneCEthXDPbGXD8iOPVOmcVwK3U:BjhNDOUXLaXDgefk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683724270, "uuid": "5a316834-50a3-462e-985d-ad9d2c593581", "value": 431344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683724270, "uuid": "07a32787-b233-4637-9fe5-40e6f37be18b", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724270, "uuid": "a9dd99f3-b6d1-43a2-94e8-92241322f967", "value": "nproforma_invoice_pdf_exe.xz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9733e79-ef11-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683709572, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709572, "uuid": "b135678a-d9cf-4e61-b45a-316e7f1cf9f4", "comment": "Malware payload (AgentTesla)", "value": "26fa36b587e07bde2d99f329ba553e9c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709572, "uuid": "7e0c586e-4f00-4012-842f-d8060df71a15", "comment": "Malware payload (AgentTesla)", "value": "511bd4f1051444242dda8ae6df80720106a6b4d60eab89658baffb142affe730", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709572, "uuid": "746a6eb4-2e14-46d5-8129-28169170253b", "comment": "Malware payload (AgentTesla)", "value": "5d2b42a954666f85fcf91475c3ec361c4c254764", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709572, "uuid": "c538b95d-1e85-4e92-8913-030ac1aa8279", "comment": "Malware payload (AgentTesla)", "value": "8938d1cbd05703dc89f42b846490a0e554a32818334d2bcc354caa396bfd65ae8ef2a3a40196656d8e0db5bead6ba6c5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709572, "uuid": "d620a535-75e8-40ee-9de7-76986c79678a", "value": "T13A950321DAF51D0BF022AB3EDCE3776266ADF6F20717D6A71640578A6D06AC0DDC0623", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709572, "uuid": "4d8c32a1-623f-438f-afc8-0d260cf2f542", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709572, "uuid": "b5872c46-a2aa-4e67-a79c-4f7260045947", "value": "12288:9d7uix2TBXVnBGw4I/6QTdp7lRpIlfMer5iiTvdyEp8NMXzp4J2cT3RnnrgYs3aF:98MXzCYqBrfGadT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683709572, "uuid": "756a0f85-e96e-482b-984f-cfe621fad835", "value": 1910784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683709572, "uuid": "4833c32b-7983-4a1f-9652-b15f58173f59", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709572, "uuid": "86011147-cbb9-4592-9172-0a5163683e7a", "value": "PO FILE87965345 exl.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45e8d363-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683744517, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744517, "uuid": "6e533bd7-c16a-4fcf-9507-d60d6c876780", "comment": "Malware payload", "value": "3424cfffafbf86f25d6164cb52241760", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744517, "uuid": "6ecf9112-8edd-4ec3-b698-6960462a4416", "comment": "Malware payload", "value": "515763f1332d79dd6fee5b07406230ba63985a00f4c68002480c2ffc9eaa4e2f", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744517, "uuid": "841c0e10-519e-4538-8f28-2d46c57bed22", "comment": "Malware payload", "value": "d1a18db163281b84c296e4d10c1ce175a0ab3769", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744517, "uuid": "abfac844-d54c-475b-b58f-190231989db0", "comment": "Malware payload", "value": "01d38d9cc04509f9ca63164c6b82a536eaf380e7c988d2975ea90cde4f0e5ffb48e1c19c0483fc4e3bf01bcf2d2e4a1c", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744517, "uuid": "6424f3f5-dc35-4bd2-83a1-1f95cf62f78c", "value": "T1B144C0E0B74088E1DF9E9BA792555E8C1729217FFEC910CC5055FBE92A733418E0DCAA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744517, "uuid": "90b48798-363a-4427-8e25-57fc137f1b30", "value": "3072:GLQg8/QZrZhrVOY2VaCMPyabGFhWLMaxYzLfm0qsq:GP8YNrVJ28CMPdGFhaMayfmln", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744517, "uuid": "e84de98f-3367-42e1-bb7c-03950c10699e", "value": 262459, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744517, "uuid": "10d6e544-936a-4b96-b39e-6322f1cfd259", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744517, "uuid": "81ea06a3-c29f-47a5-b1b7-97631da2f487", "value": "P.O no. MGE-WJO 900622023.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf3401fb-ef77-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683753337, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683753337, "uuid": "d4e2cb74-aade-42a3-98e8-2f9ad04a4b53", "comment": "Malware payload (RedLineStealer)", "value": "74046b5e932cd8c8a0aa2e9cea324c0d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683753337, "uuid": "1c3fa49b-a549-4a36-ab1b-946afd645734", "comment": "Malware payload (RedLineStealer)", "value": "5277fe01b3c27b67ce8676355d3d1eafba534c4ab76ca63aa9c492b2c7a73982", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683753337, "uuid": "5930a9f1-3edd-414b-b170-6adce3e009ed", "comment": "Malware payload (RedLineStealer)", "value": "0e1c81301dd5c70cfe0ec64e9fb0dd7acee335a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683753337, "uuid": "953c851c-7ae2-494a-8dc7-00d3eeb21a97", "comment": "Malware payload (RedLineStealer)", "value": "3e119804cc50ea21ef9c1cad540471d1947ab66340eb0000e1ff13b0b0299e829dc7be04259fa51b2c8ab415ac2b849e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683753337, "uuid": "09ccec86-18b1-4827-871a-2cf6b3590865", "value": "T168051202ABDD8932D8B11B3099F207A32B36BCA49E79573B67456C5B0C735C4A87173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683753337, "uuid": "36704702-1f01-49ba-a6ae-2bc4879d1ab3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683753337, "uuid": "88f70e98-b022-462a-9f20-3fdfa01798d9", "value": "12288:sMr7y90ki9U0pgcS/ioESpI1yK4mPK2rps44rmsVA8kieHByKtslYlYX:fyRiVmN+yK46Frps/KziehWp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683753337, "uuid": "714b2963-e6f2-4f6c-abb3-3cf67b4ede8a", "value": 801280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683753337, "uuid": "dfe70ff0-1c54-4518-a3b9-90e20b0a264c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683753337, "uuid": "b65286be-d9ec-41f6-9d1a-08d4a2753ea3", "value": "74046b5e932cd8c8a0aa2e9cea324c0d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5eaf6ae-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (DanaBot)", "timestamp": 1683700144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700144, "uuid": "4dec95d7-815c-4b06-9ccc-c7a223eace31", "comment": "Malware payload (DanaBot)", "value": "99a13c2b237deb6922cf6695bd9a82aa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700144, "uuid": "66c40f2d-e64f-4f68-b2dd-1c26c54a9495", "comment": "Malware payload (DanaBot)", "value": "529041b4abb84d9d85f97eb0a6fa6e26a5bf8c9f900316430134df6ce7a5a6ff", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700144, "uuid": "80abff01-4e84-4fd1-bf9f-90ec087bf0dd", "comment": "Malware payload (DanaBot)", "value": "123e6c456c23769d7ca4fd3c628ec5dbb8bf1794", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700144, "uuid": "d79c482a-46a0-4f49-ba93-fe1190d307cb", "comment": "Malware payload (DanaBot)", "value": "deaa618521b7f9454a156a364b1b29e1b72f86bd18a52355d7247942aafbaf5833c1c74e6c1e84315287eb421f3ae1e0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DanaBot", "colour": "#B9DC92", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700144, "uuid": "bfb516d3-5609-4ce5-ba45-9113bec5bdd6", "value": "T1C706231362E57C10E61B4A719D1E85F8375DF6B18F6937AF32489B2F09F21A2C262F14", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700144, "uuid": "8b63019d-fe12-4849-a08d-d8d92cf7eb94", "value": "6847c4a23533c8db62ddf8eb8d214ba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700144, "uuid": "7c18091f-d087-4fc0-b64f-9883f052c010", "value": "49152:pu6ZVMAqGSmeuWqtJEj8tuyrnudsrdw6G/kB8fjxAV/xYnb7eWq+6nNEg7L1:ucPM8tuinPr58y8fVAVZYnb8+4L1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700144, "uuid": "2daf0a63-36c2-4e36-90e8-568149f15a53", "value": 3656704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700144, "uuid": "058955bf-138a-4e77-95f6-2e2d3937ffba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700144, "uuid": "a41e6f61-f996-41fe-ab48-0de322b58026", "value": "99a13c2b237deb6922cf6695bd9a82aa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2253138-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1683729317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729317, "uuid": "45436e29-e238-467d-be57-37cd865ba361", "comment": "Malware payload (RaccoonStealer)", "value": "849ca256b617969e263ac005d1657fee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729317, "uuid": "e9e1ea90-cb19-4cb4-bd3f-7b58254900b3", "comment": "Malware payload (RaccoonStealer)", "value": "52f7559453685d0c3f7c133af17d39ae40b09f403b792e1065d2529a5b6c3992", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729317, "uuid": "1c3b579b-4416-42e5-b5f3-4b875bd9cb85", "comment": "Malware payload (RaccoonStealer)", "value": "429e8f10e14fd11d7b15715689a86b1e4f0275c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729317, "uuid": "27a4b293-49ad-4e18-801a-7bdb96a39d0b", "comment": "Malware payload (RaccoonStealer)", "value": "a1da2368f27d23f5b91c950adccfe1f0cca2f070ea109ab62a5cc97cc5af903c89d246852b18c52e5a7bd2fad26e3132", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729317, "uuid": "b6912160-3458-4309-84f8-e0b4bb24dd3e", "value": "T10635CF10B4D1C032D47215310AE4EBBAAA3EB9604B659EEF67D84F7E0F302D2D635667", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729317, "uuid": "6144755f-3b6c-41a5-90de-9954ad32078a", "value": "12c8d8214c7bc12215b423756aab25d4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729317, "uuid": "8bf3976a-1cc6-4e92-96da-64b48922cb55", "value": "6144:EhQs0F6/DrcrgG5WwO4dqAO0y/Qas3CKcgnTIxViT1qH0WUi+gCsoSvi:EhQsP/DrcrgcUGyngTIs1q5boSvi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729317, "uuid": "01f092d7-6a5d-4762-bbf6-68b175bf1d49", "value": 1147904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729317, "uuid": "3c4c12a1-da6c-42d9-b422-385754a0ad8b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729317, "uuid": "6ac281ee-48dc-4ac6-9455-49f87761d6f0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8307b318-eed0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683681483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683681483, "uuid": "6fcf0ffc-1e80-4b74-98bc-fb3e4fc610d0", "comment": "Malware payload (AgentTesla)", "value": "f5a5951aba0a206c9b370a375f95cb02", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683681483, "uuid": "a9a3eb20-adfa-4718-a2b2-ec170ee1b44c", "comment": "Malware payload (AgentTesla)", "value": "53f31bf8011613bead4f530d63b146825f5156a990ea6e486627f98db9a7f0c8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683681483, "uuid": "c4bf948a-caaa-4e01-aca7-62243a75155b", "comment": "Malware payload (AgentTesla)", "value": "46ec05cef25ea090b87c383977ed399047c6ec89", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683681483, "uuid": "c1a31ee2-55ee-46ca-aab0-b9ac22bb6841", "comment": "Malware payload (AgentTesla)", "value": "a35ee64842124a0968cd719fd66fd86f78a0cb6bdbc3987c3dda5d42649c17509a82ed22d927029cffb132e25dc5ea02", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683681483, "uuid": "633511dd-95e4-43da-9b4d-4e0ec71e85b1", "value": "T1FB65E03296DAFDDAEFA80E38ECB625084C447CB75268D9F4BD8851CB51A4550ED2CCBC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683681483, "uuid": "6c59a403-a744-4c45-b104-53cba8e724db", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683681483, "uuid": "7ce86445-56d7-419c-95b6-9b7be7a18984", "value": "24576:PQB6M6ySnlXl5xpN/jiaHi5dhDzJuMM4ZzgMHe0MFSg8qrizlyZ5mA7F:O6MOfRZUcoMczju", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683681483, "uuid": "bfd2c1cd-b9ec-4703-b5e2-fc6a7b2e006d", "value": 1519616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683681483, "uuid": "5a5e6194-ebf2-470f-aaae-6681761f0f29", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683681483, "uuid": "885c533d-d602-420e-bef3-2dee92699e5e", "value": "Purchase Order 251pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79a17b3f-ef2e-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683721840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721840, "uuid": "cc2062e0-85cb-4c2c-998a-4bb82ca91bcb", "comment": "Malware payload", "value": "4d48b6e14739304d66ecafcb4d5e757b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721840, "uuid": "9f33679c-9e56-4292-872c-2d9449afe6a0", "comment": "Malware payload", "value": "5476368d00036b7d2b90c00f01a4dd04ec35d348da7f687b9043649e57f2bb6e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721840, "uuid": "62692b28-f0ed-42a9-a642-4d02f36ef2ad", "comment": "Malware payload", "value": "2837a1e362d04d13d8c740f1a0cee8abe0a795ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721840, "uuid": "55c8b359-8516-4d34-8006-dede5f074ee4", "comment": "Malware payload", "value": "212031bcb209e752d09fecbe5233cdde5f372d2962bd526acf98301379a9e1ce1d5c2f181fed6a208dcaeecb56410666", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721840, "uuid": "d004c790-ca22-484c-96b0-51e4abc7c7df", "value": "T1E0477C6B72A482A9C15EC23EC1A38F00E53371791B33C6EB539147A91F529D49F3FA61", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721840, "uuid": "5514bcee-6748-4fe9-b997-be1158ddf959", "value": "49152:6LVlfhw1cUoZbKVBhfuwJLej9FSOGL8Lj6+eZEODAkrTpXV7sTVHVHVegBM9xgBT:uAMshfTJLqaNVQgPPdEH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721840, "uuid": "8967ebc5-a76b-4104-8a2e-1a5157bcc89d", "value": 25341440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721840, "uuid": "ea9fc433-b7e6-4d13-aeeb-d2205e60c244", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721840, "uuid": "f8b50f2b-f263-4070-bf7e-8ebfd21a53d7", "value": "S-432.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4104414a-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683729047, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729047, "uuid": "37813f80-8b3b-44e2-9a45-44e53bf20865", "comment": "Malware payload (Mirai)", "value": "f84a429091a3cdb573164ddb0043e0f8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729047, "uuid": "8f7d08a0-09f1-4c55-98a6-9ac98533828b", "comment": "Malware payload (Mirai)", "value": "55330e904f8f5e19e47467aeeb25fd25fbcb59384a531f768775e8deae126bdc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729047, "uuid": "7400b379-027a-4cb1-969b-3d4652403229", "comment": "Malware payload (Mirai)", "value": "687baa61e95b065cc89af7342d63bccffc1b372e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729047, "uuid": "ca0c7205-a863-4b15-8bc5-e9dec05dd4fb", "comment": "Malware payload (Mirai)", "value": "4e5f7265d91ea9cc62dd74c7834f1f88cf83af54c2c0d7abeb2541919bb6c085dea55f81e84d643f940f11439f3f0fe0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729047, "uuid": "9f31eced-6ed0-42ba-9440-449ac4f78f40", "value": "T1BFA3F872E643CAB2C4430AF201A7DA6B0D21BE6B0A7A5A85F31C7CB09F334C57655F59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729047, "uuid": "2bfd377f-2de9-435e-98fb-a37a16c3b766", "value": "3072:wW8FUmgujld6Mkxm6AJ+4fzHmmFVcqq0GnDZT:wJFv4Lm6AJ+4fzHmmFVcqq0GnDZT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729047, "uuid": "5f3b2c23-eb41-4ca4-87b2-60e2eed8f8f3", "value": 104138, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729047, "uuid": "cee81006-ddc6-4e40-a770-95cbe7b13aee", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729047, "uuid": "4b991d1a-2b64-47dc-ba1e-b6927ed2640a", "value": "f84a429091a3cdb573164ddb0043e0f8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdef4715-ef26-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683718519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718519, "uuid": "0f2bc22b-0540-40f6-a06b-72c8e252ad48", "comment": "Malware payload (RedLineStealer)", "value": "b49360b95a3337d32cbdc2efa15a8c55", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718519, "uuid": "a204a0af-fd30-406f-ad54-8e3baed4f51d", "comment": "Malware payload (RedLineStealer)", "value": "5566835bc28326c746a46a3914c7f2d27d65ac9f3e44473f82669923f7eea11c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718519, "uuid": "78a2fee7-3f24-4989-919e-b213d3153525", "comment": "Malware payload (RedLineStealer)", "value": "e12b899ab5b20d8a3bb946c71273b35951aae194", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718519, "uuid": "621a5a55-0567-47fe-a85b-a8a074769d2f", "comment": "Malware payload (RedLineStealer)", "value": "a1ac13d27931f1a95b4832ec656330e4b31b2e274c7771628e53e89cfa795c8fafc2a8b6b77cbdd2df09782c749cbe52", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718519, "uuid": "716fc4ae-5b0d-43b4-98da-bd7e375c067f", "value": "T183A41212A7D44433D8B5077058FB23831F3A7DF16978936B2784A95E5CB2980E87637B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718519, "uuid": "caaee0ad-7d12-4bf2-a2fe-422f50feacc7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718519, "uuid": "c6498516-6802-46b4-80a4-86fb53a4e7ee", "value": "6144:Kky+bnr+Dp0yN90QE7UdbWHJNVyS0DFiW/MqLQnAGnaV7S7bhp4Yp3+Gc/xYp2ho:IMrry90ViOJqV/TLQAGnaQpsKNMD2L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683718519, "uuid": "a0b49dee-229f-4fbd-bdaf-10bb0daba36f", "value": 489984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683718519, "uuid": "364eb1c6-e192-41ea-b020-52d56d408684", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718519, "uuid": "369a025b-72ab-46ac-955e-ec1306a50dc8", "value": "b49360b95a3337d32cbdc2efa15a8c55.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e31efd56-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683704408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704408, "uuid": "a0ac55cf-9d8d-4067-88f4-c20bb82e82d3", "comment": "Malware payload (SnakeKeylogger)", "value": "6b23616c36ff27264b4901381e18adbf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704408, "uuid": "877df97b-3317-4ac2-8b9e-a22952b80613", "comment": "Malware payload (SnakeKeylogger)", "value": "55e427b25c25bcfe1b0975adba359a3790ebdbc0f2e065d3e0c84ccda77d5c1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704408, "uuid": "50a52920-e80d-4860-9e0e-ec2f3f2008d9", "comment": "Malware payload (SnakeKeylogger)", "value": "9cbd0613c403318497b49b79a59a2dd68ba0cb01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704408, "uuid": "12ac63c0-4315-4194-95a5-3926e6556150", "comment": "Malware payload (SnakeKeylogger)", "value": "f609d48166583cfaab869eaa6b5c09f5b49e45e09657504a7a1267d88f6b8e19b0b87e62c86152ddfc605c45922a947a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704408, "uuid": "1bb3be35-0cc1-48fb-9398-ca03828976bc", "value": "T1EA05CF1420295B03C7B9A7FA0F54C97403386E65BD6BD2392EED3CCFB5B9B124941A27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704408, "uuid": "4c37b81a-aecd-4027-9d5d-52fb9561578e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704408, "uuid": "b531e11c-c8e8-4093-9440-1a89d28388c5", "value": "12288:gP6BAZf4S9ppaOqCQ6yGCSaPqX7KlSyrvehP9M0ejkD:ghRpTLQ6yG/aCLKlGP60mk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704408, "uuid": "038b7e2c-22a6-4d64-9554-11eedbedd18b", "value": 847872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704408, "uuid": "31faa509-4add-42d1-94c0-968e444a0960", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704408, "uuid": "c007bd23-3309-409a-92c8-384813041a46", "value": "PO PRANEN2303.doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be4a9bcb-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688455, "uuid": "6026742e-935a-48e3-b24c-2c67370cd91f", "comment": "Malware payload (Kovter)", "value": "a1874233971988ff1e49d0ac6c493fea", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688455, "uuid": "4d51065d-3375-417e-9e18-641907f72d60", "comment": "Malware payload (Kovter)", "value": "5636eab974e6b0e84bd5f97d2f6b98bb15c8ebf68827fe8abea30972f57c4be3", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688455, "uuid": "9e145e64-1d22-4954-8079-a39dc576b86a", "comment": "Malware payload (Kovter)", "value": "cdcd04fe8dfdc4b4bce2b106cb21a175a36c75be", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688455, "uuid": "739352e5-0cff-4ff2-808c-4c5ba0dd6f99", "comment": "Malware payload (Kovter)", "value": "dc3556ded82923234b138ed275e019731d39a0ec93a5d65322afc14728511b5c61011d6f911787e6a6ed0b0326b132bf", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688455, "uuid": "6323b78f-42f1-4a9c-a39a-c353db2fc308", "value": "T124744A39F640E637D42598B8AE4FD2D4B179F5302E381D47B6E91F0C88F91836A1BA53", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688455, "uuid": "56b37a1e-c081-418a-b55a-6304ac2907d6", "value": "6144:cLqbeSH/S2pP95lx2AknT/KcyIE1dXa0PF9PjwFi/F3LFciBQRquCE:iqbec/5p1rqDWdJPXF3LaiBji", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688455, "uuid": "98194f50-da3c-4213-9740-f5a94e7bb9fa", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688455, "uuid": "c6a8f37f-840d-4c73-a16a-204c6e0e9173", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688455, "uuid": "24849df3-aeb7-41ff-9765-484ba554dda5", "value": "2023-05-09_a1874233971988ff1e49d0ac6c493fea_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5449bd55-ef74-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683751842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683751842, "uuid": "23c8f991-d312-4809-8c28-33e86d864d79", "comment": "Malware payload (RedLineStealer)", "value": "61357d2d5ae70866702c80b6f6b8a5b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683751842, "uuid": "9b74a618-3f32-44e5-b82c-320bf741e539", "comment": "Malware payload (RedLineStealer)", "value": "5657fc736fa541e5ce3a07785e09100fd93b178e57f4cac7b961e57a1b4c72dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683751842, "uuid": "1b6d08d0-a345-4fe8-a925-86255924f30a", "comment": "Malware payload (RedLineStealer)", "value": "e9ec669f505f67536b7b950a9015129c44daac60", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683751842, "uuid": "51bf59ed-424e-4711-a720-a7fdec69b3be", "comment": "Malware payload (RedLineStealer)", "value": "232a6e26e203527226eac52b12b5775b37a1744e909856a709cbd926845f5f1376ce1573e2bb75c41a123ede1c412fb6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683751842, "uuid": "a81ad949-7d04-4c39-8ee1-03f45ac6436b", "value": "T1FF947E13E2D37C61E52147329E2EF6F4365EFA508F5A37AF1218AE2F09701A1C162776", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683751842, "uuid": "b5698894-a595-4277-ba41-e8e223d36ee0", "value": "5e886f6816f9ed7fecde723808a23e1c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683751842, "uuid": "b7176d05-822a-4243-a338-0daa47cdaa34", "value": "3072:4JLEJHP9bj7cNuE89glTKBUsjai+XD+Svwf1mxbypbN2tlTlZSASb+7xE8AmItTX:hH1oNG9PUsjeD+KwNyTD7+8AZGHQj1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683751842, "uuid": "45dd4719-5cb1-4f46-a400-982b011255b4", "value": 426496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683751842, "uuid": "0f910e15-8879-4010-964e-a50abdf9b10f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683751842, "uuid": "240d6cdb-6d5c-4464-9f0e-07b07ea56e27", "value": "61357d2d5ae70866702c80b6f6b8a5b1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4ebe04a-ef1d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683714692, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714692, "uuid": "2e585333-7b9d-4aa1-a13c-6c0afad9888d", "comment": "Malware payload (Formbook)", "value": "c8722bcfc151e3141711a25a70b680b9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714692, "uuid": "3a2132cc-86ff-4c62-a107-971d99f3d930", "comment": "Malware payload (Formbook)", "value": "57201e9c5bef2bad5111f1989ec265dead9dd75adac4030201cdb1c7ec4deeff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714692, "uuid": "655610fe-6080-45d7-ada3-22058b7b72fe", "comment": "Malware payload (Formbook)", "value": "2a3b52911a77f9a3c0bef8fe8d8d31c711cdd0fa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714692, "uuid": "16dc4d4a-8931-4787-88f0-9c3bcb013a9e", "comment": "Malware payload (Formbook)", "value": "4a033261d5bc62bf3f9817dfa05f25f0164a4bd324e7b1ed4338d0e70d73349d18d7843766018ac3ce359d09caef8865", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714692, "uuid": "7478efa9-5005-42be-a6cb-bd14b9fd0fbf", "value": "T135041291A08BECC0F59993F81A4913E86F5B276B0E85E05F17AB410CA4F97F3816E74C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714692, "uuid": "fb7e650f-5fe8-4144-8970-618313fcb68c", "value": "3072:DSE/eqgAsFoOeedhYZKDZUhDyShrg0ELsYJJRgikvruLo/aSH/ZEQEKQULK0:DGA+gKDZUhDyfxvgDDunw/ZEse", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683714692, "uuid": "e26fcee2-5c8a-4c09-b709-980ab0812a64", "value": 186880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683714692, "uuid": "85a59e19-b0fb-45f5-a43d-2d914d1fa750", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714692, "uuid": "afcf9a50-cd45-46ee-9f59-098d4f6ad847", "value": "57201e9c5bef2bad5111f1989ec265dead9dd75adac4030201cdb1c7ec4deeff", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3220aa38-eefc-11ed-b3cf-42010a9c0076", "comment": "Malware payload (a310Logger)", "timestamp": 1683700245, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700245, "uuid": "e9b5289e-412e-4bd4-aec3-80eb3660bcc1", "comment": "Malware payload (a310Logger)", "value": "3fa2b40e42fe955a6ef636ae9ea82dc6", "object_relation": "md5", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700245, "uuid": "5b1efc18-8f3a-470b-ae52-2bd17c0ab149", "comment": "Malware payload (a310Logger)", "value": "573e16a4a35ec55ee3c741b758f605ac0866ed587412aea28f458756e7e57fd5", "object_relation": "sha256", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700245, "uuid": "8fdc082b-f5ae-4513-b42d-c0b1959841c7", "comment": "Malware payload (a310Logger)", "value": "ab2a9e87da50ef8c5e93a65dbd5fbe19b8f634d7", "object_relation": "sha1", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700245, "uuid": "4722ef76-8857-497a-9632-f573bd39ca3f", "comment": "Malware payload (a310Logger)", "value": "2aa4cc9448102fc7557236874aa2a64f76b5bfb63fc77dcc623868096eabb286d90e0290bceb03a2f907aa834d8d4839", "object_relation": "sha3-384", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700245, "uuid": "b68a870f-5f97-410f-80aa-a65ab6ebc4eb", "value": "T1650533624B37567CDB663A36757379009051F2C714E22872284790F6B6E7FE8F22B42E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700245, "uuid": "3ee92a9a-cec1-4b5d-a540-94c8a57c5072", "value": "12288:hL6Vr6TvnteDhOVM1RZaMNqdFCT/FtC7qmvbo6wV5MrG04Lv0A:J6Vraq4WjDqWT/FkUpurG04LB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700245, "uuid": "069722b1-2e85-456b-861d-4e88667811f6", "value": 848749, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700245, "uuid": "196f60ac-8184-4663-8faf-cd92116a5d26", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700245, "uuid": "8e2c98ec-317f-48b0-a85e-548d69d650e6", "value": "Invoice payment-102023.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5b84beb-eef8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683698721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698721, "uuid": "1d0c5e95-c777-450d-90c7-2efc35db9516", "comment": "Malware payload (AgentTesla)", "value": "85e87648fb92a7aa586acf2816cf1de4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698721, "uuid": "d7bb2b59-a00c-4939-90ca-78476ad9aef4", "comment": "Malware payload (AgentTesla)", "value": "57979ca3e646ecfcf45221a35642d69c66d753e9961468e65e66670c4f7513a6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698721, "uuid": "52773efd-f817-4e60-bd52-7a377982cffc", "comment": "Malware payload (AgentTesla)", "value": "f7700360e01f5f7c04d03a55bf44e710a232f57a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698721, "uuid": "6fe39d9a-3859-4813-ad6b-3d70f49d1fe7", "comment": "Malware payload (AgentTesla)", "value": "1b6d1468e220e8b833635e5447d2ef9d991dccea7b8c67e1ccd96cd31296a8d83f695fb598f2b99089106a78887bf7c7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698721, "uuid": "8e8a2113-1c3b-475f-beb2-734532d5dd37", "value": "T1EE058C3D21DA5C26C71673FA8959C5E103356F00AEABD16A26BE30CC8D71BA3ED8154F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698721, "uuid": "c3b90f1d-4900-41cb-bf9a-650a4ac0f571", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698721, "uuid": "7fd3a232-62a6-49fc-86fa-4a0125cd2b66", "value": "12288:oYGadqZfOtXyuFMUwSTBJLb4dgFU1nxKn7+O8TzesIBhm3kg3/TerwXqOIlPd:o52IqXdMSlJQMUnxKn0RIBhB0yrmq9D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698721, "uuid": "b9102102-ed35-4d69-a87d-bf18f1f3c0b5", "value": 874496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698721, "uuid": "cdb9b4a1-98f1-4939-bb6b-fe771c4d8d84", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698721, "uuid": "9fe91a51-e3ab-4ed4-a9ee-049e1707ebe8", "value": "ENQUIRY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0dd636d3-eef9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683698896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698896, "uuid": "d1679d4e-f22f-451d-8831-9ac7c0b065d9", "comment": "Malware payload (Loki)", "value": "dc7ac8fbe94e8abc596e2416208f3030", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698896, "uuid": "e67a0b6d-e5eb-424a-bfc2-6f3bf1f23f9e", "comment": "Malware payload (Loki)", "value": "57ff6de510ccaa060efa53e2c9e1c1b8c3b132fa55289a8a7ecc321a5370043a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698896, "uuid": "1c18ed05-807b-4ba3-9c80-f2ab9c1f7bf9", "comment": "Malware payload (Loki)", "value": "728ccad5312911db604822e55f06c25aefb05b09", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698896, "uuid": "240b4100-2e72-4172-b85e-30a9d257246c", "comment": "Malware payload (Loki)", "value": "a1b56fcbe10f2461b6c520c78448dbce845118de71713a5a88d5290ca3984ddfa4c03d5f3bb78e23f69be922a715adf0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698896, "uuid": "a0b05c70-918f-41b7-9250-729c62643705", "value": "T155057B3C61CA5C26C71673FA8995C5E103356F00AEABD26A25BE30CC8DB1B93ED4554F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698896, "uuid": "e70f2f5e-fc13-4570-abc1-708c016cb560", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698896, "uuid": "7cf6cefd-9ac2-4669-a114-4dd14d4f7867", "value": "12288:VTbBIJqZf0qXywQrglDXlYSKBC5iQr2gFyMuLmFSWFtA7iT8E:VJIJILXtowlYSMC5iQbgMFS0tcM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698896, "uuid": "7a6bc092-55cc-4f7e-9bd6-4c98654eb85a", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698896, "uuid": "c19b8463-7b65-432e-9fab-2e7742e78f5b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698896, "uuid": "ec22065b-3e1b-4701-bfcd-7900ec0a50aa", "value": "FedEx Receipt_AWB#51305323204643.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8dcb8da-ef2d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683721544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721544, "uuid": "9f14cc0d-a5ae-4b55-841b-7fc61c6344dc", "comment": "Malware payload (AgentTesla)", "value": "776b529279f7fef6d0677ee5e315ad13", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721544, "uuid": "f1fd4a97-2153-4d49-a0a7-d4c1cad28fdd", "comment": "Malware payload (AgentTesla)", "value": "584b466de40e9a985d022ba115ee7301b46261f1526516eaae36760a435be241", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721544, "uuid": "756bb852-cf66-4475-9d99-db52f3505fa9", "comment": "Malware payload (AgentTesla)", "value": "67346af4a0b9f7e4be508227fdd502e6b045b4da", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721544, "uuid": "ad449c34-96bb-4dc3-983b-55f4be3f23e0", "comment": "Malware payload (AgentTesla)", "value": "b41f540c20984e87d35c7693cc5a09d98758b9b4ab90f8fb9a9542c1eb2b3a1627c8d6b7791aeacbebb9049b2124df4a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721544, "uuid": "68352bf0-575e-4000-b4ad-4288050ca81f", "value": "T18325C63D18FC362281B5EAB2DF84E561FBC0859276358DDF5AD2848626EF50236CBC1D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721544, "uuid": "d088fc21-a5c4-4bc0-a0f9-9e27001e9642", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721544, "uuid": "7c50f179-c6ec-4f14-898d-bbd8d2672aaf", "value": "12288:V5q0vvxVrvqwHzHh27NqUnQcG6SRZ09MqAi9a8W/PvH/5PIc1S:/TXxVriwA7Nq0G6SRXqAigD35PIcw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721544, "uuid": "2671b1f6-d1a5-4523-83ad-17df61087d23", "value": 1007616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721544, "uuid": "69a9b3bd-b879-4ac1-9a70-edb8e1bf4f53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721544, "uuid": "586c8da4-4331-47c2-9134-19aecb364dea", "value": "09MAY2023_FDGPLAIN-SHEET_PO083942-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7dcafa3-ef28-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683719421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719421, "uuid": "33c83c97-09af-4d46-b0c0-8c10819ea405", "comment": "Malware payload (RedLineStealer)", "value": "8de17eeac52f19f11d8aef8eeb9b6a6d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719421, "uuid": "84e5de63-e73f-47aa-9aef-56732206a446", "comment": "Malware payload (RedLineStealer)", "value": "589904ce0a87a7f55e941714c8c16eb8ae59ca9faae7f1d4f8e3b6224323fdeb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719421, "uuid": "1cfd4b22-06cc-406a-927b-8bee530fc9b1", "comment": "Malware payload (RedLineStealer)", "value": "62e259294d21ae31913edc6c20739075b47accac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719421, "uuid": "91d768fc-54e6-4696-99c0-a1b3faadc03d", "comment": "Malware payload (RedLineStealer)", "value": "b30edc0d381423cfc7c6b162e5d94f138d36d3f42f16659e57caeaa191382c3a39babc03d0873a767769c6f42906eb7c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719421, "uuid": "bfc77115-0509-44a6-8121-a6ac2f90ac2f", "value": "T1E9A4021BB6E844B2E87517B08CF707831B35BD91A978836F2780696F48736C5A4317BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719421, "uuid": "d5cf9719-5609-4e0a-8ea9-e631f8530677", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719421, "uuid": "7f2a83e8-f319-471d-99b7-878f0ab1229d", "value": "12288:rMr1y90NlwgdpfeoVKwFEbOw9wGwlwBhmp0kOEmmxlC:WyAHKrwGs8gmmxM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683719421, "uuid": "d82d691e-cb60-4ada-b518-e1d5b9354919", "value": 489984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683719421, "uuid": "170b13b4-e23e-46e2-9a54-e5ac5f31d2ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719421, "uuid": "f84c692c-f249-49aa-a1da-04afed604496", "value": "8de17eeac52f19f11d8aef8eeb9b6a6d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53d32dd2-ef6d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683748835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683748835, "uuid": "1cf3caf9-89af-49d3-be88-9a96ce34477e", "comment": "Malware payload (RedLineStealer)", "value": "72b69787630a6824c8fd200ae8ed1add", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683748835, "uuid": "9746b89c-5d0a-4291-aaee-e4dc78117a0b", "comment": "Malware payload (RedLineStealer)", "value": "58a30e4769f449019d29b3458663cb51aced48cb23ae507e81c43afb5f8390e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683748835, "uuid": "939a3c08-d985-4beb-9dc3-cb5ba7a1368d", "comment": "Malware payload (RedLineStealer)", "value": "0d8d8a36c21710d56cdc2c6b9e020d1287a486c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683748835, "uuid": "9da37bd9-1380-4f2c-9433-665cb0e24b87", "comment": "Malware payload (RedLineStealer)", "value": "5edf88929d8d9b6846ebcc5f90ca69428197868e9d3f045b7020b6e4b2ed95646bff900da765992928332679651ae167", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683748835, "uuid": "7b29f9c5-d66e-4b7e-ae40-dab1e4a90271", "value": "T154F41362EBD49172E8B5237058F603D30E3DBDA15D78839F3B48B58E0CB1795943672A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683748835, "uuid": "74497bb5-aee4-47e1-b219-61a9e511ce2a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683748835, "uuid": "12e839ec-2fc1-402c-85b1-7d9019f0dbb2", "value": "12288:iMrHy90+/K78VYy6YoZyRP+pivjLOtXnCGiaaLQKJR98Mpc/N12L6n1l1OmSgB:dyHC4HB+6CCGxKvRpc/GL67YmSm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683748835, "uuid": "404d07fd-48fb-4e41-a9a9-2555b49b00e3", "value": 790528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683748835, "uuid": "6e2702e1-608e-4b51-ac2d-616bce82747a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683748835, "uuid": "17dc687e-05fb-4238-bac4-a6ed830626a9", "value": "72b69787630a6824c8fd200ae8ed1add.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2e5bb8e-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688462, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688462, "uuid": "8f91801a-4224-4ce7-8143-fa93b7404a45", "comment": "Malware payload (Kovter)", "value": "ebd5ec7ea59d2d57148391867f0f50d9", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688462, "uuid": "a8ae972e-218f-4797-a3f2-8fbc21812327", "comment": "Malware payload (Kovter)", "value": "5a0205c4bea89b979946bdc00ebb5a8fe6c2309ef55fc2456e41d7fded836a67", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688462, "uuid": "1b7d9301-0b6f-4ceb-90a1-3a116dea5969", "comment": "Malware payload (Kovter)", "value": "91a1af5aadce3340f2f4280b2eba450a7bb103bd", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688462, "uuid": "aa7953cf-8685-443e-82c1-98458ac5faf5", "comment": "Malware payload (Kovter)", "value": "bf1fe21b7da3426df1a1d2df3f2a64eb32737e7d2edd258af6f5d5051de63865f2964746f1ae9c851b5fa84925cd2b4a", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688462, "uuid": "37ba74a7-99c7-4ae4-805c-5da2d15a3a47", "value": "T1E6743A35F640E537E4269CBC9C0FE2D46569F2302E351947BAE02F4C98B5593AE2BB43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688462, "uuid": "ffd5e1af-8655-4736-afb3-2072b74062a4", "value": "6144:IogB4SQZv4EVr2kkfG8KOasFvV0muPJDxCX25z/Czjur2PQZqAGAKy:bg2bJEuiVQPOsCzju6PHA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688462, "uuid": "c81bd0ec-b863-4d1a-bfaf-3c674ce9c862", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688462, "uuid": "238cf02c-44c9-4980-a128-82ebfc2a1f58", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688462, "uuid": "775df994-8189-439c-987e-50fc406e9389", "value": "2023-05-09_ebd5ec7ea59d2d57148391867f0f50d9_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2aa47266-ef2b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683720419, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720419, "uuid": "1afeba50-234b-4eb3-97a1-d74577d14c37", "comment": "Malware payload (Formbook)", "value": "86da219a34c8fe3e4551889d462fefb0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720419, "uuid": "71cbf1d6-1db0-4311-b1e7-2d33b6063b14", "comment": "Malware payload (Formbook)", "value": "5a46bd65bf5067b29396df720a7f67abb3a773ee9ffa19587242bfeb6f5c4d15", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720419, "uuid": "45d504e5-1119-413d-835d-375320d81140", "comment": "Malware payload (Formbook)", "value": "d75d609b6091503364d6e85d6cb2cd9074b2300b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720419, "uuid": "13994f0f-36da-4560-ab83-146db8cd0105", "comment": "Malware payload (Formbook)", "value": "ea24245a30b2736a3040b05d3e368bff6a83f6717d09f19be0dc7e1af49f64827589c4ddb6d7296082174d63795f23b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720419, "uuid": "1feef2df-e674-4c52-960a-023fb73b44b4", "value": "T1A305E121721AAB2BC76853FB0628854503F87756FD6BD27D2EDF20CDDD12B104A22E67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720419, "uuid": "2493c852-2d1f-4f78-aba1-5e58f1f0ff38", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720419, "uuid": "f1bcf3ed-24a0-4bd3-b5ef-938e1cc2325e", "value": "12288:xBZfTit9gO5lDl5Olk4xUHW6Iuro9ejTJDHrB0KapGyCmyp3Q090B:xTLGH5Ai4xUHUurYejhLBCpJCmSQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683720419, "uuid": "dc33abb7-4aa3-403b-883c-ee5aff511e2c", "value": 801792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683720419, "uuid": "b95791ea-e444-4fca-bc6c-ad6fddd54124", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720419, "uuid": "6088f362-57d2-403d-b8dd-0ce39ef5e7c0", "value": "24Hdkz2sGxG1Xq0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5dd12a6-ef39-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683726773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726773, "uuid": "4b8cc891-ccfd-4001-a18a-e18a2d90075b", "comment": "Malware payload (AgentTesla)", "value": "d128319bf239e0dfeea0244e3abd85e9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726773, "uuid": "58ae8f02-1a12-4fe6-847e-94bfcdde079a", "comment": "Malware payload (AgentTesla)", "value": "5a75b5c896b040a2e85af9fef453076b66e431842c2dddc91ccf57d9a4b09222", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726773, "uuid": "617c99c2-3f83-4458-a2d3-0a9a90d90f41", "comment": "Malware payload (AgentTesla)", "value": "9e682c5cc0b2fa5f86abff37f96b476807d90cde", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726773, "uuid": "eb10e907-b399-4a2d-b3c4-a175d5f9b92e", "comment": "Malware payload (AgentTesla)", "value": "34f67fb0c7fa226532cd6644a780aef6b95124f2bca349c0272f626793c4debee5ed6ea3847d55f3929d9908337c055a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726773, "uuid": "d4443721-6511-4bbc-8cf9-fe55253d282a", "value": "T114D423F57824C71E1B538611ECCE222DCAECA3D1D8061DA1319D16C9A328D7F8F9ADD5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726773, "uuid": "9d2fde2c-a433-40de-94e2-ed2b9655a2c7", "value": "12288:NLmp/xyTyBfVh4ImIEq0omI1lUdqE4osI3NVz8gbpxHXK0MlE3Y9PFTII87Ed:NL6/+yBfPuIEqNmI1WdqzI3NVppxHXBI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726773, "uuid": "b6983952-6e89-49f3-8312-468a6d996948", "value": 612340, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726773, "uuid": "7f5bb68c-8724-4c9e-8bb2-2d236f8f1a59", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726773, "uuid": "f60b94a1-e6ec-4140-8db6-3dd4fc883a5d", "value": "po file 778654390.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71bb3a77-eeca-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683678877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678877, "uuid": "7e052fcb-0840-4585-9856-86a611620532", "comment": "Malware payload (RedLineStealer)", "value": "be56d12c3b1a0d58471545f4ac671788", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678877, "uuid": "07ca0488-22e2-4c7b-9086-f4e4428aa5c8", "comment": "Malware payload (RedLineStealer)", "value": "5a9313a52213439705ad9f16926a8684e09a5ac91366e06d92f34e02832418e8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678877, "uuid": "9c477b7b-9e19-425d-a43d-4958c488ebd2", "comment": "Malware payload (RedLineStealer)", "value": "2703c347cdca02137b943797f70b69630c95d082", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678877, "uuid": "1145e5e2-e45e-4a3f-a93f-0663e73bfc5a", "comment": "Malware payload (RedLineStealer)", "value": "10613572285bb2b25d69d8b623f492805a812f40d4fba8d2d02f29c604c2b2671310ead90b4f9dd487051d2d55b37618", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678877, "uuid": "0dd94891-f21a-42e3-8068-e68202b2f1d1", "value": "T1D3B41263A7DC4472E8F11B7098FA13C31E367CA25A74872B3745AC9A0CB29D0957277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678877, "uuid": "46dafe8e-8a4c-427b-b179-1c5da4a9bb0f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678877, "uuid": "f2a7a2fa-cc07-455a-8da4-ae7f29962645", "value": "6144:Key+bnr+Yp0yN90QEQfuLTWK/ZwR1WWorRuQmuuKQCYCQdfhjcNQjd13wIig4Kuh:6MrAy90ieTWqWujQmefRcOmedA/Qs8U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678877, "uuid": "f05a981b-c5fd-4426-a156-49de5555769c", "value": 501760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678877, "uuid": "737591d8-950d-4a26-8de5-479a185bdfd1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678877, "uuid": "4b4aab7c-b9db-4f43-8f1d-4c4acf90844c", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1d91c38-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688461, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688461, "uuid": "2047291f-6ef0-4b0c-841d-4a536c8dd041", "comment": "Malware payload (Kovter)", "value": "e67fc78b86ff068b103fef676f8a74fb", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688461, "uuid": "5d49da69-7481-4ca8-8c9f-459a82d5e1de", "comment": "Malware payload (Kovter)", "value": "5b1caa9bec8d7d7833b0e25f3e4256975c38a22c2901f8e4d99fb164dfde13c1", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688461, "uuid": "da31f892-4315-45ed-93a1-6f742958bee8", "comment": "Malware payload (Kovter)", "value": "893cadabba49f33b6cf6cc5f09041166cf3ad354", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688461, "uuid": "263dadb1-11d7-4bf6-92ed-3b4c4df61f48", "comment": "Malware payload (Kovter)", "value": "effcbfffe8b78660855cd93094309c962a601757dad03f273841489a4de2559bf70b388b93b5578fbd14a1c082e428f4", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688461, "uuid": "d3d9c82e-7243-4019-af5d-bb64be115a2c", "value": "T15D744939F640E137D83619BC9E1FD2E5A579F2302D341917B6E15F0C9CF9183AA2AA07", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688461, "uuid": "7cbf4305-8ad0-4efe-9aba-1f905036d7b1", "value": "6144:I2+UbpiyxntHajQkrZ+ci4K9RZ+EXFhTBAd8/AwP9zpNyWQNqW9P:5+qpptVCl6R3XrrP9z2WH8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688461, "uuid": "4e3279df-a941-494b-a8ba-d3bc4d21b950", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688461, "uuid": "cbf9cd44-df85-4e1f-8b2a-2a31925bf042", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688461, "uuid": "2cb3f3cf-fcbd-44ce-86d0-cfb3a7f87ad0", "value": "2023-05-09_e67fc78b86ff068b103fef676f8a74fb_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3c902c4-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BlackMatter)", "timestamp": 1683688464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688464, "uuid": "ae920248-5e22-4b8f-bc41-bc7784bbb75a", "comment": "Malware payload (BlackMatter)", "value": "ecc0c0771353c2e797d1bd46969770f3", "object_relation": "md5", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688464, "uuid": "2eb4a5d3-8804-4eb2-8495-fd495e023be7", "comment": "Malware payload (BlackMatter)", "value": "5b3c9f63445c5ad34392be3fa1150dd3aa86cc35901ce88aade8ffafda2f51a9", "object_relation": "sha256", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688464, "uuid": "61115eca-a3a3-477d-a62b-c58edbb51692", "comment": "Malware payload (BlackMatter)", "value": "c291d3f37273452cb54083eb94dce87574e59c9d", "object_relation": "sha1", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688464, "uuid": "c0780615-3ae3-483d-a140-336e10498a30", "comment": "Malware payload (BlackMatter)", "value": "710302cb1b1fa5cd9ae7db3425acab5a9feea558ced16e23674b25c3d58d59055bccaa188678cf530bef820e157f4801", "object_relation": "sha3-384", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688464, "uuid": "37841d88-99f0-4dec-aac6-445d45155c8d", "value": "T1D3B64A92B809B7CBD46A17799153CD612F7C13F856248B12A82C75BA6D53C803B87FBC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688464, "uuid": "ff51575e-9ca6-43d1-ae72-6aa3fb23f836", "value": "49152:xfk9oE4hyZYBl+OHJ1V4dYFgZPsv97H4numCM1+7:dk9oE4hyZ2p8dfZPs54numh1+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688464, "uuid": "1656ff86-f310-4425-a524-f03ffca4910c", "value": 10485760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688464, "uuid": "96df8d67-3cd8-4863-ac33-16083e76f9df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688464, "uuid": "1d84dec6-fae8-4f4f-b278-26f3b54a871c", "value": "2023-05-09_ecc0c0771353c2e797d1bd46969770f3_darkside", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed7b3b4b-ef46-11ed-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1683732342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683732342, "uuid": "b41cbb9d-b493-4fa0-b483-41aaf721a3b9", "comment": "Malware payload (njrat)", "value": "0c80941236f33eb138d9a9a66f4f19ac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683732342, "uuid": "d366a57e-f05d-48eb-bd0a-ac5533ff0222", "comment": "Malware payload (njrat)", "value": "5b50158e0417a97fccdbe2f9480cf2ee16d9c9ee1a80ea79a7740a3d33db8f6b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683732342, "uuid": "5876af6a-435d-4bfb-bb17-af9f7e45ab21", "comment": "Malware payload (njrat)", "value": "7e40f9c717618148978b39f8bf8fbcac8cdf2923", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683732342, "uuid": "c18d1a8c-da22-4363-87f7-71ba2e91ae00", "comment": "Malware payload (njrat)", "value": "3215abe45fd46d44cf932862a3a4296f1205a665596bfc26ce952d67169c3488fdb3a12d7d7bd2a5c5690b94634f1f22", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683732342, "uuid": "e6aa9379-726a-4b3e-bb2f-8b6002073965", "value": "T1D3032A4D7FE18168D5FD057B06B2D41207BAE04B6E23DD0E8EE564AA37636C08B50AF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683732342, "uuid": "3cb8b986-8ae0-41ff-9b70-e0eceb866966", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683732342, "uuid": "416045f1-69a5-402b-86fc-ba69a1eca43d", "value": "384:pO2KMizdVjnBhFbJ8ycPN/fnfwacprrAF+rMRTyN/0L+EcoinblneHQM3epzXWNh:M2gVlLJfcPN/XlcNrM+rMRa8NuI5t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683732342, "uuid": "1c2cdc7b-0ef9-4f97-8489-45c985e33e31", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683732342, "uuid": "81f7d738-abf6-47f7-8065-10f1ae2be7dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683732342, "uuid": "94e6f47a-b310-4e8c-9e81-93f5aaaebea4", "value": "5B50158E0417A97FCCDBE2F9480CF2EE16D9C9EE1A80E.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42de17ff-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683744512, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744512, "uuid": "309568ef-58eb-472f-8e27-63cdbfc0cd67", "comment": "Malware payload (AgentTesla)", "value": "2fad9d22d71aa2c94ee5b6ef0287440e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744512, "uuid": "644b1986-0bb1-42a6-8dbe-5a25a45f1709", "comment": "Malware payload (AgentTesla)", "value": "5c55eec6f12aa60ac02540ebb2af7b7780d148d76a07ad27bfad0d4f3bc1a067", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744512, "uuid": "9704adac-3486-4e12-b836-ed354a72294b", "comment": "Malware payload (AgentTesla)", "value": "80331853c5503522e775aa7ef10317a14595158d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744512, "uuid": "22c8b088-e2cc-4f21-aaa4-91ab32c97400", "comment": "Malware payload (AgentTesla)", "value": "94fd984e00be85149d133417bdab0c6033c20440af6d4c71ef2181f389243b8b48a4102a6f1b539de08d4bf1c827d4c0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744512, "uuid": "4f5cb8a2-8931-4979-8638-7c24f23f2fdb", "value": "T1B2E4E185433BEDE1EA641B70210478525F6DBD1A74F8B0FC7C5BB888C9BB5120AE9763", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744512, "uuid": "21f694bf-b774-4998-a598-ed219cb17b19", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744512, "uuid": "82e1d49b-6acc-44ce-b8f8-841c09cafc3e", "value": "12288:XFmDIzln4wgNAqcDZ2ITVh4LhIMA4PDT3XWGl3VlVT6QdtaTlW:1mDId4wqANDI8S3f3BBVRtaT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744512, "uuid": "fb9565e9-c1b5-4fb7-ac75-755f24e0e848", "value": 713216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744512, "uuid": "52f58e4e-68f5-4e0b-838a-051a732fb0c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744512, "uuid": "df11c324-fc6b-48fb-803b-a824057b8720", "value": "PAYMENT_ADVICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2030087f-ef3e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683728562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728562, "uuid": "cbc99277-e1bd-4c76-907c-133d469459fc", "comment": "Malware payload (Mirai)", "value": "16ef7b4bfe9dbec9e4da133f7266a2a9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728562, "uuid": "cdf0212e-f86d-4cdc-9f2c-76acd259e175", "comment": "Malware payload (Mirai)", "value": "5e441bd6665deef56dae9f4ec1a3e5f342c58133c0f88beb9cb53d018a15b5ed", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728562, "uuid": "e4993ca7-09fe-4d07-8b3b-0506ed9885f7", "comment": "Malware payload (Mirai)", "value": "fc7e2f40093ee1151f43add5ddf7c755eb6caa31", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728562, "uuid": "d536e765-1824-4923-acbb-94fb2b83c300", "comment": "Malware payload (Mirai)", "value": "d3befba30cb3d4c6419fc42710ca269624280d774969506a4106ab0007e43b5faa37bbdbba7d4f88245ec076b8cfd4f3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728562, "uuid": "208f5244-6f47-47c7-97cb-df963a68b1ae", "value": "T1D9B31877A4654F73C045A5F125BA9A310F12AD931B1F1A88763CB6B04A3B4CEB84EF58", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728562, "uuid": "5fbd47a5-5962-484b-ba91-914a4f933ba1", "value": "3072:MDVLSItJP+Xsp4JlN3HpjmH1cuEgvniuN/:MDV+ItJH2l3HpjmH1cuEgvniuN/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683728562, "uuid": "3a849ace-8e9c-48d1-9d4e-b5f717a5eddf", "value": 112633, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683728562, "uuid": "5ab5e591-8be4-4b7f-9d3d-7af6f4cc5886", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728562, "uuid": "a251a7c7-44f6-4d8d-8019-77925bf56cbb", "value": "16ef7b4bfe9dbec9e4da133f7266a2a9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f683ea7-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683744506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744506, "uuid": "4557778f-e1c6-4262-aa7f-558f1bd38660", "comment": "Malware payload (SnakeKeylogger)", "value": "a80647c87ee5592fdf2076748283c6d4", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744506, "uuid": "c4aaa617-f127-4fce-af7e-7e9d6b5ad4d9", "comment": "Malware payload (SnakeKeylogger)", "value": "5ec1b6523111d320f867eff0f219ce7431ef2b9a70d268734559075dee1d7020", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744506, "uuid": "884f1fbf-6d8c-4f40-8cd5-51a41344610c", "comment": "Malware payload (SnakeKeylogger)", "value": "edfb4444f31207da740b17f7b69e89ab331d76bf", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744506, "uuid": "2d0e9491-6021-4669-b678-3999aad6c33c", "comment": "Malware payload (SnakeKeylogger)", "value": "c0c8f3eed9872417a6557133b8066fb07be6a1de9334e9e30867bfffa4da5063587099274db8b63a0fad4331c694c6de", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744506, "uuid": "91481a7c-2cf7-4fdb-be58-289301c8c351", "value": "T150D42373332C69FC23582E6C3F2229902E70DD6FB51D5915857D6F36CAA85381286DCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744506, "uuid": "89b26506-ee8e-493e-aecc-5b675c780c65", "value": "12288:IrZZM4RlF66u6ELS6sH5fG51mY7ZPfJvcC6kipGQTZbnBg5FWx:yRlA6UsZfG5zRRvPKpGEtni5F6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744506, "uuid": "131dcda2-2e26-47ef-83b7-bab20d10701b", "value": 619972, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744506, "uuid": "2c393f44-7496-4f05-ad9c-726ed5d12a8a", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744506, "uuid": "ad24d0f1-8000-42f2-9a9f-c6eb295f8eb4", "value": "#ENQ-1885-23-TCR-AL-AWALIA-2023-RFE-5504.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24256528-ef2f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683722126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722126, "uuid": "2e96c570-6d1c-493a-b105-503793cd60c4", "comment": "Malware payload (Amadey)", "value": "b1857f75ef2c48ed9696710d190294ba", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722126, "uuid": "cec8fa1a-0c1c-4783-917b-6ce52abc77d1", "comment": "Malware payload (Amadey)", "value": "5f60d3865dbd861a5c0d1e811a8e6edefad84f459a7e3cb31380efb701780e1d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722126, "uuid": "4e9510d2-4ca5-42cd-88e7-a480d7c64751", "comment": "Malware payload (Amadey)", "value": "a4a07d775ba255b1e720113ac2be174e4b300240", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722126, "uuid": "281c3882-c062-4bf6-886e-9d6825ade025", "comment": "Malware payload (Amadey)", "value": "805d54314ecbf5427c1d49506c0f5df74d9e241249d1a23e927c2e08b372014efc32d1e901b89ed7a3e34db876674c7a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722126, "uuid": "b0b3d6f8-bde2-41cc-a6b9-da7e238ac182", "value": "T1B4A40143AAD44032DD76277058FB07D30B7ABE926DB897AB3741694A0C736D1E83436B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722126, "uuid": "8915661f-e680-4963-8d49-966bc8e81225", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722126, "uuid": "5ec5aa39-6b83-488a-a6ef-c69f8aae9870", "value": "12288:mMryy90DVESaK1ajdnGYlzusGJAx1fAKokPJ:UynR3GtzWx1LokPJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683722126, "uuid": "5f21b7ef-cbd8-4188-bbea-a27d2097af13", "value": 489984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683722126, "uuid": "b2bcdd03-0343-4bd0-ba85-a0d6a1b0e86a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722126, "uuid": "33aa2d95-8ca4-4078-b54e-3d147cb171de", "value": "5f60d3865dbd861a5c0d1e811a8e6edefad84f459a7e3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6597690-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688468, "uuid": "b603d2c7-20ba-463a-ae69-4d4557c02437", "comment": "Malware payload (Kovter)", "value": "f4988fa7fb09ce6ffb5992c3fad93ffc", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688468, "uuid": "9163961a-2d05-48db-994d-3639ebf87f51", "comment": "Malware payload (Kovter)", "value": "5fb0a5633a863e30d63499148b64806364753e5343f247db36bfcdeb41ceb583", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688468, "uuid": "29102509-cb3c-49d1-ab87-8a4cc61f6793", "comment": "Malware payload (Kovter)", "value": "dcbf7b83efc86106d14ab1f831abf1aab4ae12c3", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688468, "uuid": "80a99df5-589a-4ca6-b0e2-d20e4c964bc9", "comment": "Malware payload (Kovter)", "value": "bf6d079d12eeb927be9471f5047fd5516035df1def4a8f3d4f3ab116c380fef2a1f3439980fe2e01cf64ea5fd14b18b1", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688468, "uuid": "f61cf6c9-9e80-4061-b271-1fb33ef8b757", "value": "T1B0742839F240E637E4229CBCDC0FD2E56569F6302E341957B6E06F0C98B5593AA1BB43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688468, "uuid": "a90ac28e-ee43-43ac-b57d-5d3540188b0e", "value": "6144:wahsUvdEhmw+lTugkS+BWMScSJJdC1Z4vrph7pQdQ/Hb5MMghYQhqazay:9hsIlLU6JMurHHb5Ki7Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688468, "uuid": "7e17bd73-78b7-4727-8a3d-518726f46dae", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688468, "uuid": "d9516418-8e59-41ab-85cf-e02a1d271ac6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688468, "uuid": "14da59bd-f16b-482e-8f01-93d55c6cff37", "value": "2023-05-09_f4988fa7fb09ce6ffb5992c3fad93ffc_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5207d7e-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688466, "uuid": "a8f4b002-ed7d-410f-8217-ccad0cc75bf0", "comment": "Malware payload (Kovter)", "value": "f113185dcc390733e8caaad3d05b32f4", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688466, "uuid": "bf07254b-0563-4522-8dce-1e13dc6cea3c", "comment": "Malware payload (Kovter)", "value": "604202af93f1d5661a8856a10a728445da851231d4b60149e7cd301e8b2152f6", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688466, "uuid": "de5e8cbf-47d3-4a11-a370-2a213b1da450", "comment": "Malware payload (Kovter)", "value": "9c7ac1e8846f5a61e4ecaf91699023b2c14d6c98", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688466, "uuid": "4c86c833-2640-44b3-917b-2ebf4ac9918f", "comment": "Malware payload (Kovter)", "value": "af8caea1193c3d8b750a9fed19ee29ebc722bd13ce34cb2dd3a2c37158a9ffbb153d3f0bc35d155c491e143b2b1f660f", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688466, "uuid": "2b01596a-e6b9-43cc-b986-b613be486bbe", "value": "T112742839F240E637C42558BC9D0FD2E9A179F5302E381E07B6E55F4C89B91936E2BA43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688466, "uuid": "dea2777c-4e47-463e-874d-2547fe51de45", "value": "6144:gAwjJA2gls1IVOkZiWaiUzz9m/nSenhb9oSJwIB/QXwPihQpqAQi:XwVALu2zm90n3nBQXwKhvs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688466, "uuid": "bd94cf59-9601-47b9-8473-ae68ee50cccc", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688466, "uuid": "d70ab01d-5cd6-439d-8812-80194461c5a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688466, "uuid": "88aec901-90e9-49b3-9bf1-f196fd16d0a7", "value": "2023-05-09_f113185dcc390733e8caaad3d05b32f4_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7afd289e-ef2e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1683721842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721842, "uuid": "a712f6c9-05a1-42af-a2d7-84aaa76c79d9", "comment": "Malware payload (RemcosRAT)", "value": "4a2ef8e14c1cc6e305fbb261a8bc8118", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721842, "uuid": "0f651d61-924b-49f0-8eeb-5104a2ad60be", "comment": "Malware payload (RemcosRAT)", "value": "6053c5c3a4202b8c2e6b2f176a99c980233f63024be06b67d3a30e2f0b4470f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721842, "uuid": "7ecc81d9-a278-4f18-84f6-448f373c3bf6", "comment": "Malware payload (RemcosRAT)", "value": "3b6a1a2039f92e333e75b60bca982f1798b4a6c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721842, "uuid": "35fdbabf-e140-4647-a080-98e518039a69", "comment": "Malware payload (RemcosRAT)", "value": "e7912d29355a0645b340b8e42bf0f3c63c30f544dded1537b701735a5ecb8607a84eba25458f86c2808860fa3d5b46c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721842, "uuid": "38507204-225a-4abe-8959-e809c2c07ff3", "value": "T1E8350221712AAB27C7A843FE0A28498613B57726FD67D17C2EDF20CDDC52F104A61E67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721842, "uuid": "71e650db-b7a8-4f29-93cd-2c9584b8f58b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721842, "uuid": "16da8441-e5e9-48a3-aec1-f4808d15d6ef", "value": "24576:SbLLRF4DQFA1yMfI4YUQ85fKrkUGgdFc/7WtQ5YLbXbD:4LzcQeutj85fRSdW/7CQmLbr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721842, "uuid": "5fd9129a-ef08-4701-8272-3ff6c4f07a61", "value": 1091584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721842, "uuid": "a5b2ca67-8ff6-4d01-8e9f-59a36033607e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721842, "uuid": "0a8b94cf-9f51-4d07-b72c-5568c8621766", "value": "SecuriteInfo.com.Variant.Lazy.338688.16171.20584", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d817805e-ef07-11ed-b3cf-42010a9c0076", "comment": "Malware payload (ModiLoader)", "timestamp": 1683705248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705248, "uuid": "620d7fbe-d43f-435d-8804-56a2d433d0b5", "comment": "Malware payload (ModiLoader)", "value": "310ce022da27cfb42740af611eaa556b", "object_relation": "md5", "Tag": [ { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705248, "uuid": "002c1bd0-154b-4bfc-9269-e53c4fd0cc84", "comment": "Malware payload (ModiLoader)", "value": "606898e18bc3292846678ca900122df68da511b565a6391cc3982278f826a14e", "object_relation": "sha256", "Tag": [ { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705248, "uuid": "80e24bff-986b-4f3d-93e6-6585e83a8c3c", "comment": "Malware payload (ModiLoader)", "value": "c586fbf782c557b8c521f2f9d9f1d92d9deccef9", "object_relation": "sha1", "Tag": [ { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705248, "uuid": "6bfe0f2b-2183-4aca-bc49-c1d2a9197838", "comment": "Malware payload (ModiLoader)", "value": "c630a9d83154c25926bf5712d8bfa931163a405e7736587e55e9351fce301e043f5250e3bce353cb8910a77efe49f3e4", "object_relation": "sha3-384", "Tag": [ { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705248, "uuid": "b49f5347-e0c9-42bc-a774-a1f1bd0a29a7", "value": "T127A4234457A7ADE2C2055A8B773FA0FB74B3B0DC16710F284103A92285B1EAF9DE1797", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705248, "uuid": "2da2eddc-db2c-412b-ba1c-edaec78f051e", "value": "12288:RDRy+0jLbF7YR4/V8POSggNkk9Nlih89ksTR9UXt:hc+qlsQq1rRG4kXt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705248, "uuid": "38a5271b-4887-49b9-bcc9-1c4fb42023ac", "value": 486845, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705248, "uuid": "083102e6-d85f-4bbc-984d-24091e7214e8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705248, "uuid": "c20e4ade-a286-4c94-a8e9-db44b5fce118", "value": "predracun #0324132452_1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "badaf16e-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688449, "uuid": "f983838b-9de9-4c08-acc0-08575819ab9d", "comment": "Malware payload (Kovter)", "value": "7c3f60037ac11106ab2994058cc553c9", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688449, "uuid": "5bb646ab-deec-4b83-88db-80049902478e", "comment": "Malware payload (Kovter)", "value": "606b88fce1441e6d83e1fb2ba1b511e4a9e68f7fc01c55b7c53e08fd28f9a0c4", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688449, "uuid": "84f0a0b8-d644-4340-8326-ac402b6962b2", "comment": "Malware payload (Kovter)", "value": "1a7c827670c46bdc90691605f974e7d7a0941fb1", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688449, "uuid": "b0cad40a-37e7-44b4-a29d-39c84048f85a", "comment": "Malware payload (Kovter)", "value": "8cf1a14c6ee312e7aa90f2bf828a669a348448f4d0d3c6c4138b12272a832d7187c58ce693d2607fb6bb44308ce24d44", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688449, "uuid": "86e6daec-aaec-4463-ab5f-685d55958dde", "value": "T1B9744A36F640E637C42118BC9D0FD2E5B57AF6302E341957BAE51F1C89F91936A2BA03", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688449, "uuid": "b2c6cfbb-08aa-4e01-974c-7e146f1fae24", "value": "6144:aNkgpZOuI7Am6xeTH2kxEiG68N/xc2iPpz1TumNf/qP+7WzQ9qsNlN:rgXOvIUTVmxUP7lqP+6zL2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688449, "uuid": "c54485aa-50fd-4ee8-8e84-5dd3b97eef73", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688449, "uuid": "8d30062e-e367-43cf-ba70-bd9027e8e58b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688449, "uuid": "894c8e1b-85ca-4d77-b37f-a8e8414d1079", "value": "2023-05-09_7c3f60037ac11106ab2994058cc553c9_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21ac5d10-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707090, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707090, "uuid": "066dc996-5c2d-4177-a719-57ffd358b5f5", "comment": "Malware payload", "value": "c8ad5cd3b74d62e316e83f71f678e44d", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707090, "uuid": "36b6ad73-6748-44e8-a8c4-1b84f6986d19", "comment": "Malware payload", "value": "612eb98981f686452a6a0c71cc8c3eea073722ca24eadedb029530071a4df4ee", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707090, "uuid": "578f4ff3-74f4-4e6d-8c81-f67316c4c04f", "comment": "Malware payload", "value": "94309488fa14f2224f653561f841193edbc3e661", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707090, "uuid": "e2b44a58-8af5-4003-817b-14f67ac0ae10", "comment": "Malware payload", "value": "e571d1c1d72788afa60e6ccc79bcd30fc240d4f818c368993ad39ae925204242906f10c065bc401a3764c3535e82d0ca", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707090, "uuid": "646a6103-2513-4d2d-b6ef-3afb0275a81b", "value": "T12155D0731E83FEE57BA20D84D88615544C81BCB76B2CB1A47C88B4EA71A4C64EE5DCF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707090, "uuid": "bf69cd7e-5822-48da-a2b4-003d4040fb10", "value": "24576:JT5cmUDs18jHxYvWM42JY79W35OzNoEpA0bD8ALIEbF2nDbXBf:J5glRYOS6UN0ks/b0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707090, "uuid": "34281783-c049-4f30-a815-bb2ca5f51083", "value": 1325740, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707090, "uuid": "53ab0cb5-7054-4ec7-ad58-3ef401dbc7af", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707090, "uuid": "fefa0214-1a3d-4067-96e1-7ec0488c8788", "value": "Dxxlgy", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6b9da61-ef26-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683718534, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718534, "uuid": "3e746167-fdc0-4c79-a001-08cd5ca15f90", "comment": "Malware payload", "value": "9bc257f46519808732159d25fd0bcf48", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718534, "uuid": "5b25d1ce-487e-4eb7-bc82-2e7609c9016c", "comment": "Malware payload", "value": "6363c8cc12608a700e061c9acdbd8ca0fc8a42727376298f8166fab447b66bed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718534, "uuid": "8cf640ae-18c8-433c-bd67-6c78f21ef475", "comment": "Malware payload", "value": "55f30e6baf0f52d2b04f5be001008ffae5f472a9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718534, "uuid": "a4917c77-189a-4187-9a45-c3d78bf42110", "comment": "Malware payload", "value": "d3f4a77fea8e09bc68818bd7fec33e1849c0aeaa22928119f06908c834597961602453e3fb1195a881645f0d6650a0e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718534, "uuid": "26f7b826-4c44-4d35-a7d2-fe6608a87630", "value": "T1D356330BFFDA2E30E4B08579430B5A193371EC7054B029FBB09967A167F69A16E0752F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718534, "uuid": "fb8abe8d-2ab7-480d-9b50-7a88193040a2", "value": "f677e5e456f961bb26bca4f8c1999c8b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718534, "uuid": "7bbbc5e0-06ad-473e-a835-4cd3c4e9407d", "value": "98304:knh/0hCQsUmvognDaOwaBuyNScjEO6/kU9McjG3D8c0QrgFymNK/:8vhUq1Wbao2J4O6/kUMcqISrkXNK/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683718534, "uuid": "2ebfc115-3ed0-4c40-8da3-650906ddce10", "value": 6443008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683718534, "uuid": "3fa08b60-faae-4848-b8ee-de5bb79ab16b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718534, "uuid": "2938fd68-20a7-461e-a660-05e98fc42007", "value": "SecuriteInfo.com.Variant.Ursu.583924.6347.11552", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c48a1e9-ef1a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683713174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713174, "uuid": "45c62baf-27c6-4f77-b101-a19a7d697b1b", "comment": "Malware payload (AgentTesla)", "value": "245d6b66c3065f1233f1174c58321f0a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713174, "uuid": "2da98e3b-fc9c-4e27-ae49-3fbf3ab9b097", "comment": "Malware payload (AgentTesla)", "value": "63f0c5d37af5beca8498fbd732a01ed4688907d542a1d85f463409d33c756b3a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713174, "uuid": "4de881cf-db95-4fac-8a1c-99e4264e6376", "comment": "Malware payload (AgentTesla)", "value": "572298b21fe16b232b7ed4e4d61e63d76d7b9f32", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713174, "uuid": "25b2cc3b-22aa-4589-b59d-dbcc966d5b71", "comment": "Malware payload (AgentTesla)", "value": "ed48faa3324841b17b8f5a0e4a5ae49c36fdc95de1053dfe0a8fce54df41988057ac55677c7a34b2004ac5edfec81737", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713174, "uuid": "05826ec0-a47f-459c-97a9-08969dbc1fa1", "value": "T174F4CF3E51DB5C22C7A6C7FF899879A40335B301BDFBE63E225D00C89D42BD0AA85957", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713174, "uuid": "30a346eb-c4d6-4c32-a30d-b8e9a56765f9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713174, "uuid": "0c1dc05f-10c4-4c79-b838-d35a068ea54c", "value": "12288:w0yJ9caZZfYZurfHnFoqceKkKhXWTxM/bPbwGroszMB+EWr7N6JH8KSpnr8ud:w5bbcurNo7NG0IYsWrganQud", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683713174, "uuid": "8bd8736c-a4da-465d-a126-c750d81b8bd8", "value": 729600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683713174, "uuid": "b608aab5-3633-4e36-aee8-99c156880d7a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713174, "uuid": "a017ea5e-000e-4d49-9314-00abacd655ee", "value": "Invoice # ISB-49677.gz.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "831263d8-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731305, "uuid": "a7f50684-4bdf-49f0-bd16-a29223559dc8", "comment": "Malware payload (Mirai)", "value": "0b50a5edd2e22edefafc5047c4e1246f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731305, "uuid": "e28eb70a-890d-4f19-aa6a-563c26a07ab1", "comment": "Malware payload (Mirai)", "value": "644c3740bea63a45d474bffc3f58cbd6148c46c1ae1090b9c1f20aaf0ada7118", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731305, "uuid": "580f329b-4152-47d8-b38a-ddc429e389d0", "comment": "Malware payload (Mirai)", "value": "dafe9abdb2fb5089aa9191ea0e22e629e7b3df76", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731305, "uuid": "2dcd7f8c-2bc0-4b1e-b786-ac8b1a374fc3", "comment": "Malware payload (Mirai)", "value": "706864aca25cacf74a58cc95e38e3e09afb95ef97970eb513244effe091fb51ddfb5dc0c8c3dbff916ee4e86f6416e5b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731305, "uuid": "208933e3-898f-4663-b009-89d826eafa6f", "value": "T1F1339DA5C4B9EDA8D1184A74BE258F789763F100C6A32DFADA048B559043EFCF5993F0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731305, "uuid": "e4a47408-694c-489e-ab66-2537c949f8ed", "value": "1536:Ya3Fwt1i9ToZwKfs3VHPt/qKPEBnoCvf:YiF7K/f+VvbPEBno", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731305, "uuid": "06059a96-bc13-443e-a07e-37e254dcf7e9", "value": 51520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731305, "uuid": "1ea2b837-38c0-405f-9b4c-4977aa919774", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731305, "uuid": "38099611-5bae-4814-82e9-38e8753604b4", "value": "0b50a5edd2e22edefafc5047c4e1246f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6090dd3d-eef9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683699035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699035, "uuid": "15c967bb-77fb-4a69-a9d6-7784df225c9c", "comment": "Malware payload (Loki)", "value": "071d2a3aaaffe92d52ea133877b4b891", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699035, "uuid": "1d2a0093-d7fa-4b91-a6e3-5e62b90e2f3a", "comment": "Malware payload (Loki)", "value": "646e3e4ff06c99fb48889c076d190493f857a4ba4698ab21df852706933d69d1", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699035, "uuid": "830f51fd-647a-4118-baca-cb303798b743", "comment": "Malware payload (Loki)", "value": "b76e67ac4567888d198632bd78b0707862d6be0e", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699035, "uuid": "713c997c-74b2-474d-b462-e3ddad46549b", "comment": "Malware payload (Loki)", "value": "b60408c56dfbe99fb450c72f0ab40dd3d1d1be4893f0522de6f22d7b433348ccfd498011d5bde0634dcf27e909aa07cd", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699035, "uuid": "5d16d6a6-ef53-41f8-94b5-c15490b2d652", "value": "T1A085FF25B27539C7932612B2868FAC8A6318FC47B3E71ED4C05EEEB42CD85759301F5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699035, "uuid": "f821143b-64c9-42a9-8882-a19e8b47765b", "value": "6144:g+DNICed23h4M6ziI7Gi30So2Jouj7V2zd7pyQD+sPVy:g+2CeSh4M6TvbSuXcc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683699035, "uuid": "9b54f3b6-c256-48aa-8020-c94623c01ec3", "value": 1814120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683699035, "uuid": "a028e7f0-eb0a-41c5-a75e-a58e0b02d8d3", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699035, "uuid": "c69a785e-1808-42a2-868d-55a89d296cfb", "value": "WalmartXPurchaseXOrderXW13958-050923.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "373d8b9a-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (STRRAT)", "timestamp": 1683729030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729030, "uuid": "8924f466-91b9-425d-9ed0-3713e2542384", "comment": "Malware payload (STRRAT)", "value": "9cdf960168c48bc747844a7c1855928a", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729030, "uuid": "ecd18a9f-a541-42b0-830d-5bbe35a48c6d", "comment": "Malware payload (STRRAT)", "value": "66333d0ee7c4f11bf3fd38f14fa948f6d1aa6931b476931cd516f49aba5e9f45", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729030, "uuid": "a1cab1f9-2c9d-4b8f-8cef-8daa28c28737", "comment": "Malware payload (STRRAT)", "value": "7b646cc4d24c0b152b860632a600deea663c74e6", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729030, "uuid": "111105d4-89c5-45f9-b8b0-0de6a01157e5", "comment": "Malware payload (STRRAT)", "value": "4c43a55a589234d8a236a534cf2f891327f70905d007d77ef986a90134700d4d0f98869f430e293053d540c8753b8c0a", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729030, "uuid": "668302aa-b48c-4239-b9c4-56d96efbc47c", "value": "T13824F11B3DAB80B8E10758764280813B960D989E9D9AD05F77FC6C159C31DAE0B56DCF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729030, "uuid": "8a624dd9-e8a2-4b75-89e7-52ec293a2d48", "value": "6144:PL8SJJPqyPhX1UJ52LyIEFam/WC00ZOYLcC:z8SJFqf52LyHYm/o04acC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729030, "uuid": "8f46ca0d-4a9d-48d6-aea7-2e0ca4e57284", "value": 209975, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729030, "uuid": "0474cfa0-ba05-403f-ba6f-172fd1032163", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729030, "uuid": "fcca0080-68bc-4794-b109-d87d1e6f0525", "value": "Purchase Order.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e1b5231-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683704560, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704560, "uuid": "841a6cf3-4499-4af1-a59b-a64cd1de3bb3", "comment": "Malware payload (Formbook)", "value": "a2b35a87acc49ac6988e2815fe76bdfd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704560, "uuid": "dade74e8-cd0b-477c-999a-eecb2b7536c6", "comment": "Malware payload (Formbook)", "value": "6644f81d9a47cfbd0bca93561cc3ab11ac3bc4a3b93dc3facac5412496de8380", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704560, "uuid": "d2f3503d-0ff1-47a0-ba78-70fbb6cb4fb4", "comment": "Malware payload (Formbook)", "value": "36b3f0b0d26e30fb7eb5cdbf1714619b9cc7bf51", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704560, "uuid": "f9949efd-b0c6-4268-b42e-3d725637d689", "comment": "Malware payload (Formbook)", "value": "10e020dac9c91e15be9ee0644cc2fd1b7dccf4bb21d3dac97ce3658499c08593ae5ded61cf9ca8e3324abec65cba2489", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704560, "uuid": "8c8a1864-12ee-4c82-a20d-0cd8bb6835de", "value": "T1FD641250E5989CEBDC9701719D37B81A2B17BD1A4274482A332AB625FA730D3642FF1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704560, "uuid": "9f0950f5-3388-4523-a154-913c24ac9b27", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704560, "uuid": "3daad8be-beda-4fea-a6cd-b67d9a3db979", "value": "6144:c5Ya6/93Bjo2bSj+wjtrTps8Y/JxrFy8ZpzcTRgoE2LSa/XFtp9/:oYvhwj5kxxy8ZGTRgzuPTp5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704560, "uuid": "645bb53b-a52b-4b94-b2a6-c2cf2b087ba7", "value": 308443, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704560, "uuid": "e114aa89-2c16-42c9-a6d8-418a5e450099", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704560, "uuid": "58a0e300-ca50-4eba-b40a-7892165586cb", "value": "Yeni sipari\u015f _WJO-001,pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d70f62bf-ef07-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1683705247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705247, "uuid": "115a3bd4-c7ff-4c24-9391-876fc0242943", "comment": "Malware payload (AsyncRAT)", "value": "a5973f8ed09cb514d0c608af6bf008d2", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705247, "uuid": "b0c8352f-1930-4d4e-a46e-936c24362500", "comment": "Malware payload (AsyncRAT)", "value": "68b64cb28a2ed74cdc2cc4cc5adea598af122b4b23a9297213330e18fbda2d8f", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705247, "uuid": "535af9fa-d2f7-49b1-8991-e3668a9b8ddd", "comment": "Malware payload (AsyncRAT)", "value": "ac0db2c4d76732df0a97ab0ebf231785226d2476", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705247, "uuid": "20096b20-c935-4ccd-bdd4-63ea206cf27f", "comment": "Malware payload (AsyncRAT)", "value": "da0d22b2dae7fae12dc99db4fe38ed33f7668c19d06f2690642918139e41f8fd0a86b4d9bddcc63e020b25bf3b9c6cfe", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705247, "uuid": "c363ada7-47e4-49f0-b719-5662faa412f3", "value": "T10A150201FBD544B2E5332A315D35AF50647EBD342E35DA2EA3C879688F32582A235F63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705247, "uuid": "667ae421-f185-43b8-b9b2-0394cc20ed96", "value": "00be6e6c4f9e287672c8301b72bdabf3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705247, "uuid": "35acdc3f-f3ac-4d81-844d-f704e606b79f", "value": "24576:wNA3R5drXfDR+7GKndnrF1nzlm/xZr06HMnr:p5L0SMNB15mD06Cr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705247, "uuid": "a50ce2bc-e0cf-436f-909d-e52dfa407264", "value": 937739, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705247, "uuid": "7f1a058c-3001-4d48-8ebc-7fffdc93a14c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705247, "uuid": "cc99fa5e-027c-496c-97f6-c3165edbdacd", "value": "Odeme.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b276b8ad-ef17-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SystemBC)", "timestamp": 1683712057, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712057, "uuid": "64d27bfa-9139-4304-9d02-5cb785eb5262", "comment": "Malware payload (SystemBC)", "value": "5093a300dc7623ead1d35860a6312011", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712057, "uuid": "6d94cd49-6024-4b81-a3a0-c71dd8802c89", "comment": "Malware payload (SystemBC)", "value": "68ecc5266e9bf0dd996f63b3636582e3374305a71ffe0b5147f8f47e45d989c4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712057, "uuid": "f0d4334e-dab3-4041-a5ae-3e8cb2a23140", "comment": "Malware payload (SystemBC)", "value": "533f646080a7a13a3c98daaa14fd041a3a12a7e2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712057, "uuid": "44574f08-92f8-4b2c-a72d-de4b9f337688", "comment": "Malware payload (SystemBC)", "value": "f9e372e317dada14548d5589abde9c8c7fa698bde5c6ca7ec5272c6c370e6415c869051f1184e2395235fdcbf92a0353", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712057, "uuid": "6d8b1c11-b8de-401c-8fc4-27ea21c9859c", "value": "T1F6448D027AD0687DE652C6328E2BF6E4A61FFD518F1527FB12547B2F18701E2C53AB02", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712057, "uuid": "60fea9ee-7a14-4d35-8282-d188ee1f4e43", "value": "d99583c7328832f72f725b70f2ec4ccf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712057, "uuid": "1372c46e-1b7e-4dde-9384-ad619185ff92", "value": "3072:tHl916WHubwdfrSS4Nk9WDtj4fCe0hFG3r0ENmGEBefoNol6:tF9UvmfrJI7DeOizoNol", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683712057, "uuid": "55bc7ec3-2b93-431b-90ad-182bd1e80033", "value": 267776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683712057, "uuid": "8e1c0cf8-f8e6-44f2-972e-a5fb54a144e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712057, "uuid": "5693bda7-9b0f-48e8-8758-5023a79099c8", "value": "5093a300dc7623ead1d35860a6312011", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc61deaf-ef38-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683726354, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726354, "uuid": "0ffe37ef-5bf0-42f3-9304-821a920f01a7", "comment": "Malware payload (AgentTesla)", "value": "760dbb2a566ff8c2cab0c066929ca164", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726354, "uuid": "6444ee64-6a1e-4272-bf3d-e3eaa9c9c355", "comment": "Malware payload (AgentTesla)", "value": "69852a2daaa5905508bc02a55ff3d9e5fcadc38c438f7a38ba289371ffb73d48", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726354, "uuid": "82bd450a-84c7-4f65-82b8-88ec230deba1", "comment": "Malware payload (AgentTesla)", "value": "118333147c84a0ecee5d028dbceb9dfacc0954fc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726354, "uuid": "cddd7df6-a890-446b-834c-15b960e19a7a", "comment": "Malware payload (AgentTesla)", "value": "3e6bd166bed8f36be6221e692d6d8d442a1c757dd2c43a1ef1ebf0f0ba07ff6c58ec3cd33da6729fb9bc623c69b3ca80", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726354, "uuid": "4b960768-c0e0-4bcf-8025-468a3e0d00f6", "value": "T11BE423A5AE73CF1323CDEA55E38EF1C2CB6E46E2587163F9D0A45B27B0D1089044E927", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726354, "uuid": "b08008d0-4f1a-419e-bd5f-71f3936a3f51", "value": "12288:Hv7DWy0/jdrA9gxpjxdddv0CcMDeb2L9pK1KXswq142NkDT0Ejl:P7s8Qxdbv74sck0Ejl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726354, "uuid": "af474761-e990-4864-8bcc-5b4943ac1d54", "value": 661070, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726354, "uuid": "a4f96b53-5a29-4d9a-9bbd-96ec0687b15d", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726354, "uuid": "4441668e-7d6a-463f-9132-bf86b12490dd", "value": "transfer slip.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "946bebd8-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683731334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731334, "uuid": "ddcb50c1-0854-4a49-bade-2a04aa3f3ae8", "comment": "Malware payload", "value": "d97523912b7aa8ce4c93238af4431753", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731334, "uuid": "b46d6d45-a7a8-42f3-ad33-992d725746c1", "comment": "Malware payload", "value": "6a0eeab4f91e72a52aaa7e1dcddd3e22f14f97104caa750272e468666da2be16", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731334, "uuid": "30371311-c3c1-434a-b4e3-5163838e5615", "comment": "Malware payload", "value": "731fc81912c65047e54abd4f7511ee5ead15cb68", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731334, "uuid": "a675ef18-9245-4564-b7d8-c93b5acf3955", "comment": "Malware payload", "value": "f935eced4747a789dc39dc11692e2bbd98ebe701607e2aa64d4f7c4b12e70b734c870d20c53c2d7c1b30013a2179d869", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731334, "uuid": "894c2142-ff4a-4e95-8568-ff680e39e7cc", "value": "T159D48C72B7164F54D336E97106F3826579F426A20AF794C2C3A2DA347A112EC6C1FED8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731334, "uuid": "bf8fe741-4e02-449e-b05c-28d5269cc24c", "value": "12288:E+dF5pA9SbMajOi83odFeTHiKstoRLB+DGvF8rM/FDSl1bP77xpE6visgomwREzX:XF5pCSYaj3CCKstoRLB+DGvF8rM/FDSc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731334, "uuid": "5d1384e8-22a6-4b35-9a9a-e2ce1157632e", "value": 646776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731334, "uuid": "03acf5ec-fd0d-4f21-8f32-6de5839e724a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731334, "uuid": "5a1a5117-5245-4857-87f8-24c34a0fc3c2", "value": "d97523912b7aa8ce4c93238af4431753", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbf8ed76-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1683705684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705684, "uuid": "9e2cbaa5-08c5-467d-bcd7-7856f575b540", "comment": "Malware payload (CoinMiner)", "value": "14f04f5932bc851acf217a147afb018a", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705684, "uuid": "7bc635c8-72c2-4c41-b7c6-18c19e859399", "comment": "Malware payload (CoinMiner)", "value": "6a3067c98e097d24ddde33ad98df7422d66327127fbdfff649e1263cdb1bf645", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705684, "uuid": "6c895f8f-f8ab-4401-9ace-19922f85f0b8", "comment": "Malware payload (CoinMiner)", "value": "d62ba39f9d2acbdddc5e9fe690c5051a9ab4c483", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705684, "uuid": "604e8322-162b-4197-91e2-ed75a42cc9bb", "comment": "Malware payload (CoinMiner)", "value": "0ee9d68e7e59696ef78e04a03ab4cc6d93d2f13f89ab5596993444fa3c407b1e3a3a05f37b69a077da0c53f646a06461", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705684, "uuid": "3412dab6-78eb-4b2f-98ed-d91cde525cdf", "value": "T1C57622EE6170339CC41FC8348C37FC4AA7B5921B4AE5A69E36CB76C07F9A424D941B46", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705684, "uuid": "c975b92d-0703-4586-9dc3-2ce6f7b8b4d9", "value": "a1990b4be806eba5f3af52b26ba4ad05", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705684, "uuid": "fec1a084-349d-4b7d-88f7-9b5845bb2e07", "value": "196608:q6MiO9h9xz2nHTcM5IUA/dU3B4bWpN1xIR:qcOrjziHTpSdUybINXI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705684, "uuid": "6a951307-0a38-4206-b828-e6fe4116b034", "value": 7433216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705684, "uuid": "b777c45a-37bf-4e45-b17b-413aa8a73919", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705684, "uuid": "f8a9df17-642b-42cb-a42c-fef4191541f1", "value": "14f04f5932bc851acf217a147afb018a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18ce510b-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683704498, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704498, "uuid": "ab6de57a-a0cb-45df-83eb-f0cc5ed46a5f", "comment": "Malware payload (AgentTesla)", "value": "3533540579de820ccd11e9027c2cbdc2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704498, "uuid": "a631b87a-3ba8-4f80-9f47-878a0ef7ea04", "comment": "Malware payload (AgentTesla)", "value": "6a35ca6a8e45f2ca48f66a0fe264526abbf9719b83304aea82e47e8a75ba51dc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704498, "uuid": "8c89d3a7-4565-4fdd-bd8f-899f7124c796", "comment": "Malware payload (AgentTesla)", "value": "e25d656cbbbc327cca7813959a4d5dd87b36d250", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704498, "uuid": "332955e8-b282-47a8-b041-6d37a5b1b062", "comment": "Malware payload (AgentTesla)", "value": "40562437925d287e466d44e0fe47fb5de9b738af82807627d5b6b84ec1d50b123085eb7c46837598914cf7e5281253b2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704498, "uuid": "2588337e-458a-48a4-bd98-d04ad693f99b", "value": "T142132091B696CA41C8450F314CFFAAFA6732BC22DFAA4347324EF72D6E757494A01706", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704498, "uuid": "be16ca63-43e1-45d9-a94a-355615c16573", "value": "768:XPjk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJYBwXb0hJshGIu6pT+rvQ:fjk3hbdlylKsgqopeJBWhZFGkE+cL2NJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704498, "uuid": "d3341dfd-0380-4e2a-8fb1-271e9cf7d4e7", "value": 41984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704498, "uuid": "6c1f749e-112c-480f-9bbd-3760a1a54538", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704498, "uuid": "9741c90d-a75b-43eb-afba-94c6cc3f191a", "value": "HSBC USD Confirmation.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fb14468-eef9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683698926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698926, "uuid": "eadc0369-883c-4460-b4b0-81c2fdfec454", "comment": "Malware payload (Formbook)", "value": "7442ea2f1e130694ac2cb10de30dcd39", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698926, "uuid": "ca7d17fe-1c6e-404f-a1c5-50674a39758f", "comment": "Malware payload (Formbook)", "value": "6a57e513b61e8a308a00109c55555b710dcaa64629a25982ddcf3c4433fed248", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698926, "uuid": "4fb390be-f98f-484d-977b-81210b004f9b", "comment": "Malware payload (Formbook)", "value": "a278a37b5c2b47d6efd3556fe1b475389ad6ae56", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698926, "uuid": "58c7274a-b0af-4bee-9b6e-cd259b404024", "comment": "Malware payload (Formbook)", "value": "6c0ab175325a60accd373a166223afde23e3a08e16f15ab138efe4ce53409b779a40cc1c7f39f67eae8bf3df366b351f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698926, "uuid": "ead3ac61-6959-4830-aeba-27a9cfb92072", "value": "T1F95319001A9B8852F5F927F9E83F14D452B9CD2ACECFF63A8E827455CD342D90452E9A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698926, "uuid": "99724122-e601-4af6-bcbc-891a57460580", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698926, "uuid": "eae3627a-3121-4475-b6e7-eab6d598ba1f", "value": "768:7aiWx7TtLZU3KwvSE4ad3BI0sXtFZ6R9Kn/wtBn3TTMcpetYDkDsr:kOpKEh3BpYtDCnjF/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698926, "uuid": "e99cfd59-54d0-4692-857d-594a5d360642", "value": 61440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698926, "uuid": "65c0a9cd-2821-4e3a-ba19-c2ff0049a253", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698926, "uuid": "3ad4112a-a861-4850-bf76-e434130d43a0", "value": "po# 7648 and po# 7649.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ec64700-ef38-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683726036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726036, "uuid": "a2636f01-dcd6-4b9d-9ed7-69bacb852c03", "comment": "Malware payload (RedLineStealer)", "value": "48549f98d89b612882cf09a44acb535d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726036, "uuid": "2b72c442-ee1c-4749-9957-b920bd9ada0d", "comment": "Malware payload (RedLineStealer)", "value": "6ae042ec49cdd255c380de82aa7f45e5efa60f12b2439c81ac36315fd540dfe9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726036, "uuid": "d3fa68c2-fbc1-4448-b3da-e78b2433e97a", "comment": "Malware payload (RedLineStealer)", "value": "74bd76583113a75e0646c774e6e06417bfe05d3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726036, "uuid": "a4839f76-1f76-44e9-90c3-dd1877b60e87", "comment": "Malware payload (RedLineStealer)", "value": "22807e5163119f1cf0ddd97b7bbf326c74143069fa648b606479217e42d3aace1e23c9e9d9a7ee58931972557f2101f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726036, "uuid": "6cb36170-a2fc-4555-ad8e-a04f1300911a", "value": "T140A40227AAE89173ECF1273058FB13D3193A7CE1697D436B2785AC9E1D72280A531367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726036, "uuid": "aeb6d161-e104-4d20-aebf-b1b5f66e8e67", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726036, "uuid": "5b4dfdd1-da32-419b-9d25-95edc805f8ff", "value": "12288:nMr2y90K4IkvYeg197GxGsrzEelTmnvPFl:1yfUg1t6EcyXFl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726036, "uuid": "5d4ba065-7697-4db3-aa3a-25fa1fa7f61e", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726036, "uuid": "5121d766-6b06-417b-ba91-d28ea3e22ff2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726036, "uuid": "30562940-86db-4913-87cd-d41f34fc05ac", "value": "6ae042ec49cdd255c380de82aa7f45e5efa60f12b2439.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20bcc011-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683704511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704511, "uuid": "43b5499f-c23e-4446-b750-55feb1d0f2c4", "comment": "Malware payload (Loki)", "value": "1d131eb3b634573c508f48e8ad314eb1", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704511, "uuid": "46964aa3-d33e-4b73-911b-82a8c5600665", "comment": "Malware payload (Loki)", "value": "6bcfe91f15f909f3142d298ceca26edf5188f38b5ef2ea5f453b7e34c2fc7b76", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704511, "uuid": "dc543ff5-f3ec-4c0f-aa3c-56f29406a4ec", "comment": "Malware payload (Loki)", "value": "58c3d544474ae3fe93f6063d5eecbf981c7d2ae8", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704511, "uuid": "98f8ef26-28a6-4865-b91f-52d9646598f3", "comment": "Malware payload (Loki)", "value": "a87e1c081824021eee7fbcaa1da3e295670ca231783e4fc8cf704d725e5828ab2843b3162cee7b07aae4d967c74477ca", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704511, "uuid": "c05ca79b-ddab-4148-9590-1dab2fb2adae", "value": "T199350106A588CE8AE58143F67B62B85E430DBF7232C561C33A5C774BAB31E7B464B40D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704511, "uuid": "0ae34c8f-2b64-4028-8791-c9ee3e5b8d2c", "value": "24576:5LKNWQmmav30xXWJWQmmav30xc/t+MXUt+MXUlNDZRvNcHN:5LKsQmmQ30lQmmQ30U+MXK+MXCBHNGN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704511, "uuid": "bdf0528c-7b2e-4367-9e29-8774a34fd05e", "value": 1083392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704511, "uuid": "0e05d313-6024-4104-9f88-0d585d421eef", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704511, "uuid": "cb08974c-960b-48f5-84e7-dd1a5256c40c", "value": "Arrival Notice.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3f4c87c-eecd-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1683680331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683680331, "uuid": "f2ae86ea-d349-429e-ad05-2773129530de", "comment": "Malware payload (RaccoonStealer)", "value": "3cf691e324f43331362614c851d5f3fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683680331, "uuid": "46229d0c-e9b9-4be1-81a7-31208de92bc7", "comment": "Malware payload (RaccoonStealer)", "value": "6bfb2a956e4f0c9b6697d8198cd8db8538a2f31778d5f7f9a527b224e58aad66", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683680331, "uuid": "62cfd532-316a-4658-9d0e-d4114c3ba706", "comment": "Malware payload (RaccoonStealer)", "value": "3fb29c9d1443aa212301130b20ae02424ff5d5f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683680331, "uuid": "8e94bc7e-a67a-40c3-9244-436aa1db2111", "comment": "Malware payload (RaccoonStealer)", "value": "ff08334422a91219274da9c79ec3c6ee9cd5c7f3b1a9b3a371f7a53424c238699b7de84302fb54db001addd0d220d3d9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683680331, "uuid": "7e37f230-0bd6-4396-9d3f-493dfaab9d30", "value": "T104B63323B2386185D9D5883166337C51B1B71F3DDB81E83935873ACA22F22B1EB26D57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683680331, "uuid": "e210a5c1-66e9-47f2-a80f-accd0521e4d1", "value": "1b3911321150a9662fa1b0f22689c572", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683680331, "uuid": "591935ab-4bb3-42fe-af37-a2c856702ac4", "value": "196608:VGNuj0F+8jeFT2P1WxWJk3KoyKbXUFBoEH7ee3HtBo/qDtSRgNTg2RhdiJ:V+pJE2P1efa8KaKd3HtK/itFNPEJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683680331, "uuid": "444f1d5a-83e4-444a-a004-70e81f588154", "value": 11433472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683680331, "uuid": "64105e23-b215-4c79-b950-ed8dd7b6dbca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683680331, "uuid": "1c46a7f1-2c36-4d34-b935-5d50bcc8081b", "value": "Setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43182db3-ef30-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683722608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722608, "uuid": "558f275d-2ebe-4523-9f0a-9423c61abc0d", "comment": "Malware payload (AgentTesla)", "value": "fff782549c0f228212f00700e491f492", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722608, "uuid": "16a5575a-bbae-4d87-8b76-9658fd50fa51", "comment": "Malware payload (AgentTesla)", "value": "6c5deef73d02f6a72b9e5db340f3a5e3743d6a63fe0827815378bf2b13624d39", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722608, "uuid": "1cbb93b9-ca8b-43fd-8dfb-4b3baddf04a1", "comment": "Malware payload (AgentTesla)", "value": "949c3f8217c8870a01d1d9eb128b18d9c57ed89e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722608, "uuid": "f6902882-e508-47c1-90bf-827c9fcb83d4", "comment": "Malware payload (AgentTesla)", "value": "353a8005c809b7dea3bbce0bbbb032afb0598b69cbdd618246e1190a5c10fd4cb2070022aa640ee7e0d9b13488796c2a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722608, "uuid": "e45111ea-22ea-43ef-85a8-b0897a2f6922", "value": "T172A4493D99EE49E7C224F1B6CEBA8861F5A3C56372519C3969E702544702EC336C42BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722608, "uuid": "07bed4fa-157f-4cf1-b61f-8a3eaef388a3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722608, "uuid": "f6646690-7867-4d63-bb41-353ff680ccdd", "value": "6144:MLzDJrJcGWJHAhrQPliyLuypxKmKRIeM2vAvW5En0c6qFepN:AvpCiSdbtTO2+vpez6Ce/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683722608, "uuid": "8c008b4b-46a5-4a70-a8dd-ccb9b69a6ec4", "value": 465408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683722608, "uuid": "7c660712-426d-4676-8d26-1dd0b9d4403e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722608, "uuid": "ebecc90a-164e-4f7a-99a0-02e6669c7514", "value": "6c5deef73d02f6a72b9e5db340f3a5e3743d6a63fe0827815378bf2b13624d39", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e94efe5-ef03-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683703219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703219, "uuid": "849c294e-3593-44c8-9c67-1271ffb53087", "comment": "Malware payload (Amadey)", "value": "07a9c13511595beed587978b92086cce", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703219, "uuid": "430af73a-2f3c-4c30-969d-50aa04dfde41", "comment": "Malware payload (Amadey)", "value": "6d6526c2ddc9c626cff41059ebc2f3eed58b3cf8416adc556e2a7eef69bdb651", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703219, "uuid": "5217ac98-779b-41ec-ab93-cc8dd26ef05e", "comment": "Malware payload (Amadey)", "value": "cb4f09d08e28a4b8df87b8e0efd1c64ae5757756", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703219, "uuid": "7af23611-a0db-4ba3-aa47-caf4df3bde93", "comment": "Malware payload (Amadey)", "value": "4a92aa2bcd0ade1480bf3b56bff40effa9cd5081dd1db8e703e7159f2eee6c16e8da6f8b13532bff8a73268f964e63f6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683703219, "uuid": "6dc99765-f5fd-4a1f-9730-ed499825218b", "value": "T155B41217EED88076D8B12B7018F902930F357DA27E38936B37856D4A4CB25C4A835B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683703219, "uuid": "1fe8faaa-5a9a-408e-a51a-616466c5d3a2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683703219, "uuid": "a6bde19e-0dc2-44ee-bc4e-8d1842265c5e", "value": "12288:HMrqy901IXwGhHPDGXnv8rZaZu+I1Dl5XLpuo+4yVZ39:hyZA2PDjIZu+6B57y4ed9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683703219, "uuid": "a57a238e-94f1-45e9-beea-584eb42b7824", "value": 502272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683703219, "uuid": "5aa38585-b3fa-45e4-a8ee-3413268a0c7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683703219, "uuid": "422d8a87-b751-4513-b69b-274a0e14c4e0", "value": "07a9c13511595beed587978b92086cce.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ff83573-ef29-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1683719730, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719730, "uuid": "34f7996f-ad47-4a1e-a52c-73606dd3f35b", "comment": "Malware payload (NanoCore)", "value": "20d9ace6b4fff715f204ea2cf008e0ee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719730, "uuid": "eb06a7ab-12cf-43fd-ae75-a1a16f81ee7d", "comment": "Malware payload (NanoCore)", "value": "6dd21975f4cab86ed7af322c38e9825971e13cc0b826e278f56d2e411ad4f6f8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719730, "uuid": "d7f8108b-1e44-4ee7-9872-dd1fd4fb1d50", "comment": "Malware payload (NanoCore)", "value": "988354b0667c23f749f9ade68b624d0525e95d10", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719730, "uuid": "7bc804fa-0b3c-40aa-895e-5be8eefe4260", "comment": "Malware payload (NanoCore)", "value": "1abdeeefe7a89977d27ccf80fe09c3bb77b758a2d812b81ad1f7160a734a1181e9905e7ac6d283e00a0d6ff47031377e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719730, "uuid": "dad39c11-3f2a-48fe-9dc1-72142de3262f", "value": "T1E647334436E489BBE1BEA239891A501D17B2F8136740D7CF86E462E51D333F29E37A17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719730, "uuid": "f410b6c8-daca-4bab-b40e-7d8efb4216c8", "value": "9222d372923baed7aa9dfa28449a94ea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719730, "uuid": "5e58493b-cbab-4aba-b823-d3abef31c045", "value": "393216:+7sxAlnJLFg3GT6+K7btWp3EqO97hu/m3pDnL8nbVB3Q7MP2sjwCfgM2p:+7xlVFFW+K7cG3GK03A7i2sjvgM2p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683719730, "uuid": "b900effa-e105-48d1-ba6f-174a1375461c", "value": 25546752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683719730, "uuid": "a52183de-b042-4344-a0eb-9e03905b1fa0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719730, "uuid": "67a763fb-1caf-4dae-85b3-99b61df0abc0", "value": "20d9ace6b4fff715f204ea2cf008e0ee.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bef8be5e-ef26-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683718521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718521, "uuid": "ec68a6ed-81a3-45bb-89a6-532e4ea18244", "comment": "Malware payload (RedLineStealer)", "value": "7ba11f8b021ef9856288852b4f71a5fe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718521, "uuid": "6e8a52b2-ea57-4e0b-9301-180d7963a2d5", "comment": "Malware payload (RedLineStealer)", "value": "6decc03ddfab1b1856ea69c8367a7c3d667b7a83d7f0f19d9c8131dcc7064ef3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718521, "uuid": "21ac9d46-4d6c-42f9-a289-aae69ad5d5f2", "comment": "Malware payload (RedLineStealer)", "value": "a409ca35fe96b36b21b1b39bb546ad091615e673", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718521, "uuid": "ada24dc1-7910-4196-beeb-64ca853abf05", "comment": "Malware payload (RedLineStealer)", "value": "8773d5d0f66aebefed58dd22ea1011f1f39481f82c392a9593f5a00491b6ec226842a287d6e4af97b10172d3a6bb4228", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718521, "uuid": "257f6b59-1829-41e0-be53-80effd8ddbaf", "value": "T1E2A41202FAEC9073CAB117705DFA27830E3ABCA1A934836B2795555B1CB25D0A93537B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718521, "uuid": "a9e1e10c-2a5e-4f4e-8e94-13574fdc4095", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718521, "uuid": "a414270d-ae12-4384-8eec-b1b203d874ff", "value": "6144:K1y+bnr+hp0yN90QEi2liyjSiubk2z6flrJoXjwqGSaPIsOs/z5GhBJBXvCQS3B:zMrVy90UBnLI269mwBYYzE7JBqlx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683718521, "uuid": "7797cdf7-dc16-4729-a88f-d8540345c6f3", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683718521, "uuid": "fcfca02d-d1a5-4f64-ad1b-91edf958f069", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718521, "uuid": "e1661b55-68b6-4d6d-95f3-680308646415", "value": "7ba11f8b021ef9856288852b4f71a5fe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b70b3ce-ef38-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683726031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726031, "uuid": "9fdf7caa-8551-4f93-8d1a-9094b0e50e7f", "comment": "Malware payload (RedLineStealer)", "value": "a74bb8870fd9828e665b410536caa8ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726031, "uuid": "2eee2d60-a107-45cf-8464-55d481161751", "comment": "Malware payload (RedLineStealer)", "value": "6e1cdd8484e397ff5725e1777bd1ccf38ad317d593fc088e8618d4c53b1b4b00", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726031, "uuid": "30e97103-d4ae-4fb2-9f88-443a196af5e2", "comment": "Malware payload (RedLineStealer)", "value": "4357a9fc43d28da194619b66532856826a49e217", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726031, "uuid": "91495cd1-60d8-4233-ab00-e8a76a288f50", "comment": "Malware payload (RedLineStealer)", "value": "64c872f4eac7170490076d333537a8c147bde47ddc4ebcd39360d12b3918848cb32b9478e48b4cdad23f7882524e16c3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726031, "uuid": "b1065d4b-428c-4346-a642-3f7d022631f1", "value": "T14BA41247FBE88022E9792B7048F303571B35BCA19E74C2AA77856A5F1D336C4A53132B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726031, "uuid": "96636b51-6a50-46cf-bdc4-fa40bf5ce93f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726031, "uuid": "456518c1-225f-4afa-be1f-623daf862d4f", "value": "12288:oMr1y90QbbERnJW+hxb7M7tt95nbbKRwJ:dyFsRJRAtXtaqJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726031, "uuid": "b044def5-77b2-48b8-8be7-1cf734dd7367", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726031, "uuid": "d0f49930-25f0-43d1-abd0-d35408ca86a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726031, "uuid": "5a6f4b9f-859b-4f9d-b1c9-fe045a6080a0", "value": "6e1cdd8484e397ff5725e1777bd1ccf38ad317d593fc0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13f673d8-ef3e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683728542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728542, "uuid": "3cfae97b-d5c4-409b-8c77-2ea97ad96202", "comment": "Malware payload (Mirai)", "value": "c2bf53f51d5a5d8c4690be35c7608f6c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728542, "uuid": "9850175e-8aaf-42e5-b7d7-8336d04fdf7a", "comment": "Malware payload (Mirai)", "value": "6ed1039fa28531196ce6ea004656f1189a3234e43b95cd469c99f1158c897890", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728542, "uuid": "553b58c5-e578-40d5-8b8b-3269110aebaa", "comment": "Malware payload (Mirai)", "value": "ca0c45d4b5e1cb2e596acae3a42b32831d50e43f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728542, "uuid": "9030542d-4322-4ab6-8986-1e272cd692ef", "comment": "Malware payload (Mirai)", "value": "03198e6254679189555b2751cbbb55e0c2ea007590d30f576488d20a03552cfa43791921a0a7b66ff0671537e7c612f2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728542, "uuid": "bdea7ca1-4db5-4523-a241-2ce41419ce4a", "value": "T1A4E38536B7619E77D81ECE7305A985121C8CD98702D92B6BB2B4E51CEB6BC4F08D3D48", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728542, "uuid": "99cc4282-e50d-4675-9742-4c3d5b7f4857", "value": "3072:dgZc9h1jlnLA2PiXYeyCcPVNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZPVWDo9mrThPaLEnvP5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683728542, "uuid": "9ccacf4d-a11e-4c0f-acf1-8dcf25cb4027", "value": 155476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683728542, "uuid": "0e2143f5-20c2-4508-9f84-34468c9cd0c9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728542, "uuid": "22993e8a-1f21-4b90-b976-5a9028c90695", "value": "c2bf53f51d5a5d8c4690be35c7608f6c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc91d65c-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (WannaCry)", "timestamp": 1683688452, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688452, "uuid": "1395ac27-3d51-4079-8c1f-b9492525a574", "comment": "Malware payload (WannaCry)", "value": "9509b80f34cb66627a805d50d7432269", "object_relation": "md5", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688452, "uuid": "658d098b-fef6-4dee-ac0c-2684f1fa2ff8", "comment": "Malware payload (WannaCry)", "value": "6ee7a47447362cb4c03b7e48aa285501b1ac50c4f75038836f6dd87b232cdc38", "object_relation": "sha256", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688452, "uuid": "3484375c-c4d2-47dc-8b72-430de65b9513", "comment": "Malware payload (WannaCry)", "value": "92f5c34c820bce6fffa19f6cf0fc7111760d8390", "object_relation": "sha1", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688452, "uuid": "9d542eb4-ac22-41b9-944b-9da394244296", "comment": "Malware payload (WannaCry)", "value": "3cdd051d9190494331a041ced8384af039f6427b21c1a4b069032ab119a035cbd287de0497c8156aedeedadc2763ef32", "object_relation": "sha3-384", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688452, "uuid": "251b7276-093b-452a-8ea3-5120ea1726f5", "value": "T1D50633A4B23CE6BCF1051DB04463892AA7B73C6567BE5E1F879045670D03B6FBBD0A42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688452, "uuid": "d2bf3ad4-a76b-4d7c-91c0-9b6e3b37e161", "value": "9ecee117164e0b870a53dd187cdd7174", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688452, "uuid": "e87ef079-778e-4146-9784-44d99b38662e", "value": "98304:Z8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAV:Z8qPe1Cxcxk3ZAEUadzR8yc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688452, "uuid": "d8431009-dc42-47d2-9003-fb4e4b5651e3", "value": 3723264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688452, "uuid": "07ea8d73-8759-4bae-9654-62d79f13d710", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688452, "uuid": "553a31e5-a4f3-4386-8af4-6030de658d06", "value": "2023-05-09_9509b80f34cb66627a805d50d7432269_wannacry", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb87ff01-eec9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683678679, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678679, "uuid": "fb6dbca1-00f4-4f2d-9c48-7669e9bd819b", "comment": "Malware payload (RedLineStealer)", "value": "53aa6cba3154a5d60e87c6e64fe9dbdf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678679, "uuid": "2d839679-c07c-4375-a923-a3d2f4aa96c0", "comment": "Malware payload (RedLineStealer)", "value": "6f4414977fde0931838785b13d21964f972a8f24b0331ac22b43040d7693da27", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678679, "uuid": "2241490d-a09c-47f0-9676-81eebb31dd8d", "comment": "Malware payload (RedLineStealer)", "value": "b3eccd0e19e8ac410201b1c875647ac1ea4c7228", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678679, "uuid": "e9d60bca-b9a6-4a6c-bbc8-2ee3206b295f", "comment": "Malware payload (RedLineStealer)", "value": "0f7ffda8d8d28ea418df67a8ac143ea9475b97877e12af86a14ffc59c3545244cec679330e283866701192ed69a07e9c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678679, "uuid": "bfd392b9-eb7e-41bb-9caa-93afe9b76947", "value": "T104B40212E7E81433EDB62F7168F703830735BD629978925E2794986F0CB22C895753BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678679, "uuid": "1f404b5b-e75e-41b2-83c2-d692b3395796", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678679, "uuid": "4ad05320-a580-41e3-9493-da3765a0ee08", "value": "12288:VMrMy909goS9gMj5c1u31OTh0Qrp9za7jToNJKkISmaE:hy86GYXYTlufENgfSmaE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678679, "uuid": "8b89ecdd-1a98-41a6-befe-c48a8a9395cb", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678679, "uuid": "16e2fbb0-72f5-4d7b-bb86-0e2e7478e222", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678679, "uuid": "1bcded10-5f91-4d7a-af7b-27817509c15f", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b82395c-ef3b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683727239, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727239, "uuid": "a1ccf40a-fd0d-4bec-b199-9118821b349a", "comment": "Malware payload (Loki)", "value": "e7eca1999e37695727ae022c0bc65d18", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727239, "uuid": "7aa2bfdf-5a83-4236-9f6b-e10cfe0e69cc", "comment": "Malware payload (Loki)", "value": "6f659ce1e027a53c0e98f386f6da6ad4d66b09ac1a34ca5440a8b25ad5bc53af", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727239, "uuid": "1586cee4-56ca-46a3-8039-28f6bcc1c21e", "comment": "Malware payload (Loki)", "value": "49acd2d82f9c7394c24574199f353db0c449fa3e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727239, "uuid": "23905cf0-de2f-4bae-9b71-deaab9eb2cea", "comment": "Malware payload (Loki)", "value": "76a974674a1872c0936fdc45c84f72fb39a9e7417b79f839dc5f42615315cb5561b689b924623a5d32af16b1a796a856", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727239, "uuid": "b0fe7a12-1a78-444f-9c06-f0fc73f86b10", "value": "T18BE3F10436A4D0B3D8F25A321FB6467A6FF5FE0A69344A4B07546B8C3C63282DD1D7B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727239, "uuid": "71dc3ce4-4056-47c7-93cb-137d7ff35b98", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727239, "uuid": "d29d419b-d3f2-41f0-a0df-ad175607d9d8", "value": "3072:HfY/TU9fE9PEtutbm2Eau5FlsYXA+VkjkCM7UuQS1hRPWTxK:/Ya6D9i3nekCMIQnRuTxK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683727239, "uuid": "d052139f-5cab-49af-854b-0ed37a91e425", "value": 149891, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683727239, "uuid": "1371c5e9-cd65-48ae-9dd4-15e9205967ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727239, "uuid": "8e797078-63f3-4971-87c3-a7a1c9ad4290", "value": "RV1-INV-2023090.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d349b918-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1683705670, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705670, "uuid": "32caf12f-9e74-44e5-b740-e590354fe711", "comment": "Malware payload (Smoke Loader)", "value": "e80b4c93cf17a3d15fc66b9723ad3059", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705670, "uuid": "05a5f056-0292-40eb-83cc-9cbdd85e0cb2", "comment": "Malware payload (Smoke Loader)", "value": "6fae76c5a5b11cf96e9f4577b8e3355807696e9462226f4826da83c0107be114", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705670, "uuid": "0793b6eb-9c01-4941-9354-d9c950683e7e", "comment": "Malware payload (Smoke Loader)", "value": "59c898526fd17b70637cf56f63d183bb190a07c0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705670, "uuid": "f4dcdd0b-9332-4454-99a9-96e36bc63c33", "comment": "Malware payload (Smoke Loader)", "value": "ef3e594c2fc984b34d62146342e12ef21359762def9faf1fd624339973aa281f3b46c7ca446b453724efd5d5845232be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705670, "uuid": "47626435-f019-48c4-8b0e-820a9054b818", "value": "T115641A9386E13D44E9264B729F2FE6E87A1EF2518F493B752618DE1F14B00B2C173B19", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705670, "uuid": "23b9cfbd-d654-4ad7-b0bc-6d7b8eba559f", "value": "e48ce786839b8555216670df4b01894b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705670, "uuid": "2f324110-b5ed-49b0-92d2-c76cd484c40b", "value": "6144:JtWyLUAeG5CFkqddT3D7jwCuFPhkNIeCRvGG4:JZIAeG5OhdTbuDuITvG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705670, "uuid": "daf8c724-b194-4036-a267-a83949dfa425", "value": 328192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705670, "uuid": "70fa0482-9be1-4056-8edc-a6d8cc40e0e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705670, "uuid": "3bea0912-6363-4e3a-9044-886375801a60", "value": "e80b4c93cf17a3d15fc66b9723ad3059.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2498274-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683705695, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705695, "uuid": "1f0a6777-ad84-4692-9184-51a0c6105a9e", "comment": "Malware payload (RedLineStealer)", "value": "324108c43e12535e66b6d0612e05afec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705695, "uuid": "d7c58f40-ddd9-468a-aca1-63c84308646d", "comment": "Malware payload (RedLineStealer)", "value": "7026eacc9c822fe689ae74f267509c2cf2f0410814b16666e57ef3f274e570cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705695, "uuid": "9d68c9cc-cbaf-4de0-a140-f55810b0096f", "comment": "Malware payload (RedLineStealer)", "value": "028235bc28177745b00d6a6ba0fb9559bde8d70a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705695, "uuid": "7b27bbf9-46b3-4abe-b396-2d0950924134", "comment": "Malware payload (RedLineStealer)", "value": "449b31714a59929e9bdff253c5fe0bbb29ca4bafc223e3a0af5207db55f3188064d3a6442b2af716122b4d4a178e2ddb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705695, "uuid": "7d18535d-0229-49ee-a95d-e2680850fe5d", "value": "T182A41203A7D48133D8B52B7045FA07C31A347CA1AA78866B37956D5B8CB31D0B8B677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705695, "uuid": "0c48550a-1eb8-49e1-9713-0251fd6542fb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705695, "uuid": "d7b3eb93-0b5a-4d26-ad0a-8bac5ececc4e", "value": "12288:sMrKy90RUQZuThJqe76+WvIQAjghoDMS:eyOZZub6+iHhoDX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705695, "uuid": "8cf1174f-2980-4aa9-9dfb-ac8807c3a166", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705695, "uuid": "d9e1bf0f-ac60-44f4-aac4-cd535ef2b516", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705695, "uuid": "6d5557c9-5268-4b88-a1dc-09e98042bae5", "value": "324108c43e12535e66b6d0612e05afec.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0441359-ef02-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683703141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703141, "uuid": "abc8213e-a2a4-4079-b31c-d99380a2a31c", "comment": "Malware payload (SnakeKeylogger)", "value": "22a6fafd31505d2cc61518859a8aa2fa", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703141, "uuid": "058dbedd-670c-424f-b207-0c67243a73e1", "comment": "Malware payload (SnakeKeylogger)", "value": "70c336dd30227d3f33a38646f5e5944183586c3d69473b393d9ba31c1308f107", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703141, "uuid": "1bd5e1bc-06e6-4ca6-958a-c79fbfc91a22", "comment": "Malware payload (SnakeKeylogger)", "value": "b040d20e4df16ccbdeeb1536ab18a69f6e8ed2e7", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703141, "uuid": "cd457eb1-78b1-4294-9047-9405da48f06e", "comment": "Malware payload (SnakeKeylogger)", "value": "3e8993e7da7f81f41284e62bfda1dc523456439ca62dcb10b21e8141c5a1e0e92dc62598c0158c9c9e9254ce223814aa", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683703141, "uuid": "9d98543d-20b0-4678-9544-f130b6f57377", "value": "T19AD3127228502CAE2473AC54E44E752B2C01DE0BE0997C04C97B6A119BDBB4F59F53EF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683703141, "uuid": "2da504de-c8e6-44b4-ba58-0bb5b186ecba", "value": "3072:pBfvI+M21Ll/9mgDtauZvQM294EF5l5HGyt214Fo0TEma6r/jsxowrz:pBfvgOF9haiQMNE55rM0Tha6LgLz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683703141, "uuid": "63de72a5-f54f-4f69-9156-af2ddac858e0", "value": 135934, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683703141, "uuid": "d448ffca-5af9-42dd-9550-a6a3bfa431ec", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683703141, "uuid": "0fa83f93-c204-4c85-abe1-b5e0e3689a0d", "value": "VBGV76.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c3de858-ef40-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683729522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729522, "uuid": "160f0dfb-364c-42ab-a0e4-1b3894afeef9", "comment": "Malware payload (AgentTesla)", "value": "9021b507e42013bb55f7ac19082a2660", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729522, "uuid": "b9b21eee-0431-4951-b5ce-29cee7d679a4", "comment": "Malware payload (AgentTesla)", "value": "7147b34656d097840bc028b7db83d8f6a3e8e03b34cf4b7d17caf7cf27ccc91b", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729522, "uuid": "bd1d299f-1bb7-4076-ac69-d5813f3858a3", "comment": "Malware payload (AgentTesla)", "value": "c02559f142e0c7c0b7aa8b9f1ccabd334d842d45", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729522, "uuid": "c5cb8ff4-6fe7-4e54-9175-c65f7fb6d1bf", "comment": "Malware payload (AgentTesla)", "value": "07b8fa6b202a61cf6f793a389a55057fd9ba7cea6cd15194aabcecfa36f645de6e365e727f755e4a6d164d57659b1591", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729522, "uuid": "77d65ce0-e9db-45df-9c5b-ebbf10c26285", "value": "T10CD4238ED69A52DD03BC42B703AB3600A87B62590440B53ADD89C6E53479BF745ACFFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729522, "uuid": "8df981e5-3ce0-4d14-9f1e-312e448e2ac4", "value": "12288:Xb0twsc/VhH5invWFQhSUEmsnEJQPc2nApjhHAaKI8mxXLG:XYtHcdhZieFQA9mjKkGEKPSLG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729522, "uuid": "4d5243a2-aefa-4d62-a685-179e82ebeb87", "value": 651900, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729522, "uuid": "fde1f4f2-1976-4035-99c1-a1db08d0ae68", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729522, "uuid": "bc135561-0e68-4d2f-9955-16ffdd35f8b6", "value": "NEW ORDER.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "705e21df-ef6f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683749742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683749742, "uuid": "64339f16-5613-4ada-9aaa-da057957d992", "comment": "Malware payload (RedLineStealer)", "value": "b80e38aa92dee63cb34352889a1c1186", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683749742, "uuid": "4a5abfc7-6a93-482a-83fa-cae3df08d92f", "comment": "Malware payload (RedLineStealer)", "value": "72038bf643a6ee49d3eaeade91a2a87c88e86084f5593dd9929e49e3fd9d8732", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683749742, "uuid": "543b0b5a-024b-4a2e-bc4c-8cee9a5b5d79", "comment": "Malware payload (RedLineStealer)", "value": "a24c9087ef27bb3cc8b0bb9ea9eb2a19c0a090ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683749742, "uuid": "d4f7682b-98e0-41bf-b530-8cca183d3431", "comment": "Malware payload (RedLineStealer)", "value": "17e72625b55bd6cf8609a67953180b7e3286f1cbf184f767e9d4beb43f6e689337b0efe0be20bbbab14a595dec7b9b4d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683749742, "uuid": "5fc805b5-90f8-4172-b385-b3afe415b6ce", "value": "T1EC947D13E2E37C61E626D6369E1FC6FC671EF950CE1837AE1218AE2F0970161C562736", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683749742, "uuid": "cb9d5da1-e838-4cd5-9e0b-f86b48df1495", "value": "5e886f6816f9ed7fecde723808a23e1c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683749742, "uuid": "75d0e79f-0c1e-41f4-802c-01b432baa649", "value": "6144:8j4zMr1QsmlX1x+Om6+/dq27s7NOClpeFr92OnVy:8EMr1XE1xK6+/d3Clw9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683749742, "uuid": "f8dd30ed-7d99-4d9c-9b1e-3d2de4328384", "value": 427008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683749742, "uuid": "0bcdac1d-2d9b-4b6a-aee4-5be509e9e460", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683749742, "uuid": "9cfa630f-cba0-41d7-80d9-360de0ad4cc0", "value": "b80e38aa92dee63cb34352889a1c1186.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5465993f-ef2d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683721348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721348, "uuid": "2d138e5f-bbf6-4c7f-b410-cbe9a8077886", "comment": "Malware payload (AgentTesla)", "value": "f1ed5e8e87ce482a8beabadad38ed488", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721348, "uuid": "542d32be-0d5b-4b31-b198-689a3bab2121", "comment": "Malware payload (AgentTesla)", "value": "72608223bb6b1ef8d577f7302a5c63ada4976971ba0400fb0d01b296a0b2fba6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721348, "uuid": "5ec06edf-6075-4671-851e-3b0e4db053e7", "comment": "Malware payload (AgentTesla)", "value": "d28874a1fda3293a66ca164958c73c42433dbb41", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721348, "uuid": "8edb7edc-2ff7-4033-9663-16597aba19f4", "comment": "Malware payload (AgentTesla)", "value": "269e4ac5696e2711dd269c346c4358266e101885caa8c7a4f5f3934683f74f4f6246fd174ad784e6c672c819c2e6ff5f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721348, "uuid": "ecb87845-32a0-4506-8b00-9513ccd91d44", "value": "T1ED55E13A4FC6BEE9E3644DBCDC8721840E98A4775318D59C7DC8E14611AFB54EA28CF8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721348, "uuid": "0954e33c-523f-4558-b283-79d5214b00fa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721348, "uuid": "40acd1a8-3eb9-450a-9688-5b057dbb80ae", "value": "24576:WQBy9v4UIPc/gt2hv1+gjG0Fk2gQSxhYm/PzbTbTo2SDQMXyVpBIj0IS3:Zy9w2sXfXzbYyVXoc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721348, "uuid": "99a5487b-a23b-45bb-a43d-effecc056185", "value": 1368064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721348, "uuid": "863bdef8-9e1e-4b07-a3b4-d5f915150453", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721348, "uuid": "d44fcb7c-3199-4135-8f69-1b4de1255a4e", "value": "Purchase Order 236pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7176192f-ef27-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683718820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718820, "uuid": "b0f5fd92-daf1-4703-b295-985ffe1d201e", "comment": "Malware payload (Amadey)", "value": "1a382c2bc5cd3e979eeb37bc44b27617", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718820, "uuid": "dd503f69-d49b-47bc-932e-82bb6490e253", "comment": "Malware payload (Amadey)", "value": "734abdfe0a600da4b9b4861e509a15e0adbdf996bebbe95808948d306bdf2fed", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718820, "uuid": "09f250b8-4d6e-4ad0-9634-d07c734df200", "comment": "Malware payload (Amadey)", "value": "a32311c96ca94c6678f7491a1d4644822a71faff", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718820, "uuid": "e1474252-48ef-487d-b9eb-3ce5b48334e4", "comment": "Malware payload (Amadey)", "value": "6646650f0fbabf307931c67a4d4643dfb8f3a8bd9eb30693d667998f14e740ae2a16295c88e97a9fbe3263a13c49b874", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718820, "uuid": "fa1bfc45-2f63-4d36-ac3f-ed2cee0b0cc6", "value": "T1B9B41212EBE4C075D9B60B7058F212D31B7A7CA16D71D39B2781689E5DB26C0A83273F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718820, "uuid": "831606b9-c582-457c-a026-f66f1b167fb4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718820, "uuid": "67cd08bb-f8a5-4a68-97fb-e983ca15c44a", "value": "12288:tMr9y90yfy9HvHopOY6p4bpQPJ4lFrMUK7:wyg9HPopZ1K7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683718820, "uuid": "54b1caba-bbaf-4da7-bab5-425c8a5b851f", "value": 501760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683718820, "uuid": "b41cf9d7-0a9b-4970-b118-f9af91582d26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718820, "uuid": "99ddcda6-e92a-48f6-bfb0-8a8d80031bf9", "value": "1a382c2bc5cd3e979eeb37bc44b27617.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d49ac4fc-ef36-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683725429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725429, "uuid": "444d3649-78b9-49e5-a20c-dc60fa59419d", "comment": "Malware payload (Amadey)", "value": "2cdbded57df65da8659b9ffd8723d2d0", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725429, "uuid": "fcb2ff5c-433d-49a9-be65-0af236b23db1", "comment": "Malware payload (Amadey)", "value": "7611a9f3617806552cbed6abb3d8343d9013dca2522fc35805aaca30bb2dfbcb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725429, "uuid": "9716e9a8-a1f1-4981-9f79-9f732aaa1f63", "comment": "Malware payload (Amadey)", "value": "a3b38bdb07ddb53492e1efeab0a691e9563b73b9", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725429, "uuid": "1b6045a9-e39f-410a-aacf-7c2597806ac9", "comment": "Malware payload (Amadey)", "value": "bb0b5f663e047f44787ab4a6c0d95240fde40b651a4c496fe1db6fb400c52b2e88dc8b57f5422a69ef1fb08cf0af5bdf", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725429, "uuid": "f3520c1d-9ffb-417e-9db6-3b5c956cdcb1", "value": "T1C9A41213EAE95132E8F6177068F607D3163A7C629D70436E2B8E5DAB1C72590B83173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725429, "uuid": "b3fda8a7-39e8-45ba-901a-6b7247d63bf8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725429, "uuid": "71c9d95c-44c7-482f-aca5-7ac20988dd2e", "value": "12288:/Mr7y9017T4s2aR9OO5w/tHAXxzqad5nM1JaCN7PlP:IyaXB2I9OpEfznM10U7Px", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683725429, "uuid": "445818f3-f7cb-4296-8c9a-a90b2459cdfc", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683725429, "uuid": "bd1b7a79-d008-45c4-8b7f-78cdc7ce84bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725429, "uuid": "f19d1163-48ef-46e8-b0e9-797733b63a34", "value": "7611a9f3617806552cbed6abb3d8343d9013dca2522fc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "550c57fc-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683704599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704599, "uuid": "688cabc7-f9f7-401f-ab0a-eec3e35eedb0", "comment": "Malware payload (AgentTesla)", "value": "6ca8b6a3f03f037a3c9fa0523f6c36ad", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704599, "uuid": "62d7abfc-3515-441c-8dca-bdae0c79c541", "comment": "Malware payload (AgentTesla)", "value": "7640591719da5ed087f6006a0dff2ca19b6f76533e95554222f04b4fe3f93ded", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704599, "uuid": "9d72a828-0e12-4e97-8725-741d9a3a085d", "comment": "Malware payload (AgentTesla)", "value": "75f39d2c5fef258ae81185cbfd272f462e2d3a92", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704599, "uuid": "160e25a8-639e-432d-9871-6caf93a4765e", "comment": "Malware payload (AgentTesla)", "value": "7e1bf9b597858357c753f5f960c07bcad547ec99501b0717327117b2115149ccfd04d6e3801c9082de2dbb5c01cdc0c3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704599, "uuid": "e5465f34-ce1d-4251-b879-ca66971cc8e5", "value": "T1F394E0D1F215C8B9F99A06B69C36CC6520A77E6DDCB4901F359A731E59B338300ABD0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704599, "uuid": "5ba56d4a-a13f-4ce8-8d32-d653cf8eae1e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704599, "uuid": "b6551091-f029-4f42-abf5-744f4638fbfd", "value": "3072:w7sZGdgWYUPiTSq7xSy4iQsVnUhtzwPffWJ1gIsKpu:pw5NiyUELs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704599, "uuid": "6deefaa2-0ba8-4416-8d83-da82ca550b6b", "value": 438272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704599, "uuid": "3b9eb079-52bd-47e6-a48a-27e3fd702c4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704599, "uuid": "0a5c3e63-86bb-4c88-96dc-30b7506bb64c", "value": "DHL KULI500796821__SCAN DOCUMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5e6d964-ef02-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683703151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703151, "uuid": "42d6d177-9b53-4c64-a98d-c1b2f2cbd455", "comment": "Malware payload (SnakeKeylogger)", "value": "131918d781ea54849c1b303c9761cdda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703151, "uuid": "9a56164e-4eda-4278-8908-b5b18b597674", "comment": "Malware payload (SnakeKeylogger)", "value": "769294c8432281947d6123baee322d195bd0a8a88c89fce1aca8762dc1ec3e73", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703151, "uuid": "b54bb348-cd23-4f76-96bb-4337a5c5b12a", "comment": "Malware payload (SnakeKeylogger)", "value": "08ccefda3873d5b6c37c463cf7405922f54a345c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683703151, "uuid": "15247ae2-daab-4ecd-8a77-173ac1f7fb31", "comment": "Malware payload (SnakeKeylogger)", "value": "edd37e7dcc8bb9f65f533e03da8a491c4629aa615cb9ec2895812ce4e4eead37953748447afe109f6123fb35ded56267", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683703151, "uuid": "06e3a33c-be51-4598-bdac-a4061c72e0e1", "value": "T164E302A4AB9B8535DD1B9B3174C411181F36D34A6DD3C2AFB2AD031D4F033CB2B5AA98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683703151, "uuid": "a0f6ddee-2760-43dd-8f9b-545a3eb621ab", "value": "3072:DlLM0l+Q/znsDUnAANPDB9h/WyERzj25q+kbj6LuT2CfUpvZInr3tSEvJrUkNWMN:Dl40X/L5NPDF6R+5q+kbjMu6CfUtZIrD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683703151, "uuid": "f8d08e34-fb84-4039-9240-7b96798caa66", "value": 156744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683703151, "uuid": "c1648d1a-08ac-4dcf-8f4b-be7c6dd117b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683703151, "uuid": "4a0ba06d-1f2d-4b86-82ab-d1affbf796f6", "value": "VBGV76.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b1da6ad-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707106, "uuid": "34d11354-9185-4b64-9e87-ed002899f320", "comment": "Malware payload", "value": "0cdd7ebc68567174ec4ad73b2d765838", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707106, "uuid": "dd6f1b2e-b91f-4a92-88b6-b8208dcb025f", "comment": "Malware payload", "value": "7796099fd953c401317305b16c3934047628914c8f77e2abd0566739872a0a21", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707106, "uuid": "70304ad7-c50a-40a0-9029-a5a4e359baa2", "comment": "Malware payload", "value": "a060b746879f05e3e6b72bbccc65b074c97f4384", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707106, "uuid": "b5bc7a24-2866-4b21-9eeb-74a3c066fabd", "comment": "Malware payload", "value": "a4e7f0031546ab82bf1ddb6962ab7280460f46e2b47efccb9595bbe0b4d0c2fa42916afee7bb18fc6395484deb06e6ca", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707106, "uuid": "b53088e7-7134-4827-9498-48f951f022a8", "value": "T12B55E0735F83FED927A50DE5E8C61D884E8078B75B1CB094B889B5AA75F4410EE8D8F0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707106, "uuid": "1353d36b-0416-4891-a384-b37613e262a5", "value": "24576:PP5fUO+8xytVC2u+Aq3zpCU9rmzuKq4cDxNaZbk0PIiuxW0:PP5cv1Nbzr5NaWB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707106, "uuid": "443ef65b-f18b-4866-8da7-2e917095a341", "value": 1324376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707106, "uuid": "a533a7a6-e05b-4a18-b323-005904e4c5c2", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707106, "uuid": "adbfc592-bad0-4449-a40e-cfc642f96ba4", "value": "Ivemagwciic", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "085ba221-ef22-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683716496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716496, "uuid": "67a9239d-f320-4ed5-b742-f61592ff2e03", "comment": "Malware payload (Amadey)", "value": "2dbc8a2e8df5172c7c80a146a27967fa", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716496, "uuid": "8fd473b4-fd89-4dc0-90d4-084b2f2c89f6", "comment": "Malware payload (Amadey)", "value": "780c8a84ef906c99d114de40584d7120135756dc1d2f8782ad0d3e210aea0a0e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716496, "uuid": "670f869e-5781-46ec-9c2f-2abda8d0d4a9", "comment": "Malware payload (Amadey)", "value": "7b76342ba9e60dd6b97f24c5ca5fc860740a22cb", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716496, "uuid": "25c5d41b-6dbe-4f15-9300-32d27c7f2ad4", "comment": "Malware payload (Amadey)", "value": "a54107e82d46e3a4a33c2d20ca4d9d62bf45d1de1b6190f2fdc8560e131a56271b57cc4373c3718dc007eecdd9c80eec", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716496, "uuid": "a6d2e00b-7c75-4914-bfb9-e0175b0f2596", "value": "T16BA41202EBE94077D9F6577058FB03C31A36BCB5A938966F6742584A1C732C5A2313BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716496, "uuid": "308e856f-5eae-44b3-a252-dc06795549cf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716496, "uuid": "abe2c6e7-ee21-4ec5-9591-6444a68b1dbc", "value": "12288:9Mr3y90CtOe4k5c1u31GTZBqnq/85jeGxC4VHt:myR4EX4Ten285jRN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683716496, "uuid": "cb354c52-6afd-41d7-8e4f-93603b72f4d7", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683716496, "uuid": "754a7715-2168-4ffe-87df-f621a79e934d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716496, "uuid": "7bf5f9c6-b2ea-43e7-bc03-b99b2442c06b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3dc71422-ef38-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683726035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726035, "uuid": "479a1e48-3b84-4fa8-a781-f4c4ea5f03dc", "comment": "Malware payload (RedLineStealer)", "value": "6c60f88b0d478fd8b4a206df434e95ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726035, "uuid": "4fdf0898-e84b-4729-8c86-fa0f0b752444", "comment": "Malware payload (RedLineStealer)", "value": "7a83621a8a702e0b6c2638a76f50ba3c1b55cf42e6378604c34efcb4380124fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726035, "uuid": "f83ad331-d585-4336-9400-6f4c273af2e9", "comment": "Malware payload (RedLineStealer)", "value": "22916957181123750046f92bce0fe8c05ae274d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726035, "uuid": "816fe93d-54ed-4e79-b2c4-081a73bb3fee", "comment": "Malware payload (RedLineStealer)", "value": "c7acd8149f4911c5bbc10306a84d6f459a0fcf11c52c07ceea914fd94c5936e5de7836c9dac373fe19c6b21ca4eba68b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726035, "uuid": "4f57603a-d8f2-413a-8e26-d43f141be211", "value": "T154644B0363D07C65E6264A718E3EC6F8769EF9518F1537AF2218AB1F18B11B2F162F11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726035, "uuid": "91939745-8f16-4f5c-a86a-71918a5c7af9", "value": "fec1eaf066374a71027605d8a122bd0e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726035, "uuid": "f407675a-26c0-4d03-9949-d26eeba4abff", "value": "3072:E/bJoBlIiUWstW4gz9WRB7BO53qKnRD8mlwHgBGbyhzO/6Z4DYZX1zKkEqZo:eClMntK47Q3qKRDzl6yoh0wC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726035, "uuid": "fc2daa98-7bcc-4579-967e-8f417fa730a9", "value": 336384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726035, "uuid": "7f165b44-e5c8-4785-9a3e-5adee0987154", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726035, "uuid": "70f9a027-6305-43f3-b241-c23c54248173", "value": "7a83621a8a702e0b6c2638a76f50ba3c1b55cf42e6378.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b28a124-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (STRRAT)", "timestamp": 1683704636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704636, "uuid": "bc184d85-106b-434a-a98e-564a677b82ea", "comment": "Malware payload (STRRAT)", "value": "9aa6ded87a57a93f820d2e38780ac731", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704636, "uuid": "1fe95535-d603-4b61-9a55-f038e09b1633", "comment": "Malware payload (STRRAT)", "value": "7b7be2ff4a46d83bb8801a7a642625af20eb8ae7b7126526dfd2b2dec613cf64", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704636, "uuid": "06906746-d57f-42bc-a692-9d372ff833ae", "comment": "Malware payload (STRRAT)", "value": "fb6a0d5afcc0d9e75336b49faad1ef25c23029c8", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704636, "uuid": "1ecc5ed5-fbaf-4d7a-af3e-b25ff16b068e", "comment": "Malware payload (STRRAT)", "value": "ca065147188e8201f4b645b75adf42f65947aa0beab2df11e0c41e86aad42882e745e9118e488ca5fc5a319b047b02fa", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704636, "uuid": "df0134b5-a650-4a9d-83e6-4c9ca08cded5", "value": "T1EA24015BADAF90F9D68BED355444C232772E82D8D0169A3B22FC95450DB1CBA0B06DCF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704636, "uuid": "86207db2-a38d-40f6-910c-57284e3aac6a", "value": "6144:VZJQxVwrW0bIdFiJRCqGbZS5Z56h1XcQ+c7:HWcrzMiyh05Z56bXoq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704636, "uuid": "a1878dc4-c852-4b22-b047-bbf295056dcf", "value": 224087, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704636, "uuid": "b81f39b9-3f4e-4492-98b8-c16fd38775f0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704636, "uuid": "6b59e016-4a65-47aa-9382-0f7bed2d01b1", "value": "quote_3458943.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10112e75-ef13-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683710067, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710067, "uuid": "a8c30843-97dc-4042-8bce-1f2ede22d0d5", "comment": "Malware payload (Loki)", "value": "25525f3e2a78097f01a7e4c9546494db", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710067, "uuid": "fd3bc00d-f3d4-440d-a879-fcd8b68aaade", "comment": "Malware payload (Loki)", "value": "7b96a1bf0bc01fdb25ed2343448b412df9e154cec081970bf360096b995be9f6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710067, "uuid": "089a327a-14e7-4a18-b983-68fce7a16a40", "comment": "Malware payload (Loki)", "value": "990a20cad6e98d41ad32e2e421396588eeb60c17", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710067, "uuid": "5544e35d-1324-4af7-bcea-386c47defd0f", "comment": "Malware payload (Loki)", "value": "59d5fdb8d360eaedf3ca31a0298d6c601c370f76446ecc94083b29ec49db9ce2faf2461ebc7bd0e2b341b445d800a640", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710067, "uuid": "3b6c0e0e-b813-4307-b3b8-b0c4586f3ac2", "value": "T1AA058C3C22DA5C22C71573FA8999C5E103356F10AFABD26A25BE30CC8971B93ED9154F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710067, "uuid": "2207f6ca-816b-4fbf-b987-c54a23e6923e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710067, "uuid": "59062c81-aa91-4930-a9f5-356042c9bae1", "value": "12288:zn9O1GPqZfOtXyZgLqiNIf1gdhyl3eJUtWfJr5vvk:zo1GPIqXUgmiilOUtMjnk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683710067, "uuid": "35a9874d-a6ac-487d-bf93-8b35407bd36d", "value": 801280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683710067, "uuid": "c7997524-284e-4464-a222-3ebf802050ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710067, "uuid": "3e649d6f-fbb2-4fe1-a02c-b0a3dfdffd10", "value": "PO_#4001759.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d39f6580-eec8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683678182, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678182, "uuid": "3304ed62-770e-43c9-b9a2-19b9be2965c2", "comment": "Malware payload (RedLineStealer)", "value": "6a188df556fb84d97a62a8bba8f86598", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678182, "uuid": "d1876f64-a0f5-43b1-bf0e-01c21ed66d1f", "comment": "Malware payload (RedLineStealer)", "value": "7bf2809cb8157e070a2a4e0ce55cc6f705ed141c26ccfbf27574bbde4edd8235", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678182, "uuid": "b579ebb9-b184-474c-934f-68de918ae0da", "comment": "Malware payload (RedLineStealer)", "value": "ce74c3f235a91ca08a7cfb6ee12bf17ebcc413ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678182, "uuid": "71f82dda-ba95-4583-b330-cdef9be982d3", "comment": "Malware payload (RedLineStealer)", "value": "d5237c8e97b7954bcf8badbb521cb588faf5f08f19c8862ad5bdf5364477836c20fb0a5d2ba26b20eac99e6e057c1d95", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678182, "uuid": "a035857a-1d32-4dc2-91e7-26e52159b384", "value": "T166B40257A3DC8072E8F46BB05CFA07930A36FCA15DB8A3A72785955A0C72984F532737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678182, "uuid": "1fc041cb-1118-4fe1-8177-9d84e11bad40", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678182, "uuid": "cdb736a0-317b-43b7-9e9f-86c0d2ddfa5b", "value": "12288:1Mrky90y2sim8xqTxFhRsD9oavUWzIPiiMH/:Vy7nP8xqTxIP8aZf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678182, "uuid": "29216d8f-82b2-4a75-9474-58a7c423d5a4", "value": 501760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678182, "uuid": "f30f6bfe-e9e0-4fa3-8e8d-310f646620c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678182, "uuid": "5c696c0e-11c3-49e5-9191-a12840e2b5d9", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fb77a8e-ef20-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683715757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715757, "uuid": "4f8339d6-afc6-4313-b8bd-16d72e4fd77b", "comment": "Malware payload (Formbook)", "value": "c0afa18e60a56f512fd95672dae2833d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715757, "uuid": "c440f771-7d47-402f-8a69-e82932309c21", "comment": "Malware payload (Formbook)", "value": "7c6ca59cdf937bab0dedd71926c3ccf4cd208f605423f503415dd0aca3b91674", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715757, "uuid": "ef995254-0d3d-4cbf-9b7a-22158c28d62a", "comment": "Malware payload (Formbook)", "value": "c72ddd1ede7239ed2c3e1808be0955fe782253f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715757, "uuid": "9293fb06-ad18-4b75-a872-20e9edbd99dd", "comment": "Malware payload (Formbook)", "value": "50f9c4321b5785b15282624803347dee1e3ba6b61ba77ca963ac10cd4c88ef2be5efac685ecebcc8da9067848fa4a13b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715757, "uuid": "4007cf00-c319-4dd2-a361-becf08e2eb6b", "value": "T1F8E4023522E0C71CE4AF2F78D4D1C1A82B71F6E72485EF3949D42ABA2835350E925F67", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715757, "uuid": "70653dfb-d10e-4493-8052-c8265646684e", "value": "12288:Kp/Dr1UgSoYEj8lJKgQWk+WzCssRshlVvSMzPODCMK9VnbcL7ql1hYsSj:KVTj8KsUzsChljPODCMKTbC7Qb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683715757, "uuid": "d341f7a0-2db9-47d7-80ba-62af6f5324c4", "value": 675328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683715757, "uuid": "c288320b-4fbc-4de0-b749-885f47b53a98", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715757, "uuid": "8f4f5b02-e101-4809-9d23-46bfdac3d478", "value": "7c6ca59cdf937bab0dedd71926c3ccf4cd208f605423f503415dd0aca3b91674", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "efb7eccb-ef34-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1683724615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724615, "uuid": "e712528f-3cb5-47d6-ab6d-2b736e560c4b", "comment": "Malware payload (GuLoader)", "value": "406b3d0752bdde1706509e02f449dc1d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724615, "uuid": "e295e0ae-59f3-45d4-a1a6-cd7a2db73b94", "comment": "Malware payload (GuLoader)", "value": "7d6e9247de0527fa4c0939c4f6e6726a35cb5f39492a7aeab5614ac1ab29b294", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724615, "uuid": "82a8a682-6de7-4877-ad3d-a8b0decdaccd", "comment": "Malware payload (GuLoader)", "value": "a88933d9f0cff0102f089615c9580bcc10a1e405", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724615, "uuid": "d5d1e758-ce22-4e17-92de-1ac6adf48d4c", "comment": "Malware payload (GuLoader)", "value": "bb741f6f659f31d075263b54cca632761c8a69728ade3f0bd149bf799e728397bde0a817ac1f18d6323d20dd2b54a8f0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724615, "uuid": "36c9549f-09f1-437e-b2ff-e8236b18dbbc", "value": "T1E7A4F103F960C5D2F43808B04A6AB52696F4AD255AE12A43FF5677DFF83E645390F22C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724615, "uuid": "02238416-401d-4501-9f05-36a0f94a5ef6", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724615, "uuid": "685d04cd-a6db-41d8-bac8-429e7abff442", "value": "6144:8pdgaK9poZuKEliNUHFIhMbLpGdPhCXgz0cWZp1IUl5BCZ6v0:eg7OZuXcNNynpGPCXk09Zp+0zCN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683724615, "uuid": "abad8f30-a616-4e8b-bb29-9400b19265d1", "value": 463360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683724615, "uuid": "abed761c-337a-4294-9083-0dd6e65c559a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724615, "uuid": "902b9789-f89b-4db4-b279-8b04be8c310d", "value": "MT103009767643 JPG.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f28781d1-eef7-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683698421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698421, "uuid": "fcff023e-2e8f-4242-8796-3116a17f4c78", "comment": "Malware payload (Amadey)", "value": "24c4426dd70678ed8b77a39fdf466472", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698421, "uuid": "c22fac10-9566-4c9c-bea1-1b78b6e9922c", "comment": "Malware payload (Amadey)", "value": "8003e04f598f75df475bebdafb8b1702c4bdff87067b6554942a795a50c5bb73", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698421, "uuid": "999569fc-a44e-4883-88ea-b67f69dbecf3", "comment": "Malware payload (Amadey)", "value": "941479d1a439877faad86d9eec94b6b0af65e300", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698421, "uuid": "a130307f-da2c-4d6b-be65-b71a856f6f26", "comment": "Malware payload (Amadey)", "value": "22e9b9b7e9ef1660b09cf760e02a62e676ae56aa9638322ba2b27b50deea64ffcc82e130c666b4ccb9a5010dfa20c00d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698421, "uuid": "9be9dcee-c30a-43b7-b7ac-ed6ec5f228d6", "value": "T191A40212BAD89072ECB51B701CF643831E36FCA4DD78836B3745A95F08A3290A97577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698421, "uuid": "e4169030-22af-4833-b3d8-2442e9ec36f2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698421, "uuid": "4ab98149-6c3d-41be-82db-78ba526abac4", "value": "12288:JMrRy90VuRuqVZunEEG8HDJyq+jf4kyKD8g9sNlV4eLB:gyAuRugqg8lyb4WL9sbSo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698421, "uuid": "1c4b34ed-9926-4581-9e63-1e58408c4941", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698421, "uuid": "12cd4c98-8fcb-4fab-9ca8-563992c88845", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698421, "uuid": "ab62ccab-3ae1-44f1-ab89-18c926bea902", "value": "24c4426dd70678ed8b77a39fdf466472.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b16c1b8f-eec8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683678125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678125, "uuid": "019e8a4e-f315-4805-b7b0-70e8bf6057c1", "comment": "Malware payload (RedLineStealer)", "value": "94f91220f3477efdbf5e041d5a99cdc6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678125, "uuid": "87adaa06-e202-44c6-b80e-4a8a1ebae97d", "comment": "Malware payload (RedLineStealer)", "value": "80517b66f5d28df06e141862e5ccb316cf616b82f8dc2bcfc506a7a65e0ce61c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678125, "uuid": "8c15a1f6-4e34-497e-bb12-751bc5318d96", "comment": "Malware payload (RedLineStealer)", "value": "9933c231c1a84d6d38ce99586b4a3895eec74d32", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678125, "uuid": "37867bce-1044-45c8-b7dd-27b92f9f9291", "comment": "Malware payload (RedLineStealer)", "value": "03e1ea6cadc5ccc6caa7c94b9c7d675cc5923a1b440d3e682f63bc224b906de87b4c21fb1a513958a5cd6cd94c7f59f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678125, "uuid": "b70a6920-d676-42b7-b9cf-6ffc5f9620fa", "value": "T1E8B40206A7EC4273D8F51BB428F603A31A36BC6599B4876B3B05955F0C736C9A13237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678125, "uuid": "501bc165-e777-4459-a794-bbd71a693b03", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678125, "uuid": "cb99d556-a32a-425e-8e18-096ead7a5336", "value": "12288:SMrGy90Vf/l5c6USLAbbP5iBblD8hhGLCJEm3:AyKf/lFO5Y+hGLG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678125, "uuid": "a603cd35-068a-47c3-b3a2-35a2926bada0", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678125, "uuid": "e75c54d4-f817-46e3-8f00-841ccbd657e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678125, "uuid": "6a73f3e2-14c9-40dc-8bc3-d738de333c67", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9d3bb12-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BlackMatter)", "timestamp": 1683688447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688447, "uuid": "20dc2466-d00f-43ce-8f18-1e201185d582", "comment": "Malware payload (BlackMatter)", "value": "64217e2df8d9313facc16aa3b9909f1e", "object_relation": "md5", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688447, "uuid": "e66fd128-6540-4be8-af1c-6e2ec9751b2d", "comment": "Malware payload (BlackMatter)", "value": "805ac3311d027bb11cef2ebaefe2d71bb8e6f30337109bc550959ae18a7a1de5", "object_relation": "sha256", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688447, "uuid": "a1632d73-ec68-482f-b18c-15c9613f9f4f", "comment": "Malware payload (BlackMatter)", "value": "f48b9796b7a3f733eedb952c02571c1aafbc46c1", "object_relation": "sha1", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688447, "uuid": "1bc242ce-2362-4f76-91d7-8bacb88c1556", "comment": "Malware payload (BlackMatter)", "value": "69ff08e4575b62f4779f8e64ff5c107255ffeb7c435129577540f1d0da4b4426297e80e40ac2ba1bf22c4e1b8d379743", "object_relation": "sha3-384", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688447, "uuid": "bef02701-17ce-4fee-83fe-741fbecb62c8", "value": "T112B64A92B809B7CBD46A17799153CD612F7C13F856248B12A82C75BA6D53C803B87FBC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688447, "uuid": "a066c823-65f7-43cc-954b-2f634567e009", "value": "49152:Mfk9oE4hyZYBl+OHJ1V4dYFgZPsv97H4numCM1+7:Ik9oE4hyZ2p8dfZPs54numh1+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688447, "uuid": "5c2daea5-328b-458f-a125-02a9f8cb4fe6", "value": 10485760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688447, "uuid": "d3da2dad-4e99-4371-aff7-2357c3bc058e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688447, "uuid": "6aba71ac-4313-4090-b128-0e3ee14e30d4", "value": "2023-05-09_64217e2df8d9313facc16aa3b9909f1e_darkside", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84c1c342-ef71-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683750635, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750635, "uuid": "b9ebc399-0218-4479-8358-0a9c37535b53", "comment": "Malware payload (RedLineStealer)", "value": "320a6c819767cd9fe47e866736760a65", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750635, "uuid": "ba7f514e-9fff-474d-a97b-b90e9a9ad2e7", "comment": "Malware payload (RedLineStealer)", "value": "80983c6c00dd8ad27cb25ebc0939996802244babc9e5b61a75cc38f29697342c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750635, "uuid": "780344ec-e0bc-46f1-8db0-716f5a68b2d8", "comment": "Malware payload (RedLineStealer)", "value": "ba8400e872dbed4c389e8c618fa537254dad91af", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750635, "uuid": "4d9a15ea-b309-42f3-a39e-dfec73920911", "comment": "Malware payload (RedLineStealer)", "value": "32f3dac407d1bcac41dbeb69fc4eb2828038e178b125860674e559203b57bf2e7d8dd2643cbf5245b983d11f5a4239ae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750635, "uuid": "31b87d59-159f-43ea-8e9d-e225aa5d87b3", "value": "T15DB41213AAD54073E4F52BB01CF603D30B3ABC929974977B6746644F2CB2AA4A431B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750635, "uuid": "47fb577d-5b98-44e8-b5b6-5d03943b91a8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750635, "uuid": "96325394-2c7d-48a9-8b79-9c82c064ee3a", "value": "6144:K9y+bnr+ap0yN90QEEEOD0QTj8FMfn9VC4JM2kfBGHcqfUwcMP65zPHyEJeF:PMr2y90yEi0QTYF09VBDUXkUVzjH+F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750635, "uuid": "1ed91d0f-330f-499b-8e47-649bfe133c2e", "value": 510464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750635, "uuid": "9257db56-ce3d-451e-bc27-638163184d76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750635, "uuid": "49bdf904-32bf-4e89-a04a-fbea0bab82e8", "value": "320a6c819767cd9fe47e866736760a65.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6c69016-ef75-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683752437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752437, "uuid": "326f5f0e-0f80-45fd-85f6-a52a4d590e27", "comment": "Malware payload (RedLineStealer)", "value": "4813c3459d326f30e3fc37ae9fd5dd25", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752437, "uuid": "439cda31-583a-45ad-ab2a-5d25f2b82a1b", "comment": "Malware payload (RedLineStealer)", "value": "80b8bbe40b63b9b2b92b844ea808adb92bbbd9e1508d861b1e335457057b1499", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752437, "uuid": "0bcf3718-b21d-4adf-aac5-26e903aad829", "comment": "Malware payload (RedLineStealer)", "value": "0d7134e45643847bdefc41862dc4e429d7f112a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752437, "uuid": "abc40e92-f6a6-4ba1-bbaa-c34ce33baf25", "comment": "Malware payload (RedLineStealer)", "value": "d179943c73e87451c2f593bb83c3f481645496d7500f46b417ce9220dba2dae9346574da44d7caf5fcc47f7c3ce34456", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752437, "uuid": "43646ff9-7579-4dc9-89c4-36b5cab3a4fa", "value": "T1D8F42313B7E818B2E8F517309CF603C31739BDA5D974936E2A444D5E4CB2A94A97233B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752437, "uuid": "02c89aab-44ee-4762-8439-d487244cf20c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752437, "uuid": "9ab96dca-d37c-4f2c-b6a4-a42f5b13ed36", "value": "12288:aMrTy90jtpPubWnStkmUn2gHXZMoLTq04xKoNpdcZwaN5IKeTzepWCjKhqDuiQm:RyoPuntkmUrCoLKxcZ8OWiKiQm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683752437, "uuid": "c3179954-2ffe-4d5a-9281-f56c9e976cd9", "value": 792064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683752437, "uuid": "899588ab-1f10-45c5-972b-48edd13303fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752437, "uuid": "e9ab59b1-9c9e-42dd-8552-482c7c03f0a7", "value": "4813c3459d326f30e3fc37ae9fd5dd25.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8ff08cb-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688446, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688446, "uuid": "7f6dd037-3291-45bc-b05b-e43d8f936fcf", "comment": "Malware payload (Kovter)", "value": "61ac784f072077b0a88581a22a0cb9d2", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688446, "uuid": "759bcf6b-ed30-4f46-a800-33e14c137ca1", "comment": "Malware payload (Kovter)", "value": "80d4860cdf241b032d79f502b3e9406aba770591fee53ef628ce363dd03822b1", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688446, "uuid": "0da9bf3f-9a9a-4ba2-a9d4-d432ccd44ada", "comment": "Malware payload (Kovter)", "value": "794b210361a4360199b462183ed07c77cfa9789d", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688446, "uuid": "a0305743-f92b-4517-98c3-0b74cf4dcbd7", "comment": "Malware payload (Kovter)", "value": "7c3cd264751406f7d1e92494bc82bb80bbb29bb80cbd0ce39cd2a6387f1aabe168397798481a9198fe22c5cc2b47c939", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688446, "uuid": "3a34cf42-3a9e-4690-b63b-f3b0ecaf52e7", "value": "T1AD743939F740E637D4269CF89C0FD2E46529B6302E381D87B6E11F0C49B5593AA2BB47", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688446, "uuid": "a1bf539f-b86e-4118-89a1-92cf2136b66b", "value": "6144:idZafDu390yYNrcWn+kFQi2SUhHNoGYhnxThy2pX/Wr/K7G7QxqgS3O:TDu3ub5ByNChnBWbKa7nDO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688446, "uuid": "81afde59-8a5b-4d64-883c-a13b85a8574e", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688446, "uuid": "659b4636-4aaf-4b9b-851b-58f543074ae4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688446, "uuid": "9ffc9450-ce2a-4c4a-a0f5-8ddb496d8c08", "value": "2023-05-09_61ac784f072077b0a88581a22a0cb9d2_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "809ccf77-ef71-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683750628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750628, "uuid": "9f0c5635-9a88-4871-a3ef-7ead75894cf8", "comment": "Malware payload", "value": "8b84d27898eb51af44b561d920f6acb9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750628, "uuid": "2e3a79aa-e721-4284-9445-1015e72928fb", "comment": "Malware payload", "value": "8102f5fcefbb4543ea507710b3b637e33da781988cd7e729004452a48c2ec244", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750628, "uuid": "4ae0d5c8-5882-4998-a50b-94da30f2055a", "comment": "Malware payload", "value": "9f6080ab0f68cc32e1900ac1f2bfd46ccae8220e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750628, "uuid": "2ba1153c-abb2-4b22-8a63-745bb21db4b0", "comment": "Malware payload", "value": "5de1e26c041bd784ccfb52472249b5428a13a8e4321ba9260e0e0669a4636dcc586f3849bb14b9f58725eec718cdb6aa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750628, "uuid": "34cd39d7-37f2-49fd-b7a6-bd4a45f8abae", "value": "T1B976E724F6139C3FD036D139D94785E858377EB8A924B4DF25AA3E49BB743803921D8B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750628, "uuid": "72df52ee-04bd-4d6c-b13b-312b155c40fd", "value": "24576:IWVoeukkAk3A4ekCx6GaeeDB+a1SyrL6tOx4lnWdO+0s8ld:IWaeMkeA6GaeeD1i4EnB+0Rld", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750628, "uuid": "87f84ef1-115a-4e9f-a88f-f48c5856d426", "value": 7372800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750628, "uuid": "8f562d5f-f945-4504-a5e5-9e4cd2db1c60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750628, "uuid": "f2bfdd5a-284f-415d-9ee7-13a15f6f8c92", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.25473.29541", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0633b3ad-ef1f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683715204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715204, "uuid": "602e50e2-33ec-401f-9bba-5ae538c19814", "comment": "Malware payload (Loki)", "value": "0bc728c9ff188a407920ebf423adf51a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715204, "uuid": "f2037cfc-cf17-48d4-a9ba-a9843e8f1560", "comment": "Malware payload (Loki)", "value": "8104914093acfa338bee8eb3576f169b0470ddb6aedea330a647239d2abf51c0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715204, "uuid": "d0fa7e86-bb1d-4ced-8ab6-586858199d75", "comment": "Malware payload (Loki)", "value": "9c7dae8a1a416bf241e8d9700956beef9f7f95a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715204, "uuid": "3bde3692-865d-4d96-9f58-3e7d502a33c8", "comment": "Malware payload (Loki)", "value": "a882c6b9116ceae1f2b70283f4ae55adbb5b307d07c1f44e6843ac05c680e80eb94b2b28ced55844293448829659930e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715204, "uuid": "0dd1a5c9-72a8-44d4-acba-7baa847f5f60", "value": "T172D47B56A014C81FFE1ADB71C1A5FFE4A6F0FD73A4E5142223793948EAB9F011E8C169", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715204, "uuid": "c56e8ffc-0278-4d18-aa0a-942a6e234dc4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715204, "uuid": "06556cdb-8004-4897-843d-31afdae43a8f", "value": "12288:+OGK70xnueUElq9vxsXxs2egQVtpfBNVtN8U9B6URTqFBKfhmswLe5Wxs:r03UElmshsHTMUpqFBKfhm7K50s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683715204, "uuid": "6eb3d090-e072-4aa6-8adf-92fafc396e52", "value": 612864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683715204, "uuid": "0136e94f-f23a-4a2b-9464-3d061909d221", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715204, "uuid": "dfcb28ca-c332-4225-a51a-38a56e176fbe", "value": "8104914093acfa338bee8eb3576f169b0470ddb6aedea330a647239d2abf51c0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a392d69e-eef8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683698718, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698718, "uuid": "08207a94-e063-47a5-bbff-bfc46bb50d3d", "comment": "Malware payload (RedLineStealer)", "value": "e8ce68f5563682e10a01b96e063082a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698718, "uuid": "ea05b628-9370-4c0f-ae20-533d7708f5eb", "comment": "Malware payload (RedLineStealer)", "value": "810f1a0909c64f4f0e404f819f191ccee14ed773ac3d75a9849c10db734a0d68", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698718, "uuid": "c070b2b0-cd4b-40fe-8a3d-8c840eabf4e8", "comment": "Malware payload (RedLineStealer)", "value": "c8426a7fc01ea3d9c890d5bd8af1e468eb2c9081", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698718, "uuid": "4197ba47-0d2f-4c95-97bb-37b46a8cc83a", "comment": "Malware payload (RedLineStealer)", "value": "67d8a0689de0ee6921dc24cd742b30267e0ab10ea0a6208dd1d770c2c5ec968e9b2b4a975c2a60960a9f975a2e9961a4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698718, "uuid": "8b8e9094-6800-414b-8f79-bc960ba71491", "value": "T1B7B41252F7EC9172E9B56BF068F707931632BCB1953C835F3642694A0C72194A83277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698718, "uuid": "1af3b40d-b03e-470d-a83f-2685cd858202", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698718, "uuid": "b232b3ff-382c-46cb-8731-d5ac1c1c04f9", "value": "12288:MMrky9037CySgzsFpLhviy+aFCQmxcky:AygGg0Lhv5+KOy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698718, "uuid": "768b3078-935a-4d56-ad28-e35e2a801e83", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698718, "uuid": "f0ab475e-7571-411c-99c9-d935ecec4775", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698718, "uuid": "5ee6fe44-305b-4571-a9ce-981ee3204a91", "value": "e8ce68f5563682e10a01b96e063082a1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43eafbde-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683744513, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744513, "uuid": "633294d1-1e2e-4fc8-a079-18f424bd364d", "comment": "Malware payload (AgentTesla)", "value": "ec2fc08a08fd29be6886f2eb9f9e2e19", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744513, "uuid": "cfc80406-3b88-435f-a9ce-a108d83f0c15", "comment": "Malware payload (AgentTesla)", "value": "81c086e249101b2f7f623296738543eff2d419aed16713c522be56fdeb4f2ca1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744513, "uuid": "6633aa47-d473-4bd7-9349-54fd988a4be5", "comment": "Malware payload (AgentTesla)", "value": "849f140e0af4156e7259679e6843de93583ccc01", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744513, "uuid": "82853c32-f6c8-4c13-97da-115b3d59f69d", "comment": "Malware payload (AgentTesla)", "value": "7673f59310755b6945645d040b8392ea944a8fffaac2e5eceb7c318409446158a0f549eef3871b92cf47b1d79b525deb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744513, "uuid": "b45ac888-010d-4b8a-a88c-d024ad9213f8", "value": "T16364F10533FC4541EAFA6F7E59B482E00B72BE579A72E64D488934CD28F07164E93B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744513, "uuid": "6d249c1e-4749-4c5a-9f21-c5fd60f98728", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744513, "uuid": "6958abb9-8d05-4bb5-bf8b-bbfa958dfffc", "value": "6144:J1XQakQMuFxbIBMPryJc3Nz7jCbT3Cdeh2kPYjj1rmauq:3XQa3bNyq3NzXCvCdMC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744513, "uuid": "7823fbb9-210b-44aa-8819-8897c59b4da6", "value": 329216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744513, "uuid": "9d997bc7-cba5-4517-babb-351276f64ae9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744513, "uuid": "155c197f-6bd3-4d92-96d6-0bb584cb0abc", "value": "Payment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a31af005-ef40-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1683729641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729641, "uuid": "c3aac061-283e-4567-bb87-48dc52afc2e0", "comment": "Malware payload (AveMariaRAT)", "value": "40daf85774a021c6464ea33fd4e8bb1e", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729641, "uuid": "3031d85d-f1e9-4a34-9ea5-02fb5b877de2", "comment": "Malware payload (AveMariaRAT)", "value": "82262b52863a6474fb05fa3c28f90e435d4319f7da43b865a58eb24d1b78f37e", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729641, "uuid": "787e48b7-4cd7-4fdd-8e94-726b0aae36b4", "comment": "Malware payload (AveMariaRAT)", "value": "0dc179389519d9aae6c3d6e61259e3696e9ed72a", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729641, "uuid": "a0e93c81-2156-4102-b555-242b51a3efac", "comment": "Malware payload (AveMariaRAT)", "value": "1d9dd531ad9a1d281e8017ba00e0053fce09ce77a7dd5863fc7f427fe73b7838c57244fe0ca8c5ee6de577249bd5f079", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729641, "uuid": "30e13604-05d9-4e32-bb5a-ae093f88493e", "value": "T13455E0335AD3FEEBAFA50D94D86616444CC0BCB76228D1B4FDC852CB32A5910EE55CB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729641, "uuid": "972ece29-f455-4502-986b-5a46e09d350b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729641, "uuid": "2385612c-476d-4ad8-834a-49ae93014024", "value": "24576:xKGkAz/pZB+B5kSKUI9LwYYZxQsLsI05UzlbIU2qi4S5w/QMU:86+BGLUIRw74U1hS5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729641, "uuid": "c1a978b3-323d-4271-b38c-2c8075c3b608", "value": 1340416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729641, "uuid": "648c7711-1bab-4d11-831a-3f23215c28d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729641, "uuid": "01bc1ebe-1b0b-4569-8347-a76d346fe31a", "value": "FLASH INFO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "249e306f-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707095, "uuid": "a548f9e4-0d72-4605-9bcc-810e7d93dc8d", "comment": "Malware payload", "value": "5e87e64016a00c082015cb64536d5a3f", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707095, "uuid": "62f6f7de-f39f-43ef-a6a3-c68cef311268", "comment": "Malware payload", "value": "822d587f072ed6f94d16257c7a6019513e0596a74426a50a47bdf7625859c080", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707095, "uuid": "efa82b5c-6bb2-4d6f-b424-a57fc9e1ec90", "comment": "Malware payload", "value": "94ff05934109037652ec974894b973576d2456c0", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707095, "uuid": "c869bc80-ac09-4089-9856-7ac6d5122d4a", "comment": "Malware payload", "value": "5798f6ae8bba07f4fa516c082e7a84c72169e877c11fee2052ace02e34d4c594d1ac9e2e0787fd542e0af0c31491dff9", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707095, "uuid": "ebf621bd-fc3b-45bc-b836-f82de202898a", "value": "T11255D0335EA7FEF53B650F84D84516445C80B8775BACB1E478C8B5AAB1B8990EA0DCF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707095, "uuid": "7a49781f-d84b-4ce5-8303-5144005fb2c6", "value": "24576:BPJVazd9Efgr9cFSIA0lUkdq0x6deoKEprnVjG3m:17apbpLn6qkEpg2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707095, "uuid": "7cffe06b-9af9-4e9b-9639-731c77a479c4", "value": 1323692, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707095, "uuid": "56a18ddd-3bc0-4e9e-a744-f74ac96431fb", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707095, "uuid": "643b8afa-a871-4e75-90d1-78a7e871ef20", "value": "Fcwcdfjfzz.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a67e15a-ef37-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683725600, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725600, "uuid": "ad02c21b-84ac-4854-b6e3-514518327f83", "comment": "Malware payload (Amadey)", "value": "71dd8bf27fb0db7b9a8839019222ff61", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725600, "uuid": "aeaa1245-0e6b-425d-80cb-59bce5a4e26e", "comment": "Malware payload (Amadey)", "value": "82a8103552d7033d03a76da16667a333c518e6872e0e84500220e106d5909ca1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725600, "uuid": "334c350c-a146-4ac4-b4e4-4571c221e22d", "comment": "Malware payload (Amadey)", "value": "2f4f2eef320e25b154dcb607cf8ab0a3560ef5f7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725600, "uuid": "643c61cb-521a-41fc-813e-c086a3bc1ba0", "comment": "Malware payload (Amadey)", "value": "dd689957151ad09afaec7296271332370a35f159d29769e899b0457d96933bd360c86cc8b40113ffb1daabc4b7e6fd77", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725600, "uuid": "6df91914-23be-4ee1-bf52-61a18c8f3f1b", "value": "T1BAA40223BFE98032D9F9477059FB02D32B35BD619DB0466B2386685A1973AC4B43137B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725600, "uuid": "ed1d0631-0d23-4aea-8d49-4bcfce9c9eed", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725600, "uuid": "2631a539-a8cc-4366-8578-e82be968e837", "value": "12288:VMrcy90WrZF5GppPBjBCoaofaas590UoLZlThl0g:xytlEJQVGw9wLZl1l0g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683725600, "uuid": "718cbbe6-cf2e-410d-bbd9-bd2fe7ed9653", "value": 489984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683725600, "uuid": "0de0a962-3165-48b4-8227-99173b9a4049", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725600, "uuid": "8d76e53e-fef5-4433-b005-38e4c4fd6c07", "value": "71dd8bf27fb0db7b9a8839019222ff61", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89faca0b-eef6-11ed-b3cf-42010a9c0076", "comment": "Malware payload (STRRAT)", "timestamp": 1683697816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683697816, "uuid": "a6c20d19-fe68-4f6b-bb1c-8f1236b4279f", "comment": "Malware payload (STRRAT)", "value": "9331316ad8d510eeddcaba4975c3ca42", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683697816, "uuid": "d21ab4f3-9053-4abd-b77a-00fb1958bdc0", "comment": "Malware payload (STRRAT)", "value": "82ec7a83233454e17146925691574f36ca8c19425777b8783ee597d331151034", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683697816, "uuid": "7fc05860-a263-4b44-bc95-8383ce5c060c", "comment": "Malware payload (STRRAT)", "value": "75177e5b8f9971fa0d025871089c2832cc18f56f", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683697816, "uuid": "9f33a237-56bd-4384-bcba-d84e4b3594ed", "comment": "Malware payload (STRRAT)", "value": "b5bb2a514d9bbd1337ffa9b7a71369582c1782374b328590892e8b5a06c5d7661f65be8b9a7e24be531fb268df5c967f", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683697816, "uuid": "fa586456-bc5b-4d48-b94e-9ad182197198", "value": "T128844CCDAA4B0A2ADC7CD8C072DB079361B4D625F0C8D76B4666EBFEFB02B481457149", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683697816, "uuid": "98ca054d-b088-4ef4-8c0b-5fa0afc00914", "value": "6144:KfXnfxI4PEOWsuTnIEAU/RPidepepig36dITY4658cuIftzRF9dsH5FGavTr0:sKMUpGergc6TGaU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683697816, "uuid": "4a8f999d-a0cf-4aa5-9067-b52810bc41ce", "value": 376904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683697816, "uuid": "08bc941d-af3c-406d-9f47-9374b4df5d29", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683697816, "uuid": "3774133f-d084-459a-8307-1d3bdb1ef949", "value": "Doc Lx-09272776a.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "688f291d-ef57-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683739421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739421, "uuid": "63336bd2-0d7f-4305-84d2-d3021a8e5d11", "comment": "Malware payload", "value": "7f736fe70ab16045fb83c06f4a0fd76b", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739421, "uuid": "d2314277-db6b-4ef7-a9b0-36ae70d502e8", "comment": "Malware payload", "value": "837ed1f42b15125238bb7b837a886931085d8b7e4be6f7c7e6453103f6ee7e4e", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739421, "uuid": "9bc9068b-f2fa-4f2f-a295-7ad2bbe25e21", "comment": "Malware payload", "value": "2c8d570a068179f7f32c1b3ceff682456a8546d7", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739421, "uuid": "23452474-6c10-4c44-8bf8-5db7fa90285c", "comment": "Malware payload", "value": "2d762d0244f98e6e221cbdd59be38034d8e4a151b00be68de9969ed0c1eabf1537478ba4e0280d0514167806bc0abdd7", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683739421, "uuid": "06f8f111-9de9-430a-8e6d-7b222aa9b624", "value": "T1E5C29D9C56D770918657F03E637FCC4AB264092B48989D1BB95DB210FF9A43CCBF09A8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683739421, "uuid": "13cc912d-df4f-488e-a4c9-536bc91497a9", "value": "384:oExUH3l2IRAfmUuT/sZrSxydXwk82ZdaNXRxEWT4XdI:xxO7R1UuzstgydXYS/WTqu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683739421, "uuid": "d2a1db64-dc0b-4797-9b04-a3921ccd6f1f", "value": 26300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683739421, "uuid": "1bfee849-114a-4d12-87ff-af9d8e46709c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683739421, "uuid": "c870ab4f-c4b5-4195-8f11-29befa301736", "value": "INV_28775_apaerh.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07f58076-ef3e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683728521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728521, "uuid": "e581a833-8370-4829-8df4-25deec937e97", "comment": "Malware payload (Mirai)", "value": "630b7a687aafaea8d009b73975b76ea8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728521, "uuid": "ac50b428-0c80-439b-a8b1-1ed3bed0b652", "comment": "Malware payload (Mirai)", "value": "838369623fc2a45e63e108fc550dff9e07008230719c17632a7515f691fa2fcc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728521, "uuid": "6c2e6613-7a3a-486c-be5a-a52d50ea7df8", "comment": "Malware payload (Mirai)", "value": "f5a0f0fda9dc32d2dab52b471f5a9ccfc61b85dd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728521, "uuid": "e18cdb78-63a9-4324-80d3-69fb9810ab2f", "comment": "Malware payload (Mirai)", "value": "168daefb70632fbb3e6c7d97f30ac1230c6f90a3810d0828abb96b99fc907d543ac295b182e8bd2e80cec4c6d7285428", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728521, "uuid": "34af9335-c3c3-4e98-b16e-3338a7cdd80b", "value": "T1C5C3C63B67170E23C0CA50B101E34332AE75DE9B34B952D7AAD07D686F36A843856BD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728521, "uuid": "16dae91e-1bca-4c98-a0f6-cd669afb051a", "value": "3072:wsrp9xV+GZTZepNPhj+e3fSqPIL7ymm/QMurB1nKGNb:SMQplVIamm/QMurB1nKGNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683728521, "uuid": "f4ff3428-1e8c-4206-a8ed-e9047fa47c23", "value": 129856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683728521, "uuid": "8924393b-fc3f-414c-b416-939226c327d1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728521, "uuid": "6d348da0-5683-4f7a-9fbb-89128bd800cc", "value": "630b7a687aafaea8d009b73975b76ea8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d745158a-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1683705676, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705676, "uuid": "9fefaef4-7c48-4adb-b4ed-065f79e1f893", "comment": "Malware payload (Smoke Loader)", "value": "495b00db1c41683a71eab4812e2d9e25", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705676, "uuid": "858f9f95-10c5-429b-acfd-81651c250f0f", "comment": "Malware payload (Smoke Loader)", "value": "83ab1472ffea5bf933c4c94251b4af9fa6636c0a97ebc64d63566c82f6304f06", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705676, "uuid": "e60e7d42-ad21-419e-ba43-07e501e195b0", "comment": "Malware payload (Smoke Loader)", "value": "4d0a1647f91ec471f209fd9f0ddb91490a10719f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705676, "uuid": "a5d6bb85-55e5-411b-b282-ef2b9da5b5c7", "comment": "Malware payload (Smoke Loader)", "value": "eaab99426c96b4a4d57a8d7afe31da1390641c54cd4b5e0dcfb7294c4ef0f304c31ec519eaf3f95a9b05536574375656", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705676, "uuid": "76315a52-c4ee-45e4-8a09-2a1cab966949", "value": "T1C6640A9386E13D44EA264B72DE2FE6E87A1EF1618F593BA63618DE1F04B00B1C173715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705676, "uuid": "7a074a33-fa74-48a4-9788-f4fe96c90b44", "value": "f638bba0028bbeebea7ddd6400ec7cc1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705676, "uuid": "710a2122-2bd8-4e32-a11e-1c7ed48130cd", "value": "6144:9UPgpLYNiLIKt3CV+d+ZF4JtyjDI4vGG4:9PpcNiLIKR60tqI4vG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705676, "uuid": "2022ce5b-2dcc-4f1c-aae4-5f3df46910c9", "value": 327680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705676, "uuid": "7588992c-ea9e-477b-81cc-d14ca20d8b20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705676, "uuid": "12baf6bd-e476-49e8-9cc3-884ed2e71292", "value": "495b00db1c41683a71eab4812e2d9e25.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4e8655b-ef26-11ed-b3cf-42010a9c0076", "comment": "Malware payload (DarkCloud)", "timestamp": 1683718530, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718530, "uuid": "3af399bc-4432-4da6-95d7-99f7cc17397e", "comment": "Malware payload (DarkCloud)", "value": "26267aefb12de3eface8ae87dd5d4a6d", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718530, "uuid": "388bcdbf-a5db-4cb4-8c9d-5df21c034449", "comment": "Malware payload (DarkCloud)", "value": "847e04095e646bc56458e498de0e8741d873b777567a0372b59d27d4f1d3b625", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718530, "uuid": "623ce78b-238d-42de-9c6d-e09e562701b9", "comment": "Malware payload (DarkCloud)", "value": "88aad0f963f04e283183f6fe02db0b9c384f2df4", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718530, "uuid": "7d45eb2f-a0a4-472e-96aa-6aafa5abf5b9", "comment": "Malware payload (DarkCloud)", "value": "b42cceaf76fa07dd8e40de437a1d852c886696e512e10cf3459b00e590984665ee22308c08a7d5eee600effe535b0bd4", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718530, "uuid": "bc551be6-b13c-4ba7-9bf7-d6e01e9c9302", "value": "T1A8751210712AAB2BDBA853FF0A28484113B4775AFDABD17D6EDF21CCD852B104A11F67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718530, "uuid": "733bee05-c057-479b-b6ae-48b54ad10079", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718530, "uuid": "252538d2-9da2-4d44-8bb1-21a27a4b1e2d", "value": "24576:lALd9G4jLamVOjHuCB3G2Z9+HCr7YJ/38yT/BFqHac0J10307SGMjo:S7GsGgOLnB3j/+c8PFTpgHP6ahG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683718530, "uuid": "04a68eec-0d44-464e-a37f-65b44d11d155", "value": 1657856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683718530, "uuid": "07d6d0cd-9c4e-4e98-8d71-d1a8df6dd75a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718530, "uuid": "1d433082-4488-4797-a393-f8e7ffc41338", "value": "SecuriteInfo.com.Variant.Lazy.338484.17766.6491", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7575217-ef12-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683710025, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710025, "uuid": "0c26c108-1afe-4c5b-b50e-0fbf8dc668a5", "comment": "Malware payload", "value": "145a9a9029ced7e2d109b8b9db2e2867", "object_relation": "md5", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710025, "uuid": "221ac1d6-4d58-4d49-80d8-e5e1cb6b49f3", "comment": "Malware payload", "value": "853bb4e3d35cbc19c24a6bf90ccb6dc4bb893bf089737a82c5cc9d95823a6823", "object_relation": "sha256", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710025, "uuid": "dfeff44c-44db-4066-a223-ec6d14b57579", "comment": "Malware payload", "value": "10f480cecf4ff4062045ca5714aeb47d0b5de994", "object_relation": "sha1", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710025, "uuid": "e4efc574-2174-459e-b9f4-3d20eee07eff", "comment": "Malware payload", "value": "b38c55c93e5c37d85b97aa73b44b590db45ecc00c2b7a2904a230131ffef7a420d647170b83e8b72a29739cfd3de37cd", "object_relation": "sha3-384", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710025, "uuid": "9ee1dc10-2bc1-46ea-8521-c82dfd501f09", "value": "T17F24229648D4EE89B316DCD478AB85D1CB8ABF911C01E54DE0624B43B22A7F883BD7C5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710025, "uuid": "489399ea-8475-42f8-a58a-8ef8b944d4e0", "value": "6144:xqH6jxBlaj/rYY6JQkMGIQZD9xcebr6w2:xxjfsTrYY62kMfgDbrJ2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683710025, "uuid": "02c0b268-1a37-4eb2-8ac3-15c2a990ba8e", "value": 224757, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683710025, "uuid": "746630c9-0168-4974-90ae-c4c7d937874f", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710025, "uuid": "e4474984-3253-4c0d-8cc3-fd39681526f3", "value": "Org Chem Group Product Inquiry.ace", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "567e9fe6-ef66-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683745833, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683745833, "uuid": "1c269a0a-9ec9-4f18-b393-37cfc3b4788b", "comment": "Malware payload (RedLineStealer)", "value": "aea8239450041862cbc7eaed252c0b14", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683745833, "uuid": "fc2e0637-e027-43ad-ab1b-3e18d0eb27ae", "comment": "Malware payload (RedLineStealer)", "value": "86763058cb4b7fbd0f0987e26f05faa054e174210507503cf27b79a1967963ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683745833, "uuid": "61c89ede-78f5-4b3f-9536-2e7341bf12ea", "comment": "Malware payload (RedLineStealer)", "value": "b1456f8b8911a4c7bbbc4d5328f8e57310c618b3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683745833, "uuid": "873340be-79ac-47a6-9aa5-a8ca285c0572", "comment": "Malware payload (RedLineStealer)", "value": "0e7cee0b75eb7dc2935a594b05f37cabeed6f07b3702cd60932bd91f138279756ff2e9df6a07bd530dbf80469de9f6ac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683745833, "uuid": "70ebfda3-4749-4019-9c74-9646ac3cc95e", "value": "T184F42241E3D94132F9F4277058F302D30F36BC628935862F3796A98E18B15C8B57ABA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683745833, "uuid": "0f9fa9f0-e53f-4146-ad9d-bb72246af141", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683745833, "uuid": "07cf1031-7971-47b6-bcf9-7763a9962325", "value": "12288:NMrsy90MB/uLMaAlbMPU9tgz78z/K8N+uy8/Zr9bSAlu:RyPB/uLMpbMM+kW8Jy83Pg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683745833, "uuid": "b840b201-6b39-4994-8ce3-b37d241d5fc8", "value": 790016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683745833, "uuid": "cecad3d6-f94a-4607-b4d4-7e8695d443f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683745833, "uuid": "8f5cc1e2-012c-409c-a5a6-09ed10f5cef7", "value": "aea8239450041862cbc7eaed252c0b14.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4b26463-eef7-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683698424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698424, "uuid": "f13c291a-2197-4cca-bc08-06a119d6b9ef", "comment": "Malware payload (RedLineStealer)", "value": "70703158b544e0d44503a041625a2998", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698424, "uuid": "d05dfdfd-d340-47fe-8484-5f6d0190634d", "comment": "Malware payload (RedLineStealer)", "value": "86de0eece0f433c1dad9c51b60a11e39346f6da14ad576d78bd72600d963f80a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698424, "uuid": "0ca0c5f9-cd08-4682-96af-6211e80c9da5", "comment": "Malware payload (RedLineStealer)", "value": "bc65626f2a204f8a9482b9909eabc24ba8303d51", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698424, "uuid": "e500e61f-8d26-42f5-aed0-62abf37652a1", "comment": "Malware payload (RedLineStealer)", "value": "3d7a9d276826be2dfe6bde95685b1d8ea0e6012e919bfd81def736978c3a1ede3b32704f70149dc068c05dcea62404f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698424, "uuid": "782b83de-fa2a-4959-b0e9-1ebbf9b75af8", "value": "T19FA40243B7F88472D9B55B709CF612C31B39BC625838935E3785689E1CB22C5A5323AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698424, "uuid": "62d51b9b-7220-49e7-a4f5-91b3fbf1cfe0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698424, "uuid": "514b9536-b408-49ba-b84b-95024b61bbdf", "value": "12288:LMrIy902/PU25c1u316TyFpFYs/XN3Aj0kYzekZG4:fyZbXMTQ3F9k4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698424, "uuid": "ca9c4926-32fa-42a2-95b5-f369a42d5dd7", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698424, "uuid": "1739e8fe-0944-4d7a-91b1-a8068f6572ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698424, "uuid": "7edc2254-0e9f-408f-ac01-94b688547e5f", "value": "70703158b544e0d44503a041625a2998.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ea5944e-ef71-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683750625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750625, "uuid": "9836a5ed-ddce-4e02-bbf4-5a2a97276c0f", "comment": "Malware payload", "value": "f9551afd93c262e990a4278f067a9318", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750625, "uuid": "e5c31d66-5f89-459f-b815-081006c20278", "comment": "Malware payload", "value": "873b21d35de73579c414bcc2fec942cd54e2f4b475841d13586973ce7a916e12", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750625, "uuid": "8a4c186e-6753-41f8-986f-150c99c2a436", "comment": "Malware payload", "value": "f91e16b1311e81414c8979b70d65339ceb8e9b54", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750625, "uuid": "32009cc1-2049-4c59-9bf0-b03c32d0b26a", "comment": "Malware payload", "value": "774ac88eeda29496f5d83a4c71e48137192c1db6ad61a5ccf96ba0d4174e94cf55668cd1852c6e51c8ee4e004d9f130c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750625, "uuid": "7940370b-2de0-41f2-ab25-bf3694f8bbef", "value": "T130239E6B39E18433E89A43B005B64B1B7F3F257506B490A35F707D692E72DE06E32297", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750625, "uuid": "14458ca8-35a9-40f4-9025-a7fb6445ffc0", "value": "f7839f01539029f2b3d6f540e5326dce", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750625, "uuid": "a77b803a-062c-44a0-a63f-81b51cf9d5fc", "value": "384:2OgZz+4h2REklgcKFzz1b1t9iUoyN3kTNK/yCw1r2wmZyOfcJBhzc0Qh5H:+x3hpy4v7+rNAA2LyOkjhzclP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750625, "uuid": "38906d35-e6ce-415b-968b-9e8ab4d8245b", "value": 49152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750625, "uuid": "e5e15f16-0b20-4846-a8ee-51f6b32fb739", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750625, "uuid": "5575cfdc-e415-4cf2-88fb-cb35d9d3b007", "value": "SecuriteInfo.com.TROJ_LAMEWAR.VTG.20921.891", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48f5c211-ef60-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683743233, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743233, "uuid": "e8fe45ae-7962-4f86-8b33-0934f8a742af", "comment": "Malware payload", "value": "5c4011f4419361b03efc274afd0f3103", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743233, "uuid": "f18fe914-1cb2-4104-852b-f55c8519e52c", "comment": "Malware payload", "value": "87405f169e42b52d9561d79b89f6898cc735f0edc26905baecf21673244455ad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743233, "uuid": "d5116651-1ff7-48ec-80a7-f6e13c2bff41", "comment": "Malware payload", "value": "b6846421ad5c794c75b690a9baf37a75dde16352", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743233, "uuid": "7d528600-9e91-4d5c-b187-d36b6750bfc5", "comment": "Malware payload", "value": "e9e0c2a2f6f0ef76ce4c152ce1619f64cda14982814c50cbaa14833bb76d35206018877d21e759b4d3f20cfeeec06c88", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743233, "uuid": "d6baf03a-b8ac-4338-9897-82d15413e2d0", "value": "T1A4F4E011325AAB2BC7A893FF0A28454513B87B06BD6BD13D6DDF21CDDD22B104A11F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743233, "uuid": "a150a4a0-1941-4781-87b2-2640f93f016d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743233, "uuid": "0b1262f1-271c-431b-8eba-d05c50a8eb78", "value": "12288:Ml2ZfTREHeNGpBKsWYoNv1LH35zamoA41DCzZVkym7joAPtxj3Pz:EkLKHXpbmd1LH3tUKZVkv7joA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683743233, "uuid": "0262e915-97ba-464f-9d1c-4b69d312f15f", "value": 738304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683743233, "uuid": "68c90ef8-5d77-425d-8a3f-950dc8ea505b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743233, "uuid": "90232f0f-42c2-4462-aeec-38abff64f6aa", "value": "Transfer copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f1aaa7f-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731298, "uuid": "7b23c2b9-580a-4f99-b08d-c0953a70cc34", "comment": "Malware payload (Mirai)", "value": "446943d1fb84c019f18466c22e472d8b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731298, "uuid": "95061f7d-3686-4890-ad57-b53a8cc45a65", "comment": "Malware payload (Mirai)", "value": "8793150451b0f4a89457222adb28775e048ad17c1e9cfaf7acb328f59933e9d3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731298, "uuid": "46ff9fed-8b2f-414b-a736-5607181605b3", "comment": "Malware payload (Mirai)", "value": "b4a6240a8dc440def6870dbe88030b35a93577ca", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731298, "uuid": "39091a9f-091a-4972-a9b6-6f682ed0de49", "comment": "Malware payload (Mirai)", "value": "4f9622b7b603605d77f14f5f7d3ff10e4d4fc3b787d39f42873fec2e84b3e0a531e100d7c30a3fc9efc739bd2db187f1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731298, "uuid": "22fe0344-13cc-40a9-9802-aa1b90ba9f91", "value": "T102C2D0DCFDA692D3C55C4E7DA32D14CC9D88509A93A7231D9FA08C88B244A47FD1E93D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731298, "uuid": "e8d36aee-7c5c-4a5a-bded-0794ce2e9fbc", "value": "768:xfp8u7ovmG6BDsFhPOqXSXfveLlQeGwTehPIGr+ogTfuWY:x78vmG6KhPjXSXfv0QjaKd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731298, "uuid": "f8d8d7a0-db19-4f19-9b3a-7dda3f6be99f", "value": 27196, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731298, "uuid": "e74306d5-a459-4a9c-9490-5278f1ceae5a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731298, "uuid": "0d7c9f35-b075-4894-b229-780e522adec0", "value": "446943d1fb84c019f18466c22e472d8b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdc385c7-ef42-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Quakbot)", "timestamp": 1683730652, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730652, "uuid": "bf7acf63-0364-4210-8bfe-82fe72cf683b", "comment": "Malware payload (Quakbot)", "value": "0687b9e63e422cb9f5571949807d723e", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730652, "uuid": "f9a4ce86-7096-465d-a731-2aee9868e592", "comment": "Malware payload (Quakbot)", "value": "896aed34b7d22d34daa5ff555d6373eb3e8218a5e6f14497f3d5b7a2782465e2", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730652, "uuid": "73a491ff-c9cd-4ab2-8d72-647d271ba117", "comment": "Malware payload (Quakbot)", "value": "6025bd28554398c8ddfc8692d6a08a58f9ad2d94", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730652, "uuid": "983278e3-7e6c-49ba-bb9d-2e9ed46eebbc", "comment": "Malware payload (Quakbot)", "value": "f4e967fd4e80d93498637eb1c21caa5da74a8ba938d7f378a97aff03916c36d24300d69b34b70ff51be61efc7235c293", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730652, "uuid": "b514d1eb-163d-44b9-aa78-9364e721dbdd", "value": "T148D365C04F6904B16B5BBD217631D5A5EB7D0D648388928BE05F3172FACE28DCDE9B21", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730652, "uuid": "b2e7e3e0-4340-4e5f-a9dd-a72fcb71f244", "value": "1536:pi8ERGpGlWtts24VTXkCP+lw/xXGKlNE26voCtb8cYK8aokj1ekDrTQ+k0WBTE+h:pPk3lMts24VBg19DoQlwskXV5z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683730652, "uuid": "68e7b147-a00c-418c-84fa-78a9de7d526a", "value": 142449, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683730652, "uuid": "019f1f34-9073-448d-9ef4-7757756c9228", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730652, "uuid": "2ae73912-401f-4921-ab30-3b682c618c1a", "value": "Qkoqwylt.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60538481-ef17-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683711919, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711919, "uuid": "9176e748-fa38-4891-b652-66457839eeb0", "comment": "Malware payload (RedLineStealer)", "value": "c6b5819a9acf7345d1b5831411bd5515", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711919, "uuid": "a24a2967-f0e9-42db-953b-31105ae829cf", "comment": "Malware payload (RedLineStealer)", "value": "89a46ed5a9c6783ec3ddf5d7bd47c7330a8429e4ff46b317b93ffe46eed9861d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711919, "uuid": "89bad024-c909-4975-aa9e-a2e328c30789", "comment": "Malware payload (RedLineStealer)", "value": "a3346d7dcc5c1fbad4d5752a9be9a89765f30b36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711919, "uuid": "f22be037-f375-4d06-8f9a-0f3ddd33646f", "comment": "Malware payload (RedLineStealer)", "value": "2fea33f34a3ae5a3fb420ca57cce99ae1eea3218122b29dcdfadf9560831a9cbbc04a7b3c4ac2d8f35be94086e72f475", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711919, "uuid": "0ee7d29e-ecc9-4ff0-bfd5-19ae39797f95", "value": "T1DFA40253E6E98572C8B16B705CF603930E36BCA0AD70936E26825D5E4CB36C0F97572B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711919, "uuid": "eade633f-2d3e-440b-84b9-f303aab89736", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711919, "uuid": "e639bcf5-6f99-4884-a1cc-f9afe043b2f8", "value": "12288:eMrpy90sG0B9g17nbZgkokqu5Gi0OWPC:zyrXUJ9TokWi0+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683711919, "uuid": "b56d88ce-6b26-42ff-b8fb-b3d8593c0471", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683711919, "uuid": "db7f2153-6e8a-4776-849d-5625447debe9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711919, "uuid": "68eb9089-4647-4f42-af52-247de4f36356", "value": "c6b5819a9acf7345d1b5831411bd5515.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c1860da-eeea-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683692639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692639, "uuid": "3d9dcdea-f48a-48cd-88d5-48f6430cdb4e", "comment": "Malware payload (Formbook)", "value": "992a0de4e5038847edbe7f400f3ccfd2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692639, "uuid": "27198b66-3491-4b6c-bafb-848170d115b0", "comment": "Malware payload (Formbook)", "value": "89fd567270112eb3494cd4253f2babe024465e60fb28c64800901ccdb3d7fdd2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692639, "uuid": "692f958f-15cd-441b-b9ff-4c4bc7fa25a1", "comment": "Malware payload (Formbook)", "value": "d5444b3bf9c46a414f3d10a7ebac82e45d2d0db1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692639, "uuid": "24355142-1e9f-46fe-969b-2908a678926c", "comment": "Malware payload (Formbook)", "value": "b1c1baafb4d2788c45cbd45491aa10cecb46cf44eb449aba324b84d58dc299dd683e81716ea1138211c735b4d04b763b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692639, "uuid": "ab0f671e-8965-4bc2-b95d-f50cff1b6045", "value": "T140440204A5F0C4A3D0B1433399392B1BEFA15A1A24B8524F77B0BA5DF933246D66F7B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692639, "uuid": "c29f9762-c3b8-4892-89c9-ed809f6b2538", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692639, "uuid": "a6b647b8-1d93-4f60-9388-6ef997722556", "value": "6144:/Ya6X4S/Vhzfg2NyrZlzEiTRxVaWVQw3KCFnI:/YVLNdRyVlzdRxgWV4MnI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683692639, "uuid": "4b4f695e-660a-43dc-b682-17ba64ec6689", "value": 254221, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683692639, "uuid": "8834dcab-47b9-4b33-a396-9bb875a4bcfb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692639, "uuid": "e0fb4770-02e9-4e80-8a3c-4126592d201c", "value": "992a0de4e5038847edbe7f400f3ccfd2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d068041-ef32-11ed-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1683723483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723483, "uuid": "71189073-6066-4714-a62e-d99a26cfe9d2", "comment": "Malware payload (njrat)", "value": "7e2a239e2512e9c12e2d73162fa37dd3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723483, "uuid": "d9c71d48-d69e-4fe4-93f2-71466fa5b65e", "comment": "Malware payload (njrat)", "value": "8a1a59e98b02c90f2cd9b5b21bf110d4de662d885735abe0acee7f0bf87cec8e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723483, "uuid": "f7832c33-92aa-48ca-a714-c14b77f8e36d", "comment": "Malware payload (njrat)", "value": "a45e68cd0031f5b5a7622a5c6e12b08ac3aa7ffa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723483, "uuid": "742d4364-c2da-49c8-93df-a8d9ee2da0ce", "comment": "Malware payload (njrat)", "value": "1b3730921e4755d721bceb3d8962ef811914b87b3a169af27034b8c366f9d7c0fc1ab9b8d29e138e995c522f88f46191", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723483, "uuid": "99fb9ca1-b95b-4c23-abd7-5f1f283e063b", "value": "T1C34533B2093D42D3D9A07C30DAE4C48D5D24DFB461CADD98ED931C5C3850B969EA98BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723483, "uuid": "01ce2343-74c2-4950-bf65-a16b650af845", "value": "2e5467cba76f44a088d39f78c5e807b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723483, "uuid": "dd73aa9d-b41c-4426-9669-9f6df6ba1b22", "value": "24576:X253JIvOtSsht1sqgAW4vG3dD6/p+23s588t3K5+Ongqx4SK:m55IGs6t1yATGtDc3sy8t3Ak", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683723483, "uuid": "0dcebff4-f71f-414b-a808-1c86a6b03d95", "value": 1210093, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683723483, "uuid": "c7403f15-2c52-403c-a3d5-dbd25af9a524", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723483, "uuid": "acc998f3-6c45-4841-8bdb-a40365bd503f", "value": "8a1a59e98b02c90f2cd9b5b21bf110d4de662d885735abe0acee7f0bf87cec8e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe67ef7b-eee8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683691998, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691998, "uuid": "caee6c6f-e602-4161-9aed-677c7d945bf9", "comment": "Malware payload (RedLineStealer)", "value": "0b4135d0e9882b2a5cdb6ee68b7df67e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691998, "uuid": "8ff0a6f1-7d8d-44b4-9c3e-750d6fdec8a9", "comment": "Malware payload (RedLineStealer)", "value": "8a5196e87b538452033124cdf3c1b1be15db47139186223e6dc4e9e3d0ced4a8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691998, "uuid": "ea027899-b540-47e4-8651-9290c782d4ef", "comment": "Malware payload (RedLineStealer)", "value": "ee150772f261596372425d9b793d86f2f14b1010", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691998, "uuid": "7d92dd41-601b-443c-9dbd-9a82dfd185f3", "comment": "Malware payload (RedLineStealer)", "value": "0967943cfad79fec3c86952613dc6ee8ec45651708342e9fe159d86c93a4e251226a508bba64731706bc44cf00dea332", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691998, "uuid": "a57b00e1-0a86-4702-8c44-5f95cf2f6cea", "value": "T146942AD38AE13D44EA264B728F2FD6EC761EF2618F597B652618DA2F04B00B2C173715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691998, "uuid": "aef1b5d3-e793-47ae-a342-cbab555785f9", "value": "6e9e4d8d550ce72fc581af3e283eb7bd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691998, "uuid": "a589c9a5-fa8d-4b04-9108-332b8ff63d16", "value": "6144:Yx7uS7gLf34sn/C7nkzEDKGC2lz/gKKOsULyGd4zFWIjIL247:YJuS7gD34sn/5zGi2pKOJLd45xIL247", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683691998, "uuid": "bd11ddec-ad5f-4c27-b0ca-4abc0d1fdfd6", "value": 429056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683691998, "uuid": "194643dc-8676-4367-a76e-f7febd1500d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691998, "uuid": "111586b9-ad3e-4153-9b84-2de270a5bd06", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "404f7180-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683744507, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744507, "uuid": "5ddcfaa5-1663-4224-935b-4765c2a75911", "comment": "Malware payload (AgentTesla)", "value": "5ccc83a775f796de3dd319752d32a509", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744507, "uuid": "2bcbc29f-f5a6-48c0-9a97-433d1bbb7f78", "comment": "Malware payload (AgentTesla)", "value": "8a6bebf08f6c223ed9821ee3b80e420060c66770402687f5c98555f9b0cd02a3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744507, "uuid": "63639102-98f4-4243-be64-2fd4d0337b6e", "comment": "Malware payload (AgentTesla)", "value": "f564530c7f2e11f3320fac2a57e8abd33bd67126", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744507, "uuid": "0b157073-bd2b-4859-a0cf-f0b72d6b22a8", "comment": "Malware payload (AgentTesla)", "value": "3016a79100de082b04acbe8a03c1e839cb4ce51285b856a6797e4f06c1542afd18cf1def413c12e0f5a656cf706e8dd9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744507, "uuid": "e86d05e4-0520-4820-994e-61bb3c2a34f6", "value": "T1C634D00533FC4441F6FA5F7F68B091E00B727E0B5A75E68E4D8A64CD28E27124993B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744507, "uuid": "5c9fd6c5-916e-48b6-8a6d-e9d4e04f50cb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744507, "uuid": "ec23a2d2-6f08-454d-8cb3-07ea31117ebe", "value": "6144:T1XQakQ0JFxbIBMPYVmmF2qHyodW5hdn3dXmjMAajj13mauq:ZXQaQbO8d33dcMAA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744507, "uuid": "d72c69bc-dc2d-4fbb-849f-70e228c45201", "value": 240640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744507, "uuid": "dbbd498a-26cc-4ec7-b76b-480e23ec781f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744507, "uuid": "57ae0286-ca49-42c3-8cb2-e0ebefda86a5", "value": "Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f878c36f-ef23-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683717328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717328, "uuid": "fda275c6-ea90-4fa8-83eb-098d57f5af78", "comment": "Malware payload (Formbook)", "value": "4c4d9335220c6937489818d0752cd220", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717328, "uuid": "c4921d6a-6c57-48b0-93ce-d17211cdae8c", "comment": "Malware payload (Formbook)", "value": "8bd09774a35e497c0f9ce94360ab35ec90479c03b9b792acf5eaf10ec601aa9c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717328, "uuid": "c3b09716-41c4-41a0-8e12-4bd4a57c8e5d", "comment": "Malware payload (Formbook)", "value": "c62b9c63b160cc0436103abf5134119150064147", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717328, "uuid": "990f9b17-feca-4cfc-b010-b156ab9a8f8d", "comment": "Malware payload (Formbook)", "value": "581eabf786a780439e23add292ccfbcd454ecd35561f9c051591591e1a4f54d3dffd0d6adbbd2496019bb35a56a217e1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717328, "uuid": "ec7305b8-7f48-489e-861d-7d1f3303fba2", "value": "T15DD423222A52C862FAD30AF58E5A1354396A2D179DBDD52A5378FDD8B8360C0E60D733", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717328, "uuid": "61b1555c-0676-4d04-87e1-3158d83a598a", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717328, "uuid": "f6fcaa02-ee2c-4151-a6fd-fcd6bfc919c8", "value": "12288:jY6mRG47VsaPgQXSWKCeWNCEBLY1Q09Vjlc1d7GRxyyErT:jY6mHxsaYQXSWKaB81ACMyEP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683717328, "uuid": "c1a10c42-ab93-43a9-901c-55ab91da4e99", "value": 643392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683717328, "uuid": "8a70c195-773d-4a3a-88de-49be60796748", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717328, "uuid": "c6855a54-cca8-4059-badc-d16318825e7c", "value": "8bd09774a35e497c0f9ce94360ab35ec90479c03b9b792acf5eaf10ec601aa9c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ceff50f-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683704720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704720, "uuid": "d518c420-a79f-4fa9-88ec-db6b6199e788", "comment": "Malware payload (RedLineStealer)", "value": "6ce90a5e690b0f8e1512fcab0c09044e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704720, "uuid": "57d54a25-e581-42a7-8174-703dff19c7a1", "comment": "Malware payload (RedLineStealer)", "value": "8c6d489d8ecdd838af163fa9d7dca54122213cb7344e14496966c69e707f556c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704720, "uuid": "cc90be6a-dca6-494a-8a08-5d2962013487", "comment": "Malware payload (RedLineStealer)", "value": "853f47e169571bfc478005f2ba6a2dc53c21018f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704720, "uuid": "ccfbc917-0c27-4d96-9ee5-bba587478733", "comment": "Malware payload (RedLineStealer)", "value": "b63f9752644f4fc705c45c093ca7dab55fc5ddf101c083d138777c8265959a3bba0dc437b21880bfbbb148f79f663411", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704720, "uuid": "92df05fb-3df8-42dc-8961-cee6c0cc8072", "value": "T1CCA40213ABDA9073E8B56BB058F703C30F39BDA58D74822B2741995E08F27916D3176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704720, "uuid": "8b2cdf5f-3572-4d52-abdf-b903a7f8f5d5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704720, "uuid": "e5f9e3da-6d71-4218-8718-04a9c7f1952b", "value": "12288:NMroy90KvsfzVRR9MIlEEG8HIIkJcZ/fPQS8AukjcGTMF:1yA5RR9rg8rkfS8Qm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704720, "uuid": "a82bd8e6-3c6d-459c-b4b1-2085e73c3fd6", "value": 491008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704720, "uuid": "1aa7870d-e60a-4d03-813d-7b2111fc84dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704720, "uuid": "fefad5a1-04ec-49fa-9773-58fca62bf25f", "value": "6ce90a5e690b0f8e1512fcab0c09044e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da0abaca-ef28-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683719425, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719425, "uuid": "7d35fc1d-2054-44ba-a143-f3aa2153bd30", "comment": "Malware payload (Amadey)", "value": "4283a4998b98227d0555ae7677e7a0b5", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719425, "uuid": "adacaafb-03e4-4d4b-ab4c-27e552b618e2", "comment": "Malware payload (Amadey)", "value": "8cb4ccc40c0eb3962d25c0f87a7ab2b8f84a7298bb62ae24bdf7882c51495cef", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719425, "uuid": "f662788a-e4e0-4a96-9ed6-f7d466d388d6", "comment": "Malware payload (Amadey)", "value": "74964a3c9ccfd902610bc43e26f41bfeef692f50", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719425, "uuid": "8da28723-b0cc-4615-9598-9ca779df7b5e", "comment": "Malware payload (Amadey)", "value": "09015d4ca17807792de9966fc27314ff905c13ac96ba1ea349de9bd4180efa3024c997f01e88032da9278d51b4b131e2", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719425, "uuid": "d36784cd-88e9-4bad-b659-9307e2c70e7b", "value": "T1DAA41213B7C89832E4B52B70A8F603831F367DA19D7987AB37406C1E4973794A57272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719425, "uuid": "8f7f7cf2-bf9a-4a34-ac35-74e657769aa6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719425, "uuid": "566d3410-e4d3-4617-8378-08b5fcfb208c", "value": "12288:FMr0y906qPaYY6H+DTsY9UvYNCf8lUvi:lyHqPaYfH+cQGTEgi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683719425, "uuid": "a32ae2fe-2243-4801-a35a-a76f8af6c57e", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683719425, "uuid": "1dcb9111-6180-4783-8173-583c9e28ff5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719425, "uuid": "993d6d73-6c0e-4b4e-9f5e-38558174a9e6", "value": "8cb4ccc40c0eb3962d25c0f87a7ab2b8f84a7298bb62a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81b6c3ab-ef71-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683750630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750630, "uuid": "212c818f-a3df-438c-9fd2-6906e925f711", "comment": "Malware payload", "value": "87839737131306986d45c9a46425823f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750630, "uuid": "4a8e7910-306c-442e-9001-35dab0378b57", "comment": "Malware payload", "value": "8d294c08b1e2f0aca6a897419bf42abe35e3d992ba9b20ef6a479b136417d8c4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750630, "uuid": "a50be8cf-f10b-4f33-8509-e2b81d89517e", "comment": "Malware payload", "value": "77456dcd807fcf3e37082bfdfad6e2ff5c00650c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750630, "uuid": "410f7b3f-fff1-4d07-99e2-70e5cd7f7b61", "comment": "Malware payload", "value": "b64ec462b825c105570f325228a97b10ae106d7fd0a46cba319115e8a22c6bd5b32cdc44114f1d154e2c2f96b9049d9d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750630, "uuid": "55086804-39e0-412c-90aa-afdba85387de", "value": "T1505633706F94AEAFDF68523E25931E1559B22FAC840C14C35ACCB5C3630A797F419A2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750630, "uuid": "67df0f9b-3465-43a2-b292-7554eed6b025", "value": "9d870915cd3d95b0df885669e5e74306", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750630, "uuid": "39b20cb6-b680-4904-b1ee-355d1e179fae", "value": "98304:CnODmX1KCRgGAtygwuFvIo87jOj3wy14Rml:OODmFxAdwuFvIo8HO7wyZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750630, "uuid": "35b74367-fbfa-4906-b21f-48f7f7c83be2", "value": 6040460, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750630, "uuid": "d935df4f-a8d5-4c7a-b93b-ea79b6aae43c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750630, "uuid": "a7415f1a-e683-464b-8953-a93f7e470a64", "value": "SecuriteInfo.com.TrojanSpy.Zbot.32179.13297", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "398b283c-ef80-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683756951, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683756951, "uuid": "a15eec8e-37f0-4b70-ad50-afedbe07e236", "comment": "Malware payload (RedLineStealer)", "value": "1287468dc0ca217fe5b8ecc845a7c5b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683756951, "uuid": "8f7948b3-bcff-4d8e-86f4-da18ec3e814c", "comment": "Malware payload (RedLineStealer)", "value": "8d833b36557291ebf7ed3ee7d5830187dcf0456f737b56e7a953ac4a35b03257", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683756951, "uuid": "61a26838-6d5f-43e5-be44-cec824659c2f", "comment": "Malware payload (RedLineStealer)", "value": "22d465aebdfeb4bd4bff0595624d893bb47f25e3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683756951, "uuid": "c1dd0dc0-d84e-47fc-a4d8-09a7e7aa85cb", "comment": "Malware payload (RedLineStealer)", "value": "54b2eda1958bf198e5319bb32cdde190805d4e0721697d2ae9f60b1dd7f3a5de690721bdfa38d78c89e4efe27101eb0a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683756951, "uuid": "235f8128-0b9d-46b7-ac12-47edab226c96", "value": "T17A24F6267912C031D560A1B619F4BFF2C59CA824ABB049DB7B800F77DA122F73D61E39", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683756951, "uuid": "704170a1-7cac-4ea3-9c51-567aea234d28", "value": "f8cc61ade86cb7277d0ab974de6323cb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683756951, "uuid": "050b9898-681d-4445-ad2e-e91dcfafa42b", "value": "3072:mhMCsw9/w+A4cwP+5OzutpHKGruONM4QuZA+67bi83eILfbq5kmh:5Cswq+AXYu7HGOSuZAlAILjq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683756951, "uuid": "561c5a22-04f3-446b-9717-eba156c07ee5", "value": 215406, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683756951, "uuid": "ccdda610-43c5-45a7-9fec-ee8bcb9353e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683756951, "uuid": "e0595b8f-25a3-4e67-842e-d5f01f89219b", "value": "1287468dc0ca217fe5b8ecc845a7c5b4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3ff7a41-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Quakbot)", "timestamp": 1683744755, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744755, "uuid": "33a94f86-23e5-4a97-8199-59a9f1bf66e4", "comment": "Malware payload (Quakbot)", "value": "bf8b46183f629c6735a3a164b9ba6021", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744755, "uuid": "12f68813-0791-4c84-90e0-21c64b6503fa", "comment": "Malware payload (Quakbot)", "value": "8de1f69c791c78dccf9d9b6f3a13cb0854b1cad25270bf5493201ab6e2fea2de", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744755, "uuid": "371f17ee-ad96-45cc-a51c-d226a05f2f1e", "comment": "Malware payload (Quakbot)", "value": "fc3f702222763b9f0f4d5871c9e95b5a02ac2c76", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744755, "uuid": "bef89fe0-cb37-4fbd-883e-08c469daa652", "comment": "Malware payload (Quakbot)", "value": "a8db5b497916851be9593385a34589f7414dbf5dd18220a0892a1a6ffe7a085ae4dfff06075d155723074787cbaa2bfc", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744755, "uuid": "51638a6e-876f-4d19-b7ad-f6bb5713679a", "value": "T11564CF12B872D033D1E761F061BC9791FE7EB58153A29BDA87E844A09E054E2E73D363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744755, "uuid": "475e1bd3-bbde-4bd2-ad6e-4284a004008c", "value": "7de4adc3d81501f1c753437887d51969", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744755, "uuid": "5edc8976-c069-4d9b-b296-4cbb57aba72f", "value": "6144:z8ESLcu+wP1cIm0nX8lyvKGtlc6DyHkCefzHJNPdDX3Y6iMiF:YEPu+Y2I9MEvbi6DyHkCezJv06", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744755, "uuid": "17ad7896-aaf0-4760-a476-498b8ee7d326", "value": 320512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744755, "uuid": "02897631-f092-456c-8d8d-12b67312e170", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744755, "uuid": "8722efff-a4eb-4b36-afb8-801c8299d871", "value": "aXBRjpS7P82Fyr.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41bee36a-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683704567, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704567, "uuid": "080c2ba5-21b8-44f1-9b41-7459376999b6", "comment": "Malware payload (AgentTesla)", "value": "19e48bfe6f23d158cb7fc3687debf595", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704567, "uuid": "5eb3c6f3-b421-4f9c-932d-c82e7f6d9998", "comment": "Malware payload (AgentTesla)", "value": "8e3f656f70978440245c238870f316ccdbfbadff73350dd6d204c9035cc00357", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704567, "uuid": "501889d7-d30a-40a1-b53a-15fd33ad3b8a", "comment": "Malware payload (AgentTesla)", "value": "1c80651523721778b82288eb97b2e673ef2814f2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704567, "uuid": "f41fa5c9-c8b1-470b-a79f-274aeacdc86f", "comment": "Malware payload (AgentTesla)", "value": "078c5e223c7ef5a65c4a19f5c8b268e181110384e055515206785d922073c707cdeb8be0edc3de3418e7319508d6fb0b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704567, "uuid": "319c0d15-9aae-418c-a1ab-ca0cded972c8", "value": "T19F358FBA10C55D16C729B2FA8159C8E60B36BE21DFA7E21522BC30CD4DB2713DD5A90F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704567, "uuid": "de9fce9f-31e8-475f-92f2-6321746415e1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704567, "uuid": "fbb54f10-a42d-4229-9fb5-936bcdca9442", "value": "24576:D6WIqS5JtJYflKnxbl3G/V04sGNn/lBij2l0/eGRYpyuD8Iy/Je/XCGb32Udv72Y:9rS52G55Gt04sGt/lBij2l0/eGRYzD8U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704567, "uuid": "e58af79b-e8f1-4168-9e3e-290404a9b852", "value": 1078784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704567, "uuid": "dd33f62e-ffaa-4ee8-98f2-44e2ec2069ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704567, "uuid": "cf22452b-a9a5-4d50-b635-31153658f2db", "value": "Halkbank_Ekstre_20231005_075616_005737.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79d486a1-ef2e-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683721840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721840, "uuid": "b3e5aa2c-2e44-4642-8a4e-5daba9fd3c17", "comment": "Malware payload", "value": "2bebaee66b3c3ef4ce6d9d3fa0e10c40", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721840, "uuid": "9a833b01-8d86-4913-ad8a-0d7fd3baf21b", "comment": "Malware payload", "value": "8e968c0dbcb617142c2ef73713fd325b3dd204af25adeaa345e472fc04c03504", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721840, "uuid": "09b48796-88e1-4fbb-a23f-fb55fa27adb1", "comment": "Malware payload", "value": "70c7e6c49c4018af3cd6d0020c38796da10fceca", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721840, "uuid": "0d78c91c-3960-4598-a729-b4b77c3a815f", "comment": "Malware payload", "value": "4376ff4f3eb25556703b0fb4d059c5ef616841fd26c98a0649bf619bc5feee2b7802b3114e96b57b923c1a2a79a1a93e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721840, "uuid": "dc80f8e8-c2a9-4197-829c-1aecb812023f", "value": "T10DC1983B6BC30DD2DF8E4FFA06A78D8D54680430421195B44B59C54A1DE9A63F63B7E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721840, "uuid": "0e6aa520-42d5-4f9f-a7fd-569523a6e2f9", "value": "d606380528517f401b5af00666d3ca76", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721840, "uuid": "d88900e9-1e72-4ca5-af8f-623869846f63", "value": "48:SqvOd4r6tMeZnjgxKhxVhVtxMhuWpypj8FbMtjIofJ97Le8Ga67ueHo5y:XrhEp2/pypjsbML97LejnHo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721840, "uuid": "7e9a6763-31d6-417e-8eaf-cc84f5647366", "value": 5632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721840, "uuid": "caf4c437-815d-4ac5-bc9b-15ec42dee312", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721840, "uuid": "6ef02ef0-537e-4a99-ba65-2ec7d7c8fb05", "value": "SecuriteInfo.com.Variant.Barys.431180.7058.11336", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a928a45-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731344, "uuid": "9922449f-5dab-4a1d-934a-ae4797bba33e", "comment": "Malware payload (Mirai)", "value": "8fb9e75cb6ac7be02015028526432dde", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731344, "uuid": "1c4a10cd-7d5f-4c5e-908c-6736f13fd5da", "comment": "Malware payload (Mirai)", "value": "8eb530435675c85fe64e9da8e99731b931ecd1e610e66c79ea44577d62904602", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731344, "uuid": "2edf693c-67e2-4157-95e1-e9cc5797b00c", "comment": "Malware payload (Mirai)", "value": "94061ab8d409733004532b728eab9fc828d515ab", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731344, "uuid": "69183001-1c45-46a4-8569-656770907172", "comment": "Malware payload (Mirai)", "value": "cdd48c50002e1a0816be8e47e2c76740e6785631b69d92c1ecd5b65f06498b79ad8811f902860e18b46f2e253624d607", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731344, "uuid": "138d11e7-f74a-4283-8c4b-6a6ec2d8ecd0", "value": "T1A7B31A37A61C0B43C09B55F02DB77BF24F69AEA313A611C46609FEC04B73AB22551F99", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731344, "uuid": "6ba46e13-0def-40ec-b395-6537a73411b8", "value": "3072:pC/4rdZHsXsZwwR9LNk5mm/QcuLmHniPNb:pCwrvHwsZwY9LOmm/QcuLmHniPNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731344, "uuid": "faa21e95-d684-4969-8614-478d7db79b2c", "value": 116786, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731344, "uuid": "fe19f78b-eae8-4e04-be37-781c0034e789", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731344, "uuid": "b83ee852-df71-499c-a879-925e4fda3379", "value": "8fb9e75cb6ac7be02015028526432dde", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9cbec96-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683705707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705707, "uuid": "62474a0b-f302-4075-a7b4-e340d8f35a71", "comment": "Malware payload", "value": "106e10efd44468e7a1d1847e4efebbfd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705707, "uuid": "eb574226-252d-4d75-a8f6-9fac78cc43b9", "comment": "Malware payload", "value": "8ece170fab2eef0c90749f228637bb69a67f5dbf4fe10c4268cba0d3be9f9fe5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705707, "uuid": "1034fa2e-6887-4c81-9e05-818bd5ba4743", "comment": "Malware payload", "value": "7df779d1f4df86441275dd37a990854251f7f923", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705707, "uuid": "c5dc55e5-30cd-4df7-b7c7-ee4a3e9ef6dd", "comment": "Malware payload", "value": "2019fdf20e81895737a6d383c80fdbf7c084a3b9301f439e41bad6a343c5653adce5cc969dc9e1e046f7b41ebfaf5d26", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705707, "uuid": "8fbd5a77-aa37-4799-aeaf-a83efc233c1a", "value": "T1995502330DE6ECA99F640F1DD0211E0F9F613C6F9B6CB1A46F58B16174A8A529B1C8F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705707, "uuid": "1b6ab244-f078-40fe-9c53-19aa5117cd64", "value": "24576:5QBk+GAhX/NJ4WjrLvMjW5ZFycvUkG9EWrS7FNtid7TKXI9vi:kk+NuFK5ZUc8S1Q/t96", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705707, "uuid": "5bb263c4-caf9-4574-8594-1477e6da53a2", "value": 1290936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705707, "uuid": "3d34b527-9179-4341-ada3-7f28869e9b49", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705707, "uuid": "af8985ce-d1f6-4fc7-b339-c155a983eb10", "value": "106e10efd44468e7a1d1847e4efebbfd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "195962f6-ef0f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683708364, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708364, "uuid": "7ea67f6b-0201-467e-a589-54ea57925ce7", "comment": "Malware payload (Formbook)", "value": "0d7560d2001ab39c7dd284ac7e528610", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708364, "uuid": "a8d4848b-60dc-47a9-9a02-9944d273fa81", "comment": "Malware payload (Formbook)", "value": "8f3449b43eb5b5bc23330078ff8237c5d743a73519348f95b3c51d691f5663a3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708364, "uuid": "5930005c-8043-47d9-8059-95cdc75db720", "comment": "Malware payload (Formbook)", "value": "023a5d90d6cfc0c9f2dfcd69f34942b24be1efff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708364, "uuid": "e9bd42a2-8eaa-4fe5-9da4-16c50e516e85", "comment": "Malware payload (Formbook)", "value": "60f6f24cea1dec36736dcc571366cae236e54a07c002cf126252135a72a6b0aa2cb7123f3740d899c82735f26f89236c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708364, "uuid": "01306fcb-af61-409e-9575-a322b6e62a77", "value": "T197D4E1B4A1AE49E2F20F9A70157CBCA21EB670D3EED95578072D6504DFBBE103E8490D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708364, "uuid": "cafea691-bf72-4d4d-9d97-10a897a1bdca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708364, "uuid": "a64fdb94-63d1-48e9-9dda-4d441bb6748e", "value": "12288:jNj5Ay4tO1qpLHs6omNFL605YGxktk78OjmMeLiubJmJsfVbvXJ9EPzPKpALm:j3eYEpLXomz60e6qJOjmMEiubJmslvJ+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683708364, "uuid": "96cbcac1-05fc-4068-95f5-2805f2cfa090", "value": 655360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683708364, "uuid": "910a92b3-5bcc-4ab6-bae0-07b8ecac5576", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708364, "uuid": "f612ea74-a9c3-465d-aca2-db725f780232", "value": "New order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c4e3688-ef70-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683750111, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750111, "uuid": "02bc51c9-73f8-4993-99ec-6d6cdfb39913", "comment": "Malware payload", "value": "b087d2cba334e315c16c893e0709b14c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750111, "uuid": "fa399084-25a1-44fc-b287-414fc781e9a7", "comment": "Malware payload", "value": "903ec040156e7a33d93a518777077fa8e6a85bfad6b9dad522037e89b80d058b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750111, "uuid": "8f6a37fa-1e97-4a90-b2d5-d405233e3f8d", "comment": "Malware payload", "value": "528e6201b572c079b800152e082d56b8a96ebfa4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750111, "uuid": "305b2140-6d17-4465-8ef5-e266e605a8e8", "comment": "Malware payload", "value": "5be8e0b107319937f2b9a538709f3a038bcde5bb7d90b1e7c1160d2f36698693f8513127f03db26c1e836e15b96f1949", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750111, "uuid": "c55d0ed4-88a9-416d-aec2-3514e8f98644", "value": "T112F49E0BB5A29F0FCB9A1F39D86714194772D55DA273F30B1B7E21222C422E68E933D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750111, "uuid": "1ffa4890-88c7-40ed-a5ab-7bfdcdedc27a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750111, "uuid": "64bd2ef9-2e1a-4b2d-8f30-e605039a1a10", "value": "12288:9ioLb67AU2rbTI+KjJ/iT7jukhaVyU1Ki2f6Ilw1wODVHTeBr:/NsJ8uzyUef/0wODdTo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750111, "uuid": "84d12d58-2cf4-4476-bb28-48ca9f4fc283", "value": 775680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750111, "uuid": "9dff5a28-83e0-4770-9e2b-77aec1700018", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750111, "uuid": "613d0bc0-c4ac-4002-b255-652c8c15de86", "value": "frank.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d46be95-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683744502, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744502, "uuid": "3ca82453-2051-4d75-9a74-eea1d3dcdda5", "comment": "Malware payload", "value": "ef436900f26198a0402619af86d78ba8", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744502, "uuid": "359f8f7b-ec3a-4a3e-90e0-158c6f8aeff0", "comment": "Malware payload", "value": "90f1e57eed8b718d2a0553e5b43b7d51a995d8cd5482c90ae83097d34afb6804", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744502, "uuid": "f936bd88-64bb-46af-8ba5-72f411a497a9", "comment": "Malware payload", "value": "6e85561e6fbaee82790a8953bb201c96023110b7", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744502, "uuid": "aabf5564-ecfa-4a83-b58a-820abace1402", "comment": "Malware payload", "value": "cbdc8acc33806f31464099cd6a71dc1f8104d0d3f71dc76842edb34a97e08c4dbbb4238b40d5480bce27fbf0a28db4cc", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744502, "uuid": "899add11-69e7-469b-b530-5b803e4f62ae", "value": "T1887533716CDEBA3DE43D2D73C939D800EEB9814470EDD0D9982021FBE69B5AB866311C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744502, "uuid": "42ccd605-374b-4da8-9ad5-d8f12c32e95b", "value": "49152:ufcsggXy0WCJ9ELCQ0t7/oA1q1ZnnN9YqQ:vspy0WCJ9EmQ0ODyqQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744502, "uuid": "948d4279-ecea-4199-b363-f296f9e85231", "value": 1624426, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744502, "uuid": "e8b9c693-6cf5-4a1c-a597-e741d8a49082", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744502, "uuid": "9406f2b2-2a9f-464c-8dd4-c1eb6e637ef4", "value": "Download Tracking Reference.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bbd69ee7-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688450, "uuid": "ac1f0d6f-089a-466b-8f78-c1181e272d8d", "comment": "Malware payload (Kovter)", "value": "8f5856f8836b38ce058f7ed2f1258230", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688450, "uuid": "2e29832b-f76c-498f-a828-43341b800638", "comment": "Malware payload (Kovter)", "value": "912643ee34a00adf2160b1e50272bb04cec2139a89f8dbb1eae7704a54abe01a", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688450, "uuid": "47d0fd64-3ed9-4489-bf36-a0b9fdb7d230", "comment": "Malware payload (Kovter)", "value": "8ac359e89061e868b33e82c66e2c5bb360329fe9", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688450, "uuid": "31a8638a-f7b4-47a8-8896-2393b9f8b707", "comment": "Malware payload (Kovter)", "value": "eaa9e95378bd8c2848eadfef06777c1833c555fc544a4944b9a716f50fe92208fba3db2c95fa5033db11e5960ce972c2", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688450, "uuid": "ec0554a6-dec8-4d5f-b82b-20b6f11cc6d4", "value": "T1AC741935F280E537E4269CB8DD1FD2E4A57AB6302E381947B6E11F0C98F5193AA1B743", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688450, "uuid": "873b3715-5c85-4bb9-a2b6-3c2508cfb865", "value": "6144:sbmiabKCSof1QEk+YGGq8ysIJVf++Zrx9/voNq/NbL/B44QFqCD3K:1iQdvBYG5VnZrrNbL/K4Pz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688450, "uuid": "834d0d90-46f0-4e79-b195-7d9be2ad9832", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688450, "uuid": "757b729d-d9f2-4658-ac00-d0f432513f70", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688450, "uuid": "41249ca5-e0ac-4387-8e31-59392b112c6a", "value": "2023-05-09_8f5856f8836b38ce058f7ed2f1258230_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b3196a0-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707079, "uuid": "8b15bf4c-92b5-4b69-bc67-0429cfe156ad", "comment": "Malware payload", "value": "f3a2aa3decf86e4604113f937685cb21", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707079, "uuid": "f72b131d-691d-4c60-ab73-a9af9e0c90b0", "comment": "Malware payload", "value": "91b2ca823f2ff18c18ab73433918b628940d467abc72c6937c717eb92703a88a", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707079, "uuid": "b9b1fe72-4e31-4253-befa-4a00401279c9", "comment": "Malware payload", "value": "522c1779e4249238d2a0dc5f4d40baa27c6c0f70", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707079, "uuid": "dc1ec874-4d19-411e-8f16-d0df7da9d99c", "comment": "Malware payload", "value": "b0b16abec3418a1478e8acac8fa26d96fbb2b721ef4dd115f2b939b5d2cd0ac2be500d1d1394df23507bae9612350df0", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707079, "uuid": "7226808e-09bf-4fa2-8637-ef247dca6a6d", "value": "T1D655F1333ACABEFE23790D44D8BE09954CC7D573A3989094BCA8968AF5F2814DD51CB4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707079, "uuid": "29bd594b-2b5a-4c96-850c-244e153dcf8d", "value": "24576:yCXTobw4kIh1p1cbhgkoe5NW8vuA4WrOQIsnK3+SfGTg7Vc4vClssPsOLX9b:boBmt3nJSfxG6g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707079, "uuid": "a4e98e2a-94ee-4d9b-9815-ee3c6df8ab67", "value": 1324376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707079, "uuid": "3a7c57b3-0829-4f75-a411-fdc4be7234bf", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707079, "uuid": "deb60c47-cfb6-4e66-82e1-328a538446b8", "value": "Twfxttkz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b310bb8c-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BlackMatter)", "timestamp": 1683688436, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688436, "uuid": "4efa0a2d-a493-4f3c-8937-ed6840acbf6a", "comment": "Malware payload (BlackMatter)", "value": "342d38c93bb4908a799377eb37ec247c", "object_relation": "md5", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688436, "uuid": "4aa73aaf-3393-4bd4-a6fc-3d6918c58ef7", "comment": "Malware payload (BlackMatter)", "value": "92813f3c2973a00dc738f72acdf3014e914128a4b427dde5c19e73a87b5f38d1", "object_relation": "sha256", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688436, "uuid": "518a935d-b94d-4b41-bd1c-df27b49af95b", "comment": "Malware payload (BlackMatter)", "value": "4aecea5c921c519d3d147ece9756b80e3d6ee836", "object_relation": "sha1", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688436, "uuid": "d771a48d-cedf-4f15-ab5e-b8806707dad3", "comment": "Malware payload (BlackMatter)", "value": "f0e0024a9ed76c189d1c009b596003963c37937b5fde877e9f9874f4fb089c5a74ca6a6512fd685bb876e5bcae5a0ca3", "object_relation": "sha3-384", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688436, "uuid": "954c9776-60eb-4a44-8ab3-8ccbcceda5ae", "value": "T18FE37C21F11ED0B3C47718F22726A17EB3EA4D2C0AA57947DAD80F48BCA49232F4595F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688436, "uuid": "b88e8539-f8d8-4573-8174-6e3a7b1f1131", "value": "914685b69f2ac2ff61b6b0f1883a054d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688436, "uuid": "b34b2b2b-3715-48b5-a4ae-a9de4c9e98b8", "value": "3072:IqJogYkcSNm9V7DipJL1rrpDkQkYiydT:Iq2kc4m9tDoLVrpIQkYi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688436, "uuid": "00f6b211-3b4a-4a30-ad20-9b72179ec4e9", "value": 157184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688436, "uuid": "b3966152-102d-4418-b3de-fd9e4269cda5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688436, "uuid": "79b076ff-21ee-4112-bc79-7ce64c8c5223", "value": "2023-05-09_342d38c93bb4908a799377eb37ec247c_darkside", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef626856-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (XWorm)", "timestamp": 1683700133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700133, "uuid": "f0b7ae09-0d9b-4a7e-9f9d-c6bd0e6b910e", "comment": "Malware payload (XWorm)", "value": "4b987250f542cc296a7f7f4f0c544756", "object_relation": "md5", "Tag": [ { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700133, "uuid": "1e7afde1-5d3c-40e9-b368-d38f891e7ae9", "comment": "Malware payload (XWorm)", "value": "9322af1c1772c02304576f64617aae1bf178297617f635d4d036ef1d317b1c7f", "object_relation": "sha256", "Tag": [ { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700133, "uuid": "0dfbd124-2179-46b1-9875-7ba7da32602f", "comment": "Malware payload (XWorm)", "value": "f505a9d42a678bd2ecb0bb8d3005735461bfc077", "object_relation": "sha1", "Tag": [ { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700133, "uuid": "6ebcfd5f-d2f1-42b0-b85f-f53283faff3d", "comment": "Malware payload (XWorm)", "value": "9d330d56e62ff5adb0e9aadf9b691c688caa752c3e36915660c68970eaa0a0549f1014eb15d67d0740f0c08757762cb8", "object_relation": "sha3-384", "Tag": [ { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700133, "uuid": "e5cb88b2-0eaa-4288-843d-0bdacc6f93a2", "value": "T12AF2F1FAF92D88E85D46C9CDEDCA62F8B97A409117D72158E3F42314339B8B2045B53D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700133, "uuid": "025ddfa6-f527-426d-bb22-fb9413a7fa50", "value": "768:3GuEbPLLUJj7FDtactGPMxM+VsNMkfdtAXke3tHLfvSlAOCfdm:MrkJjBDgc9M+VsNMkfHRKnNy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700133, "uuid": "05567c82-0f84-4973-a735-4bf4aea08f83", "value": 35548, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700133, "uuid": "0b5a40b4-0b22-4072-9c93-257e4c835e7c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700133, "uuid": "64da53bb-aaaa-4e50-9a8b-1a007e9f1b5f", "value": "4b987250f542cc296a7f7f4f0c544756", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5b08b7d-ef26-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683718532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718532, "uuid": "b4a305a6-afe4-45c6-ac3d-1cc1c5235737", "comment": "Malware payload", "value": "8c9ddb47b11bd27f2697f7a3f0f9c479", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718532, "uuid": "88d0dc14-9bc2-48b4-90b8-2be1957e8acd", "comment": "Malware payload", "value": "935f98d069518626a6d22664f1df0b98ae63dd633b5001157047af5910709419", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718532, "uuid": "15255ee8-bc5a-46c9-bee8-e93affe809fe", "comment": "Malware payload", "value": "b47b67bebec90aa0f5eeb1dfd8de7f312e6b6e8f", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718532, "uuid": "d2b9c8be-eb23-4101-83b2-9327a20e78b2", "comment": "Malware payload", "value": "9d3c15caf582ca6f38cb25c58a92c9837502e9c06b56501fb6a6839142febcaed35743b396f9990a9548ea3b0781bf82", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718532, "uuid": "c92bee46-e82d-41a2-bf5b-ce051c44c6a4", "value": "T197E26108326AD963E2550E370EDAEAEB3B347C40FF8982577148BB6F9F7A254CC55241", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718532, "uuid": "fb24b36e-aaaf-439c-b17e-a77d380dc6a5", "value": "384:AJUV9iTBnw0DmgVyyFhQziDz8xPDnkUBk5bvMk0zub/2o/0rZ7CDo7zZq:cUWTRZbyu5b4uLZuZ7Cq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683718532, "uuid": "b199afb3-81e4-442c-8dea-abf1046556cb", "value": 33280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683718532, "uuid": "201a408b-1da2-46f7-a9c2-fc9ad1dcdbb8", "value": "application/CDFV2", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718532, "uuid": "ca410c7d-4122-40dc-9aaf-6c80dc92cc6b", "value": "SecuriteInfo.com.GT.VB.EmoDldr.32.5B1A3795.12958.19553", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9db56298-eec9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683678522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678522, "uuid": "c2959786-e68d-451a-a094-78fdc4fea99c", "comment": "Malware payload (Amadey)", "value": "1945d8beb0496660f0d601adc0003717", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678522, "uuid": "f3123e56-b079-4bc9-8efc-f7730b4cea3b", "comment": "Malware payload (Amadey)", "value": "947e2ee6c6f9fc6d7b34b921a61f201831e3f53a84d1a1a8ded3ba557ba560ae", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678522, "uuid": "32a40766-f358-4db9-ab5f-39a20bf78eb0", "comment": "Malware payload (Amadey)", "value": "3c0d2cab9b649bebb5e5c5c5339c9e427f993838", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678522, "uuid": "4dba0768-96c8-45fb-b547-4c458cb360b1", "comment": "Malware payload (Amadey)", "value": "e784401a6934b89af9b9b3b82bdfaf0779ab94bb2643ace5a3b89dc6dcc74273e01b88426d2497b8e7a83a469185f53b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678522, "uuid": "4359b767-8481-4882-aa61-32eff532748a", "value": "T1FFB40203EBE94472DDB12BB058F602530E3A7CA199B8932F27825C5B1C737A56471B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678522, "uuid": "a5ec02c2-7a6e-4955-b92a-999b255a5187", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678522, "uuid": "74504fcd-c71b-4a89-82bb-cd5ee7898714", "value": "12288:uMray90Yx8NyVTFy9d0W6UoTViV8kw7HlI5yuYHq:oy58NaHWfCVG87pIoW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678522, "uuid": "4206714b-d1a7-4e20-aaca-a3ddab7decc5", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678522, "uuid": "693b9790-2238-4ec2-9f19-406cde9f9682", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678522, "uuid": "b3917098-2586-45a4-9f42-165522df2518", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7ba1633-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688470, "uuid": "ddd52d47-28fb-4a73-a987-6dfb3a20e670", "comment": "Malware payload (Kovter)", "value": "fae068d25e74147bcbedaefa40e59d2f", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688470, "uuid": "92e2346f-4d22-4720-bebe-7ec6ed654d75", "comment": "Malware payload (Kovter)", "value": "94a45902c101000b1f6f799f38186748c80a12729ca56f13764596208109771c", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688470, "uuid": "58727588-0487-44fd-952d-cbeb96b4217d", "comment": "Malware payload (Kovter)", "value": "be84837bcf1f5566419b72dccaef8f947f4a30bd", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688470, "uuid": "cc883017-e73d-494a-8790-1b500f328b86", "comment": "Malware payload (Kovter)", "value": "663ee90db20a937501ba5ad7fe5649f567d3a0fbbacb1d66bd1dc337d4703529231d49869401b56448ece0b079fdb0b0", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688470, "uuid": "3a617100-3c85-4b3b-841d-fb2312d52432", "value": "T199742A39F340E237E4269CB8DD0FD2D56579B1302E391957BAE91F0C58B5183EA2BA43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688470, "uuid": "f5a94d96-d8ae-409b-bd84-c749b4678e12", "value": "6144:USFgTOiojhCEdmkt4BGaSsjzx2a6XRjxs6h9/I7QT/yNQNqc9lm:ngC/5vCxOXZI7wqN7Gm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688470, "uuid": "ded27626-4b0b-4be8-8764-78f71aa72461", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688470, "uuid": "839538cb-ac51-4625-9c79-22d7499f590a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688470, "uuid": "489ef00d-701c-4298-8a0a-e5bd1b7f53c4", "value": "2023-05-09_fae068d25e74147bcbedaefa40e59d2f_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5f8b8e2-ef58-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683739953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739953, "uuid": "2c02e4ca-1f53-4c05-ba99-64e58dbdedf4", "comment": "Malware payload", "value": "8b30fc482e23855a38e8578b6145d973", "object_relation": "md5", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739953, "uuid": "578e5c45-a987-4d9d-ab97-7b1bb2089b82", "comment": "Malware payload", "value": "95705925794344df8fd777aca5fccfca0c42eaaf5d554ce222beb578d3a90c0c", "object_relation": "sha256", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739953, "uuid": "6f627322-bc2a-497a-8b2b-a978c558af19", "comment": "Malware payload", "value": "c6d4bd06ccf7f4fe9ace3fd6e9e3281414e9ecdf", "object_relation": "sha1", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739953, "uuid": "75ae050e-f1ac-4f04-8792-0271dc417bbb", "comment": "Malware payload", "value": "fca852f6269f76a6cf90236ff021befe1cd956c26c9ca63c54fd112905f25d1231179535ff2518986ad4aeb19f862ae6", "object_relation": "sha3-384", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683739953, "uuid": "0dd88a0d-d840-4ea1-ab95-b86c77d55a20", "value": "T1FC53F99CA48CD598C9B9EBF3E752F0CAE24D737B4A8A44B271AF5FD20203D15E943841", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683739953, "uuid": "06fdd0ad-b2f7-4327-98da-34f6b65a3777", "value": "768:l0jVjgocGH4FBncGH4FBQNsgecGH4FBscGH4FBIacGH4FBPYLnnndTVrXmm1wDsw:6Xcs8csxecstcstacsaMnnn76gm1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683739953, "uuid": "4ade4381-b17b-4b15-9b0a-73a1e1a1afbe", "value": 62168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683739953, "uuid": "aefc716a-874e-4477-ad7e-dcf59c1bcc26", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683739953, "uuid": "3473be06-8630-4bbe-bff4-60d8cf5300e0", "value": "NDA-324861830-May10.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cba0e203-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (EternityStealer)", "timestamp": 1683705657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705657, "uuid": "28d02cda-9ae8-4cec-93d5-36fedd8d2f45", "comment": "Malware payload (EternityStealer)", "value": "3fcf2d89b71acf149950f813b5f8b74e", "object_relation": "md5", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705657, "uuid": "53907460-e2d1-4125-9703-4355aa7998ca", "comment": "Malware payload (EternityStealer)", "value": "963d62811b21dd7a9716c812303db3c717d5287e9b8fe0266084de98649de6b4", "object_relation": "sha256", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705657, "uuid": "4b083dbc-8358-4776-aded-f24d24985e82", "comment": "Malware payload (EternityStealer)", "value": "6f8029529e1e2edf4c4b107cbcb246131e41fd0b", "object_relation": "sha1", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705657, "uuid": "49acc01a-a8d4-44d1-8427-b8838076e158", "comment": "Malware payload (EternityStealer)", "value": "2e08cf424450086570d736903c4d1729641e98770a0b22abc257f782f7a077052044ee720299d1c7fab07cdfd94285e3", "object_relation": "sha3-384", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705657, "uuid": "635ef505-fdeb-4dd9-94aa-4f61acb23d2d", "value": "T19EB4F120B6C18871D9A719350AE59731BB3CBD302B358EDB97886B6E8F301D09E35767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705657, "uuid": "93273b82-0912-4727-a392-b6e359386230", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705657, "uuid": "971875a3-113a-4f2d-bd75-c261c97834a0", "value": "12288:1jOtvHMm5xvmX+t4YP8oY077c7sy5/CuLwHHKe8S2Z:5OtT5xvEeP6nLwHHkS2Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705657, "uuid": "d5daf928-ecb8-4ea9-b00a-52f2736da207", "value": 541264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705657, "uuid": "32d166d8-cfc7-4b2f-a1d3-21be1d03d73d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705657, "uuid": "723e26a7-bb6d-47be-bcd6-dcd23b6e70f4", "value": "3fcf2d89b71acf149950f813b5f8b74e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea8333cc-ef72-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683751235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683751235, "uuid": "b44c5d5c-a566-4414-a5c0-166ce2499ed2", "comment": "Malware payload (RedLineStealer)", "value": "189fe82cc89ca2b3586e9e9b87333388", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683751235, "uuid": "fed142cf-e305-4a53-afe1-5c63a154d2b5", "comment": "Malware payload (RedLineStealer)", "value": "96c756e98e7450f83927f62ab06fb7b552dbe454bae1a97a7b22cd866398b5de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683751235, "uuid": "89ea7397-eeeb-4334-af9d-f4c646a62b30", "comment": "Malware payload (RedLineStealer)", "value": "9b677d710ea409a14a75098c4e040a3df9b8bd36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683751235, "uuid": "58f55cbe-5516-46a1-bc93-d6c488067652", "comment": "Malware payload (RedLineStealer)", "value": "de1f3952a13ab3d8abfb8ce516846c2ca34b38c0cb4a5236f7dd8a1e8197d6cfa98839b767766999850aa44528e3e331", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683751235, "uuid": "a8b2926c-eb23-4402-a476-1c2b2f01f9df", "value": "T194B41212A6C89133DDF15BB048F603D30F397DA54CB49B6B2781698A1CB3A846D7276F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683751235, "uuid": "efe78440-ced2-4c39-bf83-5415d421ded3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683751235, "uuid": "f30c68a5-88e2-4c16-bd1e-31529ba41b38", "value": "12288:9Mrby90xez70tQ2Q9AJuBFUGRvndP1PeUEn6:myRJ2Q9AJUuGR/PeUv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683751235, "uuid": "f86cbd9a-c991-4b44-a799-ea62e87e4793", "value": 499712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683751235, "uuid": "6824528a-795a-454c-9e22-107a21a9644c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683751235, "uuid": "c51b9f4a-c415-48ed-9139-c3e9bf40e86a", "value": "189fe82cc89ca2b3586e9e9b87333388.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51a15168-eee9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683692138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692138, "uuid": "feb79519-ec6d-40e0-aa4a-abb09e242392", "comment": "Malware payload (AgentTesla)", "value": "746e259e8909d818693bce42b28ad243", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692138, "uuid": "1c16c616-a151-4392-a11e-0281ca0d5f55", "comment": "Malware payload (AgentTesla)", "value": "9897d0d1d13bbde8a468acd74e20f91c131368f3d6cd723d2545b876436d8f28", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692138, "uuid": "0c614ffc-927b-4a37-af13-e12642a23aae", "comment": "Malware payload (AgentTesla)", "value": "7bb8b3e555005c73b365171710bfd9e0250a4191", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692138, "uuid": "6d340624-ce48-4879-b01c-70afb38e6ae3", "comment": "Malware payload (AgentTesla)", "value": "e8f3b5a23e8423e77b9ff5f3f015698759aa26692dad9a6d1678900227f5d521fcf268e4b0d114563f29a0046b645c9c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692138, "uuid": "d2e96eb3-8afc-4a27-b269-6d6d9597b9a0", "value": "T10FC4D01A6169CF0BFD7A87F15474FF8463F0F0B364E0D1292FAA60C6D9A9F150A4861B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692138, "uuid": "e7965a29-b594-42d9-9653-3d96ed6c4e8a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692138, "uuid": "1ed9c55b-0909-4fab-b47d-45666cfd3a76", "value": "12288:z99nnrSZWvLNxfPJ04zKfu/mRes9mazbs+BJNgAdS:vnnKEffBvmm/1ewEJOAA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683692138, "uuid": "0fc596d1-8141-4ce3-86a1-4d863619cab0", "value": 594944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683692138, "uuid": "fc461e20-91d8-41ca-a0ed-0d3c1c27e0de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692138, "uuid": "d7402329-8208-4cf5-843a-291a4ff5982c", "value": "746e259e8909d818693bce42b28ad243", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86b86545-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731311, "uuid": "352c315d-9858-44b2-b15c-58a2e8ddb209", "comment": "Malware payload (Mirai)", "value": "1e82dc54157f441cf7935fe50df77d0a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731311, "uuid": "1a5d87fa-f8df-467e-be4f-646cdb161d10", "comment": "Malware payload (Mirai)", "value": "991d7c82314653f07824523bf8aac447591cc419740dfad023f5940ce2ae82f3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731311, "uuid": "065234d2-dc93-42e3-9b0b-a28d30c11ab6", "comment": "Malware payload (Mirai)", "value": "ab76c2dc9bc10a1cf0bc0f5bf9ec5f0ec14916aa", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731311, "uuid": "5c7347cc-6f97-4643-937a-cb2e832e506c", "comment": "Malware payload (Mirai)", "value": "505f2a99a869ef4dfc8c580b06c783a843ee132a759c9a1e4a4b19ad12826555de3145419f6c99aba33647c0a235fa14", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731311, "uuid": "4c4d627a-ec96-460d-a4d5-6cfd4cd4244b", "value": "T1DFB2D02CA62F9C30D5A01D3CF72C8753AF9407BCE5F671265682779479E820A64FD683", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731311, "uuid": "805b01ac-7a71-4f79-88f0-6057231d9c3f", "value": "384:g5wEOA3IYQmohnuLX90l/ZpKDTKYbgdNXwcshANqaz0BqKhymdGUop5h0S:g5wv9nuhAZpqX0NANASHs3UozKS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731311, "uuid": "ca5b4e9c-b103-4fdb-bd5c-666226679ed7", "value": 24992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731311, "uuid": "1ebea853-9e57-47af-a71a-3004ace186ae", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731311, "uuid": "d5673b7a-3cd1-458b-b06e-57b08e621477", "value": "1e82dc54157f441cf7935fe50df77d0a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddd82956-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683704399, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704399, "uuid": "81849ca5-7fc3-424c-aea8-c39278a00776", "comment": "Malware payload (SnakeKeylogger)", "value": "fb73a2982483561239bd36899e4fb1a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704399, "uuid": "08b4777e-bbe7-425d-91f1-9589df93c66c", "comment": "Malware payload (SnakeKeylogger)", "value": "9925d40e552d694f23587880808c8f53cb41ff2ef2fc5112f37aeaab7d1c6241", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704399, "uuid": "046ff201-68bd-4d90-a873-8cee9b84eaeb", "comment": "Malware payload (SnakeKeylogger)", "value": "634dc59de8afc5d1816957d707be594a04579701", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704399, "uuid": "8b862a29-6cbd-40b8-a66b-56fa2f155390", "comment": "Malware payload (SnakeKeylogger)", "value": "fe8d159b5f93e28e0381c51877e3723bf13ed1eb9db05e1efd9f6d1b3a78c235216c7b3526666cf8f54afb6999cc5b2c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704399, "uuid": "76cbd737-1f2e-47d1-99ab-88a553ac11ab", "value": "T1BF059C3D21DA5C26C31573FA8998C5E103356F00AFABD26A22BE30CD9971BA3ED5154F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704399, "uuid": "26c49c3a-97fa-4d1e-942c-eb77c4d462f8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704399, "uuid": "edd2e5c3-f824-48f9-be63-96a1cf212c7c", "value": "12288:jkXHmEooZfOtXyiZgw3AIqnM/SgwTnZ4BDzW7Qq6bAo:jsmlWqXTKw3oeSZWXWkq6bl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704399, "uuid": "acf9a883-9859-4a7a-a889-58c507ec9f58", "value": 834560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704399, "uuid": "cf6b986d-7120-4ab5-996f-42bd2eab8733", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704399, "uuid": "76763236-ef0c-4361-b911-f1a0256ef6e6", "value": "dekont.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19be9b64-ef3e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683728551, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728551, "uuid": "28694176-45ea-41ad-be14-4eb619e64931", "comment": "Malware payload (Mirai)", "value": "d0ea7323b4f685c9f4c6cc82098ffba0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728551, "uuid": "3b597380-9dae-4e06-842e-270ab2fc26fe", "comment": "Malware payload (Mirai)", "value": "9953673e87cd64f54d2edb14ee783eda0e73567977cb58c107c8eb62c0aacc6c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728551, "uuid": "ca4a5aba-5238-4707-a40d-fd5c99e3fed5", "comment": "Malware payload (Mirai)", "value": "f9da4d0f3573851705949917b324bf9820794f6e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728551, "uuid": "d1e8a570-bd04-4d95-9ce8-cb2a0a99723a", "comment": "Malware payload (Mirai)", "value": "c895909f28f080f79fa55fc735017ae8b7cfb2aac1b4f26b41d7eac0e573c007951530d602c740a96d94b190ff0ffe5b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728551, "uuid": "7212efca-3f9f-49af-9e24-f1c2aa30ed28", "value": "T135B3F872B804DF66F00A96B504D38B367E30BFA70E6316A2731B39669D331D528A7F45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728551, "uuid": "313cb1be-94cc-4071-92fa-0ebc1517c618", "value": "3072:Ydg8GXIDvGIk1MG8+mjypvZOoamm/QcuLB1niDNb:YuFX0GIk1MHyphbamm/QcuLB1niDNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683728551, "uuid": "f3e6cd38-69bd-44f5-9844-c37ae22a85f5", "value": 118090, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683728551, "uuid": "f80f5748-882d-4c6f-8731-0909d497a183", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728551, "uuid": "45660579-e646-4de9-b3a7-5d7b5a1f517a", "value": "d0ea7323b4f685c9f4c6cc82098ffba0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3853f37d-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683744494, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744494, "uuid": "536a0865-6e4b-435b-b01f-31c513171288", "comment": "Malware payload (Formbook)", "value": "fc317530c3a698867861a965caa34bad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744494, "uuid": "222f884a-e155-450d-bd2a-41f61855bb66", "comment": "Malware payload (Formbook)", "value": "9973a0ac74f8649b431499862359352cc0e8639f4f46ae5ae2371fcdaaf31320", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744494, "uuid": "e2cb1f72-2439-427b-8520-d84afae546c6", "comment": "Malware payload (Formbook)", "value": "2700a38ef604d78793da302664afc7d27bbb0b1c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744494, "uuid": "9087b6fc-b63a-44f5-8cc2-13c3f991758c", "comment": "Malware payload (Formbook)", "value": "254f753f4d6e20b2248641ea2879d84da96f599e6562018553445d8de7cd4dca8f435da8bdcc34c3473a3b8c24efc47a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744494, "uuid": "545d8f8a-7f67-46e0-9239-ca6c23f7ef1c", "value": "T15805CF32B2E19173D0B32538AD5A571AF4397FE00A187759EFDA7E0C2B391A0396D342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744494, "uuid": "fdf5e01e-c669-408b-af1c-a269e7d54eb6", "value": "2eb49758b652eedff910503837727781", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744494, "uuid": "38dc4e85-1257-4bd1-8f09-8e1efddb0230", "value": "12288:TNLhcjoS4FC7ITh3IBPmOt50Pbkttml53kbXJ2zlLj0:T9hcsFCMTaFCKIsbZ2h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744494, "uuid": "9c8c5668-e0f1-451f-ab29-3e95e07a3e61", "value": 817152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744494, "uuid": "87f22b56-1652-40de-a4de-d4a81cbd67d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744494, "uuid": "0cf47442-0ba3-48f7-8ffe-e561224029d8", "value": "092726376263728.DOC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b796cede-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688443, "uuid": "c51d4ab3-1b6e-46ef-aa53-072076716cec", "comment": "Malware payload (Kovter)", "value": "4ccb4753d11612bd05a4306bb7610cdf", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688443, "uuid": "ca6a5fbe-05ba-4662-9bbc-9899a50b400c", "comment": "Malware payload (Kovter)", "value": "99a51cde6b8a1a0efeb55415906871cab95fa9c6dd6c3603a02b92443893dc1f", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688443, "uuid": "264bd74b-681b-422f-9c06-3aa687151798", "comment": "Malware payload (Kovter)", "value": "22c65883b84a3c1da438c8bc459ea378171a766b", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688443, "uuid": "9fa95f85-f393-4de3-a5fe-2db49d3a28b5", "comment": "Malware payload (Kovter)", "value": "e70e3ddf20b2da99e4ac1c8fa891199d43778a5ace47f82bb5af430ec4b20bac15e3367d5d52f3cf565203f76da90fe8", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688443, "uuid": "b64faa35-d15f-48e7-9aa6-1dd3caffc8b4", "value": "T16F743839F640E677C4365DF89E0FE2D5A569B6303E341907B6E51F0C88B91936A3BA03", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688443, "uuid": "06a5d590-0794-43a0-aed5-8110803df10c", "value": "6144:cmSqHHy2RVpNggknLCcSIsl9P6Evlt/7Ala/tXT18oQxqpsWe:5SkHZ/TCK9Bv3tXTaoTE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688443, "uuid": "9e6d3ac5-b499-4b74-acbd-79a6e4bdb0dd", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688443, "uuid": "9f0014d3-b983-4c1a-a449-bdcdd2a498b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688443, "uuid": "d33ae0d9-51b7-4eff-bc17-21e9d8c3dbca", "value": "2023-05-09_4ccb4753d11612bd05a4306bb7610cdf_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed34a7e4-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683729335, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729335, "uuid": "7cb61f64-629f-4b91-8a24-526f882bc841", "comment": "Malware payload", "value": "288d1e8e1e9e0548b60e645f3c0c6a6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729335, "uuid": "1561e9e7-ed89-4369-98f8-c4ad69c9a83b", "comment": "Malware payload", "value": "9acdffe3091c87b5e1b89786dd59d36ad448fa7da5797958abf374e638aac592", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729335, "uuid": "f2b50bd8-7239-46cf-8be7-30e4b68ea418", "comment": "Malware payload", "value": "c7a7314d2a51c9f888b6df6ff5602d8257460b9d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729335, "uuid": "88f91a44-8e39-4661-b5d7-119e508e3d1f", "comment": "Malware payload", "value": "8e84f5ce8b92999b722e5f67fc8c03be6d88e292e60c90d0f89099347e956d123f1bfffba0147bff4b7245e886467efe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729335, "uuid": "af1ea5c9-df6c-47eb-9adc-ef812f2d6a98", "value": "T11434019195002D52FC57B63132F0C3256630FC62AF59CA636069F05A8A767C3B4FE2BE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729335, "uuid": "527cdd8b-b377-44c4-aaed-6dd90db26d83", "value": "8f938254f23972d30c118dec976e61d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729335, "uuid": "40349837-8391-41dd-9c88-03a8cdee352d", "value": "3072:ObWqYPquvBzGBPap6UAqNnpBqJe24NENCySqLURqXgdulEi483AhU8zAQz6l+aV+:OSrtUHC5bGRNCyzXHAh3Ae6l+6Ekc3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729335, "uuid": "b8fa3f3c-3e27-477e-86d4-d6a91df3d75d", "value": 233824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729335, "uuid": "ac1a6fa0-fd95-4893-a24d-227160447437", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729335, "uuid": "d38ee452-1f13-45a0-a5e6-a2333f3fd347", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9c1c95d-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683729330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729330, "uuid": "b146f692-1719-463b-a332-d5c8f9897975", "comment": "Malware payload", "value": "860b62717585f269d249ef628b7681de", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729330, "uuid": "f80831c7-494b-4093-9b52-964bef922756", "comment": "Malware payload", "value": "9b4e2523db1dda989afb99ec80d452f4745c53246bad523763098af883d205de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729330, "uuid": "12cd2b7c-5eb0-4533-92e7-266f99682e4b", "comment": "Malware payload", "value": "b429de97c3717ff84e86bb501741c6b49a02dd51", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729330, "uuid": "42d09f4e-1875-4ac6-ab43-9a3cab19db44", "comment": "Malware payload", "value": "b46f6e0e8ca618d35409fea4e5d8e8fc90b8744ae47820ac53d45844d2e57c0a0b3fdff97396f4068dd9975b416fee7b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729330, "uuid": "6dd2565b-bdc9-4880-855f-dbe2988c1f3b", "value": "T10DE64A07F89191E5C4BED130CA269262FA303C445F3163D73B64FAB92B36BD46A79394", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729330, "uuid": "684e120f-d376-4461-8ac1-192a326fdb22", "value": "57c9b357ae0cb2f414b0a5873e2f216d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729330, "uuid": "0ccc2b10-e80e-433a-b476-3c1955d5e41f", "value": "49152:wHT3h/SSPYYM/cKorb/T/vO90d7HjmAFd4A64nsfJMnFcGSx1wA002rY9qVSS+b2:Ae0STtDSpSksxilEKkxEp/4/gOAgBvU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729330, "uuid": "07fb485f-341b-4093-b05e-28f6c3f278a2", "value": 14533120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729330, "uuid": "042a9dc9-7698-41cd-a926-3254fe915a0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729330, "uuid": "42350f58-6210-473e-aeef-e0fe9416a8a7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "099cd1c8-ef19-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1683712633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712633, "uuid": "0979bd7a-c2ab-40b9-8005-07421ecb2ea7", "comment": "Malware payload (AveMariaRAT)", "value": "0b73110e05e85a00bb36b4cbef6ddd00", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712633, "uuid": "58bf822c-9d7b-4061-acbd-8fbc9afa6064", "comment": "Malware payload (AveMariaRAT)", "value": "9c44bba6ee95e8a9ea43700d766412061634e5e7ded47e654112cf5eb717908a", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712633, "uuid": "3b0a5118-3afc-4864-a197-aa6601e46578", "comment": "Malware payload (AveMariaRAT)", "value": "d50cd90107df26ebdbc9ff61440fa41d753f32c2", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712633, "uuid": "d951f2e0-cfe1-44b1-b946-816310d127e9", "comment": "Malware payload (AveMariaRAT)", "value": "6dc1aa7ebfa319da5918a782f988a9aa83e6a01c4424f4793d46046dfbb7352340ccf4a6628501accee4bcc31dd9dcf7", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712633, "uuid": "644da9d2-2590-4c5c-836d-f6a3e1cbc8a7", "value": "T13B3409203F1C4796C0DD0F73E9055B668EBE09A77A396B05B7C0AEB829933D746C56C8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712633, "uuid": "05315b26-620e-40a5-9391-49caf4aaee46", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712633, "uuid": "5ac487a3-0759-4f6d-9889-7ba5d071d06d", "value": "3072:Ks72FBp1WD4mGlf8xEsKV1KEVlZsXtwtQuVnPsVIx6Vzja:K/Fy4mGlE6RdVlZsGVz0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683712633, "uuid": "f1f35937-29c6-4101-a3a5-270100521749", "value": 247296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683712633, "uuid": "95cd42a2-1fa2-4f95-a836-1767d32c6a7f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712633, "uuid": "36f6e0e1-a227-49d9-ab34-6689e0f8ed30", "value": "9c44bba6ee95e8a9ea43700d766412061634e5e7ded47e654112cf5eb717908a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e87fb5ee-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683705705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705705, "uuid": "f298364c-e938-4607-96c2-6a8f98cd9c74", "comment": "Malware payload", "value": "5849fdbb3217647c1ab1f29fc8a9ba6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705705, "uuid": "a607c4ec-7a7a-4eed-be8a-1555aac1ac99", "comment": "Malware payload", "value": "9c7163b87371f86398de7b67c74b48a1646113351e71743f1ea6ebcb1bf0dad0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705705, "uuid": "4bb5aa7f-86a4-4858-ae8d-90f19fe98099", "comment": "Malware payload", "value": "2652ce80f73c1bf7aa30299c55aa94bde882efce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705705, "uuid": "9abaea5c-9e82-4273-81af-517b53fc2b0c", "comment": "Malware payload", "value": "cf8234e235f408dd3d1240e04e2e4ba636cdf267c807a03d764b2a18c42a0be713d6130e9bfecf8ba007314c8500b8cb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705705, "uuid": "7c6f92e8-2a2f-4de2-b2e3-c7775102e0e5", "value": "T1DB46E1B688F7112AFAAA4538557A0DF4157F69A717CC1DB62B04982E027E90C33EDDF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705705, "uuid": "ad626c92-0cbb-4f34-9a98-9ad74fa4ed3c", "value": "98304:vavlQIN33nVKboT7MAwtCUxDwoQtKjnX6Og6X2XcNlfYWzdgIT3S:vIlQIN33nVKboT7MAwtCYzQQjn46yQlm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705705, "uuid": "bfe4e5f6-26e9-4045-8d55-ce8c0de079c8", "value": 5598923, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705705, "uuid": "c4338bc5-8ca4-45f7-8780-f9476587f336", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705705, "uuid": "f93cc7a3-cfad-422d-bf34-059ab6e4e8d3", "value": "5849fdbb3217647c1ab1f29fc8a9ba6b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e709a42b-eef6-11ed-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1683697972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683697972, "uuid": "30b09257-5816-47c5-a54b-7ee17b6f5324", "comment": "Malware payload (njrat)", "value": "ce203795f25fd0d42f9b4ca91fc89877", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683697972, "uuid": "af0a7088-9513-404e-9384-33b61fdb62ef", "comment": "Malware payload (njrat)", "value": "9d1e50cbef2a51e3ca0aa6504d7b8739bb431b1e7c1dce0db2f58ae9b277d591", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683697972, "uuid": "1e5c29dc-de15-495c-8cda-3c51deb85b66", "comment": "Malware payload (njrat)", "value": "f55e210e54736eaa1e15a5764504fd1b6705968b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683697972, "uuid": "e270ed40-f757-4b18-b498-faa3b4b7fd41", "comment": "Malware payload (njrat)", "value": "66183cce876687b9879f1904157e61fbf0aa65bacc7951e496db17284fbec8f609031d4f5675ce980d20f06df9c79163", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683697972, "uuid": "0026a19c-2d78-4d1c-8352-13c9ac1353fc", "value": "T1BC033B4D7FE181A8C4FD067B05B2D412077AE04B6E23D90E8EF564EA37636C58B54AF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683697972, "uuid": "47cddb39-7f43-4e5f-be1b-c29b8f917ec0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683697972, "uuid": "506e4708-7236-4ced-bb43-af460627803e", "value": "384:NyW6WIiejtCVLO309Qmykrt4QdqMjf+vWEWxrAF+rMRTyN/0L+EcoinblneHQM3S:zHdGdkrOGb+eE2rM+rMRa8Nuagt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683697972, "uuid": "0283a1a2-1abe-4450-a536-770825c293d7", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683697972, "uuid": "b3f2576d-0b7b-487c-9002-d9d2e26679c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683697972, "uuid": "a0ce8604-2fec-4e75-97f3-ed23f3d7f731", "value": "agus.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6f6bbb3-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688469, "uuid": "4e8c9889-7423-446d-a6ef-6946b6f609bc", "comment": "Malware payload (Kovter)", "value": "f82cae2a1522f064244c8bf324e44a3f", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688469, "uuid": "22785e94-6480-4d4f-af85-5b2b14d91a1f", "comment": "Malware payload (Kovter)", "value": "9da18605892745e868963aa88fbe2572068f40279b82ad65f00575540d555a43", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688469, "uuid": "93d40df5-80bd-497a-b9ce-a61472eb2499", "comment": "Malware payload (Kovter)", "value": "150d2a16822648a64f3af57c5973b5a2c889872e", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688469, "uuid": "240a64b3-e9af-4741-b048-0cd8c82965c0", "comment": "Malware payload (Kovter)", "value": "661a687a89ab6ef1dbbd1c2d3f586e3ac422ff1c798e03ea547197327f49e5b3952247206d60c3acfdcf62e64a6f2fff", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688469, "uuid": "170b30c5-3f18-450b-aba6-befeeabbd43e", "value": "T1B8743A39F640E637D5225CBC9C0FD2D5A569F6302E341E47BAE11F1C98B5183AA2BB43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688469, "uuid": "c553c861-bb07-44d2-811d-6d1017952e55", "value": "6144:QVC7iizaS6gnd0FkkffasysgWK13+wrBt/3YDRi/1LTJ4QQVqSdd:t7iQ9v0LK1Br+k1LTyQ/q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688469, "uuid": "8f3b309b-b1d7-4633-877c-c6b344d9a0cf", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688469, "uuid": "8a4080d3-e9d9-4031-aaae-6d8d6d262a50", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688469, "uuid": "54474224-0983-46e5-8f5c-b3a72dcc937e", "value": "2023-05-09_f82cae2a1522f064244c8bf324e44a3f_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da2aa998-ef31-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1683723291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723291, "uuid": "0bb5d2a0-4ba1-4073-bdad-52b91f164989", "comment": "Malware payload (AveMariaRAT)", "value": "fe5c7a1d7afb83e3e078f808f035d132", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723291, "uuid": "442e7953-870a-4fb6-b678-57a796966e4c", "comment": "Malware payload (AveMariaRAT)", "value": "9da89e761a170382685debd91f47b399b5dc31cd91b2e77da042ac448eb779c3", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723291, "uuid": "225708a4-ea3b-4606-a78b-783ecadf9402", "comment": "Malware payload (AveMariaRAT)", "value": "461e2e737b70d378ebde537c44a9a580325f01fc", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723291, "uuid": "05da37c8-fcbf-4a0c-819f-601346d9ec39", "comment": "Malware payload (AveMariaRAT)", "value": "73f4de6d70849aa7c81b156e06720acbf8a73871187c54d6a0cf7d8366b4ef298607ca786a6d77650e10f3765fb6dd94", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723291, "uuid": "19e5e77b-497b-4a26-b8ed-6a9a3c502859", "value": "T1930533311E330471560713E77DB9C18D80B8683B04755BBA866F9F6AE906E0EEE3C6D2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723291, "uuid": "a794a0c6-6416-43d0-a420-c2131d1a34c0", "value": "12288:55a6hHhDvJfCFIkXRgeIfQQmSC5ExNNir4f7WS9vpDT/M0ye3M/oIhDUOk:5NT0mkXRgfzmSCKD0UCqvNT/x8/o+UOk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683723291, "uuid": "895aef73-fda8-471f-889f-4ecc03a4a47c", "value": 869311, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683723291, "uuid": "b2961805-fa97-4a90-80c4-669e86fb5a98", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723291, "uuid": "d0764cd6-8536-4955-a669-6412d1bc03e0", "value": "nOrder_ MAY05 01BB77FIBA00541.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6eb02a5-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BlackMatter)", "timestamp": 1683688442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688442, "uuid": "22663d21-a755-4c3e-ae3b-b7516e1b5b16", "comment": "Malware payload (BlackMatter)", "value": "472342892e9db971b9cd5438ddd7da72", "object_relation": "md5", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688442, "uuid": "6233268d-b86e-4cb0-a6eb-2b18a4bc3fd3", "comment": "Malware payload (BlackMatter)", "value": "9dd52dd16a2a3606b3b15d3ac2bf8ac8c83d9f8cd4b4bbf7182a82d39aaeb582", "object_relation": "sha256", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688442, "uuid": "dca06d01-04d1-45f7-b78e-049227426fd2", "comment": "Malware payload (BlackMatter)", "value": "5f587bdb07fa4171421265456fb795b421ac08a6", "object_relation": "sha1", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688442, "uuid": "60e95605-bc33-4b26-9cda-391b2c0c83af", "comment": "Malware payload (BlackMatter)", "value": "6e35054f9f45feaad88d7439e57251fe2241eb2febd8b3153fac73afe228db74d01d07574c3df5d2c2929d176fe05d55", "object_relation": "sha3-384", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688442, "uuid": "ae7ee1d5-b2b9-430c-911f-5b6a19ccd4a2", "value": "T14AB65B91B809B7CBD46A17799153CD612F7C13F896248B12A82C75BA6D53C803B87FBC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688442, "uuid": "51c61fb9-80d3-4b49-9bcd-f766f77917a1", "value": "49152:1wa+oE4hEZYBl+OHJ1V4dYFgZPsv97H4numCM1+7:ia+oE4hEZ2p8dfZPs54numh1+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688442, "uuid": "1d7c8397-dad8-47a6-9741-1c5958cf623a", "value": 10485760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688442, "uuid": "b4cf8784-a68e-4b03-a405-6eff1a0e76e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688442, "uuid": "86fa00b9-d155-453b-8490-0de41f0cb990", "value": "2023-05-09_472342892e9db971b9cd5438ddd7da72_darkside", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2dbdc73-ef42-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683730526, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730526, "uuid": "5faa0b3c-ce22-4b39-a59b-969851b93850", "comment": "Malware payload", "value": "3b08b54b2638114ea394fbfbf527932a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730526, "uuid": "2de16b73-dd0c-4c24-be94-9768a228da72", "comment": "Malware payload", "value": "9e222e6a36784186641a5a330129e9d597f212597915a7920c745f85c514bfdf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730526, "uuid": "a99410d3-ba91-4218-93a0-bbb328ba5ad2", "comment": "Malware payload", "value": "0aaa3a4a6af8fc9f3aff57650efc372f697ab1ae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730526, "uuid": "fa3361d5-aa6d-4329-8dbd-05bd1141ebb2", "comment": "Malware payload", "value": "1a1011efefd40da41dc79366ab4931b7f651cd52df1dec1a95dc0011ab9a2733f28dcfe26f053238a2758c38d56e9cbf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730526, "uuid": "e01d3197-4cde-4f92-b702-de39f6f69f45", "value": "T106056B52B3C7D1B2EFA625F2D6B493721939BC34173C89CB7390382DE8A06C16A35359", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730526, "uuid": "f218d16d-b38f-4c27-bd65-1195e198249a", "value": "153aa0db686aff28745c696da6ec7574", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730526, "uuid": "521bb628-48f3-49eb-b3a4-e8835553f0ac", "value": "24576:iG2s/vZn2WTiFYCcQj/unPKa6oyzqxjvZDL:Np26yVzqBvh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683730526, "uuid": "b84d27ea-930b-4f49-838b-fd2c35286b56", "value": 836096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683730526, "uuid": "3e70e950-ff77-49b7-acb0-74885e5c23b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730526, "uuid": "0a9ca386-a139-4417-81f1-fc85c18ffb96", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16628a65-ef37-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683725539, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725539, "uuid": "ca8fa85a-d4e5-49ba-8494-35da383ef2c7", "comment": "Malware payload (SnakeKeylogger)", "value": "8c17ce1d51c33a984e1dbf1ad341404e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725539, "uuid": "de024100-3625-433e-bf26-7ef9d086ea5d", "comment": "Malware payload (SnakeKeylogger)", "value": "9e5f01fcd9e6ad2a133b43fc012dd7f72fa09e87dbc8d5f98c2a6325e843affa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725539, "uuid": "d5300b50-986a-4382-b849-22ff97567f31", "comment": "Malware payload (SnakeKeylogger)", "value": "066ecc8ec794f4c93b3e026d26f70950c6ed3a66", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725539, "uuid": "c4465b6e-6016-4c71-b21c-9b179f4c51b1", "comment": "Malware payload (SnakeKeylogger)", "value": "b4cb80696e391f094f3eebac8d0bf501fe29653a158a237d142519336a676810535e24cf3395eb845c9521e20c8ae6d2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725539, "uuid": "a81bf93c-e4d9-44c5-9d70-f7685c95ea5f", "value": "T1B9F4E021621A5B2BDB6883FF0A28454513B47716FD6BE23C2EDF21CDDD22F114A21E97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725539, "uuid": "ae7c6f85-d04f-4dc9-8b73-0facba7ad1c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725539, "uuid": "037b27a8-0e92-4382-9cbc-01d576334917", "value": "12288:2EZfTg2a2ddCD7KSx+8Imr2ZEEvprJ83esFugaVYIxlgdinqv:2SLg2abo8bmvFJ83eCaVYIxlSiq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683725539, "uuid": "083b483e-461a-4634-b233-684d8a230b48", "value": 761856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683725539, "uuid": "55b77f1b-82c4-4287-92c8-5358ab667ee6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725539, "uuid": "c191985b-cebf-42b5-84fe-2e28e2424662", "value": "New Purchase Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e181eced-ef53-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Quakbot)", "timestamp": 1683737906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737906, "uuid": "fd5c760a-01ec-4112-9073-1ccd318aeccd", "comment": "Malware payload (Quakbot)", "value": "934feee5657b08faec80a29cd2a77acc", "object_relation": "md5", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737906, "uuid": "8cf84e55-5b3a-4c51-b25f-80588ed38504", "comment": "Malware payload (Quakbot)", "value": "9f0ce528f88774347cc8501379f8c1af3ecca8e612c2b32653180c0e18543471", "object_relation": "sha256", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737906, "uuid": "fd37a64d-3e08-4fa9-98e8-32838d1ec759", "comment": "Malware payload (Quakbot)", "value": "884feaf89736fc07aa2325abe5ceb6739b6e90ad", "object_relation": "sha1", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737906, "uuid": "4083d51d-1b5c-480f-835f-311fdc6b5315", "comment": "Malware payload (Quakbot)", "value": "7fa3028fad2fabe6d4d95cb86944fdd0903923c020858fed145e4e7fe584c524d163d8345e63bd1d37303839079b3ce9", "object_relation": "sha3-384", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737906, "uuid": "c27214f2-286d-41c0-bf89-84906ac10a5b", "value": "T17DE21B4F9281037DAA100275650E6AE0EBE15838AF72DBB4F44EC7AD3751868C5FD5EC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737906, "uuid": "0101467d-c26b-4bba-ae47-2530b7f53131", "value": "384:e0c9mNO3oCxIVV3MU50eOpCprW1yQBQZAG52WI47NHdX71+7KYsexMmgx+2JoUfA:DcxIbohEJ6S5IWFeKxAX1ZOWD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683737906, "uuid": "2101e4da-24f1-4ff7-a6d0-bf9f225e8d7a", "value": 32360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683737906, "uuid": "2ca2bc99-cf12-4552-b07c-855090b4d6aa", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737906, "uuid": "724c1c8d-748b-43a1-8ebd-9cba6b15aff3", "value": "NDA_F580_May_10.wsf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35677278-ef87-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683759951, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683759951, "uuid": "97906f2a-197e-4e6f-83d5-c5548fc28e43", "comment": "Malware payload (Amadey)", "value": "157c03d4d03d76edb9ffbe081a21cafc", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683759951, "uuid": "2bbbcaab-d353-4162-909c-8703ed519f77", "comment": "Malware payload (Amadey)", "value": "a0214e91a04630cb9c92442623be8a8590b6fdd31aadb2fa193ac9f1c523b069", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683759951, "uuid": "5de780d3-c351-47ac-b3f8-df9dbb002f99", "comment": "Malware payload (Amadey)", "value": "681710a285a2ae1820a07eaeef4de36dc20cf67a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683759951, "uuid": "82e15b75-7544-4dd4-ac9a-0bad0da6c5d5", "comment": "Malware payload (Amadey)", "value": "569207f8fb296fcf3dd14d299a80d0a3e9cfa9badf960afbd010c60b8e34da7cdab13493f7a908b22bd5186f329e78b1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683759951, "uuid": "b5542b33-97f0-49ca-b87d-622ba2efaa97", "value": "T11924F6267912C031D560A1B619F4BFF2C59CA824ABB049DB7B800F77DA122F73D61E39", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683759951, "uuid": "a30e82ec-8ea5-454f-9fed-199d0e22a58d", "value": "f8cc61ade86cb7277d0ab974de6323cb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683759951, "uuid": "cf5d0c56-ddd8-405e-88a2-c38e43a3e451", "value": "3072:mhMCsw9/w+A4cwP+5OzutpHKGruONM4QuZA+67bi83eILfbq5kmh:5Cswq+AXYu7HGOSuZAlAILjq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683759951, "uuid": "a379ec1b-fad0-4588-a27b-2b072f44523a", "value": 214738, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683759951, "uuid": "27427aee-a649-4a2c-820f-dd7fc6a787f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683759951, "uuid": "7e38857a-cd0e-4dae-9363-9c73ea48213f", "value": "157c03d4d03d76edb9ffbe081a21cafc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83007a8a-eed1-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1683681913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683681913, "uuid": "69b529f3-02e4-40ec-8ce8-ec231fe2449f", "comment": "Malware payload (NanoCore)", "value": "a4f65af28635318159f9cf30a65fa800", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683681913, "uuid": "82cd62d6-198d-42d7-b3bf-49687d18fc13", "comment": "Malware payload (NanoCore)", "value": "a066c15490cf2a08af42f507381d6774e6de4650ba2b11c0880aff2b118b1cb9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683681913, "uuid": "35e5a90c-734b-4400-aabd-00c4fa771aeb", "comment": "Malware payload (NanoCore)", "value": "0f965cd80fbefb12d5f04e78e93ee37f51466d73", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683681913, "uuid": "16cb8824-ce3b-4f63-ae73-e086e7a46d06", "comment": "Malware payload (NanoCore)", "value": "58bdaa92fe7e2a89c70c63cff0ba9b4b947736f19aeaff7b88f297bbb613da30a1aba6bfd69dc7f27f479e0c34eb3e7c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683681913, "uuid": "94107dfc-0a6c-409c-952d-05a8fd55bd2e", "value": "T13714BF5677E94A2FE2DE86B9602251128379C2E3E8C3F7DE28D454F78B267E406071D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683681913, "uuid": "5452781c-2ccd-40cb-8490-df10461943a1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683681913, "uuid": "451c64fd-27a1-48a3-bcd8-21ad98118936", "value": "6144:gLV6Bta6dtJmakIM5qlWUu5LYkO0TrWSM:gLV6BtpmktlM5LYkO0TKB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683681913, "uuid": "516b1130-6e1e-4108-8271-b7309876eede", "value": 207360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683681913, "uuid": "c1e12e83-2408-4b39-9c8b-4f50ee15b26f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683681913, "uuid": "698520e7-c16b-4aea-aa9c-6d2eec9a8317", "value": "a4f65af28635318159f9cf30a65fa800.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f931cbe6-ef35-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683725061, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725061, "uuid": "ef14a010-7007-4bd3-8ac5-6fc244694d2e", "comment": "Malware payload (Formbook)", "value": "0a0a483d55322204ce0c960af3ed5cdc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725061, "uuid": "2bd61023-ee90-4190-94fe-ab6d950bf45d", "comment": "Malware payload (Formbook)", "value": "a1a882d7abefdec8678649330339a2f080a777450da1be5110b88e81a8ea38cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725061, "uuid": "d75cd25c-2a41-4bb6-957e-7afb20008b04", "comment": "Malware payload (Formbook)", "value": "e0ee65052e3ff42cd3cfeb798dee85d25376b013", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725061, "uuid": "c2480916-ef4a-44c8-a817-1e186acccf62", "comment": "Malware payload (Formbook)", "value": "f53bd0469c951cec1e359b1ec19a72f6e13e8679e1361a47390850a1cce03c202dbbbd6ac653d61a153e5e9650a86c84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725061, "uuid": "fc50d3ca-3bdc-4d53-abf1-25b1061d785f", "value": "T1DB159D3C21DA5C26C35573FA8998C5E103396F00AFABD25A26BE30CC89B1B93ED5554F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725061, "uuid": "e666a1b1-bb1b-4e70-b6bb-a87f599593fb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725061, "uuid": "a5a488e2-256b-4238-8409-8f6a9dbeee03", "value": "12288:TNU42rcBqZfOtXyWqeufFdFu+5NUAVKlylMH9rhFrWC4l5Zm:TL2rGIqXofFdZ5FVp+KC4l5Zm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683725061, "uuid": "dca3554a-051b-4c2f-94bf-1b21816141ce", "value": 896512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683725061, "uuid": "13aa84f8-bf9a-4cd4-92d0-dc8da3e5c366", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725061, "uuid": "f3828334-cc60-4cd6-9516-c5b6d3374410", "value": "Payment Utr Copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae5baf15-ef09-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683706037, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706037, "uuid": "70f3a335-3bf3-46b7-8d6e-ed2b9f2d3713", "comment": "Malware payload (AgentTesla)", "value": "d943a312a3e7bcc124099611fb6c11f2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706037, "uuid": "653d1832-82fc-4cbd-bdc7-877b87371658", "comment": "Malware payload (AgentTesla)", "value": "a1b00c2628ee45d054b257f96eb55f197fcb47928c42bb9ddb0a800546116e37", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706037, "uuid": "deb7af85-3eb7-4d97-9896-f2cb71ed2feb", "comment": "Malware payload (AgentTesla)", "value": "2b2fa318b3f2a66a322cc710536b1bf4b13ad8d6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706037, "uuid": "5bcfc3cb-3742-4ccb-b3e9-80fa71d19d14", "comment": "Malware payload (AgentTesla)", "value": "582a5c70c8a5cd821e7661e52d2dcea8f29b3d61fc6897c4c7eaf3fcd416c2d1b1ebd33475236ab1f57110073d29565a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706037, "uuid": "5f9e19c3-a232-4a41-935c-bcf9fc412fcc", "value": "T150C41290B2BD8A97D50E8EF45A7CB124037170E7E9C1D6F80F77A1980EE5F805E44A9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706037, "uuid": "c4bda39f-edcf-4da0-b30d-f7a9034e2c04", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706037, "uuid": "543aca06-b8f1-4bc3-b336-4586955f944c", "value": "12288:JuY/k5xMVviQtMfdJYlQ7ee0q0CByR8/IA1x6f1l73m8Giga86F:JuNKagy5eBVCURDA1x6tl2Y86", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683706037, "uuid": "22eef793-4a75-4d1c-8f1b-18bfdfd8b31f", "value": 567296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683706037, "uuid": "573f9b59-bff9-455e-942d-86d3a3c7e4cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706037, "uuid": "e7189cd7-9634-43c2-a626-526a2e5f1188", "value": "d943a312a3e7bcc124099611fb6c11f2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fabc3d2-ef3d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683728132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728132, "uuid": "72cee2c6-1ac1-421e-a03f-3f8abdecaa3b", "comment": "Malware payload (RedLineStealer)", "value": "ca5dbf8819812d1e8d8ba4b4eda45f33", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728132, "uuid": "ac899374-241b-44c1-aec5-6239dc626606", "comment": "Malware payload (RedLineStealer)", "value": "a1ef544bf51b12a099ccb7d97dac88e5df02ca8b9afda8759b427eb8d228ad4c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728132, "uuid": "dabb5c54-7ab6-4595-8823-0d8efa188082", "comment": "Malware payload (RedLineStealer)", "value": "a8573cc715e33ea25056ad44540973d3e5b4ddb5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728132, "uuid": "1d713d2f-8b0c-4476-bcfd-5e155045f9e7", "comment": "Malware payload (RedLineStealer)", "value": "85ae7f9e4cbc210e78548e8a9e0b96f16ccb8f0727eb8b0a49941d156fd8ee740864642d52d87e29924e5d50777413e9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728132, "uuid": "00daa405-04ad-4217-9c34-dbcd408f993e", "value": "T12AB41242E7E89136DDF61B7068FB13830A3ABD929878D36F6359995A1CB21E07071337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728132, "uuid": "77af2933-3b99-4914-9612-f7ee8845be7b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728132, "uuid": "fe48830d-f6e7-4b16-91f3-95672860414e", "value": "12288:GMrXy90QqICHq6yCHCxoWa9XF+kSXc/ZKAI:tySfApoW+FbRNI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683728132, "uuid": "1394fd57-160b-4280-a8dc-dcca3a820540", "value": 511488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683728132, "uuid": "19130b6b-fd40-4641-a26a-5bef94a51bbb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728132, "uuid": "c3460eb4-d4ef-47b3-9ae3-f07989cd44ab", "value": "ca5dbf8819812d1e8d8ba4b4eda45f33.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a534b220-ef2b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683720625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720625, "uuid": "622fb660-1da0-47c0-8e2a-7dda66b13240", "comment": "Malware payload (RedLineStealer)", "value": "62dea3c11132a1c9e21e59f5be40cbda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720625, "uuid": "c33f1e85-eb46-4a98-bf38-f2b5318cda4c", "comment": "Malware payload (RedLineStealer)", "value": "a2fe0cf407e1ebab04052301065ffe2dcae4d5e9e4d24351e84424a029a87f95", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720625, "uuid": "95ae39bc-8a48-4f54-8b52-24f82fa4f446", "comment": "Malware payload (RedLineStealer)", "value": "2e80fc09f7f6f4f61270a4648a4de1367e0ffd16", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720625, "uuid": "9223737c-5cb5-4f23-aca8-c66199cb7296", "comment": "Malware payload (RedLineStealer)", "value": "5e8b3c3e7bab2aae3051e04d7ef9bdf9bcbbc7209ac8278e2d425f82ea2c48ada72e6698ac5bcdf64bcbb85bab193fac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720625, "uuid": "902bd711-fdcc-431c-ba1a-bed87d893b10", "value": "T1C4644B0362D57D64E6674A368E1EC2F8765EF8518F0977AF22186BEF08B11B2C172F11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720625, "uuid": "85e1b3cf-f1fe-4ff7-8267-ee76a179cb90", "value": "01f37df613d55b4b4b8899ff2305631e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720625, "uuid": "25eb6dd8-bc1a-4ce6-9f71-3af6e7fa37ef", "value": "3072:B5MQRaDBxw/VLsfInHc1IuS6eTVG9oi9QgPN0lu+qqESYcUZX2mizKkEqZo:TaDAScHQT6G9o1e0l4qqUKC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683720625, "uuid": "04f54e19-8ca1-4692-bd0e-29eb9bbc5432", "value": 335872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683720625, "uuid": "5ad84594-0f18-4c0f-9f88-0073239ddeba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720625, "uuid": "d0f01d09-75a8-4889-b253-8908cf6eb4e8", "value": "62dea3c11132a1c9e21e59f5be40cbda.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49db4e9e-eec9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683678381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678381, "uuid": "d3b68ba0-e7bc-460c-901e-3b2ebc265160", "comment": "Malware payload (RedLineStealer)", "value": "a3d4f6b9a3c45c81d158c0aa5b86c737", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678381, "uuid": "b69fa534-1bd1-4ce4-9f4b-7cca9ed639f8", "comment": "Malware payload (RedLineStealer)", "value": "a3acbb629367176c78ba48376ec9b7d2ae76541881bd65adb181be42ee730e20", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678381, "uuid": "3209fce4-67c1-41e0-82e6-8e5539cf91be", "comment": "Malware payload (RedLineStealer)", "value": "fa622d60fe9e7ec7f9bdbcc1065776e181f13f30", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678381, "uuid": "441aa680-1c3d-4226-a700-9b65cc8f4cd7", "comment": "Malware payload (RedLineStealer)", "value": "b3308fafb7c5b8c7b217913c0bc5959d28ed73b265fd8d4bd634223b7fd0ae0f624aac4edb9ab2dc24be693742af6ae3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678381, "uuid": "ca8643d9-6281-48e4-b49a-a9d7d3fa6661", "value": "T187B41253A6E54033D9B16FB0ACFB02871A35BD62A934934B3756AD4E0D722C4B53633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678381, "uuid": "2f0b0df8-cdf8-41ec-bc9e-6473fb9b0451", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678381, "uuid": "7e7c16bc-9aea-4cbd-a1f5-956ba0b783e1", "value": "12288:uMrqy90l1EOlP5c1u31HTiE4rpkeh/GpIM9roR82f75:AyqEkX9TDuBeMXf75", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678381, "uuid": "475cbb99-5614-42bf-9ffe-b1eb80451e6a", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678381, "uuid": "c305dc13-998e-490e-ab11-7a6828c28aa6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678381, "uuid": "2476e30a-0eac-487f-a683-a7787bd242fc", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf40f990-ef1b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1683713823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713823, "uuid": "72195da2-7494-48bc-955c-ea10cd302f42", "comment": "Malware payload (AveMariaRAT)", "value": "ec8b3e73f31dd089df4d1865b90ba1a4", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713823, "uuid": "58a805cf-9222-4688-a4d4-e63a99d1a686", "comment": "Malware payload (AveMariaRAT)", "value": "a3c89ec9ba82a3b13d05ab75d6f44b60bd528fd7d65baf74604896a339aa3b36", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713823, "uuid": "469ce785-7f28-4cfa-8141-1bf33d19c82d", "comment": "Malware payload (AveMariaRAT)", "value": "2a5cb203257fc7d7f587a77fef386ed62aa0a4ac", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683713823, "uuid": "bb36b9d1-a4cf-457e-a284-5c16a94ffbac", "comment": "Malware payload (AveMariaRAT)", "value": "b925ab640f632f5a8584637da28a566bbc91ccb35b52fdb3d65ee571e0bdc61aa4ecd78465feccbe6ed45b26a969bb4d", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713823, "uuid": "c93f4df6-cc04-4b48-967d-b5d98d050877", "value": "T15755492527F46F06F57D47B4E2A5100183BAB901292BF7EF5DD1B0D6A8E2710CE46BA3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713823, "uuid": "f6ffdfb1-d6db-4d00-9d47-66d3719747f0", "value": "12288:N4E/B01zdbOdV0toqA9JcxOZ90mWTFOkMjz+QIgWYJ7NnfYrn78Vc1wm2HcSTTa7:N4NlwPpLlZ9A7wpHcSPLz4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683713823, "uuid": "19758744-3bdb-42cb-add3-2aba46581a8e", "value": 1349632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683713823, "uuid": "b7e4bae6-f75c-4dfc-9a11-71e490051cce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683713823, "uuid": "6c3ed991-bb5c-4eaf-9d1b-1a0f8f3782c7", "value": "a3c89ec9ba82a3b13d05ab75d6f44b60bd528fd7d65baf74604896a339aa3b36", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e47953b-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707111, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707111, "uuid": "111b9008-ef5b-4218-9b08-c344f063a9d1", "comment": "Malware payload", "value": "dcaf1b7d2150a44cccc3014f0daca08c", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707111, "uuid": "db071399-3619-497d-821f-6fe4622b34ce", "comment": "Malware payload", "value": "a3e26b5722a02ab12d356c0cb16d171281465b486bc60979161c20ff4a7a2f94", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707111, "uuid": "699eb010-f4d5-4258-bb0b-c74cf6151467", "comment": "Malware payload", "value": "83deca6066cc0416404e635cbeba1ddd30fe650a", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707111, "uuid": "af020877-8b50-4557-8e81-3701e5626e1c", "comment": "Malware payload", "value": "71f81572b798e2929906b038fdd801756550be6994514be5e0e1d6dd9674968f650ff9f712ebe3e06340ef729133aa85", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707111, "uuid": "da17a8e0-249e-44f9-bac0-5e9d531932ac", "value": "T19A55D0334EA3FEE923E50D54D8461908DC80B8A76B6C7254F888F5EAB5B4464DE9DCF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707111, "uuid": "8b78c06e-867d-4ce5-b650-ed5b4e4c05bc", "value": "24576:byzWAnUQGscvDLnW9YRsVSwxdgaM7gTyh++nWpk2e8xo:ma68LWDPW42", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707111, "uuid": "8b2bca35-5b7a-4563-8618-5d5a9957ba44", "value": 1324376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707111, "uuid": "122d13e5-1395-4679-ac1b-cd1eea9df0e5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707111, "uuid": "81f80eea-ed50-43ad-b052-84ddc0069603", "value": "Mjntxvj", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb63e6ca-eeca-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1683679028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679028, "uuid": "f37f933e-48bd-46d1-8d98-6974fb0f4fbb", "comment": "Malware payload (Rhadamanthys)", "value": "171e8b37bd1bca4c109c329e5f27c0d7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679028, "uuid": "400e0289-c6e2-4d02-b8c0-0d26d883c3cc", "comment": "Malware payload (Rhadamanthys)", "value": "a481d0f71f3e020be9067340c91bd8a9472611cbff06571cf5084085b1ffa570", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679028, "uuid": "3c0a9089-38d8-4455-9095-a557985d1380", "comment": "Malware payload (Rhadamanthys)", "value": "0fe2a508f9d9f1decac23912b8eb18c89ba5b4dc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683679028, "uuid": "2bf82844-a328-48b4-9edd-3a4d72a45035", "comment": "Malware payload (Rhadamanthys)", "value": "0a5d21d08d02d3a66702a98004a489a25bc4e559d7bdaaeb19124c5f8a49d2a5cbc0d08fb29d9acee2813c4ce3d29e90", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679028, "uuid": "4da46ff3-8a6d-46ef-be83-ac45b64f8e49", "value": "T14A84AF12F2D1B87CE6620A318E1AC6F4762EFC514F4567DB2B19BA2F09706F1C672712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679028, "uuid": "044eaf91-a226-45f6-972b-df0a3b26f9c3", "value": "2f859ca72f4146453ae321b5dff2ebd9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679028, "uuid": "30887b6e-3328-4688-a877-ad0ce9475c4a", "value": "6144:JzQjSjs7fz2btDNCae1SpxTvVG/HAZXuA0zzYK:1wQs7fQTJEPsK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683679028, "uuid": "f3ef6f09-a172-4b32-8546-5b4366a60530", "value": 373760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683679028, "uuid": "aafd70a2-5c9b-499d-977a-0c717993c67d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683679028, "uuid": "3b9eb616-72a0-4d8e-b069-fad18baddedb", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f34cc232-ef2c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683721185, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721185, "uuid": "ed0ddaff-4862-401f-9a75-e4de5b13cf8f", "comment": "Malware payload (AgentTesla)", "value": "369b3343acf9f397aba8497d75f6cf07", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721185, "uuid": "7172e9e1-033a-4e1b-bcbc-2346eeb7bd35", "comment": "Malware payload (AgentTesla)", "value": "a4b5f7aed3df1aaffcac4423faf222b78da209a22d2f6bd74cdf46d2b1498670", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721185, "uuid": "77ebdb34-8a9f-434e-9d10-590f54476078", "comment": "Malware payload (AgentTesla)", "value": "1b98e3a00169ac13687795a4009d350bcd3e031c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721185, "uuid": "6328ed1a-7319-41e4-b33c-fc4536e07310", "comment": "Malware payload (AgentTesla)", "value": "ee212a45f2400922b988c57847fb713894ee270d2594fe90f0773c0cc90bf5c094af1aa67738a9d837755f9dd2e48f16", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721185, "uuid": "1b85c3d6-e16e-45a8-ad61-a54793d7321e", "value": "T10AF4E021622A5B2BC7A843FE0A28854513B97716FD6BD23D6EDF21CDEC12B104E12F57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721185, "uuid": "1515e811-f380-42a2-9408-90e5e44e8e8a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721185, "uuid": "f6c470c7-69f2-4720-8c5b-175708a8b383", "value": "12288:0yZfTjcFB+4Xv0Ow9Lh0kiPoknaBL/iOjoKtE/SZzrimvGUntcTiytBlk5:0gLjc8OmLOlPBnaprjKSZt1auytg5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721185, "uuid": "86209df6-81fe-4c17-ae79-d2fa67d9742f", "value": 766976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721185, "uuid": "3fbd2ef6-8e11-4538-896c-669a2b36ad88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721185, "uuid": "ff3ba7d0-3492-45f5-9e13-33a30cb1079d", "value": "#es0983.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e20b320a-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Phorpiex)", "timestamp": 1683729317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729317, "uuid": "eb562a7e-84e9-4b2e-9a10-5c8cae0e0eb2", "comment": "Malware payload (Phorpiex)", "value": "5cef86272e6f87627c9c64124ef8cc03", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729317, "uuid": "f13d6f21-f565-4113-bd8f-d19d50e098c3", "comment": "Malware payload (Phorpiex)", "value": "a5aaea0dfa0b04345d700f049d5a2772e441e8b27d21ce33a23e5418457d280e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729317, "uuid": "a5c88018-f005-4276-bdab-1448b981011b", "comment": "Malware payload (Phorpiex)", "value": "84ea86c2ac334c02be11f26ed07f7b3b915aae6b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729317, "uuid": "7762d933-59c4-4c67-a1ec-45ab04e87eca", "comment": "Malware payload (Phorpiex)", "value": "ef98a1927790094686a052f0788cf208627f1d287abb70b61ea116a1457c0e5aed076ffa86b0fc23a45548c9937cd378", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729317, "uuid": "1b443b42-f625-48ef-a87b-818818f05aee", "value": "T118830940F280803BE0F285FFEAFEA2991A1C9FB4534594D3F2F1649F56646C6BA36453", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729317, "uuid": "cdfd2322-5e6b-43f0-bf25-3a756c50b9a3", "value": "2ffdf0a1519d1adada787fd4df5a5fec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729317, "uuid": "389bc6f3-0ee0-4423-9a86-705d77698ef7", "value": "1536:Y3Mz8vZz71dUwH4pHfwbpBeSnStfFTReeeeeeeeWeeeee:Dw57zbH4xfwd7nStfFT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729317, "uuid": "b69f6e44-d817-4032-90ea-f2920f81627e", "value": 80896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729317, "uuid": "c9bdc837-9f97-4ef4-97ad-60a0fbd99df6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729317, "uuid": "e0f3a2aa-f36f-45db-8cc8-fc70031e5c67", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bb0c88e-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683704583, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704583, "uuid": "0f3f80fa-27dc-4406-8b0b-03f366548bc4", "comment": "Malware payload (AgentTesla)", "value": "2bcfa5164ad00b1bd874827a54415553", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704583, "uuid": "3f5cc6f2-b6cb-4bf6-9a1e-90e5cfd3856d", "comment": "Malware payload (AgentTesla)", "value": "a5ee311c1782356ae8fd1e5fc6f6a2cdde6dd79ebc5c80a02c36b3327ba3ac7d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704583, "uuid": "cc9aeb7b-4341-45ca-9c7b-ec78af8e5bdb", "comment": "Malware payload (AgentTesla)", "value": "4b2691cf1373808850d5b262f68886dc2014d754", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704583, "uuid": "2abf7218-689e-4b74-b7c4-bedd6f9c122e", "comment": "Malware payload (AgentTesla)", "value": "47aa47f64f0ae62e5e05fd813c2660284665d6fd7eebf7d2a3e1559f54a3359646f87e64280aa0a7798e49b5f0de771d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704583, "uuid": "9fdf4221-c9e8-4be1-a909-25844bc43efb", "value": "T12D454B7896EACCAAC32230F8442096900672AF865F57E799607D78ADDC30743FD9593F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704583, "uuid": "01c07f53-ee5f-44a9-ae5c-26400ce7305a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704583, "uuid": "bb52d399-e09a-4d38-988f-e2ebe9ac2514", "value": "12288:HD5ZrtqZfOtaybj0dKeh//2lL7gemnqzyR8NDb2JNi+Zfq:HjrtIqatdKeBO1kezaAF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704583, "uuid": "54e5e5d4-12e1-4dcf-8cb6-4aa56d92cf8e", "value": 1213952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704583, "uuid": "17d4d810-911f-46a5-9530-bef3be5b3a7c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704583, "uuid": "052276ff-49f4-4314-a2fc-a22fb69c977b", "value": "quote-dillardsInc721594872.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06bc747f-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683704468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704468, "uuid": "1c7c1b7b-fa33-47bc-a5d5-83a9b2ff5e10", "comment": "Malware payload (Formbook)", "value": "17b1f21e224272b33e5e56eea94f9f99", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704468, "uuid": "456138ac-d501-474f-8aa9-1a6c1e2d1cea", "comment": "Malware payload (Formbook)", "value": "a694006f04bc43e5141f1aa09229e057687d0c7e042f2e7dda0a6b32c5a76db4", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704468, "uuid": "bad817fa-2c72-42be-b54d-ff307e10065c", "comment": "Malware payload (Formbook)", "value": "e614e914f2fa48aa43079a4f4ec251907e7043da", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704468, "uuid": "0e418f3a-d311-4c22-9673-b476f096a7fb", "comment": "Malware payload (Formbook)", "value": "2e6b760a01d6e082b82b3ea1f17b3ca944f369b165c72552423e1beab36b4cd7c6c37f3810b5249038b76040fec87bf4", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704468, "uuid": "710c0937-7462-421a-8315-4f9e818f0eaa", "value": "T126350112A588CE8AE18187F53B62B89D430DBE7372C470D73A4C774B9B75EBA954B40C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704468, "uuid": "6fdc63f5-476d-4ba3-ad6a-8943cedf85f3", "value": "24576:ZLKtWQmmav30xdWJWQmmav30xi/V+MXUF+MXUYyFBLyJjP59B9+k:ZLKMQmmQ30zQmmQ30a+MXi+MXVo+x9P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704468, "uuid": "6e02b69d-889e-41a2-8641-4d49da51680e", "value": 1082368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704468, "uuid": "e6cf7ec1-9e2c-48dc-b26d-c2fa51287136", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704468, "uuid": "30d4db39-af0d-46c7-8dbf-f3a374af2113", "value": "Order_specification.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f2484bc-ef5d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683741928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683741928, "uuid": "ca4961d2-1936-4fcd-bff3-dfcdba54d0dc", "comment": "Malware payload (Formbook)", "value": "5e792b28f60d355d210294f26847089f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683741928, "uuid": "ceea1da3-5dd2-4ab0-abe0-c71d4cbf6f73", "comment": "Malware payload (Formbook)", "value": "a8c0a42253b268618bf63ac631fe304c51014e38b8fdb2e2012cdb2b4a9861b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683741928, "uuid": "df37fd84-3f85-45a4-bae1-4a2195595d5b", "comment": "Malware payload (Formbook)", "value": "50b7c5b76cf662d52896a79860a585cc18e8cc87", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683741928, "uuid": "2ae2f35f-7e7f-4ff5-a654-f3d817a3e7f5", "comment": "Malware payload (Formbook)", "value": "7be3917198c22892017280feae5fd51afa85dad83ede6427df0ad4925b44b9b7db2e2d47831dc5fd769fba9f472d454a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683741928, "uuid": "51acca71-0504-433d-b194-2057d25040b9", "value": "T137A4C18CA35B6449EB1EC7F7EB50F36527B36CAD29D18ACA01F73C6C2194A483F46611", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683741928, "uuid": "31d5a90c-443e-40ea-9e5a-96fb689aa2f3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683741928, "uuid": "737d8cef-2150-40f1-b1f1-19c95602f87e", "value": "6144:I1XQakQK7FxbIBMPrIx2s627tbPdQDYn3DYj1A+I3Xn9zIPEjj1PmauqtHpp:uXQaYbBo2mBPdQDYzYj1fkndIPWT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683741928, "uuid": "857d3899-fe3c-4b45-9c96-17811ff1db4c", "value": 456192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683741928, "uuid": "c9bf0804-a167-40b7-a1fc-ad1acfa2e6a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683741928, "uuid": "52c7f024-7499-4347-8902-71fd34c52058", "value": "rqualidadeADMAuditin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c2cc424-ef17-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683711993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711993, "uuid": "c7182bcc-3371-47ab-84b4-734047d10b6c", "comment": "Malware payload (Formbook)", "value": "54a633a9fc7fcce5eec48505c2b12f61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711993, "uuid": "f9e04c20-ff8a-465f-a3e2-38374c4ce819", "comment": "Malware payload (Formbook)", "value": "a9659502e9fc61c272d951bdf96117b4ccf427ec3aeefc954d822476ae5faf6f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711993, "uuid": "77ebe4db-be01-4a1f-870c-0710aa24af40", "comment": "Malware payload (Formbook)", "value": "e45c67c948e67bd004b9637ccd1b525319dd8b7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711993, "uuid": "c345e308-890b-4ed7-98dc-7f620b8c44d9", "comment": "Malware payload (Formbook)", "value": "d8bca19e740eb3d093910ce97026a162b51d1dfe9afaf66e5e32504226b4778e93e0b351cac34037c7274d8ded748181", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711993, "uuid": "5240ed88-0792-42e0-b03d-96dc125debee", "value": "T182E4024D72D4C298D8AF67F488D8142837B1BAAF1D8ADF2D4C9025BE1E31B118761F67", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711993, "uuid": "7f17bfe1-3a12-4ac6-95d6-8e62cecb5f2c", "value": "12288:qYnMlT9BtvZYxxYmy4E45LAWzo4oKTGY7yAbUTNiowAuVmcL7ql1hYsSj:qvrBdyWmyv6LITy/dOcD0C7Qb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683711993, "uuid": "be0f0204-2bbd-4a45-8fc4-1d156e388b67", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683711993, "uuid": "19379b1a-96f3-4047-9bae-c1c034c96d08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711993, "uuid": "9ac4103a-1fd8-4da7-b2ba-547e3d7b02dc", "value": "a9659502e9fc61c272d951bdf96117b4ccf427ec3aeefc954d822476ae5faf6f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0d8062a-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683705666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705666, "uuid": "c4693767-4eb6-4cee-8792-3002f6b1424e", "comment": "Malware payload (RedLineStealer)", "value": "d3231a62c12ae7d7a91f296394de7519", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705666, "uuid": "932fc660-2d38-49ba-a272-94f4e748018a", "comment": "Malware payload (RedLineStealer)", "value": "aa0f96be29bd7888fdbd195fb56e741aad5f13b9a1df4a7e74a085924240f597", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705666, "uuid": "40db9af5-5e70-4c86-bdbe-197ec972dce4", "comment": "Malware payload (RedLineStealer)", "value": "845755cf51fed99b68b1385b7ab340e5a38c14ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705666, "uuid": "9dd4fd94-ce7f-4147-8673-6ffb25db59d3", "comment": "Malware payload (RedLineStealer)", "value": "eb40519b787b54bdb0f80b753242b4bde69cd053f6a84aa3507d5e76148045fe6531516c30e5d444f1ad14b7f1103d33", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705666, "uuid": "b2c15d60-67c5-45ee-9410-f268bd8eff00", "value": "T10CA57C012E85519AC9A91B36C02F3B2467A59FF96520E70F93B47C2E3FBF1E38817156", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705666, "uuid": "6fa0e9d5-9c71-4f43-ae48-504d0e2c7325", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705666, "uuid": "12391587-9951-4189-b85d-84ffb398fcf2", "value": "1536:I+WOv6YZoNpeybRu0e6MijnsApyxV2q9QdrdL/YXI1Et/DQnKnTQHhE/+ps5V1q+:Zspeybg0e1dayxV2l9d/YXJ0n+Tih6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705666, "uuid": "f4eecba9-3c9a-4a24-84e4-eef586172e40", "value": 2097152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705666, "uuid": "03563979-83b5-4d39-bcb1-f2b417a82448", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705666, "uuid": "cf939ed7-f544-43f3-a117-7ea24126a10a", "value": "d3231a62c12ae7d7a91f296394de7519.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac50882c-ef16-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683711617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711617, "uuid": "18f1b306-f365-4a0c-a879-b89921fdb0cf", "comment": "Malware payload (RedLineStealer)", "value": "9a6f9e7df5bad780d9dadff9f7d74b72", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711617, "uuid": "106c6d65-0674-43b1-8653-257ccb788c9b", "comment": "Malware payload (RedLineStealer)", "value": "aa3129db591450b9c2a93e142d9be05e0cd49e7dbd833ff668078df9bcd3ebf5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711617, "uuid": "c6bfdadd-d36e-447e-8607-140d9bfa1948", "comment": "Malware payload (RedLineStealer)", "value": "415b7008c48475ef05eed78b31912856f6d84940", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711617, "uuid": "a8b05959-594c-4b20-b0cb-bf1f1fcafa24", "comment": "Malware payload (RedLineStealer)", "value": "ce476059e9e795bb5fc15899a0fbe662dab7ecd1e8d37e9d38ab68f0fbdf50ac3e1afab5ef4a6c97c499a7a3ad660548", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711617, "uuid": "d2273751-fc19-4eb9-aade-c858f6a660c4", "value": "T186B402039BE85472D8B22BB0A8F702931B3ABCB65D78436F2785699E0D731C4A535737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711617, "uuid": "05bbb49f-cf7d-4a38-85fe-aa77dec7f726", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711617, "uuid": "1165e9da-611e-4eeb-a9ec-897dd02961a3", "value": "12288:1Mr6y90Gwlf6t+vDglJJZu+86z2EDDO8pYPQcCCG:TythPZu+7zPDjpYPPCCG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683711617, "uuid": "e791b4f5-f94b-4031-b775-83b81a3bfee6", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683711617, "uuid": "49d0f13d-7011-43a4-b0b0-db29468cc7d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711617, "uuid": "e411b57b-b84d-4d6c-9b2c-dcc7e4fa50ad", "value": "9a6f9e7df5bad780d9dadff9f7d74b72.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f39aab1a-eef7-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683698422, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698422, "uuid": "cd225ecc-3d88-4fc0-adbe-3830691ae0a9", "comment": "Malware payload (RedLineStealer)", "value": "6887269e6e638d3e502d1bd645a9c8b8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698422, "uuid": "20d5a1d7-c520-4fd0-94f6-c28d0b75c542", "comment": "Malware payload (RedLineStealer)", "value": "aa3a84d69bd27931f0e7aeda5ff5cb4f7780644c2bb59bc1c374470c8109d2da", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698422, "uuid": "e14e477c-76ce-4416-bd18-715f399314e5", "comment": "Malware payload (RedLineStealer)", "value": "7e7c16f738da0c7a6f802d9548d1c62d81f9e2de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698422, "uuid": "33759213-55a8-45e8-862b-f81549a942b9", "comment": "Malware payload (RedLineStealer)", "value": "15e78dc29518cce9b14fe0fbb303790626c10f269aae9935ed7a4d030809ecc1127c7aeeecbaee0b07f1b35d12ad34bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698422, "uuid": "089e7567-9b57-4381-be2d-ca192425dfa9", "value": "T156A4021396E99533EDF13BB028F605C30A35BCA25E39477F2645695E4C72A84A432B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698422, "uuid": "53278228-271f-414c-b485-cb014ac2da46", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698422, "uuid": "f4759b43-35bf-4e2e-a2ab-5ac52c0eaace", "value": "6144:K4y+bnr+4p0yN90QE9LAOsWwgfPmXnTD538WexuXWLP8pJ6HGiakgmrDL63clRi3:4Mr0y90jZsWfaJWj8rSGggmn63+RiNx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698422, "uuid": "552346fc-ea2f-4942-a091-cf2e4dbee0b2", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698422, "uuid": "63b592ad-bdb4-45e7-829a-1fa578e524d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698422, "uuid": "c2b6dc3c-015a-43bc-9cb4-3a188bd9afc3", "value": "6887269e6e638d3e502d1bd645a9c8b8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e24a753c-ef1c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683714285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714285, "uuid": "41c6a68a-d98f-4e59-b517-1aecd8379a19", "comment": "Malware payload (AgentTesla)", "value": "dceac4a97b155219fe40b2d675164a35", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714285, "uuid": "69826153-b94b-4690-bbcb-7419287369ca", "comment": "Malware payload (AgentTesla)", "value": "ab014726aed51970dfc05e4afc3269d5d4ab208c480683ca4da49fe07d3fc90e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714285, "uuid": "3f1b0302-6ec2-4087-905a-af2f54269a01", "comment": "Malware payload (AgentTesla)", "value": "6930a9232e76911a107824dd66b6e5df806a22df", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714285, "uuid": "834e7465-3f18-483f-9065-8dc68bcbfd3c", "comment": "Malware payload (AgentTesla)", "value": "15d8d40229654f6b7f22b07e1756ca9d97c46c61e95ba455f39e98dd6ccb8817038aac78f0385caedfa1247341d88d97", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714285, "uuid": "9a23b0ef-e6cd-4970-8de3-2cb86ed053a4", "value": "T13AE49C56A024C81FFE169B71C1B5FFE4A6F1FD7394E6502263793848EAB9F021E8D118", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714285, "uuid": "81c4495b-30c4-4410-85fc-aecb96a67ead", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714285, "uuid": "1dd370c8-57b7-41e4-b40b-77900b915ebd", "value": "12288:hOTexxnucUElOLvxsXxs2egQVt+bi+d8Q2YdLTYWGaGn8UD/yuz+zb4xs:/xDUEl0shsvQDtW7pC2s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683714285, "uuid": "4e919d72-a08f-4f0b-b282-aadc9c0e6fda", "value": 710144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683714285, "uuid": "a4ec59d6-1354-4d79-a511-b050c013ef43", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714285, "uuid": "10a09637-309b-455e-8ea6-58ed9d7b2dbe", "value": "ab014726aed51970dfc05e4afc3269d5d4ab208c480683ca4da49fe07d3fc90e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ca9e46f-ef3e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683728529, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728529, "uuid": "3360ea19-8596-46bf-854b-e89e7ccb2ab8", "comment": "Malware payload (Mirai)", "value": "ceb42876b7e6c45b1a8fb8d63dce31f9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728529, "uuid": "db8a5e84-81ee-4e78-8b00-bcd3a694387f", "comment": "Malware payload (Mirai)", "value": "ab3bcd9ea102dca65d2e7355d349bb43a1a41c7cb7976e76cc1b4fd168fbd8e8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728529, "uuid": "a9474d92-c43f-4ab0-8505-9b6c37d423cf", "comment": "Malware payload (Mirai)", "value": "b5ffa1b754a43a0157782866c2c7426451bed03f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728529, "uuid": "5d0ba458-0c13-49b3-a544-3d1b92465327", "comment": "Malware payload (Mirai)", "value": "80b003645117112b9a6c80d1bd427190d0a1cd6047895800e2fe9f95582f8a659f129f0315e29ab839b949fb763867ac", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728529, "uuid": "8e22a945-94fc-4668-b3b3-219874a4a7d8", "value": "T17EC3E730E8044B1BC2D223F6E75A869E3F351E9797A733155B3879B02FF27991E29520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728529, "uuid": "1218a11b-e056-4b85-9033-191fddf9b980", "value": "3072:4jDy/+mh1vtbPIKaHbpcUPium7/L7QsvmGfIiNb:mOJ1vxfaHbywm7/L7QsvmGfIiNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683728529, "uuid": "0de93629-59c2-485b-94d1-18ee9f3f7f98", "value": 125008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683728529, "uuid": "3776dd29-faae-40ff-a203-1382f182525e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728529, "uuid": "4ff8ee21-b9b2-4175-a6bc-458eb1b8ef37", "value": "ceb42876b7e6c45b1a8fb8d63dce31f9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d7f9526-ef17-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683711968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711968, "uuid": "4b024a01-ad03-4fe0-94f5-7af461d88921", "comment": "Malware payload (AgentTesla)", "value": "124c54bed5730b9ed4710fc2e2202082", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711968, "uuid": "3ca9ee75-c8ad-4188-a550-7130f9d6d5f9", "comment": "Malware payload (AgentTesla)", "value": "aba99ac623b8f43f53873ee48dbf2f18f7206ae2041821e660b79505a3743ead", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711968, "uuid": "b499ec64-ddc0-4836-b027-b75a889337c2", "comment": "Malware payload (AgentTesla)", "value": "c12ec1fa01d46124ed372053f569cd0b42ec9b09", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711968, "uuid": "9105e84f-c483-435b-bc85-2e7d0ef89d79", "comment": "Malware payload (AgentTesla)", "value": "e02e1869ba77cebcc9dee54ababd1c144fb95ff9821cb3e5f70d6f099f49bead8f77097b145d1b0780229b18a89336a8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711968, "uuid": "f7e6e00d-fd51-42d7-b79e-1377ca370ce9", "value": "T1EE058C3D21DA5C16C71673FA8889C5E10335AF00AFABD26A267E30CC89B1B93ED5554F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711968, "uuid": "df50432f-9735-4a79-a296-1667565b43ef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711968, "uuid": "f606ccbe-08d9-4f2e-b220-04a59d68022a", "value": "12288:kGqjH3XLZfOxXyTvAPobuLeifn7H5KwACs/MnhUR73mrg8FmA6B3I/Zw+J:ktH3XNCXreifn7Hrs/mhA3yxrJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683711968, "uuid": "764c6045-b2c9-48ff-a995-fe1250912aee", "value": 871936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683711968, "uuid": "4fec158a-1320-4676-a918-1d02d4e3c540", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711968, "uuid": "3c09d949-b39b-4e45-945b-6758a4671881", "value": "SHIPMENT DOCUMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a6a420f-ef21-11ed-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1683716124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716124, "uuid": "3b9d4baa-c30e-4db0-a5df-9b18c3e3e458", "comment": "Malware payload (njrat)", "value": "171be6edcf6644be78732097dd68f585", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716124, "uuid": "9c437f3a-4816-4576-ae65-7e4f940ff975", "comment": "Malware payload (njrat)", "value": "ac0512ae388edecb444eac7b61138650b05f1ab927277696aaecb73efd62776c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716124, "uuid": "9e5de4aa-e4cf-4763-a871-bc5710865098", "comment": "Malware payload (njrat)", "value": "03aa09f53639aa75749838ad5bae1f4fcbeaf38f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716124, "uuid": "72d7e403-300c-4c24-92c7-2e4deefabe4c", "comment": "Malware payload (njrat)", "value": "5445085e1670f80588306c883701873a4eed1c4516d5ea75aae0dad2509f02fd04e30941ac86f503d3e39e93f9495dc2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716124, "uuid": "a0d2bd29-7c4b-4fed-b998-8817a06f0c31", "value": "T12464AD027AC48471E5B229751EF696305A3F7C301B798ADB539C2B1E5F335D09A32B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716124, "uuid": "8a65d9d4-0391-4231-b5c8-fc36d7aaeedc", "value": "ab9ff6e4872ea2766a5f5c6af5649e9d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716124, "uuid": "6ab603ec-c96b-441a-8180-4f0840b88237", "value": "6144:g61E/QSnxoEMTlXEulock9X+t40VMcY4x53biGB92:g6ErxJMTtEulg9X+t4qMAmIQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683716124, "uuid": "33782603-70c4-47d0-b4d5-ac7a318f6eae", "value": 318654, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683716124, "uuid": "a42ac4b2-d2a4-483c-b2f0-f884931b86a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716124, "uuid": "ea02e41a-9372-445e-8948-3971355315b2", "value": "ac0512ae388edecb444eac7b61138650b05f1ab927277696aaecb73efd62776c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8f9dd91-ef28-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683719423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719423, "uuid": "e91fc1f2-f8ce-44e6-9569-95c99219ae88", "comment": "Malware payload (Amadey)", "value": "00d02927cf900b6c90cbc1e5612fab88", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719423, "uuid": "eea6ed3d-f5be-44ea-a024-b17f5327517d", "comment": "Malware payload (Amadey)", "value": "acd063c502b1957bdb4e19c2f677128ff3ba956940a702aa1760e1d2362ff0eb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719423, "uuid": "b36d67c7-3735-4699-a90d-d87cae9ea472", "comment": "Malware payload (Amadey)", "value": "5c875e8197c4135a16d540d6cb5920da933818f7", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683719423, "uuid": "5003ca5a-a39d-443a-a8c4-36b8846b2693", "comment": "Malware payload (Amadey)", "value": "fa6abcc9fd5b7754068347db04b63aad558cee9a19cdb6bb53a8b82b10bf6ed7b331b090c55b8c9e6c70e5ecc4a8cf2e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719423, "uuid": "d6b7336b-0b95-4188-82d7-2a5fda927b9e", "value": "T14564394362D16D64E6674A72AE1EC6F8665EF9618F1937EF32189B2F04B00F2C172F11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719423, "uuid": "ce221a56-89bf-45f3-8af9-02376b91292a", "value": "6847c4a23533c8db62ddf8eb8d214ba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719423, "uuid": "c181cc22-d032-413d-a677-b800459a2861", "value": "3072:0JbM14NP80SsDLonSY5oIN/6WFnAh03hIobgxre42mv8ztWX8xKkE2Zo:R6XNYNaFWRiyAe7Wu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683719423, "uuid": "19ef64b1-36f3-4107-8a5b-0ebcf5892056", "value": 333824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683719423, "uuid": "f0e03960-b790-4c56-a926-ffa4d6e3e480", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683719423, "uuid": "18d2fe89-63ee-4238-88e3-ebc20873d076", "value": "acd063c502b1957bdb4e19c2f677128ff3ba956940a70.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64a60e17-ef2e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683721805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721805, "uuid": "1de2ab6d-c82f-4f3c-93f2-5a5e221a0cb2", "comment": "Malware payload (RedLineStealer)", "value": "41daa24b9867f03de306d5daaf63d0d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721805, "uuid": "c7a534df-b626-423b-98b7-704c38ee7c06", "comment": "Malware payload (RedLineStealer)", "value": "ace69ec865ded98976cddfe028ed70b5fa60a0fd5c01f1996ed160ecd3d5c859", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721805, "uuid": "af4a0a3e-b8da-4b0f-81b7-6e099fd190ae", "comment": "Malware payload (RedLineStealer)", "value": "94b87c30fe89f24c784ec28eff61ee7bde7dbbf7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721805, "uuid": "761dd3f3-c75a-460b-af54-64b0e8dbae5f", "comment": "Malware payload (RedLineStealer)", "value": "4b2a3dfec326bfd016435714761fb40256b69067872295a4ac97441af7f1b4dbafa0f4965e4808d940223b85021114e0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721805, "uuid": "bea50c9f-f4b4-417e-9dd5-eae40d230fea", "value": "T1B4948D0363D87C65E6274A728F1EC6F8665EFA514F5937AF2218AB1F08B14B1C272F11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721805, "uuid": "f49c19c1-d966-4b19-8d15-c1256ac167f6", "value": "fec1eaf066374a71027605d8a122bd0e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721805, "uuid": "03954691-196d-460e-ade1-ee24c47c4674", "value": "6144:7Rw2JV8O2v9YxeloPqAAfuyu/IsmvrHHbFv7C:m2JVvelozKuyu/IBL7Fv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721805, "uuid": "9e47d31c-ddc7-4948-8d39-db4398e4eaa4", "value": 427008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721805, "uuid": "d425da61-7373-4787-856e-05fed7ff4119", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721805, "uuid": "1cae5260-5edc-4699-9a53-7ea379f7aa66", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "718abe6f-ef2e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683721827, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721827, "uuid": "50a541a8-0131-4ce8-8d74-ccc954734f58", "comment": "Malware payload (RedLineStealer)", "value": "f862393a2401b750a0082b80fbaf6982", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721827, "uuid": "e406dc24-b203-4bd9-b7e4-a46085e0b6f3", "comment": "Malware payload (RedLineStealer)", "value": "ada4e796f71690f7f8681bcfac62445e470e4987c530b8781daacf91d7a5017d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721827, "uuid": "89703dc9-1a1e-4b5d-9296-62a1644d9002", "comment": "Malware payload (RedLineStealer)", "value": "e9519809c352ed8460278d7e4f06c5774e38d64a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721827, "uuid": "bcf7acd9-4e33-4408-8732-00093843a779", "comment": "Malware payload (RedLineStealer)", "value": "0bd014dd751bd6bea3bc920305fcfa78ae2fa162461b31956ac3888c201a9adfb39d98d25df4d60eaf826699e070c8c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721827, "uuid": "aab7a980-6be4-4772-8fcd-84d5d8535cfc", "value": "T1C2B41212E6E58472E9F517B058FA13D30E36BD615D3847AF3B82AC5A0D32688D972337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721827, "uuid": "573f59d5-8bef-4991-99fc-7aeb1785e162", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721827, "uuid": "f5b97f63-179a-47a5-8873-f1ff2f83da2e", "value": "12288:qMrty90VDN6wb0O+MN/rsnyXiIs1Uf/h39Kljd:jyoNf3lQL1arKld", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721827, "uuid": "b1996a99-006f-49fa-af2f-c06004d6d026", "value": 501760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721827, "uuid": "2be3f42a-419a-40c4-8c3c-339b86c657fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721827, "uuid": "6f5e2066-9123-48eb-9d20-cda3feefcf41", "value": "f862393a2401b750a0082b80fbaf6982.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31775d7d-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683704110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704110, "uuid": "7259d1b5-73e1-4f67-b0f4-0ad3348afe60", "comment": "Malware payload (RedLineStealer)", "value": "5a21c827846f6b65822ee160ef78a7d2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704110, "uuid": "eb2b99eb-8a5b-4521-a783-73f78b3fad6f", "comment": "Malware payload (RedLineStealer)", "value": "ae51ea26d95791314f8c8d951cd30e652382c4412a38d51bcbc599e1258d8d41", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704110, "uuid": "3d8c9440-8327-49c9-957a-e141c36fed52", "comment": "Malware payload (RedLineStealer)", "value": "adbc123ed0dc041aa59ddd453d33a65c359852b1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704110, "uuid": "6ac3524c-be98-48e1-8778-e46370152391", "comment": "Malware payload (RedLineStealer)", "value": "9744afd456ead2a957c58ca870f77661dc4900c4b2d5ddfc42cb5aeb271a604a143751d900bf5349a46943b1a699d767", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704110, "uuid": "efb9b108-c8e7-4fb9-8d59-53e9d8c2b341", "value": "T12D55390329FD403AD8F20D7587EB8675F9EEB0150B2977DB27C64D5D8A132C0A229BD6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704110, "uuid": "72d8b91c-89f5-4298-afb7-aebc9a5fd611", "value": "e63b73c706e10ce7898e28c3d495b696", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704110, "uuid": "acf0e9d3-8c0b-40a4-82da-1136d351ab67", "value": "6144:3PW4G7RKIR+td7M88qakp5SAOG+8KFD/M0F5oWGNJdRJoqDDp:3+4G7RKS+tVSh5Fg0FyNBJo6p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704110, "uuid": "06acccf6-2823-4dab-b6a2-6df24ec14806", "value": 1308160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704110, "uuid": "42f5fd4a-5305-4938-9fac-55e6052e00e3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704110, "uuid": "389236d8-9cb0-45cb-989a-77f92955500e", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f480dc26-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683729348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729348, "uuid": "bc0e0502-3f94-4a3a-8acd-9ee0f131b450", "comment": "Malware payload", "value": "815ba5daa0c90ec895ffba288b21bdf1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729348, "uuid": "42c65550-f6b7-47b9-b693-86fc3de00a7e", "comment": "Malware payload", "value": "aeacfdb02517c802c36489a0246cbadc2ba4af154aeed81c577ccfce88a0f7f9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729348, "uuid": "b8402137-9bce-4ac1-907f-d5581249d1b0", "comment": "Malware payload", "value": "c2d6077f0fdb2548dd7eb1b2279586cbb1b97400", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729348, "uuid": "5a29b1d4-b036-417f-8725-bcf0c96e1c57", "comment": "Malware payload", "value": "22b47a878befe3f5b04e12c32d7987797119b49547e4307da307945d2c4d7128777c252a2857e1bfb1e6a5b6b92bcdb3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729348, "uuid": "e3135157-ebff-4570-8394-4b711155e2c9", "value": "T1AB661235F1E2B152C46200F313557E6542AD3F740932096FBFA86F2C5AB89E4DB1AB1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729348, "uuid": "6dc08397-f2f9-46cc-b0ef-fce904364448", "value": "3c2483074ed7bb50fc3617987ea220e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729348, "uuid": "6f9b68d2-665e-40fe-b6e6-30a87e6c891c", "value": "196608:W5bG6ECJpL8yp+0WEN2aB2CUuRKkuVoVyh:ybIYAy80WVVCUNVOyh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729348, "uuid": "c21c7ff8-eb60-4e13-be5f-475caf5c46c2", "value": 6994944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729348, "uuid": "deecf013-50cd-4620-a5a8-1ef212d74003", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729348, "uuid": "9a8a15c6-9510-483d-86b0-da5365b982c7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a36ce8ac-ef65-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683745533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683745533, "uuid": "5a9825b3-d32f-456d-8c22-a977a3fdd7a3", "comment": "Malware payload (Amadey)", "value": "e458160446085ba41537e5cfd0847fd9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683745533, "uuid": "5db9d0dd-8002-461e-836b-ca39836fc7d9", "comment": "Malware payload (Amadey)", "value": "aecbf7bf99a187049f5740bf8625a6bc5860dde7004c5bc90abd319d2b6969d6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683745533, "uuid": "4958dd43-ed18-4a72-8c46-bbe5b15f859e", "comment": "Malware payload (Amadey)", "value": "fdeee314692b6e8b6403a2dbf17760358865f540", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683745533, "uuid": "1929159b-917f-4558-b2d2-7d452ae998ed", "comment": "Malware payload (Amadey)", "value": "82e79f33c330c6d8d25f062f357b836327ce27b73f53f33a64ca511c6e4ec92bbe7e87a2695b562d2481811d9693748c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683745533, "uuid": "eba3a91e-bcc8-457d-8ee6-9c503aa32ce0", "value": "T1BFB41212A2D49137E9A1277048F603D31B3A7CE18E7893BB6746689F08727D4B93177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683745533, "uuid": "01396adb-f990-459d-8135-c15062dce6af", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683745533, "uuid": "1cce935a-ba76-4a15-a51a-c57de5f41352", "value": "6144:Kdy+bnr+Pp0yN90QEOPD9nYO1O/GbkW8nZNz8yYjw3CAkW6N4vChoEcKYnP5dlBN:DMrvy90gPD9nYL/DpkDECeTPlB/7php", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683745533, "uuid": "e21534a8-9dec-4daa-9b29-beb5c8256726", "value": 500224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683745533, "uuid": "c3cfb2c8-1500-4f79-a00d-7c9e817b4144", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683745533, "uuid": "7e40918b-150e-468e-af25-ba0b190c0f71", "value": "e458160446085ba41537e5cfd0847fd9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ccf5a212-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683705659, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705659, "uuid": "94d57781-083b-443b-ad91-b50069f8fc17", "comment": "Malware payload", "value": "b2723ef8f4671f64d0ffe21f8cbe7ff4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705659, "uuid": "636791fc-f5d5-408d-a964-218a4f893b5a", "comment": "Malware payload", "value": "aefc3361114ace20d1b7147cd9c1d865b560957779e9496e9506219fe7bb83b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705659, "uuid": "e4f1e3e2-09b6-4717-994d-419992d7643c", "comment": "Malware payload", "value": "0a8794c6d3ba581a989facd172fd7ea5fc63ab6b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705659, "uuid": "6d7ef5f5-301f-4980-af20-06a7aa040042", "comment": "Malware payload", "value": "12f8238a6bc3756e2c9efb0b8d048a1ae1487d7e80803baba02d563e2016590b47d6bd0617ebf8d6c7b1b3127e4177b6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705659, "uuid": "cae66a3f-e175-4f7b-b40a-bd93f97a0a8a", "value": "T155B5338768A32724D8916C72D405F2C8DF07F0CB65AEB6DCDD86FA941E349E1AF0416A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705659, "uuid": "c949d26b-c11b-48b3-9e2f-8aea2174b599", "value": "a6d485bb19e9d448f0a341f89d451edb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705659, "uuid": "ab744c40-3d13-4c5b-81ae-a7a83c99c211", "value": "49152:xINdv++XQL+mc0PaahW3HeZ0dwkoKiytRIl7BpMWcAihUd3TXA2k5ybfW:u8+hIaRHeJTWRIlHMgihC3c3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705659, "uuid": "d4f48167-26ce-4965-abb5-40684ffc885f", "value": 2337280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705659, "uuid": "af94afff-397a-4824-bce6-3b1cd2ceb022", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705659, "uuid": "278d9c5e-a230-4fcb-bb98-3ffd0fd5a71b", "value": "b2723ef8f4671f64d0ffe21f8cbe7ff4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87b1e330-ef37-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683725729, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725729, "uuid": "29cec08c-6579-4a77-b781-552c1c111d46", "comment": "Malware payload (RedLineStealer)", "value": "463e755becb1c2d74d9f8282cd14315f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725729, "uuid": "2f1b12c5-f749-4b94-a472-f713f7aeff5b", "comment": "Malware payload (RedLineStealer)", "value": "b32818fe23b925bee3469c0dfb8cd305b3b72ab82d2459f5e63bd499868fd652", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725729, "uuid": "a6b0f752-a9c4-4e8f-acfa-d84828feadd4", "comment": "Malware payload (RedLineStealer)", "value": "39bb9acaef2db5b6a2a8cc4434305e4c2d35998a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683725729, "uuid": "40847603-db33-467b-a2db-1c1b1d38c166", "comment": "Malware payload (RedLineStealer)", "value": "3c4c90bf289f9a628390d123e0318b77f000abf0bfe78ee7b91894d23e0b1b48f2302ce454112107f3e69d62269f2359", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725729, "uuid": "87e1bc99-8053-498c-8771-29eb6ba00f37", "value": "T1EBA41217FBD980A2E8B1177068F303870E31BDA19E6897A72386595A1C736D5B53233F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725729, "uuid": "1d37b010-062d-47ef-a42f-8b3154b3baf2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725729, "uuid": "e1c62983-fc37-4679-9f12-0152a702b910", "value": "12288:kMrvy90isxQZK/gna5F6GUY5ojlpjNBZR:LysaZwZUYClppBZR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683725729, "uuid": "e5aa7a56-1862-417f-afae-0d64f41815cc", "value": 489984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683725729, "uuid": "558742bb-8590-4a30-b719-a2164c9494bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683725729, "uuid": "03c1731e-9598-40e2-88c5-271ae53adfbd", "value": "463e755becb1c2d74d9f8282cd14315f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad67603d-ef16-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683711619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711619, "uuid": "a9f6c7d1-eec2-45f0-bc41-3b52196ee31e", "comment": "Malware payload (Amadey)", "value": "c468106ab02c3e8ba737b0c9fef3421e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711619, "uuid": "3831c5e4-8cc2-431e-9e05-45caaa27192b", "comment": "Malware payload (Amadey)", "value": "b376acd1f36f305c03b06fdfd12dc49847d576502355e42409f836e8d3ec8f6f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711619, "uuid": "3d8f5566-8b4f-4bd0-b578-b3d4d9cddab0", "comment": "Malware payload (Amadey)", "value": "90b2bee90a3037574ec5e8876a4379c2f61475f9", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711619, "uuid": "64ef2884-af9e-42c3-8105-af5977d7a33a", "comment": "Malware payload (Amadey)", "value": "fadb3b1952a725b87ad934933dbe9e65033ace7f8bb3023f5cd6b69b10135ad7183a9a22e84308a4aa139ab23197925d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711619, "uuid": "b38f3cce-a99e-4998-8708-a9737141d501", "value": "T15CB41253F7D80173C5B427B058F612E31A3A7CA19AB9877B2789A98A1C723C4D436377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711619, "uuid": "ae4ef0b4-e60b-40aa-9bdd-cb60b3e2af29", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711619, "uuid": "3423ebf0-7fe6-40bb-a8bb-cf36df019f64", "value": "12288:2Mrfy904B+Po9kZu+CPTA1LxTCl3kt9p:1y9UwmZu+CPiksp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683711619, "uuid": "25552eea-340d-45c3-8c08-5507c94442b4", "value": 501760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683711619, "uuid": "2c553ec6-47ce-4248-b562-26a161738f92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711619, "uuid": "ce6c3f63-c241-4d7b-9424-a37ccc431cae", "value": "c468106ab02c3e8ba737b0c9fef3421e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7daf88ca-eec7-11ed-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1683677609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683677609, "uuid": "f40d8539-fa34-4ef3-a646-0d153efb8406", "comment": "Malware payload (CoinMiner)", "value": "4fedc2313fbf97b7476a524e8da78a9a", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683677609, "uuid": "586c0009-a4e0-482a-b9b8-f55adbb44c72", "comment": "Malware payload (CoinMiner)", "value": "b38d4e0e0cb062b0a761b08bcfb1e7bf9c655904b9f48332d7815c26307128f1", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683677609, "uuid": "20aad575-d4e2-419e-9725-ec9f6dc7edd5", "comment": "Malware payload (CoinMiner)", "value": "9c4e94423749fc89e8a1ccd9dd20531668238a7a", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683677609, "uuid": "f20c8e37-fd8f-4ddf-b8ce-31d0ca3250e3", "comment": "Malware payload (CoinMiner)", "value": "d715c49d03ebec5bef8b0b58cf22bcf0c78354fbbbbe72899cda01b5f059a562722c71a17d08e2c47e72ee796663de9d", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683677609, "uuid": "702687ea-806b-4c50-93e6-cba0151b9154", "value": "T11CA52307B2D11066E4749BB569930A5BE7307827AA2943EF13E8D16D6EB37C1B630F13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683677609, "uuid": "7f8b81ef-75c0-4a30-a8ad-a5dc6b5f9c58", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683677609, "uuid": "07ad3c8d-3618-4f8d-9d0b-cfb1da8f5e45", "value": "49152:KytRUOBc+UOvDS51TeH+ZMqmHCSTWkVyarw6agMQcdC2dS0nQGkzSjaiX3:nBUOGzTerZHXSkVDrwdQcw2dS0lkzziH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683677609, "uuid": "f6e27ef1-3dc9-4491-bd7d-269e68f7e6a2", "value": 2266624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683677609, "uuid": "600ec49e-c7bb-4ec5-a05b-61013e90eb22", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683677609, "uuid": "25101776-e7af-423c-8862-9fc6ce7485e4", "value": "setup.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4161bda2-eed7-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683684380, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683684380, "uuid": "f723dc1a-0177-4407-84c0-aa38a9bf1a72", "comment": "Malware payload", "value": "2395577152aa03ec6a0addf3319327fe", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683684380, "uuid": "01967ef1-199d-4a07-850e-dfd9820f3dca", "comment": "Malware payload", "value": "b41f6dfb115e0bdf3fd8e860036b4e04432f1af43ecb9cccea78539e701c03a1", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683684380, "uuid": "f0b10448-ce44-4826-bef3-120b81e4c704", "comment": "Malware payload", "value": "a867ab8f8956acf7685975c0a2b9c3a8a456870a", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683684380, "uuid": "c64ddf09-cfd8-4391-aedd-274cb638bac9", "comment": "Malware payload", "value": "47c6b39895cde3a7662244525a04ecb09dc866051e43c1f4c60adb15d800023e56fdb5c54642594e1c2123c2202fb873", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683684380, "uuid": "0ef5f3b1-3cd5-4a7c-837e-35473bf13025", "value": "T1D6073392F7A8BD2FCC73C1334BBA0A7212425D558B56D71B642573AC58FBAC48E48BC4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683684380, "uuid": "9612f994-0390-4f9c-b123-5da06ebba21b", "value": "393216:sKMHXM5+GEg4/zvpdmt5yMGRo17nBYVqslAKa6SQtkZq:sK1JOzvpdmt5ERojOqslvhSR4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683684380, "uuid": "37f86879-5f7f-433e-a69e-48e354fb4998", "value": 17326674, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683684380, "uuid": "751b8208-31f1-4b8b-9f76-f28bcce5f4f5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683684380, "uuid": "f80a3933-2707-453a-98d7-5882d9babc2b", "value": "kurulum.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "508a0c58-ef60-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683743246, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743246, "uuid": "01454fc1-bee3-43e7-83fa-31c1c4ba9339", "comment": "Malware payload", "value": "26e2aed66f398328e54aff8654dc3205", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743246, "uuid": "90e85cde-b3cf-47fe-ad6c-788d6751f1bf", "comment": "Malware payload", "value": "b5b517e702eb10f4b38f84dee18d922d1738b4d7a6df1ffd4dd321af01c9f899", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743246, "uuid": "2f588fe6-79e7-4d10-a943-44902802affc", "comment": "Malware payload", "value": "a0ff9235899b5176b40dc25ac777b4ec329cde87", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743246, "uuid": "a498f76b-6a0d-4dfd-a8be-f8bed3c5a38f", "comment": "Malware payload", "value": "adc144f8e2332509343db8f2d87e62a23339fc8ef0d3c7e8f571239099d8064759b39bb2e525d1e23905e4b131e3ba0a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743246, "uuid": "9ccba6f4-7dae-47f5-a967-82aaa2bc959e", "value": "T1F7162AB2BB40DC3ED05F06355526EBA4993B7E6165269C1F6BE4388C8E36140393E93F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743246, "uuid": "574d2c7c-79ca-4f68-affe-a57cd1a0c7b1", "value": "5ff0a40882c2db7d13d16b9f71253e7d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743246, "uuid": "175e5561-7992-4bb1-b5a3-22fd10e4348a", "value": "49152:UIG7b2PeSrGrk8+0a4j9mTc6jARZj00pcU:UIGLkZ4j9kARZj00OU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683743246, "uuid": "39cf520d-8e4f-4192-b480-d26214af65f7", "value": 4091272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683743246, "uuid": "83eb0442-e286-4fa1-9274-a21748718a68", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743246, "uuid": "5600a18c-78cc-4368-abfb-42307eacd93e", "value": "SecuriteInfo.com.Heur.23764.28861", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed1e5000-eec8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683678225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678225, "uuid": "3b6bc943-3f86-4420-8f37-634b04b3ef65", "comment": "Malware payload (Amadey)", "value": "ff0f2ba7ceb41921dbd2db52cef9ac1b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678225, "uuid": "6074ab3f-efa7-4887-8eca-ee7024cb6636", "comment": "Malware payload (Amadey)", "value": "b5c8d3f1134cb93346fa8b5647a95e14b6fb8b04ab58583da61fbabf9d7052a6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678225, "uuid": "6479ba01-834a-41ca-8e6c-b57a0047f577", "comment": "Malware payload (Amadey)", "value": "79f96c60b4d802747b39eeb02c0191da57ef7bba", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678225, "uuid": "11285c0a-862b-4df3-b49b-88528923204b", "comment": "Malware payload (Amadey)", "value": "4cfea56ae866510b3a36eb59559a2db1da185d932fe6804cdb02e529f9ee63a172bdf6366c14eb0ce804a20a8079baae", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678225, "uuid": "e23eec34-ad34-4e86-b0a5-7348d77758f7", "value": "T1C4B41207E2E84462D9750BB05CF303931B36BDE1AE78575B2B8A942E4D736C0917637B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678225, "uuid": "1d548825-6fab-44c3-a2d0-f10f3a8620bd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678225, "uuid": "6110f420-3ed8-467e-9d68-879f977fb428", "value": "12288:KMrQy90HxlM6BS7LelgfKqymptgEBF5N6P3Jssn:OymxUamd3piMFzO3Jv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678225, "uuid": "b6659ca9-a0a3-488d-a266-7c8b0e94247b", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678225, "uuid": "45608173-29e2-4469-af75-33e563ee7f46", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678225, "uuid": "72605051-04ea-4e6c-bfcb-0c2f488072d0", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec398bd5-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683729334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729334, "uuid": "d2e7d420-f0cd-48ae-9555-b46c2dc88a93", "comment": "Malware payload (RedLineStealer)", "value": "9a80b6e486e2813ca38660a030a6f1ac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729334, "uuid": "918824e6-a839-44c9-824b-007154e2dfb4", "comment": "Malware payload (RedLineStealer)", "value": "b68bd5f437195007eab47596498cf7f8723a6b13631f92c2266a5825c902b486", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729334, "uuid": "4b17f893-640a-469d-b26e-08f5bce30810", "comment": "Malware payload (RedLineStealer)", "value": "9cde1a4eaa5f1a3e0c3ba0f127fccf9bdb7ae8aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729334, "uuid": "c70d88bb-bfe7-4b46-afa3-f62496079eef", "comment": "Malware payload (RedLineStealer)", "value": "88aaafe6fa76410c2724cc3825c5d263ed4865c192dd6b61c3138985531f7c7da8c455ceaeb05c60c8658790398091a3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729334, "uuid": "0d4317bb-31f2-4380-8e99-6665a1a91a6c", "value": "T1E8946C1362D5BC64E72746728E2EC6F4A7DEF9518F19379F2218AB2F04B11A2C163F11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729334, "uuid": "789e2463-fae5-45e0-b65d-c891e22f357b", "value": "fec1eaf066374a71027605d8a122bd0e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729334, "uuid": "27edafd3-4973-4260-aed4-4ea12dbeb848", "value": "6144:RRa8ZdUAv+PNJY0wKLvG2SxM/o/b7qjSZlmC:za8ZuAviNqFGCPqQl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729334, "uuid": "356e3cb5-1742-4e80-abe6-68a51528132d", "value": 442368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729334, "uuid": "14e8565b-292d-4738-9dc4-dc2568d1446e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729334, "uuid": "f2e261a2-0228-4c40-a3d0-677d296ecb8a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bbc9404-eef1-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683695698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683695698, "uuid": "e5498769-1b33-4723-8f3a-c2b50d2ce59c", "comment": "Malware payload", "value": "604e6d6cac22bc2c954367b4a36bb195", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683695698, "uuid": "8382e188-d4ac-461a-9f53-8dffd55759ba", "comment": "Malware payload", "value": "b692e438cef89dc57d7cf774a1eaa97ff88fd1e9c287546ad685bb9b3e9a6bac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683695698, "uuid": "4e353dfd-f532-4070-a01f-f42bd22e61d7", "comment": "Malware payload", "value": "d3d6d7ecc2d433742702a38f11d439bfa3574d75", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683695698, "uuid": "d81ed275-ec7a-4765-8b10-f44c23ff8e76", "comment": "Malware payload", "value": "d6a4ec5097e1e75e3c58cdda3505697a6220d25e00fbac3d3d901625c47de1a926ad54bdfc5091b5d5743e888f3c1fe6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683695698, "uuid": "650d0fc2-063f-4b04-83c7-1fb46b30749a", "value": "T18A463348A1A40CB9ECB3113FC4959405CAB538260791D78B0BB6A19B1FE77B67D3EF81", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683695698, "uuid": "49f682a4-100a-4b42-ae03-0734b2cf88a3", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683695698, "uuid": "1edad12e-a880-4a05-ad45-43541f09bf86", "value": "98304:hVH1ezhQ/sb+sX1ZvbeeJZ34Z0FGRABTgtse6vzovkFSZA6G7NvrOCK:hIhQECsXDjpf3ZkJMFEA7BK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683695698, "uuid": "2ed80637-3f99-492e-9f7a-a20038b8e604", "value": 5768620, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683695698, "uuid": "d95627c8-2353-4eed-8a7e-bfd41e461001", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683695698, "uuid": "4d1a0977-7284-4d0b-9e28-07d0d640eb76", "value": "shell.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1ade3d8-ef19-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683712942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712942, "uuid": "a0af1ea2-cf03-4945-ade0-3c57f4e896e5", "comment": "Malware payload (AgentTesla)", "value": "04d085045b195c2849bf1f97548bad96", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712942, "uuid": "d54c2893-d7e0-4c45-9f26-b4f1dd8e4c13", "comment": "Malware payload (AgentTesla)", "value": "b7c820e55d39907ac06afd20c9a1541f233b1146cd6d48a07b749d58e2a8e32d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712942, "uuid": "8d417bb8-2658-4c3e-973d-0805fead35ef", "comment": "Malware payload (AgentTesla)", "value": "a4af98daed700483f30fb476627be4c419ade605", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712942, "uuid": "e6b2cf4b-deba-498e-b49d-05b68106adc3", "comment": "Malware payload (AgentTesla)", "value": "b66aa2f2677ea8582148f4cbc282e205b5bce11d0c48b4d11620a36c6a952705c2da2cf53943645f0b2bcb854ee7cb68", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712942, "uuid": "f56b2129-5cf1-48bc-82fe-765ba7e40053", "value": "T173E4BE535065CD4FFE2ADBB095B4FF55A6F1F0B360D190242BB921C9CAA9F021E4C62E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712942, "uuid": "c5a16ca1-250a-411d-b4a9-d487de08b2cf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712942, "uuid": "343bc722-f9c1-4e57-bccc-bb4ad60020ce", "value": "12288:Mqa65cLwHut/5emWxQP+db+u8ZQ8IWR7yeDUmegQVt4:Mqv5MPWKvuCjIYyeD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683712942, "uuid": "8c16f45b-fd2c-45ba-94a0-d35804041641", "value": 705536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683712942, "uuid": "a5fc1cc4-5068-4d75-a55d-57b2f54e56b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712942, "uuid": "f366ed1d-c145-4e8f-b340-dee5602dba12", "value": "b7c820e55d39907ac06afd20c9a1541f233b1146cd6d48a07b749d58e2a8e32d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b937a5f-ef0a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683706220, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706220, "uuid": "d6ceceeb-bb9f-4810-b77d-fd2b03cabf15", "comment": "Malware payload (RedLineStealer)", "value": "231adc1351af6b50967f905fe810382c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706220, "uuid": "7232c694-336f-4bd5-a095-3f92e324f79e", "comment": "Malware payload (RedLineStealer)", "value": "b7fb2a89508e5c147476b6c46e8e4ef0c73bd54603b5bbb75251b25b700e41ef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706220, "uuid": "e3d625b4-2f32-4d38-bcb3-276d0766301c", "comment": "Malware payload (RedLineStealer)", "value": "fed56e70e1929499b2dbee3526803df61956aeaf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706220, "uuid": "15ca3ad3-4968-4248-9186-227d13b9cb52", "comment": "Malware payload (RedLineStealer)", "value": "3e2dbea49ee72bc582b5f3a7c6d69c57c342052f78699a92841ab762242d2d6f03192a469ad71f9aff7156ce0532b20e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706220, "uuid": "024fee8d-bb02-4d23-be42-d04332f66d69", "value": "T1E4A40203F7D44037D9B56BF08CF602931A36BCB24CB5936B2B85685F19B2690A97173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706220, "uuid": "69a27bc4-d05e-4573-9681-ce77e46ee1db", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706220, "uuid": "d545fa5f-d325-4ddf-8af4-1321caacbf5b", "value": "12288:yMrsy908HJ9VEEG8HCvy0LgJwd910t4yMeB3rjjf:KyZHxg8o8G/3aBXjf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683706220, "uuid": "d1568d2c-e0e5-4107-94a2-a08c04babc88", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683706220, "uuid": "bd3b14d1-326c-440a-9952-ae6284227d81", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706220, "uuid": "8e425596-1b87-4482-b435-74b46a6ddec3", "value": "231adc1351af6b50967f905fe810382c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f651c93-ef71-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683750626, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750626, "uuid": "73b73fe5-b230-43f3-9c8f-5a73bf7ca140", "comment": "Malware payload", "value": "d8b917a553dbd1352377e1241a149243", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750626, "uuid": "94a29044-42d7-41a9-9c68-c72699207dc4", "comment": "Malware payload", "value": "b82a3a41bc520708635248a53ae5c99658a5a579ee05f48bad4a8376de341432", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750626, "uuid": "bc69680d-4720-43d6-8eb9-36634740f83b", "comment": "Malware payload", "value": "a9e0d31831fa10d70143bf53e8b03f33b54cf95a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750626, "uuid": "30577b52-fc9b-4a55-84ff-28499fd2b392", "comment": "Malware payload", "value": "073778d446cf0d1824582e19b7df1ec3c0f2bf9f8853fc23b094552b81d8df96c2a1154d234e6f2f81c27e00d34aad7e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750626, "uuid": "4b3532c1-a177-4ab7-957a-4f8eb9b9ad97", "value": "T1F3A36B337BD18475F11214344D8AAEA1E7F6EC354B300A7F77AC36AE6E326915A26313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750626, "uuid": "5229b74e-7e50-43d3-a1ea-444ffff82286", "value": "836fc2e2b522a8f7bf8872eb2f0ce2b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750626, "uuid": "94c4b2d4-0cc3-40e9-89b0-bba247b33212", "value": "1536:Gcsdey/L1XB7bXnzrl6AWMynVaDhnOL/7nJQXJGScelZLEHD36B:GcsMy1lAAWrnVCbcelZLEHj6B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750626, "uuid": "be4c351b-050d-4d97-9e98-2e770ddc32ea", "value": 107008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750626, "uuid": "033573bb-c6b7-422c-ba59-d3dd1f88524b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750626, "uuid": "5c17d04a-a827-4a95-b067-3755c87eead2", "value": "SecuriteInfo.com.PrivacyRisk.SPR.MS05039Scan.3376.20832", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bffb0972-ef26-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683718522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718522, "uuid": "ce6fafef-17ae-4711-b9c0-36e21668bb2a", "comment": "Malware payload (RedLineStealer)", "value": "bd2fb3d92135fe968e2b56dcba540b6a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718522, "uuid": "72bb8d50-c96e-4b53-b4a5-b7e86021e72d", "comment": "Malware payload (RedLineStealer)", "value": "b9253c21e8f82ccac212b78dba42f85f373acd63a40007e21d5b6a1f7b4cce6e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718522, "uuid": "ccbf4cdd-ce47-41df-9471-855c32b66997", "comment": "Malware payload (RedLineStealer)", "value": "08ed56a58047725dea880669a8091c2f23070ac6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683718522, "uuid": "fca3271d-2041-4405-80fb-6aecdeeb7283", "comment": "Malware payload (RedLineStealer)", "value": "e22e84bbd777a7c636d1a14155802f83d66088d0f5a66335b5efa6f0aa30fb50772594b7887ce1d5ec15e5259a86bb30", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718522, "uuid": "996af1b3-6ee7-4218-b9cc-b028ffcb0d23", "value": "T1C5A4130396F48073E9BA27B058F207C30B39BDA19D6C87AB6345994F59736D0A5B133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718522, "uuid": "a7d12c73-4c28-40a1-bb4e-04581307d8f6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718522, "uuid": "aaa374ed-eb21-4291-aa1a-dae045355395", "value": "12288:eMrcy908krzfOzW/kVFQRJX6TRMTLk5X:CyIXfxcARF6TmTLE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683718522, "uuid": "d37a8c0d-a660-4ae8-9779-1293db437939", "value": 489984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683718522, "uuid": "efdee78a-a35d-46d0-b867-73ac034db7ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683718522, "uuid": "371a2fb2-6d29-482f-b4a1-0871d13f5ea4", "value": "bd2fb3d92135fe968e2b56dcba540b6a.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2eb4d866-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683699810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699810, "uuid": "9db8310e-7eaa-4dff-8188-513e6639927e", "comment": "Malware payload (AgentTesla)", "value": "94bc34e3ba9ce5303dcf3c9ca3303ab2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699810, "uuid": "75857887-a06e-4d90-8dc1-879227beea6c", "comment": "Malware payload (AgentTesla)", "value": "b9df41d80d182a4c99a995041564a97413fe8702d20c7c5836bc29b509c3e607", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699810, "uuid": "2981cae6-5f8b-45da-a715-ad86df41bfc9", "comment": "Malware payload (AgentTesla)", "value": "b8d50d93889b8566b8a54dc2591aeed1461647af", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699810, "uuid": "ed80a1ba-08ff-4ede-8e93-1808e60379ee", "comment": "Malware payload (AgentTesla)", "value": "b0c05d4036e506e2a24dd4280e5f17b9c4183f6a3716683c6174a643a03cb2371743d7cd824d375a9ff7330ba6dc7e3d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699810, "uuid": "5c037b7e-1ccc-4a99-af4d-8896bda6b8cd", "value": "T10025339BAD1AA61F03E4F0339B41E091551C2191EB6FAD847894A76F9B13AD0363CCF3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699810, "uuid": "20e4f82d-4b24-4c74-8b39-8e612011071a", "value": "24576:hOBXoufKc86j0YfkiaCOnxldgvrC2H5LkPO:Mprb8LyW0vwG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683699810, "uuid": "45baa71a-0468-4877-a934-c56dce6bd7e3", "value": 1024875, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683699810, "uuid": "c062bb79-b120-4a25-9e18-216125437ef4", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699810, "uuid": "d71228f4-6d78-4e8c-95bf-152ee35924e6", "value": "JPMorgan Chase.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c35b447-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683744500, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744500, "uuid": "7e5e352d-04e3-49e6-b76e-dffb564ea446", "comment": "Malware payload", "value": "0244c0bb536daf38ebd96b26ed224747", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744500, "uuid": "49f01259-7022-4c59-87c5-ca57924bc83e", "comment": "Malware payload", "value": "ba3d52c419680e85a9a00ca2476caca566599a576cbca88c52ed96afa0cc1f34", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744500, "uuid": "c9c6cea7-1a95-45dc-a251-f8cb143f2295", "comment": "Malware payload", "value": "7af21bcb72501270286c42fc64ebfc02499e889c", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744500, "uuid": "4167adcd-437d-4f1c-a8bb-69c0d25d0238", "comment": "Malware payload", "value": "dbfa20ca9b1ed8117436614ab9a1b0fe1134746b801d809cc00aa141b816650b52d1be57fea19cdb8c2b25b387c6e3f2", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744500, "uuid": "8249791e-52c5-48e7-bdae-d5a1c59ee8e2", "value": "T1F1F433E5FB8B132ED6830636A28D7CA3CB139DD05A1E70404E62DFB595721FBF608895", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744500, "uuid": "cf48dd5d-a7ed-49f3-8213-242700bd6e08", "value": "12288:dHZP1/yo591FwjrSLMah7883KrbAWagLYnWZAO8ENR2FJdoyleQTSTxZOyQP:hZdao5LFwjrSLMlagLNZWlFjgTmP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744500, "uuid": "d1888ba0-ece5-4f22-b7bf-c10426b20d9e", "value": 730117, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744500, "uuid": "339fa585-1015-4dfa-9cd5-c84389e8129c", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744500, "uuid": "e8264339-c03f-4276-abf9-e9c37e0cfa31", "value": "Download Tracking Reference2.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f36cf2b7-ef2a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683720327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720327, "uuid": "3e7fdb90-937a-43a6-a36b-e2d9481dc95e", "comment": "Malware payload (SnakeKeylogger)", "value": "6a88bb0bafd4ae87d7e18aad45623dd4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720327, "uuid": "8dcca9e5-fada-4266-8484-c14132928431", "comment": "Malware payload (SnakeKeylogger)", "value": "bb2672735b9660902bf39ac41917389096203c4586d4460b59cb3737bf8e2814", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720327, "uuid": "84ea641f-db63-479f-b909-d4ffbe64e3bb", "comment": "Malware payload (SnakeKeylogger)", "value": "a641024de6d7259e76eb517d8ffe83a4ee77f09b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720327, "uuid": "178e5d44-8d0b-4858-9df0-73621f58135a", "comment": "Malware payload (SnakeKeylogger)", "value": "5089e7e920d0f6c0f30e7b6da12673008c4cc83e8cca29be0fef3af37750c250ac05ac04a1569b3d4486d8ab4d7e7d88", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720327, "uuid": "05a04f2e-7f5b-4902-a7c0-679206064ed3", "value": "T17CF4D011621A9B2BC76883FB0A28444517B83716FD6BD23D6ECF21CDED12F514E21E6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720327, "uuid": "b2b90c1c-3f18-4dfa-abf1-71aac0743e43", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720327, "uuid": "c3ed743c-dede-4cdd-95c3-859ed81766bb", "value": "12288:rAZfTIKZEH7Bnf+mZvxRVvxe1MOs1TBa1ato4R9mYbEBJw2zYOEZSLx0MA:reL7SHpnNVrHTBa1aWwmbvQELx0r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683720327, "uuid": "abdca789-1acb-4cb9-828d-8b6ef133dc73", "value": 754176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683720327, "uuid": "a7f32b07-7b8c-4398-bac2-9bfde92fa242", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720327, "uuid": "fef47554-d4cc-43e6-a130-a97e2fb2cdde", "value": "YNUpzK2GvgrjR8q.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c94349a-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683704477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704477, "uuid": "eb1ceb06-ecc9-44a2-8046-f435ad40c18c", "comment": "Malware payload", "value": "c866f2864776bbbaf9b16046936f8fca", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704477, "uuid": "43b63946-6534-4d3e-9e10-cac06ed1fcda", "comment": "Malware payload", "value": "bb40265975cf0090c23dfe6ff653d7849fc2ebd24ff35321860ca63ba283cb66", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704477, "uuid": "8fcb2cec-72b4-4a8d-8fbc-e5f2a6dacff0", "comment": "Malware payload", "value": "5347066a2712fdcaa0fee7eb4516ecbbda7be65e", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704477, "uuid": "3e350faa-306f-40f8-a0b0-29a6489325e9", "comment": "Malware payload", "value": "8b26fcd96e1bfa026c836d936a5c48563af85a4a2a5e7cef925b803ccabbd0d91ceedf36c9f2bef13e74989a025d5548", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704477, "uuid": "c08e05f8-a0f3-400e-9117-d029d1f639f0", "value": "T19254EF077105DE87E0A5C3F53F83CD9A0B4BBE019A8631EB6051776FBB302416AC662E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704477, "uuid": "535a5619-9555-4939-805f-8e1a91ce82a1", "value": "6144:OWaFJkKXiDU7w50Sd5nLbpgy3iTHgAcaLrsQZT4Ym50UOV+1:OWaFiKXKJnfpgycHgAVTZT5O0UWa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704477, "uuid": "cc836f54-4716-4ab6-9ead-b1a6fe565046", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704477, "uuid": "2a11fee4-bd77-40e1-8068-7ef1e24c3bc1", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704477, "uuid": "d796cfcd-bf8b-4d41-8936-fe133f70f116", "value": "Report of Supplyhazard 07523 Shipment -BLACKLISTED .xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d404a9b-eefa-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683699351, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699351, "uuid": "509ef247-d0c9-4e19-8b81-3ddafd6c8dab", "comment": "Malware payload", "value": "8a53ce82d46d8a7e34e1676579a433c1", "object_relation": "md5", "Tag": [ { "name": "MEMEMAN", "colour": "#A3A327", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699351, "uuid": "7880513d-3cd8-4ec0-8f2d-d8dd7ae6405a", "comment": "Malware payload", "value": "bb7d8d8881036bb8b551608765954622095d67239971bcde8d2e115b439c20dd", "object_relation": "sha256", "Tag": [ { "name": "MEMEMAN", "colour": "#A3A327", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699351, "uuid": "b26a7a9b-422c-46c0-b59e-23048d281c5b", "comment": "Malware payload", "value": "c6d739b9d163823f36a9933f414ba0211c763dd2", "object_relation": "sha1", "Tag": [ { "name": "MEMEMAN", "colour": "#A3A327", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699351, "uuid": "10f88665-18a8-4561-b3e4-0176b4cd4f7d", "comment": "Malware payload", "value": "8544d379a8a0bd293d2386de515afb93d7d3d6e4b9e0e40b3463be948028e8bffe8c0814fb83cef617f6227ef017ec3f", "object_relation": "sha3-384", "Tag": [ { "name": "MEMEMAN", "colour": "#A3A327", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699351, "uuid": "8edf0e4f-788d-42be-9ea2-26ae193f8a0c", "value": "T1B1315A061CFB4341AB6BEB393D2B5C50AA1F3CAD0475C04A3652499E9DD2BC188F97B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699351, "uuid": "861bf1df-b4e4-408c-b1d7-28b37d4e6864", "value": "24:QWs+SOtEOt8gWnLpYLRm6euv/5OR+neuos8+rPPjwsxoH1SNimH8cVoIfq7:tsEPtrSYLRmcs4nXnzYHEXHfm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683699351, "uuid": "9518ac0b-054c-4edd-abd3-12937bc109b3", "value": 1460, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683699351, "uuid": "a88f45d3-a391-4920-858b-147a274cb285", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699351, "uuid": "f8f5d433-f428-4948-beb7-d750d5ee99ec", "value": "Credit Card Statement_pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8190327d-eefa-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683699520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699520, "uuid": "64ae692e-2e72-4376-abc7-4fc15b73c096", "comment": "Malware payload (AgentTesla)", "value": "ddbbaedbdb3beaf0f699a7457496a049", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699520, "uuid": "8f6e41d7-eeff-41ea-8df7-ecbe1b5b705b", "comment": "Malware payload (AgentTesla)", "value": "bb8f4f644465fb56bb58762124b7967dc0c940899e69b4d9a059ddd34fd3efa0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699520, "uuid": "0ffb64ce-a629-42c7-93ee-902d4e578fb1", "comment": "Malware payload (AgentTesla)", "value": "db3ab424b4e1a3409be8d842e096faaede180422", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699520, "uuid": "8f892b5e-98cc-49e9-ba29-edc9e7d81325", "comment": "Malware payload (AgentTesla)", "value": "052a43163a566a06b656b5ed02f0200e50f23644a38a78724478fa5df613098bc1ff8eb6aa2bf6ce578a850085f1c378", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699520, "uuid": "f12953a1-1731-415c-ac8d-cd7abd5ff33a", "value": "T10EE4233E592BEB72D337FE29037C97CAD30A682156FBBB454DB94ED2F4962624321101", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699520, "uuid": "49205c5a-028b-4d58-82e1-89877bc5a7a8", "value": "12288:scY8bJhAaEeN6Oe0zwo1mHDKauh8cxENsISd++xMcIC44PvL3Aq0kSxpf8:NBvELl0shDKao8caNsnd+z4PE5xpk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683699520, "uuid": "5f9c4bdf-be69-4b49-b6e6-ae6f608097ba", "value": 691400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683699520, "uuid": "cce0d4aa-8d01-498e-a2eb-21369db576e1", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699520, "uuid": "19e38350-8286-4088-b67d-0bcf67182052", "value": "SHIPPING DOCS.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7617363b-ef3e-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683728706, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728706, "uuid": "1c3b0669-6253-4e84-b8cf-77a0870e6840", "comment": "Malware payload", "value": "c6dc7b28b8f02a473aa5233cc3723f08", "object_relation": "md5", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728706, "uuid": "adc4ae72-71ac-49c9-a763-feafc46e2e53", "comment": "Malware payload", "value": "bbdb6c0fea710b93f4bbd114e888e7464969b25e9c7b590482d6163a3dbf9f66", "object_relation": "sha256", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728706, "uuid": "a29278b3-42d8-42a5-95bf-6b052e96097a", "comment": "Malware payload", "value": "cb614b98f0ce2b8fd33cad0004e2d8617680ac42", "object_relation": "sha1", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728706, "uuid": "5c59664d-2b89-4d84-b59e-7fc323dfb9f0", "comment": "Malware payload", "value": "3f25406265ac78e7900c982ffa6215e7d3587631155549ef27b2c769f619f0ab59befcaeebfc082cc740ff3b30a25d80", "object_relation": "sha3-384", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728706, "uuid": "1ea69322-037b-4ed5-b002-5b0e27b812aa", "value": "T142B3E690E85B00AEC295A81C396B3BA671BE3E1356C642F01BAD69435FF5DF78CDB404", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728706, "uuid": "c2b52e12-8a19-45e3-a959-5e4d778038f3", "value": "768:ETKv+R1IfKisM94Zo0olrQT8QVDZJGfSxh4XuVgi:Se+R1IfKS8FJgi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683728706, "uuid": "28c9a893-c965-4cb0-a3b2-0adee63fc2c9", "value": 108667, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683728706, "uuid": "4d6cf93d-1fe4-41e8-9042-aa5b3cdee2e4", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728706, "uuid": "5321bf5b-7300-4a8b-b159-604c027b3c45", "value": "homeland 2.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62b7abff-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (STRRAT)", "timestamp": 1683704622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704622, "uuid": "8b9097f5-51e6-4c6d-8a80-41c495a7f734", "comment": "Malware payload (STRRAT)", "value": "8ce728f1623127b504eebb6ca4cd320e", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704622, "uuid": "39419f7d-657f-4652-b40d-c981e6c9e6e1", "comment": "Malware payload (STRRAT)", "value": "bcb9043e812bab9148c235f4e131a7a8fa72d0f29c9ef390eb16c598b61b2002", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704622, "uuid": "80784b6b-978f-4dc6-8e64-2517e62d9f5f", "comment": "Malware payload (STRRAT)", "value": "393070129d8632581ebc47fc3a64ab5a78dea059", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704622, "uuid": "5bc7962c-8f67-4797-9e7a-8453853ad400", "comment": "Malware payload (STRRAT)", "value": "01bb501ee144b5d96040af59cce2f6a83d76e29e141743c5dca1fe041172fc09d5376e21864508ce9cb68fb18e72c11c", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704622, "uuid": "c5e734f8-59f9-43d2-821e-f6ef1744608a", "value": "T1E424F199BFBE95A9D11F90391468C121C75C11F8C3CAE82B68EC58550CBAD6C6B13ACF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704622, "uuid": "2c1cd9f0-7b87-46cf-a7ab-2e2ce95e1249", "value": "6144:YDGM5+YsmGv2MDy+sshp4hcjj0GO07waiyks0SlPnujRuNMA:tM+mGv2QyQ3Cn072yt9drqA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704622, "uuid": "3cef5f88-8ac0-49d8-891c-2ebf39d74d46", "value": 223953, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704622, "uuid": "1a63710b-c170-4492-96df-5410e40d5bfe", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704622, "uuid": "0264d74a-7102-4bb5-831d-ffd73499fcd8", "value": "TM082.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11bd5122-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683704486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704486, "uuid": "5b8998de-2dbc-4b9a-b256-41a7ef86930f", "comment": "Malware payload (Loki)", "value": "829ceab2df836e13ac36092bc0a538fc", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704486, "uuid": "cfd84fab-765f-4385-b1c8-2f96ca9cf6d1", "comment": "Malware payload (Loki)", "value": "bd630892605d2e83d015c9461910297d0f31a8ce84c6f78add1c7e712d92d983", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704486, "uuid": "5abca366-8170-4c06-8580-0e9e4a1e0229", "comment": "Malware payload (Loki)", "value": "5a54c32c0bcdca9f01944fc81227e80514159ca9", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704486, "uuid": "384c8aed-95fa-4919-b6e6-1b755b393446", "comment": "Malware payload (Loki)", "value": "4d9df4997b342e3787165e574c192b5cce45c052c69d4dafc0451a510b0207e9cc826576a2912e4cb20fdb0cb7b0cab7", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704486, "uuid": "1513386c-a515-4836-bdaf-3f6d688c5c75", "value": "T12575E11AF5898F4CE581CBB56AA2748C421CBD2377DD24821294730EADF3DE6A6C3DC5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704486, "uuid": "ea719dfc-8737-4a1f-a050-3a4b980a114f", "value": "49152:nLKAEQmmQ30/+MXYQmmQ300QmmQ30j+MXD+MXrGCs0iHOJ0Rik:LIpmQk2EYpmQk0pmQkCEiECCbiu3k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704486, "uuid": "970ae558-bfb7-4f62-a62d-6aa341034dd9", "value": 1632256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704486, "uuid": "b7bf5b3d-0125-4b73-ac1e-a1ff3eccc6b5", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704486, "uuid": "993a8764-7530-422c-9ef1-db6ac7547284", "value": "pfi foster n705-n706-n707-n708.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8852f823-ef45-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1683731743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731743, "uuid": "ea1aa60c-cf03-47a4-9f3f-7603e66ec573", "comment": "Malware payload (AsyncRAT)", "value": "1e7887129a39589edcf955acb13a08b1", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731743, "uuid": "891f2e77-59ec-44d6-b6d8-e3e3c2efcbfe", "comment": "Malware payload (AsyncRAT)", "value": "be534a52a2641b2edfab22438e27d9d454aa490ca644d59c406ec46378221716", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731743, "uuid": "f60c7bc5-4d3f-4bbf-b46d-7de051ae67ea", "comment": "Malware payload (AsyncRAT)", "value": "c2e2acdd313738645d3a9e4ccb8e2b89fc87f236", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731743, "uuid": "7014bc5e-5b4d-4c75-89e3-65562e5557e4", "comment": "Malware payload (AsyncRAT)", "value": "a19142d7095402b5347b76e68a729328dd67e8e140cf9eafb0b3ee8469725e2d32fbd933db0268b86d3e3ade71696aa7", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731743, "uuid": "ea13fb87-d527-4028-a791-1328af684ad6", "value": "T100056C27F50859A0C0556A3FC1FF4024E7B4B3A7A613D20E5BE47BD935623327E2A939", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731743, "uuid": "3babb55d-083b-4297-830b-ad275dc34f82", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731743, "uuid": "8ef41430-360f-4fdc-9d04-072e2e990b17", "value": "12288:Gwc+mDHQg86lG2M4VsF5XJpZOD1UGmyYPzOhflKeUrGY1:Gh+v2s5XJpZODqGm9PzO1lKeUrV1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731743, "uuid": "e33a4987-44f1-45cc-9e97-0b4bbd4e1dc0", "value": 809984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731743, "uuid": "838389b4-9adb-4775-843a-6a10d0c48b0c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731743, "uuid": "5e0ac83c-69fa-4dbb-bbbb-cb8a057747c6", "value": "BE534A52A2641B2EDFAB22438E27D9D454AA490CA644D.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea52d2e6-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1683704420, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704420, "uuid": "9ec8b312-1af2-45c1-84c2-264e95ae3bcb", "comment": "Malware payload (AveMariaRAT)", "value": "03bbca98d55e971c5c521442364b69be", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704420, "uuid": "ae84c0d5-7bb8-41ee-a18c-dc136ef014fa", "comment": "Malware payload (AveMariaRAT)", "value": "c0a209c7475d77aab35852ae9662365b1704fdac50b9f3d59daebdee13018942", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704420, "uuid": "25a9d8e1-1ffa-4b31-926d-d14662bda5c8", "comment": "Malware payload (AveMariaRAT)", "value": "0b00001e2d4eafae6fee18818a150b779fa32c67", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704420, "uuid": "666d2374-29bf-4f84-a732-9c6cd312ef8e", "comment": "Malware payload (AveMariaRAT)", "value": "e425a91cb91f06c17711d964ad4add9a66389e70647136f174494f8e9c878cf01e9d8549f7a791d4de848404fd45e710", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704420, "uuid": "93875e7a-66cc-4118-a66e-874755bd1d22", "value": "T114F4BF3E50CB5C22C7A5C7FF899869640335BF15ADFBE22E225D30C89DB2BD09A41917", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704420, "uuid": "b39a841b-576f-42bb-a2ef-d25bb5035692", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704420, "uuid": "b234ace6-b874-4d01-bcd4-4760912ccdb9", "value": "12288:6VrB94nZfF5D+H12GJXhwPcT60dJfkhuZuiBcDqV5:6F6NAH15T6+JsheTp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704420, "uuid": "9700fae8-c890-4967-9683-b4bc04fae10e", "value": 727552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704420, "uuid": "2bc7b893-8227-460e-8720-3dca32db9464", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704420, "uuid": "f32afc1e-0b53-4fd8-8cc0-ed14e8079036", "value": "TgHfUcFlgAAds6e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b47f2fe-eee2-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683689255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683689255, "uuid": "4dff5d8f-18a9-41d2-9ea6-355d9642001e", "comment": "Malware payload", "value": "8ec32b9a1c60b6ec7fec7136f5491757", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683689255, "uuid": "89dbd9c9-999e-4fa3-b0e6-9e18e9a3c4b6", "comment": "Malware payload", "value": "c0aef69a7ba06919c486de618541749dc85317a65dc225787e07634af4974ae6", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683689255, "uuid": "b14524ef-2fc3-47bc-865e-ec01320f1207", "comment": "Malware payload", "value": "91cc8cbaa4af67a6a3f8b9b29c261846dac17ac4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683689255, "uuid": "72f0617f-1023-4c2d-bd9a-9c45ec46848c", "comment": "Malware payload", "value": "b4f38b2b581ed9a32a548c5ef09d9a2da327d3ef4b4f788dbde39a8b53ca2467aaf7e34e8961ac0d39201613d37817b6", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683689255, "uuid": "81ef3148-5237-4510-9dba-277ec71ab48d", "value": "T1D012AF99BB05F6EAE9109CF36C6C45FC8DEBE16E0897307048E1E90DCA4649B0B5E3C5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683689255, "uuid": "ae84c789-346d-45c4-9d70-c1ef7dea90ce", "value": "192:fTu2PzRurki7SLDLVpVovt9SbVySN6TQ3JuGpymy/qD1zIWRzYf:flzEBkDOvTCZuQEkymy/Gfg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683689255, "uuid": "6c5b9b40-28d2-4e64-be56-c54b976f6945", "value": 9744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683689255, "uuid": "644f6c8e-e609-4147-b3fb-0c708bf34328", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683689255, "uuid": "197f78f2-79ac-44e4-b8a8-09a63a50455c", "value": "SecuriteInfo.com.Heur.20230510032733006975585", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20c034ef-eec9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683678312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678312, "uuid": "f3467659-ad72-4de3-8cf4-c5462a37db91", "comment": "Malware payload (Amadey)", "value": "f20c04dd9a5a3fb76d8686910deaedda", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678312, "uuid": "bdf7cdfe-abfd-4b79-ba34-5f912ef00a16", "comment": "Malware payload (Amadey)", "value": "c190d2e389f4be05044069ea574f1ec1f5d1eeb239c35f4184b41909dd7488b6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678312, "uuid": "37e69d3a-a9b7-4d4c-be69-9691aa3a12e5", "comment": "Malware payload (Amadey)", "value": "11ca428d2502cbaead96a6ce028ea8cb66ee454e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678312, "uuid": "b76eee6c-f9cc-4c61-a006-49fc53ef8b29", "comment": "Malware payload (Amadey)", "value": "54d0dbe6f060b41ce5bae9f7e40ee7bda037ff3b8f7b87940787c01b783b77f9ae5656f9f52659d0831b995ccc1d942a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678312, "uuid": "d90b520c-e685-46b9-af91-7ceb134d0035", "value": "T1D6640A9386E13D44EA264B72DE2FE6E87A1EF1918F593B662618DE1F04F00B2C173714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678312, "uuid": "0d0d7109-3c5f-4feb-a01a-3ca00983c8de", "value": "f638bba0028bbeebea7ddd6400ec7cc1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678312, "uuid": "eb4811ef-0859-4488-b306-f4b715d4d810", "value": "3072:xpXe+pyf3Lwx27WOr7+8rWSU2TZtfua4kvecTNj5Q5kNIqJs3YkFgF44aIi:De+pk3LwxMWOrySUCuA85kNIfvGG4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678312, "uuid": "5a2fca80-7c56-4389-a7cb-727c8c32f591", "value": 328192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678312, "uuid": "320a9ef3-04a8-4318-ad2c-93153d71468b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678312, "uuid": "550fc780-94a4-4ecd-9f54-2d00dcdfe0f1", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08b23f2d-ef19-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683712631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712631, "uuid": "caf7efc8-c567-4e90-85d6-14a2261a57f9", "comment": "Malware payload", "value": "5158003930521d1f73dc5ab7cff2a268", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "FakeApp", "colour": "#D5FE4F", "exportable": true, "hide_tag": false }, { "name": "metamask", "colour": "#88032B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712631, "uuid": "f2c68c37-27fb-4b9f-9489-84db6c731f65", "comment": "Malware payload", "value": "c2062f73d97b2623bf6edf1591d41cdc12e927df91c2c0c75c82eb17a1c61129", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "FakeApp", "colour": "#D5FE4F", "exportable": true, "hide_tag": false }, { "name": "metamask", "colour": "#88032B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712631, "uuid": "65269427-6049-488d-86d2-0b51ce6bdc32", "comment": "Malware payload", "value": "70efae43eadf7003eb83f94f88de3c6c5f3e4eda", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "FakeApp", "colour": "#D5FE4F", "exportable": true, "hide_tag": false }, { "name": "metamask", "colour": "#88032B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683712631, "uuid": "4669baa4-3b5e-478b-8777-d52814391f4d", "comment": "Malware payload", "value": "e8ffa7645d81dc2a2cf240229c7fc1b4391be84a387d3818c7cac17727e4783a5e1fd94705ed083647e32a48768bfd48", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "FakeApp", "colour": "#D5FE4F", "exportable": true, "hide_tag": false }, { "name": "metamask", "colour": "#88032B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712631, "uuid": "684895ee-2e89-4163-abaf-86d10b1f8844", "value": "T1B0770126D79ADD63C7D71139046D2EE212184CB34A8178963B0F7A4C0B7EEAF05726BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712631, "uuid": "126f9a01-5011-4cee-b52c-5ad4dbd3343a", "value": "786432:kbXj8dGaMWLU21llJvU8ntKous2UwmLqeEuUFTdHtu+:wpaMf2DTU8ntKous2ULqe2/c+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683712631, "uuid": "336540af-dc66-48da-8dae-98f6dec9f572", "value": 34189427, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683712631, "uuid": "4ee8ce6f-fda1-4b55-ab80-f1c3f3b2e717", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683712631, "uuid": "0f43afba-cb91-4a17-a7c7-7080b1b04e2b", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70af881d-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731274, "uuid": "a00e0c12-2239-43cf-9894-7bbfbd9a5afd", "comment": "Malware payload (Mirai)", "value": "1092a7dd83281bd519a187613701cfba", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731274, "uuid": "ad0f27da-cf69-4db0-89d8-37b5e9737c97", "comment": "Malware payload (Mirai)", "value": "c325a2d0d0eacaaad9de4ebcedad0381116633c7b5440600e1fd68c69095cf9c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731274, "uuid": "bf9e5bcf-0a8b-4cdd-81f2-d70a50d1bb8d", "comment": "Malware payload (Mirai)", "value": "e28771e23ab7f767fc659894b6ae94a9debde304", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731274, "uuid": "00b89d25-35b3-4208-85e4-3147b132d423", "comment": "Malware payload (Mirai)", "value": "793e9d445eefb9a4849abc102f642a770c333789c664001ab19ff4f640c8f66c0b3665e8af41fe3e1045706e7dd6b2a8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731274, "uuid": "241ad542-a261-439c-ad33-b196ee6caa8b", "value": "T130332AD6B402AE7CF99EEA7E80120E0BF53163555053073B67ABFCD37D321649852E46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731274, "uuid": "6990d7d7-7fca-49cb-8444-0732ee6b7c2d", "value": "768:yPeiX55FVuYg7QK/8bVJYV9XQvus1gFHq63unWe/npgitJTz4eHQ8ld:ylp5DuYv+g6Fq6enpRgitJX4ew8H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731274, "uuid": "26324d6d-4e55-4df6-bc77-c7fbc033fc18", "value": 52916, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731274, "uuid": "4aa385ae-2000-4983-a2a3-7af195101dbf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731274, "uuid": "f1389b8a-c436-4222-9617-e8c38849ff9b", "value": "1092a7dd83281bd519a187613701cfba", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5bff9fe-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688467, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688467, "uuid": "14c9fbc6-7e35-482d-9e71-4b66ae347f4d", "comment": "Malware payload (Kovter)", "value": "f23245bb2c6ea749338efa521124d1a5", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688467, "uuid": "804a2cf6-e9f9-449e-840d-d7ada1f05216", "comment": "Malware payload (Kovter)", "value": "c3e2eb8d5314dd597cd3758f7d60b8fb0ff7f1c59733ad4baeafff4268a5f175", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688467, "uuid": "069515cc-fdbd-4d42-897e-4a6da4fdb960", "comment": "Malware payload (Kovter)", "value": "681d3150a72136dceaec11d3ec1cbc2422f36793", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688467, "uuid": "f5f86650-b5f0-4a59-bfaf-2842a9a343ed", "comment": "Malware payload (Kovter)", "value": "3c5aa7f307bd252f50a2fe6a329fd349d4749982619394e99adcdafe4f93c117bf7ae880c43709909a3a10cdcb120522", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688467, "uuid": "bc07c8ca-3e04-43b5-b394-d2ae68b2236e", "value": "T190743A39F640E237D8229CB8DC0FE2D56579B6302E351D57B6E11F0C88B5693AB1BA43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688467, "uuid": "85672cb1-3dac-419f-9950-c92fb0da8e3c", "value": "6144:gCmsJKuE6B73ixakrU4OUiMpIxZJKIbZBbVg9M/bT1p4eQBqytf:Fmg9Lo3SZHbfbT1Sezs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688467, "uuid": "aac6dd02-74d5-4e9e-b804-44ec34e9853f", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688467, "uuid": "699b26c8-53e5-4834-9b4c-5819f4cacf25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688467, "uuid": "886d16be-490a-40c0-a231-0189b6993157", "value": "2023-05-09_f23245bb2c6ea749338efa521124d1a5_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a53abb24-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683700009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700009, "uuid": "2cc9c0de-a8b3-4662-bbd5-e5dbf8a08530", "comment": "Malware payload (AgentTesla)", "value": "045282dbe9692540d6468e5d765dc677", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700009, "uuid": "276c1e6c-3fdc-4076-aae8-d0b8415c0bba", "comment": "Malware payload (AgentTesla)", "value": "c454fb3a97ff7f980350fda79235643956da9f30bfe1b77c37a58e61c953413a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700009, "uuid": "d16f08f4-3d51-4f0c-a092-3ef0cdf7c337", "comment": "Malware payload (AgentTesla)", "value": "773f2cee71de2f956f4a6f2d902f5c3ea5cbbe50", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700009, "uuid": "1292b149-cd58-40ca-96a0-5d2826ced14b", "comment": "Malware payload (AgentTesla)", "value": "598c6fba417cdb4a9ae9685126484ec2cd8aea9b37c73171c18a66eea0beab7721cd3a4302b41b3ba71cfcf9b694e854", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700009, "uuid": "19391d90-b830-41b2-be87-2bc10a7754b2", "value": "T1D5951321DAF51D0BF122AB3EDCE3B35266ADF6E20717D6A71640578A6D07AC0DDC0623", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700009, "uuid": "56d84f3c-96c8-4be7-a2aa-3d3a6dd4ce50", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700009, "uuid": "4b8a403d-321e-41c3-8ef5-716b815980a1", "value": "12288:M7uix2TBXVnBGw4I/6QTdp7lRpIlfMer5iiTvdyRola7pLf8NMXzp6QAAtJocXdM:olacMXzQm37cCIv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700009, "uuid": "b2f14884-a067-4e5b-a8d6-136e70838729", "value": 1912832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700009, "uuid": "667aceff-2268-4625-a503-a028484f3a05", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700009, "uuid": "ace19700-fa25-41af-9b7f-05efd8e122b7", "value": "bank details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6997b108-ef76-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683752737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752737, "uuid": "0bcbd0ae-ebe6-49ad-b389-cb4daa38148f", "comment": "Malware payload (RedLineStealer)", "value": "2ace284c69bc16c5cfc69b401dc0c10a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752737, "uuid": "af18b303-b2a1-46c7-9e30-2d16c269493a", "comment": "Malware payload (RedLineStealer)", "value": "c4ca97d0d7f84d6d3f32725cef775d1fb8a8151adb1cfa5ef116da7106a3c100", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752737, "uuid": "19377e43-08c2-4a27-9df4-e173f076218a", "comment": "Malware payload (RedLineStealer)", "value": "4920af9bfdb0e087855104001bccd0468b9f03f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752737, "uuid": "9788ed9f-4da5-4165-bbce-fa5345d6af2b", "comment": "Malware payload (RedLineStealer)", "value": "b35649a32eeab1e42841232b63939f076616a8ef225831e0a9d3a6b1bb1baaf7577ccf5c798e8076b29ad96d5212c5f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752737, "uuid": "d21dc342-8156-4646-a781-de9016a5befd", "value": "T112F42312DFD4E133D9B91B7058F502834A367DA21A78A77B23D66C9B0CF26D0987532B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752737, "uuid": "c9908189-d089-4254-a38f-6c8d66141edd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752737, "uuid": "d2578760-9dce-464e-8953-b438563b6e77", "value": "12288:dMrxy90sa7Mye59+FWiRw3K/DgUMR/Ef4v+XlgvICoeqrR4KBUJQOXNJ6BwOF8y:0yI7MZU7xx4WXiQCu+OOKwW8y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683752737, "uuid": "2b6241ea-8a03-4b2c-a531-5a149cec8510", "value": 791552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683752737, "uuid": "36bf0e0c-f090-44ce-b3f9-2ed231492d19", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752737, "uuid": "f1c4e95d-3574-4a6d-9cf4-15fd55ed62a3", "value": "2ace284c69bc16c5cfc69b401dc0c10a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39dbb062-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707130, "uuid": "6b678d75-c6bf-48a7-85c4-cdf08cb9f235", "comment": "Malware payload", "value": "14e2a37524015606ee972525247aa1d3", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707130, "uuid": "575f6f17-7078-4b56-b8b2-8d6dd2e4be49", "comment": "Malware payload", "value": "c4db1033a6b627f1575fd6031a74dd2bec9f626f7439f341224cdb836e506929", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707130, "uuid": "3b4d46c3-6587-4f2f-9328-efc0fdbecc50", "comment": "Malware payload", "value": "09a96b27cf2e031f51df37517e3a4575589f07c8", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707130, "uuid": "784615f9-de2c-4e36-a2eb-8af919488da7", "comment": "Malware payload", "value": "062742f9ae029f5ecdff0b500934ab3dc0d38fc222cf0db612f8a8d7eb8c8268e61b0cb36d368688e569eee30f67035e", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707130, "uuid": "69581835-3ffd-4558-8ac8-7ca1a2307404", "value": "T13E55E0331E97FEE937A50F84D88216445C8078B75B5CB0E5BD88B5AAB1B8440EE5ECF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707130, "uuid": "dc4bbb43-46bf-4de3-98b8-1fb58248bd01", "value": "24576:Gv8RW1TONr8ig3NtL8NPnt3drrG77rbc9cbMS0fduHDJYQyay:knR3cN3rrUMEMSVo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707130, "uuid": "5cb26ba0-f654-4057-8fa8-536f24b45cca", "value": 1324376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707130, "uuid": "7027d070-322b-4117-990c-a6a561e5d4b4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707130, "uuid": "89d0e8fe-ff44-4be3-8aa6-16818b3d9509", "value": "Yccuv.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ca08ce9-ef2f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683722140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722140, "uuid": "17c3e86a-842a-402e-ad3f-d605eaaaa35d", "comment": "Malware payload (SnakeKeylogger)", "value": "cb8dcfba415f0cdd9c2e60474cc63c16", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722140, "uuid": "ab65f333-5365-416d-a427-0bf84811835e", "comment": "Malware payload (SnakeKeylogger)", "value": "c74b241653dd2fbda789f9198ab86773d71603ff64cce3356a4cbbd7f01ce2a4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722140, "uuid": "565ff5c5-5324-4a1f-a157-8e8558aea84c", "comment": "Malware payload (SnakeKeylogger)", "value": "e7d62f6742999d5882576c186b8dc4fcb4335a83", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722140, "uuid": "cac37c40-963c-4006-b488-35eb29aca852", "comment": "Malware payload (SnakeKeylogger)", "value": "94cf66d4213c0c1da1d4766d03ea05ae54da1b1bc70e72c31984a83668f65385bc55c841ade96b7027d3bf0cc8ae5275", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722140, "uuid": "c7f32e62-5a1f-48f4-a6e5-761f31ed1a09", "value": "T18CF4E110722AAB27C7A883FF0928894613B47716FD6BD23D2EDF11CCDD16B514A21E67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722140, "uuid": "daaaf0e7-df0c-4bee-b63e-91364c8e047d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722140, "uuid": "2595173e-cd2c-461d-be82-b8bd764123d9", "value": "12288:oNZfTxdmSMpMbb2CYonIbZRKRx5vxZPvf3laE3Yn30LYNlJT3HJ0eYK4:oPL/iqlYonIFwfZPvFYEL8lt3H3YK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683722140, "uuid": "d33bc63a-bfb1-4e93-8de4-4381d9c71e17", "value": 750592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683722140, "uuid": "4b44497d-50b4-4eb7-b305-345af5569c26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722140, "uuid": "b25c9af7-ceee-4e35-a7bf-3b892ddcadbb", "value": "realbigcripted.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8279d812-ef71-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683750631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750631, "uuid": "98b95358-a499-4b8b-b181-f1e79527c4c2", "comment": "Malware payload", "value": "c2de4e3c5d008465cfac3bd65f069f57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750631, "uuid": "e6a66ab4-2673-4688-8003-edb5a728befa", "comment": "Malware payload", "value": "c76f85bf360d165ce8bd089dabc82f9ef03208b7ccfb399794c76d969874fd4b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750631, "uuid": "1d76ea9d-9642-4cdf-9743-c13ee04d5a09", "comment": "Malware payload", "value": "7890624a5719c2f3b25c0f184baa7a844316487f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750631, "uuid": "36085148-e54d-419e-aaac-6218dbaf9391", "comment": "Malware payload", "value": "014ee8935f958473c8dad6a36ed2603eb5b5be5f0e003ec847d76250373f919b1c8ffa48e0546c9b090f951ec5d1182d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750631, "uuid": "dd6daa6e-c0a8-43f3-9819-595814193227", "value": "T158557E27F2914437C0235B34CD2B8AE96936BE105F38688B3BF53D0D6F39A9179256D2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750631, "uuid": "fcf88dba-43e9-4619-9337-270673a3ce56", "value": "12288:fQ7hL+2AgagLjYw5NaEAMnyaJukSu1SLm8rJGmVvDXPncmhbyn5Amef/B5G9oHJr:iK3aj2EcKRMGCbflY54+6Jnh8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750631, "uuid": "4802464e-b28b-4f92-99f0-e815a21991eb", "value": 1359872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750631, "uuid": "3c017d03-139e-444d-92aa-51f5e9f398d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750631, "uuid": "e50558cd-f1f0-4b24-8b82-52fa08f3450e", "value": "SecuriteInfo.com.W32.Tibs.P.gen.Eldorado.31937.4458", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e564e43-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (IcedID)", "timestamp": 1683744450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744450, "uuid": "61065af7-73fa-44c2-98f2-af643a675362", "comment": "Malware payload (IcedID)", "value": "38ec62180da05fe4c18482e49baf3790", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744450, "uuid": "57aa0b59-33d4-455a-a000-cd1e76fc5662", "comment": "Malware payload (IcedID)", "value": "c7b4796751027b3049df6c795519f861bc5ac50410324fdff9a315d498dddee9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744450, "uuid": "4ca84afe-bfc5-4253-bf69-7de2610e6c91", "comment": "Malware payload (IcedID)", "value": "c9219bd02ff5b2e645273ae946178152786fa9d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744450, "uuid": "5615e97e-f63e-4182-a00c-25f6ab7a9b8d", "comment": "Malware payload (IcedID)", "value": "f69190ba85827e839a9f04e178766b7af627817bb8c0b1bf1206dbe69703b55d24bb7dedc1a143fecf533dd08c74654d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744450, "uuid": "3ee7af90-bcfc-47a4-a198-6d6dd1df7226", "value": "T1BBA4084AF6B550E0D0B7C134C5A3623AF971785A473497CB4798DA5E1F22BE0AE3EB01", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744450, "uuid": "35492349-79ab-4068-8805-7e4a20ff6bc1", "value": "c8c95a9c030cb1f0460c35cb1d796146", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744450, "uuid": "911c8769-8ff6-4719-81a1-c8389400820d", "value": "6144:Mb/cy3gO1VQKVvsTa6Rh5fn/wAT61LVAC6W4DTmgnKk:k3gO1ZV+hRgF/4T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744450, "uuid": "db1ddfea-df0e-457f-ab10-64211c094b7f", "value": 469584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744450, "uuid": "a292ea56-e8d4-40d7-9acc-7fc876383de4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744450, "uuid": "f1c8c6c4-111d-4f77-92de-0e8f9f02f418", "value": "Inv(05-10)Copy#18-41-10.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c7fdd3e-ef64-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683744957, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744957, "uuid": "a6850991-cf64-4fee-82c4-6982251aa486", "comment": "Malware payload (Formbook)", "value": "479f07bef8b0473e40d45f7b366898a5", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744957, "uuid": "43769cc9-113f-4b8c-85ce-e13377c3eebb", "comment": "Malware payload (Formbook)", "value": "c7e8b70bc8170589d3b9bc120ab514227c6275312d1153686433f1aa6bc89809", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744957, "uuid": "9e75dae3-448d-4c62-a460-b7f92774db0e", "comment": "Malware payload (Formbook)", "value": "101b1d1e3888628c87b330c6098a869b16b91e18", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744957, "uuid": "08192ed5-3eb6-4fc5-9f90-f84281daac18", "comment": "Malware payload (Formbook)", "value": "f33e062cd42837eb895b4734c4caa771425957471e4412aea37965d9c067e2bbdb9e66b0965bd9486d9faa0091a168e4", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744957, "uuid": "0000e07d-2b80-469c-b00d-440bcc32a957", "value": "T11EE4234EC9166025905CCB9F95D3C8F866D4CDD157197CDF798A2EB39A009BEA4E0B0C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744957, "uuid": "eacfae4f-0add-4a40-89c4-dc64d82b290d", "value": "12288:NABUV1UqpZg+ec4+1nJfbnMwQaDoOiWTy2+qXXDrcxuYBe+gE:NcUHU+g+B4+VJLqMIqXXcxuHE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744957, "uuid": "d237ad4c-2fac-4cb1-9b47-0e4fbb681ec7", "value": 662219, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744957, "uuid": "beb17a9d-41eb-4c7d-979b-a15e3802e0ea", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744957, "uuid": "1408f8c8-49f6-47b9-8acb-6c99a5e2ed90", "value": "Documents.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3e84197-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (EternityStealer)", "timestamp": 1683705644, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705644, "uuid": "7728084b-f0e4-4ad8-9a2f-d7590e4ec125", "comment": "Malware payload (EternityStealer)", "value": "49dd46970c7c2dcd69c050fa2bf59376", "object_relation": "md5", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705644, "uuid": "3a2f489a-8977-4284-b571-b5894f159837", "comment": "Malware payload (EternityStealer)", "value": "c8b7fc073f9b19aa83d4e2ad4945a6de2e82cf7bce58c41e38c804c61fe92eca", "object_relation": "sha256", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705644, "uuid": "d280474a-3bcc-48cd-b48e-b441aaa18628", "comment": "Malware payload (EternityStealer)", "value": "b39f9bca254813595390b7a74c7622389e82108f", "object_relation": "sha1", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705644, "uuid": "7e47d8de-2d99-4c6e-99a8-b1a298530812", "comment": "Malware payload (EternityStealer)", "value": "f576e585bb759834c102d00d154fbf5da54d829f630c6871989d4cf321a69eb1ec54671cad5f4ce0c70849fa1e54397a", "object_relation": "sha3-384", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705644, "uuid": "2185baed-4fed-4579-9d0f-43dc2ed77c54", "value": "T1DDB4F121BAC18471E9A719350AF19731BB3DBC301B398EDB57885B2E8F301D19A35B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705644, "uuid": "ae576c9d-be41-46b2-a2e5-b8c0f7dc8312", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705644, "uuid": "22c22404-6335-472f-b340-a9d223ded879", "value": "12288:1jOtvHMm5xvmX+t4YP8oLwHHKe8S2VJQJifC+8Ph:5OtT5xvEe1LwHHkS2VqJcDCh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705644, "uuid": "36cc6435-7029-43b3-a258-992828a8f9f2", "value": 541301, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705644, "uuid": "ce0487a4-aecc-4f5e-a17d-fa37df9acbf0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705644, "uuid": "b1e40fa8-e102-4b7f-8ee0-fb60de617590", "value": "49dd46970c7c2dcd69c050fa2bf59376.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "348f978d-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683699820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699820, "uuid": "781ab7f1-e1ff-4cd3-8e5b-23a4031d5111", "comment": "Malware payload (AgentTesla)", "value": "f983659154cab2b53b52de5b80c83391", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699820, "uuid": "9ebac641-48b3-4c3d-81d8-df5ab8ebbc98", "comment": "Malware payload (AgentTesla)", "value": "c8f6532a55c95bbee29dcb9a5faf06cd872abc51fe9a5b6140fb9f261503c594", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699820, "uuid": "370a393d-3494-4cb2-ab8b-e6167b69c4f5", "comment": "Malware payload (AgentTesla)", "value": "c6e40e1748cb64db456a2068acfda6042c412331", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699820, "uuid": "af00ab7c-f7ad-4150-b2c5-961f6e72777a", "comment": "Malware payload (AgentTesla)", "value": "205dad7aea36b41fb479640d28e99b85759a27734a92d0742cd13b0e72a28cecc5575236cab0d6ca4c9f63e75d0067eb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699820, "uuid": "87bc7c3a-f506-4424-a9c9-b654d0cebbf2", "value": "T1CC25234E3BC4D0E4CF09447A1D8B27302935DEAB5915AE25825C051BEA1B7F8AEC3F97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699820, "uuid": "381d9848-0480-46ff-9020-d04df0ae6f59", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699820, "uuid": "faf37344-0b84-4436-8325-6f3e52f3ab26", "value": "24576:fq+gcAFLV8TzRRFJn0tzbUgdew5fBoToEXaLIvrh/4:ScAFL+HJJnhgdeOaThth/4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683699820, "uuid": "16cb0fbf-09aa-451a-85d5-f67cdfd34492", "value": 1056768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683699820, "uuid": "bfee8f0a-b5c9-4d64-9150-191079cff745", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699820, "uuid": "80859380-1205-4d91-a0ab-ffd06d17e181", "value": "JPMorgan Chase.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2c730fa-ef1f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683715520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715520, "uuid": "af609f70-b527-49a6-a725-52740bb5f97a", "comment": "Malware payload (Formbook)", "value": "69a954a766983a363e53c19f190aebc6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715520, "uuid": "41745326-df58-44c2-b4c1-ab41d0bb4483", "comment": "Malware payload (Formbook)", "value": "c930599e45ce9f8d2d1ffcce335e47b1beef8119dabef13eefe381927a4f6719", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715520, "uuid": "c3f1e739-9072-4ef3-9537-4441b8f4e269", "comment": "Malware payload (Formbook)", "value": "36591fa9afee61d593e88ca045a1eaf11f3f8648", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715520, "uuid": "84f80d26-3c57-4b24-b9a6-d991a9b6292c", "comment": "Malware payload (Formbook)", "value": "752032d4e8c929eb23eb2c91378e89a976bb3c5ceeafb8927110d8e73972501518dd44e39d4019ee590119786e78d29f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715520, "uuid": "57985bca-d56a-4943-89e3-5e2ea0519fb0", "value": "T1C1E49D569064C81FFE56EB71C1A4FFE0A1F0FD73A4E5542227793988EAB9F021E8C119", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715520, "uuid": "030c27a3-b6ac-48cc-8c01-8dbb1b3227d0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715520, "uuid": "1fbfba23-419b-4fac-a4b9-e04caba99fbe", "value": "12288:zOdVxnu7UEl7LvxsXxs2egQVt5abXceuoVN4SKBbqrAL64kHTULNWBv50S1JS/yd:MVgUElhshs6bXc73SsbbYiWp5HS/y+C3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683715520, "uuid": "a9866426-6210-447c-8c28-722759dadaf8", "value": 707584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683715520, "uuid": "39e4fe37-ecd8-4e7b-a70c-85b5fec0db07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715520, "uuid": "d8c03f53-f152-4b50-9065-d01af7881b56", "value": "c930599e45ce9f8d2d1ffcce335e47b1beef8119dabef13eefe381927a4f6719", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef6739b6-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1683729339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729339, "uuid": "80ac1cda-07d2-4144-afe1-b21ed901ca78", "comment": "Malware payload (Smoke Loader)", "value": "49bd552ef6ede8cd0d8844dd5c80db8b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729339, "uuid": "f18041f2-e607-4683-abfa-09a7aa9b34f5", "comment": "Malware payload (Smoke Loader)", "value": "ca47f0125b1ac75f9ac03bae0e548931a846997b466ffcea94a6983ad054e109", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729339, "uuid": "aff9042d-294a-4ff5-ae21-b383ce4b236d", "comment": "Malware payload (Smoke Loader)", "value": "44c3f77c86c40a244da21438ce05d01bfd5654dc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729339, "uuid": "219245eb-e4a9-467f-a7b3-6ea51ee80630", "comment": "Malware payload (Smoke Loader)", "value": "57aa81c722138ed05c44350b7e5f8ac73d4159af8cf235f4ca4634b1d0c5bce24992847f5137a3b1fcef12e74bbf70d9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729339, "uuid": "c14b0f02-358a-4365-9cd7-0e9c94184904", "value": "T137744C3362D87C64E626CA318E3EC6F4765EF9514F597BAF2218AB1F04711A2C163F12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729339, "uuid": "66600e04-3318-4e0d-a42f-2dc584a616b1", "value": "fec1eaf066374a71027605d8a122bd0e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729339, "uuid": "65884875-f9e1-4398-a3db-39ae2719151d", "value": "3072:sBzJQhiyhcrjAHik39ARBp7JA19Scu8UgTLFOQmcUdiHZXLtKkEqZo:ky8r0ikmp7JA1VuUVmNiHFaC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729339, "uuid": "22f0bd3b-b0a6-466c-bdda-fb38b520a2b3", "value": 337408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729339, "uuid": "ea9c69b9-3c80-4df0-b355-8415548b819b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729339, "uuid": "a0f75813-354d-444e-b866-593c8fde2a0e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "894fc72e-ef20-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683715854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715854, "uuid": "6e3213cb-a011-4f28-99c5-d8a74a5efd9e", "comment": "Malware payload (Formbook)", "value": "29be992edb08d3ed14165825595ff6b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715854, "uuid": "004c30f7-0c83-47b0-a163-b7f9cbeebd14", "comment": "Malware payload (Formbook)", "value": "caa1bdc19a635529512712883d67b0de6ff62f71f880e7527f38a4590a238b36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715854, "uuid": "0bb4ead2-bb45-4112-ad7b-7293ad16596a", "comment": "Malware payload (Formbook)", "value": "03e0ee1b127f8c5195552a3c188fe5b1bf77cd31", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715854, "uuid": "6fd6fef7-cd0d-4236-9f8d-fe9832d7f92c", "comment": "Malware payload (Formbook)", "value": "960032844245f5363e594c7282a4ea07097619ae78ec958af4ae450407c0803f53db456eb197e60d2a596beecb6ba3b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715854, "uuid": "00f1f431-fa6a-44df-ae1a-dd2a1ebb1c18", "value": "T1EAE4AD525065CD1FFE6ADBB0D1B4FF45B6F2F07360E191241BB92189CAA9F021E8C52E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715854, "uuid": "3aa45595-eaa5-400e-8958-af7a3fa733ec", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715854, "uuid": "66159801-a694-47bf-a138-b987373b72cd", "value": "12288:yTrQ9Sd89uuDMAGhHoAU6cZpiw0f066eERtW0XOAglv6TawegQVtR7:yTrMSd899wA8Z5w0fGeER00XOD5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683715854, "uuid": "1651992a-e2da-4ae2-b32c-ab5c208e9eae", "value": 672768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683715854, "uuid": "84d8171c-dc5d-4ad4-b1ab-d633481a1f70", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715854, "uuid": "b1f7c592-e76e-41cc-a0a7-91f257c7ff1d", "value": "caa1bdc19a635529512712883d67b0de6ff62f71f880e7527f38a4590a238b36", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf6d9c57-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1683705636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705636, "uuid": "ad9f05d6-740e-4ca6-9f7c-71f8e0893537", "comment": "Malware payload (DCRat)", "value": "5d3c7e8c139ac10a8655243c121932c9", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705636, "uuid": "f4bca99a-60c7-48e0-8a79-9867a6027dac", "comment": "Malware payload (DCRat)", "value": "caa825aaee12c981ecb68b65b1c320e81f97b65a9d26d97210f2d34878de4a30", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705636, "uuid": "b48f5643-860b-4345-9af7-2c3e31acd272", "comment": "Malware payload (DCRat)", "value": "bf5a855d8a4591a391968c9a26ca61112aaa0180", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705636, "uuid": "f954f2ce-e2d2-4b7c-94b1-70f93405d458", "comment": "Malware payload (DCRat)", "value": "ba4032bab47630e1a9604cb1a275e7c5903e3710e60938b469e444c64e5cee26a0080da61a60af420eb654773a242537", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705636, "uuid": "f0ca057f-df8b-42c0-9579-27e4dbb02829", "value": "T156751201B9D284B2D832153609E4EB7A5B7DB9700B549EEF23D40F7E5F302D19B31A6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705636, "uuid": "71984b55-567a-49e0-98ad-dada82362690", "value": "115f82cc0666957705decfe2516df99b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705636, "uuid": "5b53bd5a-0a2e-4a39-ba90-1a9c20bbe32a", "value": "24576:X8iCTJqUrYlPZSYLKiZJ9qTwKe0CnUAvYeRSD6Kkdn:NCT8PZXLdZJ91evGdn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705636, "uuid": "2217be35-aee7-43cb-a27c-bb147e1ac7c8", "value": 1569792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705636, "uuid": "b27f3e5c-c6e9-4c9f-8db0-1ccb10be5c14", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705636, "uuid": "af84ed65-c46e-4838-a8f9-59b43a2ddacb", "value": "5d3c7e8c139ac10a8655243c121932c9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48b9b7dd-eee9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683692123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692123, "uuid": "c2118d1e-dd03-4a6d-981a-979c85fe3943", "comment": "Malware payload (AgentTesla)", "value": "31b54d8b3a96f7346c0d96f79a5f70d2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692123, "uuid": "bae8e743-47bc-4c61-afd1-9f3d844995cb", "comment": "Malware payload (AgentTesla)", "value": "cb3964a3b6a2ee8bd2bdbc3a3b65306546cecec2deb444968ee8f33ce2c1a593", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692123, "uuid": "1d31d1a7-e3d5-4638-995e-d6190143b307", "comment": "Malware payload (AgentTesla)", "value": "acb4a0b1304b532c3602a58a022b6195d7be4fae", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692123, "uuid": "937dff68-13e6-4903-b3fc-4ac24257fed1", "comment": "Malware payload (AgentTesla)", "value": "5df04efbecfaec68308bc0c5dc21522ce3c17477adf41e731fe9c35d6364aa65790c21d45f47248d9e9da848ebdd25af", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692123, "uuid": "3d06aaec-769f-4ba5-b84d-fccf04fcf7f3", "value": "T124159E68B361A58EC407CD73495CFC7056217CAB7BC6C11261D33F9BBB6E9869E001A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692123, "uuid": "ed9413e6-63d5-4c92-a2b9-d2965056a42a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692123, "uuid": "78665c0d-29b5-4a5a-9528-2dc7230a2a81", "value": "24576:sa+10xuaSeL1mlZG9+QMbX+sRgj790019lMq:sr0HL1049Gbdga0ft", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683692123, "uuid": "ac5a5489-27e9-4400-a689-bf92f2980271", "value": 900096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683692123, "uuid": "563ea282-7ed0-404a-ac8f-f4b0bc40a525", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692123, "uuid": "05d9fa29-63f1-4421-975a-876334f4ed26", "value": "31b54d8b3a96f7346c0d96f79a5f70d2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "834e2242-ef71-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683750633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750633, "uuid": "d01b7d4e-7d0d-46ed-897e-be6f04d5616a", "comment": "Malware payload", "value": "9db6f66d9aeb383a336c2d4ab584767f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750633, "uuid": "c28ce6c7-abe8-43d2-9f7c-ec8202fd59e8", "comment": "Malware payload", "value": "cba26ae8f29cac3aa3e6b940cbb20d53ceed4ca346dbaaca02a493c556afb6cf", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750633, "uuid": "244ae2ac-817c-4184-9767-a2746b93a7ff", "comment": "Malware payload", "value": "8dde1f1ab0029d960fe06ad8bcf04da7d41bfb4c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750633, "uuid": "58f3a2c7-3bf3-4a2c-98a3-ca6f3f8f3952", "comment": "Malware payload", "value": "5bb45214f1a5640036920f44c68b2d6cf939e01dac07d01a7ebe3ff4a4e9726fd68daf3c5cfff2c23ac0e9181d85112d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750633, "uuid": "da60ba6d-16e3-4d90-9c94-f8c2601ec601", "value": "T11345333D8EEC90F6D27F75753682BFBB297F664429432922967F0A48E6E0687000B11D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750633, "uuid": "cee0e5dc-a13d-4d02-a6af-61aecff301a6", "value": "879a39408a2b467e5c51575454913aff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750633, "uuid": "9cf95f5f-84fe-4b2a-8048-6efe95aa759d", "value": "24576:2Jq68ene4bok8ePeXq80OPE68RB1F3wWJnX0/iQ14v8E+2:2I5e5oX+OPERRB1F3wIvQ2h+2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750633, "uuid": "8abb69e4-6d42-4c26-8f69-d1a5a373e13d", "value": 1223168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750633, "uuid": "1176475e-80ef-45b0-9438-0f674adb81b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750633, "uuid": "e244c360-7569-41e1-97bc-ae26d54944d7", "value": "SecuriteInfo.com.TScope.Malware-Cryptor.SB.30053.17466", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1f23231-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683700138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700138, "uuid": "231b2bb4-021e-4327-9b5d-e57dcb777976", "comment": "Malware payload", "value": "92450a2608d79e240d50f1cfb6dc47e7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700138, "uuid": "e04ae4c0-2862-4ec9-a045-6d180717a078", "comment": "Malware payload", "value": "cbe8c12a97e6afdce354524b36314c07ab3345dd2776a7f8f070733270cf4cff", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700138, "uuid": "1602b491-fc12-46bc-97a6-d17e3a1eadf3", "comment": "Malware payload", "value": "26b35eacc94d3b93d862ce4bbc430bf1e7908bb6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700138, "uuid": "06bbd70c-e910-4aa4-849c-589b753b8587", "comment": "Malware payload", "value": "60b6f124f1dbeaf78d7a20950dc9655aef1be2a1695ec64e9715027285b63ab13439ea7310288cb00fe60d8cbf384f97", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700138, "uuid": "031377c5-bedb-471f-9475-072595d77d24", "value": "T18ED4231EBB466530C5E4C97F798CC9569EFB838131A51829F5480E3F46A208FD1AA1FF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700138, "uuid": "94f87dec-8486-4e63-b1cc-89ae2220aae9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700138, "uuid": "931f38ac-b949-4f4c-9aef-f5589ff7d7b4", "value": "12288:aZl1qI3Nf4f3mzTczdjhuEdjWnEQDIo2Nvoca25U0WTWzu6xE:+8I9AeydFfjLdo2N34fWzuH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700138, "uuid": "30c7bb4e-cab7-4126-93ca-d96475ef8618", "value": 608256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700138, "uuid": "7b68e935-5530-4363-89a5-c03a397354e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700138, "uuid": "af1050af-515f-4aeb-bb51-d629e8ac8ace", "value": "92450a2608d79e240d50f1cfb6dc47e7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de202a9f-ef53-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Quakbot)", "timestamp": 1683737900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737900, "uuid": "53e80956-8381-4d02-ac30-d472885f5a8b", "comment": "Malware payload (Quakbot)", "value": "842fb152664671ca137b8ae390900fa6", "object_relation": "md5", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737900, "uuid": "8dac09ee-7b50-488f-bfbd-b744b5092664", "comment": "Malware payload (Quakbot)", "value": "cc6911935bd2831c93cf57cca542b010b52635ea607500ed88f07ab86cdcbe97", "object_relation": "sha256", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737900, "uuid": "51a44d59-d610-4873-b8df-03765da199b1", "comment": "Malware payload (Quakbot)", "value": "fb442dd606c03ffd3a968ed710729c68bfc419b8", "object_relation": "sha1", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683737900, "uuid": "51709567-04fc-4c4d-bb74-cae96c74a935", "comment": "Malware payload (Quakbot)", "value": "669a2e0ab717a0bee466928f82f1a82f4e9fd83d64d9ec0129f8f4f02a601f01179496a6bf9833b3f7bbbd45d06f64ca", "object_relation": "sha3-384", "Tag": [ { "name": "obama262", "colour": "#3EA090", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737900, "uuid": "2f4a4ba5-5fd9-4a5f-8555-e0eee302c3d7", "value": "T12162C1C2E7F24E684D37551CC7CC24C10DA9500C6D7A99468868D75B4F0FA0B9EAAAFD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737900, "uuid": "081da72c-a3dc-4a03-9ccb-a4b195e6c263", "value": "384:yk+oBpiWHsdq4cBuFLdDl1Fjmabe0Xip2fKG:d+gppIq4ouRdDl15mWeo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683737900, "uuid": "0d3289c7-3101-4fb0-9c4d-4a2b44821491", "value": 15219, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683737900, "uuid": "fba6c33e-c7c6-4072-95e3-3783b88c7938", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683737900, "uuid": "8951cad4-bfa5-4a2e-beb6-e387dc384a41", "value": "tsopexfzrf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b46e45e1-ef83-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1683758446, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683758446, "uuid": "cbba336d-7fb1-4fe6-8129-e80feed14dd9", "comment": "Malware payload (NanoCore)", "value": "1043ae4d6eec8f68ff3a502a3e34398d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683758446, "uuid": "0225cad8-202d-485c-be46-21ad7400331a", "comment": "Malware payload (NanoCore)", "value": "cd1843ecfb7e612247ae3b9a7da451834d5dc9e7152e9721a9d56c73df8b3a0b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683758446, "uuid": "ab67c84e-fd0a-43aa-8ebb-f99bdbb98cba", "comment": "Malware payload (NanoCore)", "value": "d9139b683ecb699ba4da8179ce014e14b9a7b483", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683758446, "uuid": "8108f47a-c68a-4e12-8305-ff529371e69f", "comment": "Malware payload (NanoCore)", "value": "6e06f80f1b23838b7febe0758fd6f19f19e7ea91f64379c44aa833be6c429cb455d2efb5045177d9351a6c7e2eee1916", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683758446, "uuid": "8f2b0fe4-c7aa-4e1e-943a-d4111082164b", "value": "T153C3F6806E0C98B3FDC129342597BD082E697B87B93D31CF344FF664693BE568982E14", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683758446, "uuid": "71334b64-f59a-4029-91da-6a921f40fdc4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683758446, "uuid": "8ce4a007-37e3-4692-b831-78089e5a8614", "value": "1536:S4tdvePGcmy3Hc0Mnphu1G5S2Kmd8tEzsjeDDDDDDDDDDDDDDDDDDDDDDDDDDDDG:/tdveecmy3mh75Umdjsjbj5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683758446, "uuid": "170d218c-2aae-4b80-b7ff-e1ecf625fb67", "value": 119296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683758446, "uuid": "3c169056-6380-40c5-be59-b9a74f4e1064", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683758446, "uuid": "0628d1fe-25c7-40de-a7c6-c8bb4bb923d7", "value": "1043ae4d6eec8f68ff3a502a3e34398d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3de97150-ef31-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683723028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723028, "uuid": "4105c8ad-c84b-4bb9-8880-2a537fdb992b", "comment": "Malware payload (Amadey)", "value": "f04262a668c8ddd08f6ed7276d1652ed", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723028, "uuid": "6823bb5e-0e3d-4074-a912-60a428561334", "comment": "Malware payload (Amadey)", "value": "cd877b8bf2b1183fbcc57e1438d2b73fe8636490258a1fb74da4bb7eccd8b794", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723028, "uuid": "e3253487-9247-4d0f-be6c-7204ba213143", "comment": "Malware payload (Amadey)", "value": "8eb434b344fcbd272066875c5843b83bbb745d4a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723028, "uuid": "32f9df22-77e5-49cd-a234-73603cfd1ab4", "comment": "Malware payload (Amadey)", "value": "a398ab4c0e25450c32cbe2173f6bfd3c517480b78aa4c18e9a749d59ebf0653241e20343ee79b6f15e34d00b3f8973b7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723028, "uuid": "8835e3e1-b771-480f-8cea-08fbf2e71c5c", "value": "T13CA40207FAE94173E9B8277098F707930F7A7CA259B5425F2B89690E0CB26C4647077B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723028, "uuid": "a29ce02d-6869-446e-87eb-48557b75dc59", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723028, "uuid": "50757432-83bd-46c3-a71d-3a61f171309e", "value": "12288:nMrjy908rlkamwddA6RPYpu/Mbq1OkCGtagJyybH3d6akL1:oyJJZXou8q1OkCG//bHN3k5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683723028, "uuid": "2a91c076-d5a2-4fc1-9d6c-2024e42a12ff", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683723028, "uuid": "87922780-ac70-4105-b1b7-2e8a95159b73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723028, "uuid": "265dd7d2-3c7a-4ca9-a037-490f07264117", "value": "f04262a668c8ddd08f6ed7276d1652ed.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c57d1a90-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683705647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705647, "uuid": "fe766b23-f7d2-497c-8a0b-6ce498c677ce", "comment": "Malware payload", "value": "4b2945881797ca11e96a1e2ff52fe2a0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705647, "uuid": "c2c8e57f-1d02-44e9-85e0-ad262f257da5", "comment": "Malware payload", "value": "ce077d6b1a5b8013a57769b06e6e713ef19c4ca3423fa91614897543ced5d15a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705647, "uuid": "3dc748f3-462f-4853-8c18-2fc3fcc81abd", "comment": "Malware payload", "value": "ff3c3e674ca34a721d73938ac6d0faa025b05e5d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705647, "uuid": "8256bea6-1165-4aa0-b352-b167de8f8710", "comment": "Malware payload", "value": "e3428262e4886a21a7625ddbfb2cf857b44c97a81179482aecc4daa45a5459ce4d0825a67b1c18907d938154ff49f82c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705647, "uuid": "9be61ff5-b8c7-47d7-9b44-4ac34675d054", "value": "T128D5E0B17FD9F92AE1BD2AB4E86B054C6D34EC5B9598D25EB84C34C80F74754C822EB0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705647, "uuid": "6cf7d0ad-cf52-4c57-ba54-cf1409c72a62", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705647, "uuid": "232b86a8-c16c-4ae3-b7a0-fa2f3153d8c7", "value": "49152:oxp8eE+mWx3Ktz/leJH5sF3JzCAA8NRJFlrg:I2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705647, "uuid": "5d356151-d607-49a6-b1a5-27d544cb922d", "value": 2845184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705647, "uuid": "d09ee272-474b-4bf1-8411-3d801f1623d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705647, "uuid": "4562229d-cb12-4ccf-98bf-02dcb6b5cffe", "value": "4b2945881797ca11e96a1e2ff52fe2a0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec3b429f-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683729334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729334, "uuid": "831e6d55-fb0a-4655-83a5-6a82a393677c", "comment": "Malware payload (RedLineStealer)", "value": "91f51e6ef180d3c4e473e058abf510fa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729334, "uuid": "2898208b-2c9e-4bca-98df-c0c551c03226", "comment": "Malware payload (RedLineStealer)", "value": "ce8d6f372e19df727c8fd2da7add1bef0e69c96ef136dc22a1cc035182b38d6a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729334, "uuid": "13e9802d-4ec5-4531-adc0-53e2c580af85", "comment": "Malware payload (RedLineStealer)", "value": "74098f4e379e07e6acda9cb0f9caf17ff565168e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729334, "uuid": "9eed4b7d-6777-46ac-8d79-3b87726f4b81", "comment": "Malware payload (RedLineStealer)", "value": "dbbed87087b32485d409f36ab5ee264bd00cb561b38ee971bfbc5f2d354ec2cd0f2784cf9cee4eda24455f20c0641743", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729334, "uuid": "567e7003-d145-49ce-899c-b9480be5ee1a", "value": "T1E0B4025296D85477D8F12B7058FA03C30B3A7DA26E7483672796589F0CB36C8A63173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729334, "uuid": "a1c6a516-6377-4d15-b4ce-4a50ff427da6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729334, "uuid": "642af637-a4bc-41d0-8b58-fa2cc6898a5e", "value": "12288:7MrEy90/m5muTFsZC/FayifWm/5aeAXjGrV07CI:nySmLFsURS/5yj0V0mI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729334, "uuid": "511f6380-b229-4cf4-bd3a-21cff5dea7ac", "value": 500224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729334, "uuid": "a51f0e3f-6281-45c8-9f2b-71dadd36d728", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729334, "uuid": "e33fa749-6120-4fa8-9382-2b30e3fcd5a9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47dfa925-eee8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1683691692, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691692, "uuid": "b008c766-a662-4b03-bfff-630c8d930273", "comment": "Malware payload (Smoke Loader)", "value": "8fa2cb5f260f3f95c0cd30d2ffe5ef13", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691692, "uuid": "158a21eb-7da2-4423-96a8-be981aac2b7e", "comment": "Malware payload (Smoke Loader)", "value": "ced89fc5c9221b27d130e6dcf5e4064b8733570b44f0cd86514d01e3970d8f69", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691692, "uuid": "8bd88424-9784-4de8-aece-c4a557b592d3", "comment": "Malware payload (Smoke Loader)", "value": "f90b4006bb19c74e7980bbcdb96e1aedc8b8469c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691692, "uuid": "0968f266-b6c2-4064-b9dc-599e0615f3d8", "comment": "Malware payload (Smoke Loader)", "value": "c4ff5d0ed71f714d424c34be0f47a4e7de8a5eb2929fc49d933e3aef2ae5a17f60861e51bb976ebc105209efafd3aabb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691692, "uuid": "201a9f16-db01-4cb1-aff3-17e96589bab0", "value": "T18064E89386E17D45EA268B729F2FD6F87A0EF6618F4937652218DE2F04B10B2C173714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691692, "uuid": "85086459-1fb7-46a6-95da-cf82894f0daa", "value": "6e9e4d8d550ce72fc581af3e283eb7bd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691692, "uuid": "be8ad10d-4c69-4fbd-98ea-14aef28b28b7", "value": "6144:mWga2ZXL/MYQiHrKRg4OXY61WopjbIL2OH:mc2ZXbM8HrigHXY6DpnIL2OH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683691692, "uuid": "7201d409-22a3-4072-8382-4e3bf164aa63", "value": 334848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683691692, "uuid": "2ce84397-930c-4b7e-9f36-13468eaa5672", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691692, "uuid": "fb0440e5-f04f-4b25-b82d-2992c5b6c1b6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff0d3fb9-ef0d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683707891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707891, "uuid": "3ef66346-a6ae-43db-bc4e-4fd09f0844ef", "comment": "Malware payload (AgentTesla)", "value": "49061f81c4c26d01398f82529fc28c11", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707891, "uuid": "247c9bfd-df62-45ec-9966-3bdc110eef65", "comment": "Malware payload (AgentTesla)", "value": "cf73e290588de72bfcaea342607edefa34695b755cade710b1ab25fcbff96d31", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707891, "uuid": "05ba4e18-33e5-4e5a-a7eb-9a3e0d300641", "comment": "Malware payload (AgentTesla)", "value": "f53294cd76040824ba82812c87805ea1c4eddea1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707891, "uuid": "d30e4b6e-0e74-4282-93cd-066c90d6b3a8", "comment": "Malware payload (AgentTesla)", "value": "3653170b05e202095c7da92a178810934bb88945954b0a695ea001396a1bc7bdbe0e87ec291df45b8fcb8b4fba9df98d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707891, "uuid": "f35f5c59-c136-4aea-ae4f-5eab53eaeb63", "value": "T1031402AA7AD78867CD095F3614C814083731D3561AD3C89AA46F41469FC27CF3BABB78", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707891, "uuid": "4726bdc0-a5a9-4a5f-a44d-150ab1d818aa", "value": "6144:zJJrrqSwVdcFkffdAoUZ1JlZ7LPFkaq2/4Yn4:9pqHcFZpZvLq2Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707891, "uuid": "0fbd1d03-ee56-402b-a515-9427dd2d0b3f", "value": 206920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707891, "uuid": "4650080b-b847-4301-a46e-09bbf9b95f5f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707891, "uuid": "c8bb6ac2-1e95-4640-91c6-5eb8231bc76b", "value": "Purchase order PO00004557-1,pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7d79991-eefa-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683699664, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699664, "uuid": "6613c227-eee2-4aac-b97d-6ffe73b13004", "comment": "Malware payload (AgentTesla)", "value": "3f5f313c86d0bdd9f9d68b1616b07f9d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "MEMEMAN", "colour": "#A3A327", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699664, "uuid": "baeef3a3-2353-43f9-ad79-6a83b7deeb71", "comment": "Malware payload (AgentTesla)", "value": "d06968313a2c815f0f1c2e940e08326c14d4d1a3257ad88b26954eb9952b170f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "MEMEMAN", "colour": "#A3A327", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699664, "uuid": "e5a8ed06-e3b2-45b6-9f13-b2dba7415c1a", "comment": "Malware payload (AgentTesla)", "value": "d407a0c8997b4f7d5d26c35cd8b8c524d1633e2b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "MEMEMAN", "colour": "#A3A327", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699664, "uuid": "00b03308-71e3-4275-aa30-9b7bff4e127e", "comment": "Malware payload (AgentTesla)", "value": "fe2517f64e8103f5bb490646001289f989f3694995c7729ac7611b169ca5b3654faa073ea1f3f68cda4db329e992431f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "MEMEMAN", "colour": "#A3A327", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699664, "uuid": "8ee73a7d-8a76-48c4-a34f-5031a15fcfd4", "value": "T1714545B4F8528281F107E5C15487BC9984613B9FBDCFCC6B0369A6739A7DA8C2E4C54B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699664, "uuid": "06f10979-783f-4fb4-80f1-431ddb706c99", "value": "6144:ZkAYhL4SXOZo+s4kBKvKOnFQ0TGdk8uVs+53ytLW+4qzj2jMVK8:ZkLBgSwvJKDuVs+ZULWvqzjF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683699664, "uuid": "f55ad438-b451-488b-9910-b75fb1a30e8d", "value": 1197331, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683699664, "uuid": "c3336c9a-94f4-4889-8c72-c00969167770", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699664, "uuid": "966b9bea-0976-4c6e-a404-5ba838611d97", "value": "mememan.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ed985bc-ef50-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683736344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736344, "uuid": "3eb0fcb9-b45d-4bcd-b744-9c0ad3d9b210", "comment": "Malware payload", "value": "64ed01350cd45f5b29741f49b1eeb3e2", "object_relation": "md5", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736344, "uuid": "46528a93-4117-4c64-9dec-ba4e68f52384", "comment": "Malware payload", "value": "d1c27e50d45e6dd721d00670a16592d376b43d392ef9f5e3142d9d74d398b63a", "object_relation": "sha256", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736344, "uuid": "86bb2a1d-b833-4fd1-9a74-37d9ae265f6c", "comment": "Malware payload", "value": "174cb69be8565550a682a121db7147620cb9ff3a", "object_relation": "sha1", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736344, "uuid": "64899047-935e-4b39-9362-f2ab6df01f15", "comment": "Malware payload", "value": "04cbfe7c1bd0b8a0bb4805803b48569d0322bf56465aa453adde942c700d7168e3cbfcf747e33f83d4aa41550b1ffb52", "object_relation": "sha3-384", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736344, "uuid": "c2f9c08a-eecb-4b1f-8118-961e6a04aa61", "value": "T1CE53F89CA48CD598C9B9EBF2E752F0CAE24D737B4A8A44B271AF5FD20243D15E943841", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736344, "uuid": "fb0f95ec-2fae-4f7c-98d0-5b533c3f9e99", "value": "768:s0jVjgocGH4FBncGH4FBQNsgecGH4FBscGH4FBIacGH4FBPYLnnndTVrXmm1wDsu:7Xcs8csxecstcstacsaMnnn76gmj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683736344, "uuid": "242cbb8f-398e-4285-9083-13a653d67f8a", "value": 62169, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683736344, "uuid": "38953044-7346-481b-b3df-50c9ea41b93a", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736344, "uuid": "6572c029-014a-4547-bd77-631e4ae620ac", "value": "=?UTF-8?B?TkRBLTI1NDYwOTAwNi1NYXkxMC5wZGY=?=", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f2767a0-ef58-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683739700, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739700, "uuid": "56014245-045a-4f3e-a00f-1063b0ffcf29", "comment": "Malware payload", "value": "0ca58b2cb85a90d2ce58e748b43770a8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739700, "uuid": "f760dd46-4c33-46ff-9cc3-22aeea1465d7", "comment": "Malware payload", "value": "d2163c67dcbe2bee19fc53966ef331d300516e769339ae460daf5130243742ff", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739700, "uuid": "6fd7255e-60ed-44ff-af4d-3979eec22a38", "comment": "Malware payload", "value": "3d417a0927f9aed78d6b22aa42c8833bdc380e11", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683739700, "uuid": "d6af83c8-a9a8-4450-aedb-d4366184fff5", "comment": "Malware payload", "value": "12d6e346ac030622ab59a115760e4c3d65c4c0c55e30cdcafb28f767c32312f2769ce7d248b86a6cbc8e722ef634d341", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683739700, "uuid": "c20a735b-8b3f-4d9b-a23b-7419b8fd90af", "value": "T184B1823AE7520EE2EF1E0FF91813812D217C21A2021185346B5C454D1CE1BDBF12EBE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683739700, "uuid": "7e2caa88-18a5-4944-84ca-61526759a1a2", "value": "166daa98e5594c0b411de0ccaa15541f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683739700, "uuid": "8c9cd0cb-5241-4a6b-80de-a0d9cfc04208", "value": "48:iAMHijql4r6tMCKipDd7ZgF+hp4YA/aldDd7x9S8P9+pu4NeXiF8hiQ/55y:prh05Ay7hjl+p7eXiE5/5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683739700, "uuid": "90ff93af-42a1-4de3-82cf-40f584b976a8", "value": 5120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683739700, "uuid": "f0265631-c117-4fbf-8f7f-235fff26f95d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683739700, "uuid": "990e078a-147f-4c49-8fa7-1963fa2028ba", "value": "SecuriteInfo.com.Variant.Barys.431180.31317.2043", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15d069f1-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (EternityStealer)", "timestamp": 1683704063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704063, "uuid": "12584e8e-7357-4cda-8406-f3c8aedb5c64", "comment": "Malware payload (EternityStealer)", "value": "11fdd321bfd4614186988b1e7bf0db21", "object_relation": "md5", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704063, "uuid": "85119cce-6986-48ce-b4e4-649930ec357c", "comment": "Malware payload (EternityStealer)", "value": "d2f62e6ebaaa21277f79cb82709adfb5c7f8a870eec123188dc54bcda2b95c42", "object_relation": "sha256", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704063, "uuid": "20a266cf-b7f0-4041-8685-f2ed319e13dc", "comment": "Malware payload (EternityStealer)", "value": "891bdf2d9f7e692599fb692818c999c89e2ae874", "object_relation": "sha1", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704063, "uuid": "f3f22bcc-8916-4d5d-8363-775c25d1cd22", "comment": "Malware payload (EternityStealer)", "value": "9ffc8dd2740ce7246e6f394799d98cd90bcc2a8995bee38e9ad78194ba33dcc3348c40e870a27a6d85d1c3cd4eb64c39", "object_relation": "sha3-384", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704063, "uuid": "1c4afdef-3d1b-4d66-bed8-5cb90c5989b5", "value": "T1AFB4E021B6C185B2D9A619350AE5DB31BB3D7D301F398EDB57582B1E8F301C09A397A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704063, "uuid": "167c20cc-645f-4e1b-800e-536fc002aae6", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704063, "uuid": "ba1ff6e7-8b20-4583-a4cc-10edd3a7e07f", "value": "12288:1jOtvHMm5xvmX+t4YP8MG0k9rj47iRyhm11PWc0kwO1LwHHKe8S2p:5OtT5xvEeLaSUcc0pO1LwHHkS2p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704063, "uuid": "650a6fdd-18b0-4802-a1b1-9c59356d76be", "value": 540980, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704063, "uuid": "77f79573-b235-471b-a0f0-b94d5a6c644a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704063, "uuid": "1723b028-ccf5-44f9-8a26-ade8d873b114", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98901453-eec8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683678083, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678083, "uuid": "72771233-6a7a-439b-ac45-beaa0a7ad449", "comment": "Malware payload (RedLineStealer)", "value": "d4064c22b88fb8c982c46ee983b5ef4f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678083, "uuid": "b35175d9-47a1-4169-860b-e2f690578779", "comment": "Malware payload (RedLineStealer)", "value": "d3395ef1a38dc51ca114b4882f29a53e729a4c48a2090577e751f2eaac4a7f27", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678083, "uuid": "b2fb51a8-1049-44bc-bf89-6271662f9d00", "comment": "Malware payload (RedLineStealer)", "value": "8636e26cb05bef1c052e542ac0a79e286e00d2b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678083, "uuid": "4c96ab55-0d77-410b-85ac-d2dc7e47763f", "comment": "Malware payload (RedLineStealer)", "value": "13eebdb51728613845d0a3add7480dcfdd8a7e324b797cd4ab7805a75fece1553467b9a5651d5e7a4589ef7a9822b2cb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678083, "uuid": "2ae5e6d6-1630-4f50-bd44-32410b30dfb8", "value": "T1B1B41243A7D89532E8F157B05CF622D31E36BDA19839A37B3744A90A0CB33849572B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678083, "uuid": "75286cef-833d-41c0-93ea-8f4298ac78a2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678083, "uuid": "6dcef990-301d-4de3-b810-c8cb57c8d86f", "value": "12288:6Mroy90GmM8oK2M7JlKtXiVsGgfK0FtV1czeClWBgeGaq2P:+y+1/JOXi4bczbfAX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678083, "uuid": "3b3103d3-a4be-4579-a859-d4a88dcee54c", "value": 501760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678083, "uuid": "a6a97693-ed18-4d18-b65b-f55d260f401a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678083, "uuid": "6c503de6-3b45-4c3f-ba1d-b4330b3c4f52", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a6ae4eb-ef38-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683726029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726029, "uuid": "29900c22-488c-4341-8a32-360eb26484c0", "comment": "Malware payload (Amadey)", "value": "790adc5e74b432513ec49bb57a2eca09", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726029, "uuid": "68a8556f-6703-4b19-ad37-44ab91400d01", "comment": "Malware payload (Amadey)", "value": "d3daa7b6a8b032dd2d3318c393e5c465c984c14201668e2d396870f847181376", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726029, "uuid": "fe61364e-b06d-4434-8c52-6c5c678e61d7", "comment": "Malware payload (Amadey)", "value": "12cae4af29da54261b62c2491e46ad1b98ded854", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726029, "uuid": "283eeeff-940b-4709-a1df-bffee403531d", "comment": "Malware payload (Amadey)", "value": "d467f0a184824917e9ca1ad1669b3327323942ac291c8d73d4ad10a5d71be3053b2d76da186b193184f334306007c007", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726029, "uuid": "70f01806-ca4c-415b-8fa2-a57269c5062c", "value": "T13DA40292ABE54032ECB51B7069FB13972B3A7CB1593C835B2646684E1CB32C4B47177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726029, "uuid": "ee20640d-2c87-4c1c-9580-da929599c942", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726029, "uuid": "d63b4b6a-16e2-4553-bdcf-8179eaa90482", "value": "12288:dMriy90ADigS+ba4njwBKoCbpbxGZCc2CoT:LydGgnbaIs2zGZXNM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726029, "uuid": "600d05c8-11ee-4c77-95f3-289ad7f37e63", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726029, "uuid": "9bb07214-c74e-48dc-9233-7bdc6d919f67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726029, "uuid": "694422bb-de52-42fa-837b-3056b96c28e7", "value": "d3daa7b6a8b032dd2d3318c393e5c465c984c14201668.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "969badd4-eef8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683698696, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698696, "uuid": "bd6b570d-d295-4083-81b4-c87db22b8013", "comment": "Malware payload (AgentTesla)", "value": "1b77af1f2133de38b8dfb2c7af7cd82e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698696, "uuid": "3edc8189-7f18-43ae-ad4a-dc3b36a8f471", "comment": "Malware payload (AgentTesla)", "value": "d4087c5cd714fd04edec38af16005e9a92b89b7e754bb6ece4186d14222e5a40", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698696, "uuid": "ed7eb323-b527-42c3-b614-a40a9e238234", "comment": "Malware payload (AgentTesla)", "value": "fbc152ea7ded7d39ed6470ddedcf3464fcee7880", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683698696, "uuid": "e930d909-c2d4-4ba7-a8f7-ca5e52ca50af", "comment": "Malware payload (AgentTesla)", "value": "c1fbbd0d07038ba4163fa36794190781a632306a9e28c1f85e87effae4c0fc831019f82e0ccb4d44bd2ce357fd965ba9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698696, "uuid": "967c9d5b-03c4-40dc-957d-324f5d34c062", "value": "T1AD140256AB435521ED05AE342DC0E224A5B1E366A5E3EF4B341CC2598F833CE6F8B74D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698696, "uuid": "a6265e84-3a0a-4974-b51d-0860a36a2abd", "value": "6144:Ohr2GCtdfo4yRnFhITcJ3sBTwBf0mElRTn4:GihdQl5pJ8H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683698696, "uuid": "3fd9fc1b-9674-4913-8c17-f9693c96ccb8", "value": 206920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683698696, "uuid": "3ed67393-0d24-4ba4-ae2b-6304e64fb209", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683698696, "uuid": "aa5d3ff4-2216-4de4-9e9c-6459050e1775", "value": "ZiraatBankasiSwiftMesaji10052023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f409b6b2-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683729347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729347, "uuid": "6afa278f-b82e-412d-a301-c60830547514", "comment": "Malware payload (Loki)", "value": "6ade942d85d1738a7d52360ca1d34080", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729347, "uuid": "175498da-1af8-44e2-8f9d-83d41f3d87ea", "comment": "Malware payload (Loki)", "value": "d48a2b8410a53d0f6475fa8f93ef357ab2fbfe21a9b56af60ac3aa73cd4c1078", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729347, "uuid": "9ffb282b-e8ae-41b6-9661-ec277b5d1363", "comment": "Malware payload (Loki)", "value": "259fdeb6f82d0720d23d5b37b9f03d0bb7474a6f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729347, "uuid": "594928d4-5229-4ba1-a733-3e633b310522", "comment": "Malware payload (Loki)", "value": "7c544b29094edd5ed52efa4f13ec0292d54049a8e6d34e93fe5081b5b5bdf7ee04f53809574c43315dd873110553c433", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729347, "uuid": "6dca611a-81f7-44c3-8d6b-0e06787528cf", "value": "T17D641A9396E13C44EA264B729F2FE6E87B1EF2518F49776A2618DE1F04B00B2C173715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729347, "uuid": "10a4fecd-90ae-4759-81a6-a8471989e8f5", "value": "e48ce786839b8555216670df4b01894b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729347, "uuid": "5eb6cc00-4a7a-4480-92c0-3cd3250cba52", "value": "6144:7AlTLATq+/lVkvYIfTWVKAag6K5vIV6DvGG4+:7q0Tq+xWaVK7OIVQvG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729347, "uuid": "72ee1484-57fd-422d-9de0-1c7f9185fbe5", "value": 327168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729347, "uuid": "3e815e65-8080-45e0-b6ed-32fff3ac6afb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729347, "uuid": "0631ea6e-c105-4075-a151-f4149d730df2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7b2c6cf-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683729353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729353, "uuid": "bba3841b-8ea0-4520-ae6e-02ebd0f8f539", "comment": "Malware payload", "value": "8b91589d7d7877b6469fc4647617a611", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729353, "uuid": "9ac096a1-576e-46d9-8575-79a2ba431c89", "comment": "Malware payload", "value": "d532320ccb771301d3b9d6c0b0048ed776b1020c4480dc736163298c8ac4ab26", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729353, "uuid": "e9548dea-ec32-4597-a133-67f89ce9d9df", "comment": "Malware payload", "value": "9d2d311097f4379e38fff302045d71531d776107", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729353, "uuid": "6e8a776c-9ca8-4118-89f1-376621940764", "comment": "Malware payload", "value": "f6772e0478e7a67e8514d598b024a485b9a54c4273d50e5c0c55e37dbcb93968e97cad82b2683d873c8eb52c320848d2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729353, "uuid": "d1d6e347-6963-46e0-a70e-644b59bf3560", "value": "T1B3463352BE0AA63ADC3980B1E54E05E34AF3AD46C6807AE335CCFB1577F103255197AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729353, "uuid": "2690c0a5-2459-4702-b9a5-7d1d0bfbc709", "value": "fc7f52bf1f4aa7d4a20dd9fbf4293e0b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729353, "uuid": "911f8ff0-d75f-45eb-8d20-89156d33bc11", "value": "98304:srzAyb08XvPGdesr6xEQiErYxPDgxMPI1wI48Hi3RXIMl4FN1veh:s3moW4s/Q/8lgeQ1d48C3SnW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729353, "uuid": "befa650f-5b5e-477b-a3db-700113e1dc86", "value": 5447984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729353, "uuid": "eb2057fd-7111-4bc3-ad7d-76f93eceea66", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729353, "uuid": "95058d8d-1fa9-4703-a818-95e4e30b173d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "315ade5b-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707116, "uuid": "683941f5-df3f-45db-87da-3d3a8408c5af", "comment": "Malware payload", "value": "1cb5918212632172a08228a1fb9191f2", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707116, "uuid": "7352df66-f722-452e-83f7-dddc649ae5d9", "comment": "Malware payload", "value": "d75fffd1516f341278f5fa8aeb42705a7816a3bc0542039d032a58f0b6f7760f", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707116, "uuid": "10bc62ad-d505-4306-b67d-cb601a264ec8", "comment": "Malware payload", "value": "21756f2079452a628b057264bd741ec85c03dcba", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707116, "uuid": "b8ff78d0-3e33-472b-853d-959cf16a01e7", "comment": "Malware payload", "value": "9be82e0dc65b964eaaa05c93359fa9756cbd95c36b7bf35586b586b0cc0166ceaaf6c6b44a03a0959e69c7a6d645abab", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707116, "uuid": "a107d2f3-5633-4d35-b511-07a480405393", "value": "T1EE55D17396A2FEDD27AD2E8CE4C611C40CC4ACBB626891BCB888845FA1B5754DCF5C70", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707116, "uuid": "87059245-55e2-4219-b6b5-58a9e4cb919e", "value": "24576:y2h5t7+HtWVkl1UfGtuEwtXFb5S2fdsX1C:3QkqUfGtsVfdn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707116, "uuid": "cdd1bb99-e642-4910-8140-a886c7796064", "value": 1325740, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707116, "uuid": "a03abf47-120c-436b-a1b6-4a4d547efa70", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707116, "uuid": "d5e092d5-4e1a-48cb-bb14-0c85758201e0", "value": "Nxcjg", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84e3d84b-ef71-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683750635, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750635, "uuid": "7f91e80e-03a5-4921-b3af-ff0b8af0db58", "comment": "Malware payload", "value": "0df6d3966de28f66ad6f65d68dc483b8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750635, "uuid": "1473f9b8-379f-4570-9d05-6742bd4bd097", "comment": "Malware payload", "value": "d7827f6a5504177f498f7d45ac9d8c5177544bf91890ac96f6cd8add8f2cbad5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750635, "uuid": "ad38ebba-a3fa-4017-aa4f-628036ca29bb", "comment": "Malware payload", "value": "d948ba880b3991d80bd9475321419abcb7157073", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683750635, "uuid": "974bcf0b-15cc-4e3e-a55e-a84721e5655b", "comment": "Malware payload", "value": "c9f8e8504f1a8b6c92c3a0ff30058a2005b00202587cacf9c4ecf359974d8d2b6145630f48ceb709865d31ca472b565b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750635, "uuid": "8b01fb60-1e82-440f-85ed-8c115c4972ef", "value": "T119D42324C2295F94C0A5153103994F78FBFA9E3B09CD3BD775AE31FA85B494027868BE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750635, "uuid": "a419cf12-2c50-4b43-ae74-7c9a9315819c", "value": "f3b0190cf950eddaff6dde7b84a85c92", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750635, "uuid": "24ba9f37-6741-421d-8d54-0682c45ce099", "value": "12288:ax081cOKpIyXyhOT7Tw0Fb1Nw2dCh1IjZfur9/7xPMcc1DgLHrTtS:ajcOFTcw0WT7I07xMc2W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683750635, "uuid": "3bafdf2d-2c50-4ae5-991a-84afb286486c", "value": 646656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683750635, "uuid": "f72da3c3-aad4-49a6-9318-57e50d86ffbd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683750635, "uuid": "c5b3a51d-d1ab-4bc0-b712-a9f4a197fc9b", "value": "SecuriteInfo.com.Trojan-Spy.Win32.KeyLogger.EH.16517.30010", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9de8dbca-ef0d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683707728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707728, "uuid": "3245ba03-a3a8-4bfd-8d77-5b655503db4e", "comment": "Malware payload (RedLineStealer)", "value": "ba25564186ce52d1b64084974dc1c523", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707728, "uuid": "689711f9-3a8c-473e-97e4-f97e79a9b8ec", "comment": "Malware payload (RedLineStealer)", "value": "d8244ef0cb7ee70181f80484cff739b6f1458a2e9f2836ad00f445c3b863ba25", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707728, "uuid": "2ff17f36-1358-4944-9cf7-a167f0713cf4", "comment": "Malware payload (RedLineStealer)", "value": "8d80de8a722b3cfa4c6c5fdde6ddb68d0d5c0a45", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707728, "uuid": "fc14181b-712a-466f-8d0e-95b0a28ad344", "comment": "Malware payload (RedLineStealer)", "value": "10292082038ed9a5205f70488b485847ecb3466f947fecce0fb2000bf5bdf03382ad1e86c8969220adfa4abc80197ef8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707728, "uuid": "753858ec-2dde-444c-9001-deac1be83be7", "value": "T124647D29F708E1B1FE09523C25C761AF5DEE7878066F10926B41432B756EFB07AE03A5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707728, "uuid": "6016c833-51bd-4e92-b5a8-4dc6fbd06363", "value": "ae64f100c0f22c43c95a1d2055ef681a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707728, "uuid": "c50b4e82-c2ff-44d5-9d16-262d7b9b4508", "value": "6144:943PgOzMHgX6TAbh8VoQ6U/Du2FAcacrzaAfvspfofiv:S342Db0oQtDuAImz2pQfu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707728, "uuid": "8a659a11-9f77-4094-8671-9bbfc31d6408", "value": 323680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707728, "uuid": "f2063019-17d0-4e82-892f-983aa2469d9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707728, "uuid": "df3e9bff-485c-4167-80f5-d7a6517c3f07", "value": "SecuriteInfo.com.Trojan.GenericKDZ.99300.17068.1855", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0229df50-ef30-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Urelas)", "timestamp": 1683722499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722499, "uuid": "2d07735c-c905-4c93-ab76-54133db5d1fb", "comment": "Malware payload (Urelas)", "value": "24344b0c7097f091affcc289e8029828", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Urelas", "colour": "#7F756F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722499, "uuid": "97d6338f-440c-4873-9e1e-00a0bc885faa", "comment": "Malware payload (Urelas)", "value": "d8625f328129d3591d0b6f88fe62ec6ab38248a0b56e2a260eef04b6c414f42b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Urelas", "colour": "#7F756F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722499, "uuid": "3d1c840a-666b-4823-948f-0e95b1e88314", "comment": "Malware payload (Urelas)", "value": "2ee973416945a6b16387943f019260b26d96b2d7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Urelas", "colour": "#7F756F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722499, "uuid": "9ca6848c-9383-4f90-90a2-d803d06bdbb2", "comment": "Malware payload (Urelas)", "value": "915b35284a638e3b0f7d5ffab9c02a161bbc52fe8f55eae5806d782e695099e3c72f0b27e97862ff1ef2cd41a9f4c6f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Urelas", "colour": "#7F756F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722499, "uuid": "f01953cc-7ae1-4210-9f0f-d8a54d68da2f", "value": "T10DA49C0C61B7256AE38D8235B8F3F768492A693E9A4177F9377360DCEDA1E0378B0154", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722499, "uuid": "7a3ce597-edce-41d8-b28a-56c9caabbacc", "value": "46b9336adb2f672dcc7203d78b439246", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722499, "uuid": "de9ba78f-5c7d-4a77-9f0f-252efffe37ee", "value": "12288:olJ+TFukCI+P9CcrmwEuBwUqA5qFbAGTALHaspq:00U9CcrmwEPA5qFxT7Cq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683722499, "uuid": "e242d406-acf3-4262-89cb-b18247bb3fe6", "value": 476282, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683722499, "uuid": "c2d5b4f6-35fe-4c23-bd01-8020f9950c85", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722499, "uuid": "8ad804b2-93d2-48ab-8cda-0bade69e8b04", "value": "d8625f328129d3591d0b6f88fe62ec6ab38248a0b56e2a260eef04b6c414f42b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c452bcc-ef1e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683714946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714946, "uuid": "7492571e-e9d8-440e-93c3-f623b1237da9", "comment": "Malware payload (AgentTesla)", "value": "c88f6ad66b4b2bd7d2f54852fb2f629a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714946, "uuid": "00c99259-3449-425a-9e6d-f7bddfc78efc", "comment": "Malware payload (AgentTesla)", "value": "d8f1d62f59d5f1d334799da0d3c3bf6730d1c2f4b7c1596a4b1786d8f787c35d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714946, "uuid": "46a29b1d-f352-41cd-80c7-78f58885bd7a", "comment": "Malware payload (AgentTesla)", "value": "6a0cbb596147fbcaba2dc0f0622e0f97d100ab86", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714946, "uuid": "58dc5d65-91b5-4f94-8e07-c663bf5492c3", "comment": "Malware payload (AgentTesla)", "value": "943bf9ec79a7dc0d0d3d2d936907c53e0c001e6d73a4170b4d50380173dd9780dfcd9f188db16b1c9755d7f1ff52ea38", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714946, "uuid": "c9d35439-bfdb-411e-beca-f9115f5de69f", "value": "T176E48B56A064C81FFE5AEB71C0A4FFE4A6F4FD73A4D5542223793849EAB9F011E8C118", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714946, "uuid": "0468a2a6-d872-44ef-b654-d9f5863312ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714946, "uuid": "aeab2554-5d05-4de7-94cf-00f3064615d8", "value": "12288:ZOVQBanueUElxbvxsXxs2egQVtQ8rj1qw2oTAk8Rj4k8JPHzZAYEYGtlOkoPg7fw:zBIUElDshsaEhqhkXrJ/zvEFla3ws", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683714946, "uuid": "d3157c79-5b50-4e0d-b536-abc7d2650f66", "value": 686080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683714946, "uuid": "abc89d67-ee10-461c-b402-29dc3a27addc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714946, "uuid": "8e82c186-79d5-4326-a5e4-64537ec53a6d", "value": "d8f1d62f59d5f1d334799da0d3c3bf6730d1c2f4b7c1596a4b1786d8f787c35d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cac48493-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (DarkCloud)", "timestamp": 1683700072, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700072, "uuid": "dc01154f-ae49-464d-9d0d-8bb8c39ce41c", "comment": "Malware payload (DarkCloud)", "value": "e3351c05add94fac7045aea930fcface", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700072, "uuid": "28907d80-6702-47c3-b535-c6396af82c86", "comment": "Malware payload (DarkCloud)", "value": "dabc51f754d18831689fcc7a554459a2ca2f023b40ef126e6cd721c225a75249", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700072, "uuid": "4e9798a6-9764-41e5-9903-02f8d7c6b773", "comment": "Malware payload (DarkCloud)", "value": "73de964b0c503e2651e80fb57ae62195bb598ff9", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700072, "uuid": "a892ea2c-b022-40c7-99b9-435b1d93aae4", "comment": "Malware payload (DarkCloud)", "value": "81a910a657b068d7ec553b86af49f9a2735685d72d22ec1a891e2dd128c6c9749a6251275ff403923d6335344a636cf9", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700072, "uuid": "268a039c-db4a-445e-b4b3-253e2fe597dc", "value": "T111D4DF022F570300D0AA42FAD9A66FE10E2FDE122921DB95D9C171FB7DBA742FD056D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700072, "uuid": "8d224a62-edb0-4c09-9a69-3d4ebc97c186", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700072, "uuid": "6779dffd-0411-4a0c-8f93-39bc1b108cf4", "value": "12288:rUHLGlTRTX4Lz/dgjzd/eLs6wNzV0v7l90RHQuk:HZKz/uP8LduWTl90m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700072, "uuid": "88ba9636-7678-47fc-b4b0-b88871f63ddb", "value": 656384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700072, "uuid": "e96215ad-da9c-497b-a325-d685fe36cdaf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700072, "uuid": "531c6587-8676-437e-ab87-2adae29f790e", "value": "INVOICE098765678DCOP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b8bdafc-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731292, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731292, "uuid": "8cb949c4-880a-406e-8e8e-b4a71a0af3f5", "comment": "Malware payload (Mirai)", "value": "e2119ec1f13f5dd2c562471fff18e102", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731292, "uuid": "12f792a1-d4c1-4427-b852-5984405ed940", "comment": "Malware payload (Mirai)", "value": "db146c5819198fc0ebf15080c36b6c42c5bb059a889f6f79d85208e10595625e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731292, "uuid": "60a0d1ba-0447-4f09-bb10-604a834a6bec", "comment": "Malware payload (Mirai)", "value": "e72593eb89feea569211cf3719f145c07e90ffe0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731292, "uuid": "3d7d1f7f-3eee-4049-b165-f9551a0f8f0f", "comment": "Malware payload (Mirai)", "value": "9d2acae0675d64683f0663376d691e5f175f91355b777a1e670b0d5225ec4fa4b38c91b0f288d759b7697b27c028e3df", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731292, "uuid": "33dd8247-e24d-467b-b32a-5748eea84fdd", "value": "T1C6D2E1A24D96C060C9349C35EC764FDE6B181BBCDAEEB1631E6048049BD7168F1AD8C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731292, "uuid": "a3c216e7-96c0-4caf-97c8-6fb43f4d0dc0", "value": "768:1/CfMn6YhmiYHiE6CbNTTfrL5GvElgEx9q3UELgqZ:Ik6YnjE6+NPfrovEkL5Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731292, "uuid": "52a7bebe-1cfb-46b6-9b29-276f17b57f38", "value": 29428, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731292, "uuid": "9bb34865-8095-486e-a109-ef4ad2c89a2d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731292, "uuid": "fbf3733e-3d67-4693-9a76-615928d3584b", "value": "e2119ec1f13f5dd2c562471fff18e102", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4146d22b-ef63-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683744509, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744509, "uuid": "2c7355a5-7e6a-4ab8-a818-5404a653a1f2", "comment": "Malware payload (AgentTesla)", "value": "b313322e10aad97399493d3c64c659d9", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744509, "uuid": "d7f7850b-d761-4127-bb97-485d3b61910d", "comment": "Malware payload (AgentTesla)", "value": "db2d2a70db1b3a66288c44b7e35ed1f5260aeb8162fac2bcbbe248e1a4faba48", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744509, "uuid": "ee11c028-f63c-4727-8dae-c7ddc7297e9f", "comment": "Malware payload (AgentTesla)", "value": "86a16482af98f2ed789095f1278311778e82d2d4", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683744509, "uuid": "53d8e83f-c164-4d91-9057-00fc5bc6dca7", "comment": "Malware payload (AgentTesla)", "value": "ec8f74eacf81760e889079b1ee1b2a7e8ea9c7a6f934442d40e01deafddae12313241a542a84dde5d33a6740f511eec3", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744509, "uuid": "5551d292-7bd0-487c-a950-40249d7a87a8", "value": "T116D4235BBB6EDE37CEA3B2826008FE7032C5640B4A99159F39D674B8639D1970C4E7C1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744509, "uuid": "57364811-fb72-4260-bc4f-89e9b5039d9b", "value": "12288:OmZCzb3ptgV16wDk1ITCh+LsZtBfPDCxX6Gl3VlVTqndtac2f:jC/ptC1JD4Zxl+xdBVItadf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683744509, "uuid": "0d76a950-b9d3-4eac-97ea-b487b17b8795", "value": 614617, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683744509, "uuid": "410b3019-31e6-4742-952e-dd880f49e93e", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683744509, "uuid": "77b58a1f-43ee-476a-b7ae-369c601b09d3", "value": "PAYMENT_ADVICE_1.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5bb4a66e-ef0a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683706328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706328, "uuid": "916025fc-e808-474c-96a3-73c191961715", "comment": "Malware payload (AgentTesla)", "value": "084bdc8e985d71869c6f1c5ab29574fd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706328, "uuid": "80b52873-969e-41cb-837c-ad7d9ce1b2f1", "comment": "Malware payload (AgentTesla)", "value": "db2e09e48807ff6a8b66fb3fcf0b8cccbda4b391482b78fed49fbf2ef296efae", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706328, "uuid": "a48fde88-8f8f-4807-a736-3d87c51b91b1", "comment": "Malware payload (AgentTesla)", "value": "cac0d94a97677a951e2c4a4533d868ad1e138b5d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706328, "uuid": "21a6167f-0588-4187-ba64-5922262c310f", "comment": "Malware payload (AgentTesla)", "value": "290349db4b7abba235ce52184fa1d2433e2d7a1d414e45e7633d46e7fc862b7acf6771364e88a54c4bbd0e8904521d3b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706328, "uuid": "940d2c3a-d8ff-4359-96a0-0ad0dfceff5e", "value": "T1EAC4231DFD5C8ABACCAD3C2F4BE7616046A0E8DA8EA084DDDC350164F7AA3471E49D35", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706328, "uuid": "52e3217f-12c4-4d23-8b8e-4a16148c052b", "value": "12288:X2gDENSMNM8U1lsulOXb7r/0TRvneCMvzaVhDBhm5kg3/TSrwXqeeCPfEzaI:Dv8UJWr/0JnqveVpBhR0OrmqFUfEzaI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683706328, "uuid": "89e04f5f-ce83-4ba6-91f7-bd1faf98bd2c", "value": 592232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683706328, "uuid": "5799a56e-1613-47a5-a1d3-33f58a18fae7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706328, "uuid": "2d57e6b8-8795-4d17-ac57-cabfe30be3cd", "value": "ENQUIRY.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7ad0256-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683705623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705623, "uuid": "b62cd78e-4801-4bd6-9bdb-fdf90a40dbd7", "comment": "Malware payload (AgentTesla)", "value": "0402f26d86bbd91313bfbd47655d9a05", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705623, "uuid": "9b516696-96d4-46b7-a8a7-1c2b392d0644", "comment": "Malware payload (AgentTesla)", "value": "dbdcd3fc94d5094118f2500ebc89ef4e1ae949a7e9e03ad6f43654a97978e7e8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705623, "uuid": "eeede1a4-dbbc-4ebd-a11d-bda7b7f88eb6", "comment": "Malware payload (AgentTesla)", "value": "c693c4a9272d848361c250d145529c98806ae688", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705623, "uuid": "98c0a6bf-c11f-4d8d-99b0-a632336c22df", "comment": "Malware payload (AgentTesla)", "value": "530a76d8a2dc0e431a198bc22710e560897acbda67b5fbf40bdfb1ca0e213155196c6aaa31f3ab2f43f7abd64102ceb5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705623, "uuid": "e95f194b-d0c5-4f4e-bb2a-4e9b7723fd42", "value": "T1A0141256BBA38421CC265B33D4D285596BB3D301A963CDB7368C81285B463CB27FD3E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705623, "uuid": "f40ab6b5-53cc-4659-a0f1-6d4d135120e2", "value": "6144:Vf3KaEyL5MioNP118zoSNJ9AvIJBM/nn4:VKaJboR11QNJ9AvIw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705623, "uuid": "a3b56e40-1d1a-42f1-86fe-13c3f1344834", "value": 206920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705623, "uuid": "5bebc493-8037-4766-8327-b9ff95a12eeb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705623, "uuid": "57fee09f-faed-4383-9868-5ff8d63b8dec", "value": "Garanti Bankasi Swift Mesaji10052023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fe3928a-ef0f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683708348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708348, "uuid": "3c47e77e-bce0-4e71-8a8a-65d3056b01a9", "comment": "Malware payload (Loki)", "value": "49f6547db1a057139da206876f7cac86", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708348, "uuid": "5de14563-cba4-480b-85b8-5428cfc7f4fa", "comment": "Malware payload (Loki)", "value": "dbfb7fe4882a662e88d24b69b6e2fe33bafc95124d20b1db754ce05698527eff", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708348, "uuid": "0d71f15c-21d8-445e-87dc-5aaa4f23606a", "comment": "Malware payload (Loki)", "value": "a926cc07916f012e34a23cff987d8701fb9c8b06", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708348, "uuid": "078da12e-462d-4743-907a-b616151ed4c3", "comment": "Malware payload (Loki)", "value": "2092708ce11aa874018e206662cd9d963ded323d489194ffc39d74ff380aaaf443c10cdeb5ad5c8995ae500c83c7e5c5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708348, "uuid": "b8fb68cd-9b4e-4182-8847-bb136be7f32c", "value": "T160642B9386E13D40EA2A4B76CE2FE6E87A1EF2518F4977762619DE1F04B00B1C173719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708348, "uuid": "d003d90a-f37c-4dbf-b75e-743a642bce69", "value": "f638bba0028bbeebea7ddd6400ec7cc1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708348, "uuid": "b2ac9a7d-6805-4fe8-ac5c-7b231dcbeffa", "value": "6144:kAdo5L4aS7xz6GLWpk2hVl8GnIRZvGG4:kx5caS7xKVhbIHvG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683708348, "uuid": "43ca825f-9bb4-4545-a27b-d32b84c92ed1", "value": 327680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683708348, "uuid": "6a64a86a-5729-4669-8cc9-2f937316220f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708348, "uuid": "0b0ef1a3-7bc1-4bdf-96ee-af8d1542dcac", "value": "49f6547db1a057139da206876f7cac86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "971373a1-ef20-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1683715877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715877, "uuid": "ce9b2e59-1fc2-45b7-bcf5-a318286278fe", "comment": "Malware payload (Smoke Loader)", "value": "48e93a72a9917f37d2bd7a0042ab13b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715877, "uuid": "fbdf6b6d-881a-45b8-a68d-164a04dd67fa", "comment": "Malware payload (Smoke Loader)", "value": "dc64aeb44f51a7d763c5b12348071c13c8ec5ecdf4e172b40c0fa71d6d1aefe2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715877, "uuid": "96fc6a5e-5677-4a4a-855c-49e685301443", "comment": "Malware payload (Smoke Loader)", "value": "8b8df6610a5611bf33a86e4246b85b8d1db5c365", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715877, "uuid": "fdb81d54-050e-43e6-b6e9-0ec5268a662f", "comment": "Malware payload (Smoke Loader)", "value": "f2a9dfef52c4f527ff085a15ba1bcf54e525f1c1d417b120a5a09f0c681ed511062086fdfd1a5b7380913d69a30b8055", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715877, "uuid": "02ccfa51-92e0-4653-b1e1-a2fe654b6c5c", "value": "T11F643A0362D16C54E6274A368E1F8EE8765EF9618F1977BF22146B1F08B11A2C172F1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715877, "uuid": "9bdab6ce-b7a3-4c39-8625-faeff6aaeaac", "value": "01f37df613d55b4b4b8899ff2305631e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715877, "uuid": "65f8c302-8c11-4b2e-b7b0-45936d077e52", "value": "3072:o5OERC2aIZJTTs2ns5pZwe5S6uAnhkN3Zjl9PoG4HYbLCZXTd5KkEqZo:+C2PTNCp6quAnCZZjlOJHYnC2C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683715877, "uuid": "a29d55a8-840d-487f-8a87-31e1b9f21643", "value": 336384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683715877, "uuid": "985bf5f0-830b-4b6e-b6eb-b2b8873c8bd3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715877, "uuid": "cca37573-55f7-4439-a82b-08a318f89e7c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "371d8357-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707126, "uuid": "1cf7d3ff-e782-424d-9d1a-e3e6091f50bc", "comment": "Malware payload", "value": "89eaa9ee7aacdd6736e5dda7f02c283b", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707126, "uuid": "30c1228e-d900-48bc-9229-94cc1cfa4e9e", "comment": "Malware payload", "value": "dc901c98553fbb1cf5bcf734fa459613b32f28a37e9ea4404d813c13ddd3bc1d", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707126, "uuid": "d6d5d8ca-7121-4c09-9ccb-3a024055d005", "comment": "Malware payload", "value": "250f52af81bc3349ea29910f96eb6ff55b4e2580", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707126, "uuid": "ec3742aa-770e-4f80-8984-579b46f4ce37", "comment": "Malware payload", "value": "e82443106dc3e4533e813b2796b57e06aa9b48baae2d31446c157d611284cd41d6a18ac60b7e4e783cd07580d4f24585", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707126, "uuid": "a9d3873e-85b9-4197-92a6-a0c83f953789", "value": "T12C55DF335E8EFEE72FF90D48D8E6268C1D807DB75268D194FC88429A65A0914FD99CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707126, "uuid": "de8aa428-4c87-422d-b427-efbbd94ec9b9", "value": "24576:54kyNnqbnyps6exknc6v2oKhheK7X6+izeTHGyBEPgPAVdZ1BPefOiPqu1Jw:+Tp1s6LjK3lDTHGyTCdUfOK6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707126, "uuid": "52367ab4-100b-4ca6-9ad0-36309fef9a68", "value": 1323692, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707126, "uuid": "2880496e-4adc-42d5-b6a0-c95eef688a38", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707126, "uuid": "17a2a8fd-934a-4b40-83ac-2bcaaf47a320", "value": "Szrgrojkmf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "221f4c7b-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683704084, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704084, "uuid": "2d314e88-7506-469a-8980-958d25b18fb9", "comment": "Malware payload (RedLineStealer)", "value": "1bc8b2bc4b679224e03f8469e3e19cd8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704084, "uuid": "80b66e21-d034-4072-8ea5-63cfefd5a13d", "comment": "Malware payload (RedLineStealer)", "value": "dcbc00932f5016baaa92523df27c27a836f674381bb8a392f4f58781a483adbc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704084, "uuid": "fa018255-c366-4a31-806d-209dcbab6b69", "comment": "Malware payload (RedLineStealer)", "value": "c3771f73fc5e032fd61e639563edc612a0a7aec7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704084, "uuid": "21b2c1d2-ca7c-4ff6-a2b6-ec8e320e3782", "comment": "Malware payload (RedLineStealer)", "value": "b23d79d3d0dec12d30cbd6f3f77354c72762ea1a8d71fa6bdec339a297eb3dc3094b5e2870d94ca6529592a92fdce557", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704084, "uuid": "773478ea-e2d8-4663-9845-b7499f32564a", "value": "T150551202B9C1C9B2D073193366345B11693C7D606FB68EDFA7E4666DC9326C0DE30BA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704084, "uuid": "6d31d7af-1ee1-4b19-bd8e-6ac3e1223ecf", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704084, "uuid": "8d59b433-beb5-42b1-8f8d-bd79973b1175", "value": "24576:2TbBv5rUyXV6N46cSqtn69O5l7LEfwP5cv2tEJmpL+hVxAw2jO7:IBJP6ChctyIcly7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704084, "uuid": "b15eeaa7-451b-44cb-af91-cca7092fa54f", "value": 1306677, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704084, "uuid": "513b5f2d-b96f-48a6-b5ff-263439bedff8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704084, "uuid": "33f5cb6a-d408-4298-bc6f-7666839cdad1", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10d9593e-eeca-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683678715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678715, "uuid": "a97e05fd-c6cc-4154-ba8d-790e724bcbbb", "comment": "Malware payload (Amadey)", "value": "7212cd172c9f7f5abfaa20606a88024a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678715, "uuid": "ff702df2-ee30-4e81-acdc-bc2c09e38e5e", "comment": "Malware payload (Amadey)", "value": "dcf24840d82fa6f6be648d778bb5b0ae3373e58f66f2624267dc560a2ef5fcc0", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678715, "uuid": "7e446231-1a58-43a4-8695-c76227680785", "comment": "Malware payload (Amadey)", "value": "e5638367eab79e711aa9f5737980738616508c71", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678715, "uuid": "b417015e-44ac-447c-9ee1-f2f152e8f99e", "comment": "Malware payload (Amadey)", "value": "3ab9b2e0997420e0355ba9160b775f43201dc621780a7b38e3c54855bbfc166eb315f3b3ca85704cebd479738e57f3af", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678715, "uuid": "56f2c8d5-1e78-4466-8a61-6b7eff943d18", "value": "T1D7B40213E7D40073E9B26B7498FB02C31B35BD525978526F2791AD5B0C721C0E93ABAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678715, "uuid": "32695a81-a130-4058-820d-2579bb06f483", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678715, "uuid": "6d3ce25f-6d32-4960-91bb-2fdd469718c5", "value": "12288:6Mr7y90maucV5c1u31ATdSs6j9oJIRs0P:NyZ+X6TIBmIf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678715, "uuid": "a8ad2b22-09dc-489c-865b-8a894e9fadc8", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678715, "uuid": "1e517b84-e93a-4222-8556-f829c65d7118", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678715, "uuid": "79352fa7-8f51-4781-99b3-65fac17eddcb", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "221a5999-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1683731142, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731142, "uuid": "91cf6ef6-cd5e-4b80-80b1-12c90b27834c", "comment": "Malware payload (NanoCore)", "value": "23796402c3618844fb5683d12508e488", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731142, "uuid": "b7ca9c23-ade1-41ad-a807-d764b881e449", "comment": "Malware payload (NanoCore)", "value": "dd12c86f9ba2023ce5f1325c2fe9ed5f01fc0930a539ae81674a701052ab4c3b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731142, "uuid": "16fceab4-0991-410a-8f91-5d1c8cbc3f31", "comment": "Malware payload (NanoCore)", "value": "7455cc9d8b6a95a0eea3dc6bda91c36f0292dda4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731142, "uuid": "31d7fcd4-5c6c-4458-9f10-d376a484e52a", "comment": "Malware payload (NanoCore)", "value": "f11e6b8652bed7a337ae14e6ab5490f2d321756dd9af07ee7673e9a4a84623419ce3bfc0f615b96c6e895a31de0ce609", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731142, "uuid": "a92ed848-9d6d-4c83-9e0f-9c8497838dd7", "value": "T1A127C03EB7E58E62D7691B30C03272142334CC9640D6E31B999D7EEAD8913C5E149DAF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731142, "uuid": "bef17b8a-a99c-4839-a134-a18b2122b885", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731142, "uuid": "23e348a5-cd4c-4804-851f-3aef60057336", "value": "12288:S8SnG5jbNCUZLHVaaj7uTPUn0S6M8RLO4VsypU:SjnG5lCEGTBM8RLTz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731142, "uuid": "dfbc4446-f94d-4d2e-8b0a-a5602758b25e", "value": 20317814, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731142, "uuid": "f6c65cae-10d5-4425-bbc1-0d858380eab4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731142, "uuid": "a149d674-f31f-4ae6-b154-cd1b22daef1f", "value": "dd12c86f9ba2023ce5f1325c2fe9ed5f01fc0930a539a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e8bb159-ef2b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (StormKitty)", "timestamp": 1683720453, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720453, "uuid": "fb649989-42b3-4c02-929b-6423f5ff25c9", "comment": "Malware payload (StormKitty)", "value": "f2881ed757ae5cadc95c24e27e62b1b4", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720453, "uuid": "858bce20-b6cb-408e-a8d6-7fa38b79a448", "comment": "Malware payload (StormKitty)", "value": "dd362a4a2078d3c41afbcaee201141dc98a5ce2f2af35968fdbcb89704ace577", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720453, "uuid": "3b26c537-5cce-4bcb-89a4-8e53cdb20ac1", "comment": "Malware payload (StormKitty)", "value": "ff02ffee9ca4ca7040f891894172b8a27082642c", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720453, "uuid": "8bd119ce-57f7-4cd4-9c99-49a8acd5947f", "comment": "Malware payload (StormKitty)", "value": "24d6f7396857bad374df23d45644133d90df5e95667d1b9f17d8df806e358890d62bcabef86eb8b7c87f6a3dd63dd53b", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720453, "uuid": "68529d60-e205-49a1-8653-d13e08788120", "value": "T121F23A5AE79B02648F511373571B0E89AABDB63DF36055B138AC833433EDC3942666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720453, "uuid": "3c2152d4-8f74-4c1d-a1de-c9ed457dc2c4", "value": "768:iFx0XaIsnPRIa4fwJMqp5Uogaija/wi/X4NEqBlpx904:if0Xvx3EMS59ga1wi/IWqBlpL04", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683720453, "uuid": "55cad214-97e7-45d4-a233-5a28a03f9024", "value": 36326, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683720453, "uuid": "c0e23599-eb28-4223-a95a-9b3a986fea91", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720453, "uuid": "aa0a4310-5060-4d62-a9c0-8a67b5ba6c71", "value": "items selected.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ec23486-ef86-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683759591, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683759591, "uuid": "9b03c29e-819f-4c5a-8325-33fed4a66634", "comment": "Malware payload", "value": "c0578edb37d43cc63a01b287436f4e67", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683759591, "uuid": "be71333f-8725-44db-8f6c-450a657fc1b9", "comment": "Malware payload", "value": "ddd335b9a548f3c06b71c062e3ba5546db3f75a19a89419fa05f4d12099c277d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683759591, "uuid": "9b664021-6862-4480-970e-4fa634389f90", "comment": "Malware payload", "value": "045d05b38e1e428e44caee733092d0841dc88fb4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683759591, "uuid": "9c9432d2-2820-4baf-874e-1777d76f1587", "comment": "Malware payload", "value": "d6e9663c1fc4b377db3e8a89a3ceb7115bee59b891ef32395e9237f132b6c124346c7fa79d62b84975fc0adee9b13c10", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683759591, "uuid": "a27733a5-b9b8-46fb-b38b-c61200d4bbb2", "value": "T10C95223AB5C1C53BC1B115BC9DAA92C561ADBA342E3C501BB4E81F4D6E3B1D3426D2CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683759591, "uuid": "76feb94f-ed8d-4bae-9087-e29e3718c4b4", "value": "4afbc3ea79152c3f8469f1157ab7e53a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683759591, "uuid": "22f5525d-a5ee-4751-9e03-ac7614f3d745", "value": "49152:vsRFRccZCW+FX0aqmjKV/bbm/WHimyX4bSwDZHBInf:vsR7ccZl4/OYX4bSOhBIf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683759591, "uuid": "69f21670-3de8-4b04-94fa-558637baa47b", "value": 1879904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683759591, "uuid": "e8b6c275-fb52-45f6-a5a7-72234a794710", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683759591, "uuid": "f09328d6-551d-455d-9cec-a92cae85e697", "value": "c0578edb37d43cc63a01b287436f4e67", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d92bb9b4-ef07-11ed-b3cf-42010a9c0076", "comment": "Malware payload (ModiLoader)", "timestamp": 1683705250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705250, "uuid": "e7880793-0753-408b-82ed-7c663c4d4900", "comment": "Malware payload (ModiLoader)", "value": "376a711d57238ea421b0933e82174ff6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705250, "uuid": "3210a6f8-82b6-4a91-ab0d-67f3ac88cdb2", "comment": "Malware payload (ModiLoader)", "value": "deac6a9d624a09826ac4d090bc20ae437e90b78a8a7b51a6c2d83a939dc2fdb8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705250, "uuid": "55aa34c6-5cc6-4604-95f7-f69cf1167093", "comment": "Malware payload (ModiLoader)", "value": "7d5165786b2a719d9fe892bb57e2888d4c59d366", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705250, "uuid": "8209998a-7a31-4a34-a1c1-b18e0fafdcea", "comment": "Malware payload (ModiLoader)", "value": "59405503306f1a73059fc0a6d02ca49d8f287a72e43e755bb2435613469f8341c85be4ab12adb0ac1b621d3dbfd9b25d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705250, "uuid": "4c5a61ae-46a3-4f0f-acaf-4750f910e760", "value": "T18405BE35E2E19433D177257CAE8B9725E42D7ED0092C3789EFED7D0D1BB82A13828256", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705250, "uuid": "8af260d3-8489-4456-81b7-805c3915a52e", "value": "2eb49758b652eedff910503837727781", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705250, "uuid": "70b0b7ba-8cde-4bdf-88aa-0f2acf6e6166", "value": "12288:TNLhcjoS4FC7ITh3IBPmOt50Pbkttml53kbXJ2zl3j0:T9hcsFCMTaFCKIsbZ2h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705250, "uuid": "77a17686-edad-45c5-a79b-7f1149cb69df", "value": 817152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705250, "uuid": "e0855007-7835-4da7-ab23-a1136e8f5eff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705250, "uuid": "a45852a8-dfb1-410e-8bb2-00b63fbfd5b7", "value": "predracun #0324132452.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8562c63-ef34-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683724495, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724495, "uuid": "f3fa6a28-8cb1-494b-a5ef-bb0dfa4e9cd1", "comment": "Malware payload (Formbook)", "value": "12547fe8341cfcc0cc11d272336fc357", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724495, "uuid": "4f9a79bc-166b-4dc7-8cc6-ea8734e2d3f1", "comment": "Malware payload (Formbook)", "value": "dfd5aecc6088baf366549e3a7a163c0a7dec356ff6efaab012408cdb42eb2a94", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724495, "uuid": "ee35e2f8-d651-4e5a-bc2b-2f2f96d96357", "comment": "Malware payload (Formbook)", "value": "52547404004864cfa8f2b3be3584288b0e39c970", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724495, "uuid": "b5a723cc-b7ba-4af5-9837-dbf46dde5e2a", "comment": "Malware payload (Formbook)", "value": "eeb019ab7ab7adf16ae305c2051027a422cde5c9fe0a472455c3beb797a9aad3ffbe80459101eb57d3b023c8d325869c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724495, "uuid": "6ff9acd1-7ede-441c-9481-65b8753a8d72", "value": "T106B49DA239C965AFDC2F4678031FEAB21B795CE07395496D4F80360E4C3694A80EEDD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724495, "uuid": "7bf6bf12-6cad-4f05-a113-fc7f292b932d", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724495, "uuid": "a1f5fa0d-b04f-41df-bf31-6aad9f5b7371", "value": "12288:xnhe2eyCHVyQgD5yp/OzvwoUh2sX043/cZsw:BheYSwUmPo3EZsw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683724495, "uuid": "fc1fa4cd-f9ca-4125-adb8-d972ce18d010", "value": 510265, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683724495, "uuid": "84b8536c-b706-4ee7-9606-d19bad422a2e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724495, "uuid": "381279f6-8ae2-4fbb-99cf-8117dc279480", "value": "rJustificante_operacionpdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e1c351b-ef44-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683731323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731323, "uuid": "3d3c4939-db78-4205-a057-9d2ab02df40b", "comment": "Malware payload (Mirai)", "value": "00b53427b834741572b26e9c59830043", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731323, "uuid": "7f876f1a-893d-48c6-96f2-6c0fe18918eb", "comment": "Malware payload (Mirai)", "value": "e00b634ec3231993990ba8cafd0d27db8064fca7ad385eef4a8790c6b16c8ae9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731323, "uuid": "24a546b8-d058-43ac-8289-8a64e12964b9", "comment": "Malware payload (Mirai)", "value": "c5a9502f27041d93014722dfa6938c1714d4724f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683731323, "uuid": "da925867-9f2d-4e57-8165-a605c141fd8e", "comment": "Malware payload (Mirai)", "value": "c824cefe990b2177954bf9b74c06bd23e48241ffb47f664670467f9a5e754f727b7b56a18ed9cd6b8f5d500ef023cea4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731323, "uuid": "8b340c40-6b94-4b95-bc05-ca9e3a2fcbc7", "value": "T142A2D06079069F71E190683FFEBDCBC228FB0AA9F4F272B124424798B46D50D54F468E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731323, "uuid": "1c05fac5-73ae-4407-b251-b37c87ee6d50", "value": "384:0F/uxcqdFkTB08WMleXFMKb8/kEehSY9pbYlBCJg/0WHhymdGUop5hKH:sWxcGUB0HGMb8/kRZ7bYlAJg/1Hs3Uo4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683731323, "uuid": "e642f22c-ffde-438b-8266-5c6564ef41c3", "value": 22124, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683731323, "uuid": "0273e430-2323-408e-a063-690f4f687543", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683731323, "uuid": "e0354d58-5d1c-43d6-bd1f-f3938c405cf2", "value": "00b53427b834741572b26e9c59830043", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48e97122-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683729060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729060, "uuid": "45b2d0f7-e71c-4eb8-81f5-48b39aa477b4", "comment": "Malware payload (Mirai)", "value": "4b4d3f3f32620fc761f4901d2e630ef0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729060, "uuid": "0a1d4c1c-0741-4a91-ad27-76e36cb8b007", "comment": "Malware payload (Mirai)", "value": "e0b26a8e19d977e4712a90848d0da37284387ad8072e5bee673e14036a0096df", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729060, "uuid": "acca47da-e83a-406a-99d1-366017e6a735", "comment": "Malware payload (Mirai)", "value": "101e875e42f55518c535dc56f4cf3e9115ccdabb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729060, "uuid": "fd017661-d3d7-4849-88a2-8b40072064d0", "comment": "Malware payload (Mirai)", "value": "3dc043d8a11078e4b4802013717e7656b605123ca27765fd00cc58dc2d1b8edc8722c5bea7f9532cba9bbddd03275159", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729060, "uuid": "33b376fb-6ec6-4112-bb05-a0681228df07", "value": "T14BE3A53E7A11AFBEE168827107F29F70CF9529D326A19381E26CF6185E7118D0C9EB54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729060, "uuid": "76cefee2-c3ba-48e3-bedf-254b32ac06ed", "value": "3072:JW6dm9tS1aRGQdK76t/zCSI5mrThPaLEnvPrNb:c6IG+LCzmrThPaLEnvPrNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729060, "uuid": "98401a54-7320-48d5-b817-c7ab7741ab45", "value": 155428, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729060, "uuid": "f88a11be-6efb-4739-b7da-37ddf47b9aa8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729060, "uuid": "ef7eac74-b993-4b54-8425-04c399055af5", "value": "4b4d3f3f32620fc761f4901d2e630ef0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cc3edf3-ef05-11ed-b3cf-42010a9c0076", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1683704075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704075, "uuid": "29536dc7-7459-4549-b390-efe8d8a899b6", "comment": "Malware payload (ArkeiStealer)", "value": "5602e1f1c8a4f96c62ebf4dd90d95fe4", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704075, "uuid": "6d653af5-5279-4602-b935-3a17c12f04b5", "comment": "Malware payload (ArkeiStealer)", "value": "e0c350a16bb3fec4d9306d413e93241c733412f14cbdc9a4e95e9f973aa1bcff", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704075, "uuid": "8f78dd77-88c5-48cb-89a6-0bbbb34dcc88", "comment": "Malware payload (ArkeiStealer)", "value": "56edd59e9e90c8ce085739c21fbab83122a93ce0", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704075, "uuid": "38885d18-1521-438c-9ab2-5e4e372fbadf", "comment": "Malware payload (ArkeiStealer)", "value": "a514ae6a0f1d92a2282c3d5b0c52520bca0ff52ccfba9ad0ac2e230213d26864fe6f3fc59e13cb33294b93c451e9daaf", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704075, "uuid": "0d2f2377-a736-494a-a22c-513df58d4992", "value": "T1B9945C9386E13D44E6264B728F2FE6EC7A1EF2618F493B692618DE1F04B01B2D173715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704075, "uuid": "5f27939e-0e66-45dc-a01a-18f202db92cf", "value": "f638bba0028bbeebea7ddd6400ec7cc1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704075, "uuid": "2464c60a-37eb-4795-89e6-17f7384d7251", "value": "6144:I0piwLZuWym3TNRkr7iEZF4FlUpYtgECuNx6DJr3ISj7zBvGG4:ITw1uWyk0r77TrpY9ytDIqhvG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704075, "uuid": "fe56c0e9-64ca-4329-8299-b4737dc8b9e6", "value": 440320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704075, "uuid": "68708042-485f-48b3-a5fa-b8fa3788ae52", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704075, "uuid": "a9871202-e9f6-45ae-8518-08fc3c20aa65", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e224d722-ef33-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1683724163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724163, "uuid": "615c7796-f778-4c2a-b642-06389e0b470c", "comment": "Malware payload (RemcosRAT)", "value": "dd0a225d7c44e2c92addad307109be4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724163, "uuid": "131869f7-f7d9-48d8-9fa2-33f80b382f75", "comment": "Malware payload (RemcosRAT)", "value": "e0d79aa3f0a1536ba7726975ff0b841366ed5403bf6c8c1b6ce6fdaad1ac951e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724163, "uuid": "db3f13c1-999e-4576-abb7-4d8e6b0512f9", "comment": "Malware payload (RemcosRAT)", "value": "329729bff88f3e583c121d82fae6226d483c1098", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683724163, "uuid": "6010b709-a273-4ec4-97cf-9fa957d3c99e", "comment": "Malware payload (RemcosRAT)", "value": "2b47a94210147652f9a8dbeb11d7579655f401703e512302f912d006e420346de710f2d7ebc6692119e35940e8d07fc8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724163, "uuid": "03cbf888-1af9-430e-a5fc-720d4166042d", "value": "T19C75F113A5728437D0E20AB8DD4B97AC5C677F101E2A6846ABE57F8D3E392D0381F167", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724163, "uuid": "4ea76a97-2708-4bef-816a-984e4c830493", "value": "31d4553d67df1c75124a9f0718206f20", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724163, "uuid": "0ca46d82-d561-47d8-9c2a-236537019d09", "value": "49152:kMKWkvk9KKxeS3FitThwMImMOCT7D1uUx9iMNFo:k3DEKKxeSVitThwMImMOCT0qiMNFo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683724163, "uuid": "11ce0967-2211-4908-945c-c7e25d695141", "value": 1622528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683724163, "uuid": "5b64b0e8-2f6e-4e86-b87b-6e280dc783a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683724163, "uuid": "cb2520e4-7274-4a70-96fb-73f964930a46", "value": "e0d79aa3f0a1536ba7726975ff0b841366ed5403bf6c8c1b6ce6fdaad1ac951e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76d8b81c-ef2f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1683722265, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722265, "uuid": "a9192848-122b-47ed-ae9d-7a93b16fa222", "comment": "Malware payload (AveMariaRAT)", "value": "e45a799f4738485894ab82fbe5e8deb0", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722265, "uuid": "f13fa24e-e373-4d98-aed0-160f2e0908cb", "comment": "Malware payload (AveMariaRAT)", "value": "e0e2fc6d1c9382c2ec637bd8eb4e3e808eea70b8c4a08b6b038608f8c2dbdf90", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722265, "uuid": "0a39c2a6-dc2f-4a7e-8fa7-640bf87d1d28", "comment": "Malware payload (AveMariaRAT)", "value": "dc790658f619437910c2164d7bf1683a830b13cb", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722265, "uuid": "746ad0b6-2c54-4b66-aaac-4ba5d1cae08e", "comment": "Malware payload (AveMariaRAT)", "value": "f06fba74d2d79f94680bac0a1e0fb149f40ef2e2002bf230c51942d97028fc4ed795aa8d048e9bf61578a6c37a85d395", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722265, "uuid": "cd8fd2a5-22bc-4590-9caa-fb4d2b0ae6a0", "value": "T16094C0482B9569AECD9E82B8CCB11D659B74D00F1B07E36B4A8F10F52D7F6C5CE82097", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722265, "uuid": "0a68b852-9ffe-412d-957d-a23e672945ca", "value": "6144:M7EZ8Xu76l01aU2YEtNroK3aoPoZ8ACAi+drfDU9wE4Z4uxsg8jvb:MD+76l016rV3Bg8ACv+1ASrZ42sp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683722265, "uuid": "e5924701-563a-4cfb-8649-218fd2e6cb2f", "value": 413184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683722265, "uuid": "e3052c8e-b0e8-4320-b3b8-a820acc1d8fe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722265, "uuid": "3eb638fd-c1cf-427c-845c-2b9b2af89eeb", "value": "e0e2fc6d1c9382c2ec637bd8eb4e3e808eea70b8c4a08b6b038608f8c2dbdf90", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c237fb0-ef75-11ed-b3cf-42010a9c0076", "comment": "Malware payload (NanoCore)", "timestamp": 1683752151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752151, "uuid": "7f95823c-d35d-4336-9695-1ea2c64b072a", "comment": "Malware payload (NanoCore)", "value": "8751872e360ede31933508ce60221f01", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752151, "uuid": "1c0e7fc5-946c-43d7-92a6-3e94a8197804", "comment": "Malware payload (NanoCore)", "value": "e16ceeac2ceac9ac8f837dcc8f0800a553d48232d28dba5e0019c50a4402e069", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752151, "uuid": "a2b97ff9-c87d-4353-a660-36a1d3a88b60", "comment": "Malware payload (NanoCore)", "value": "47b1d80326822df6e6a2f6c06a9948201f184511", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683752151, "uuid": "1ee7c7f7-b8d8-48ea-9ca7-0e420618b5d0", "comment": "Malware payload (NanoCore)", "value": "cbb1c914b7dce971de63e135801b98bd2468724c2bcd2b0d1f2321c9b3ab246674c8c296cc880c90d49e86189102186f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752151, "uuid": "c168b5e6-7ae2-42db-8296-8985357a3204", "value": "T165F4E085133BADD1D6981BB1321435538E6DA10679F8F0FCBD0BB888C9EB9115FE8762", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752151, "uuid": "a48506c4-c524-4260-bdd5-d7469ec19c17", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752151, "uuid": "d8767a9f-e460-4b6c-b593-6a28b320b031", "value": "12288:pOmYbAD0DFXPf0Ckas7pyjqVyPggDljZZ0SiRJMfulMrz2PTPueKojSK5QK:ImYbS0DNPcj7pymV2nd08fulMrmTPuLu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683752151, "uuid": "7738881e-9d1f-4dd3-bfc1-08c88eb1c543", "value": 759296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683752151, "uuid": "f0104b04-a67c-48b1-b411-273bfa129764", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683752151, "uuid": "696b7f28-6597-40cb-aa4e-bc12e7965fdb", "value": "8751872e360ede31933508ce60221f01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d64319e-ef25-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683717793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717793, "uuid": "d2051c4a-f248-4f35-ac77-c6afc1dbabd2", "comment": "Malware payload", "value": "1e2a99ae43d6365148d412b5dfee0e1c", "object_relation": "md5", "Tag": [ { "name": "downloader.msil/pdfpower", "colour": "#D59ADE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717793, "uuid": "0b4dc367-ec32-4e8a-9697-854f5be96665", "comment": "Malware payload", "value": "e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6", "object_relation": "sha256", "Tag": [ { "name": "downloader.msil/pdfpower", "colour": "#D59ADE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717793, "uuid": "331ccc59-e123-4d54-bd7b-583d3d2f3416", "comment": "Malware payload", "value": "33c02d70abb2f1f12a79cfd780d875a94e7fe877", "object_relation": "sha1", "Tag": [ { "name": "downloader.msil/pdfpower", "colour": "#D59ADE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717793, "uuid": "2ba09447-fbee-421b-b45b-600997c8d111", "comment": "Malware payload", "value": "ab51076ccf0eb900b1e69b133b85882e1009ba1adda89fba2777ea133df2e36854361b4ab535e92122f64c317edc01f0", "object_relation": "sha3-384", "Tag": [ { "name": "downloader.msil/pdfpower", "colour": "#D59ADE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717793, "uuid": "696c580a-fdb3-4d05-bd54-0427099b9c46", "value": "T19C355A0E2FEB4AD6D1AE1735A830DA3756F1BC076D6ED78E9444B0A81C737608E90367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717793, "uuid": "e31171cd-98ac-47ec-97f7-8a11bd2620f7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717793, "uuid": "4a2920d1-710e-42b3-85f4-6fef2dbf6abd", "value": "24576:sWjYtbXSRxqO8m657w6ZBLmkitKqBCjC0PDgM5A6:sW8tbiJVV1BCjB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683717793, "uuid": "94dfd735-9038-488e-83ca-bb6ec1d0d65e", "value": 1086184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683717793, "uuid": "6b983bf0-6c44-4354-b0f0-2bb0a19713a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717793, "uuid": "c75af2b2-9ff3-4937-8f3f-4016431adda5", "value": "PDFpower.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4707861-ef12-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683709967, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709967, "uuid": "8d1b9706-484a-43a7-ac24-f7dee411c10e", "comment": "Malware payload (Formbook)", "value": "731012fae10a41a0acd1224e033bbd51", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709967, "uuid": "ff6587b7-ac20-48ce-a056-4980eaca62c9", "comment": "Malware payload (Formbook)", "value": "e2cb7e9ed9489691d9a00c2de546524c0fcfe05954534fc54ea4fd232ae3805a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709967, "uuid": "ba438de5-5c2d-476c-8ddd-183463c71c23", "comment": "Malware payload (Formbook)", "value": "9b23eeb8444c34b76e625c046028a33a4cdaeb91", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683709967, "uuid": "34dce3dc-bb91-4734-8b58-2b815a543cd2", "comment": "Malware payload (Formbook)", "value": "07fdb7f4613b1d0164d62770dd6abba2af6517ec8aabf89e2d7789a61a9573f33a711e037f2f6347541d4acb6725b66b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709967, "uuid": "1eb3a6ef-6259-4f33-a83d-9912c88913ac", "value": "T14E6412E2BF078C25D50A5B31924121595736F3C36623D76B704E531E8F82BCF4BBA6A8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709967, "uuid": "8d17a91b-3683-43b2-805b-4ae08bde525a", "value": "6144:VZn6eM71zFnV+3Fkf67UCyGzNKLwb1HqGh+oZfaBtXlsMOR2bC6Cn4:zn6e+BgKfo5N5q+HfalHORYC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683709967, "uuid": "169ebab9-f250-4ee9-b4b1-1a228379baee", "value": 326728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683709967, "uuid": "d02e6e6e-dd6a-48b5-ba61-ce34165cec64", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683709967, "uuid": "2a46b572-f7b1-4221-a350-0fd18b55ebca", "value": "KDF20230510-88 - Flooring Project.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "188bc926-ef13-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683710081, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710081, "uuid": "1a659c92-0a38-48ec-915e-ca6714691799", "comment": "Malware payload (AgentTesla)", "value": "8b2c69c6d0e5ce4bf53c25b25c9714dd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710081, "uuid": "ff38cf76-8a04-41f0-a7ca-9bfa3dc56b9a", "comment": "Malware payload (AgentTesla)", "value": "e2e44650ba8303af8f989baa14c50855cd25249e664d3ef5039edbbd6f3ca32e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710081, "uuid": "cd941ebe-d8fe-4e98-b6b8-1dbd778a5cd1", "comment": "Malware payload (AgentTesla)", "value": "3c5a2cb0f4e4423219e281927a2506c9c75cdbc3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710081, "uuid": "1437263e-8a98-4126-b587-9dc390b0e335", "comment": "Malware payload (AgentTesla)", "value": "9d74b77ead9d13ccbc642c7b4091965de7fc7d695c01bec193e26bd5760c3c3510ddb6a76f1b2e1283e442bd751e666f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710081, "uuid": "ab3f562a-30f1-4ccb-a075-74d51650eec2", "value": "T11E058C3C61DA6C22C71673FA8959C5E103356F006FABD26A26BE30CC8970BA3ED5554F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710081, "uuid": "7b69366e-e24b-4768-9745-64db8e54c858", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710081, "uuid": "692a8288-599a-43ff-9ae9-d7cf59c6dfd0", "value": "12288:abitdqZfOt1yUXJtD62a5/2FJFQhVU6fy5t14u15VFnb:a2tdIq1JX/D5a5/4JAVUcYt140D5b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683710081, "uuid": "0565cbe3-4678-44d8-97a9-66ee6c7fb162", "value": 872960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683710081, "uuid": "9dae236b-7a0c-4a52-b236-a745606e32ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710081, "uuid": "89e7ca4d-76ef-4374-ad6e-53cb573ebf33", "value": "zam\u00f3wienie 0401312023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ce05d23-ef31-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683723027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723027, "uuid": "7327223b-c8c2-4cb2-a1fc-9c8b7b67f8e7", "comment": "Malware payload (Amadey)", "value": "ee4278e71ee0a0d4efcb35defb01a8d6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723027, "uuid": "9cae7625-d767-4b5f-8ab6-132211f51b21", "comment": "Malware payload (Amadey)", "value": "e34cad99c2ebf1570bd8465bb4d137ef93f8c83befa03413bfa0168a2d7cfc3f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723027, "uuid": "c3234e8b-dad2-4a40-8b06-a63599af82db", "comment": "Malware payload (Amadey)", "value": "99079d2ca28355b3767e6616f5629ed31458c4ff", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723027, "uuid": "d7b0fd8e-c16c-412e-9175-1a7928105b3c", "comment": "Malware payload (Amadey)", "value": "1c5f5f98cbd8479598087e2c87654cb6b9c17d5cba5e4e3b7b3cc2cbd3c15a4d5dc5c92a7762bb67b7d154c361edf70c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723027, "uuid": "6e1d121c-af6e-4e4f-8f00-585e66a40a00", "value": "T1B7A40243ABE85137D8F61BB058FA07830B367CD1593593AB27999A1E0DB3BD0A071736", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723027, "uuid": "eba463f5-65b3-40ce-9696-c9ae47fe8dcb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723027, "uuid": "c2ea990b-7986-4551-b005-49b2458a3b2d", "value": "12288:YMrUy90N+jCFyozTIItoEmIVyiSwCg2j:cyhyT/toEm+NB2j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683723027, "uuid": "ffbacdac-dcfe-4d86-ae43-9bb057611360", "value": 491008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683723027, "uuid": "6e1450cc-d8fd-4f60-b1a2-cc12098d200a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723027, "uuid": "55b8aa04-0305-4801-b1f1-44d8ab626566", "value": "ee4278e71ee0a0d4efcb35defb01a8d6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cd351f3-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (WSHRAT)", "timestamp": 1683704639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704639, "uuid": "c403e93e-a9cb-428f-b6e1-df2320aad849", "comment": "Malware payload (WSHRAT)", "value": "bba07c7c35aa193fc88ada6ed9956b4a", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704639, "uuid": "c2a62481-7be8-46cb-ae45-fc55a9c9a182", "comment": "Malware payload (WSHRAT)", "value": "e35016186e8dff3f9ee75a334d35070c5158b0c0decd15dd93422370bf606240", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704639, "uuid": "14ed40ae-1216-408b-87f8-3cd9e2c17ef1", "comment": "Malware payload (WSHRAT)", "value": "34313cdbe727f52267cdb48b9ef4acea839f4821", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704639, "uuid": "8eadf191-f8fc-4e86-9f49-5e03185d92b3", "comment": "Malware payload (WSHRAT)", "value": "779f2a6c33addac3d54a891e581f92a2bf9325d4f849e422a712a07708fbd6b6e070c5e857b8425e26c8de2551fc0362", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704639, "uuid": "2f150ce4-b9f3-4bbf-b5aa-bbbad50bb5c8", "value": "T117C5CF861E7C3A254633F0ED4B1DA39258F4E50B3DB718D260AD3F4EA538CA45A6DF90", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704639, "uuid": "ea59f20e-4296-46ef-a592-4c977c50f23b", "value": "6144:8zqVR8dQUuv5EXuI4bgVFLKEOyH7ahd8V8qjxhL8sIJ8mu2oOs4wnabH/rwGgArJ:Z9kCT1b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704639, "uuid": "6aa939f8-a344-48d3-8d3d-806c3d799abf", "value": 2619489, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704639, "uuid": "d27d6c74-e516-4fd2-8dfb-b2b121576a3e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704639, "uuid": "5ab970fb-fd0e-46f3-b929-4bb728309aba", "value": "008460102.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03e83612-ef2b-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BluStealer)", "timestamp": 1683720354, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720354, "uuid": "2eb69dbd-03e5-4510-ab50-35414c460be5", "comment": "Malware payload (BluStealer)", "value": "c7c88b125e27183372fb3d59c959f637", "object_relation": "md5", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720354, "uuid": "6d227f83-7f11-4179-a3e3-4740cc0dd129", "comment": "Malware payload (BluStealer)", "value": "e44e1135888701ba8cbf462efa9d992a2fa1f83e52c471f65c62c16fdecade26", "object_relation": "sha256", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720354, "uuid": "3b63a8a5-e3c0-4400-9f7b-55b978166bca", "comment": "Malware payload (BluStealer)", "value": "47da39de6edee6bbe9680d830e8f64b7f3fccf3a", "object_relation": "sha1", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720354, "uuid": "70b37872-622d-424e-b69f-ac6569aacd83", "comment": "Malware payload (BluStealer)", "value": "84ba4e51be8f43b471ec6ac132ab00b06cf348896c296d2617ca54905bcfb0e1b21d90cf92734744a163b5190a0cc46d", "object_relation": "sha3-384", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720354, "uuid": "76af93a8-96ac-4d0b-889c-5a0bf0f81a72", "value": "T144751211621A9F2BDBA883FF0614494913B47B15BD5BE22D7EDF20CDDD26F104A21EA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720354, "uuid": "23fe6067-33af-4538-9f31-2c7bc62775ca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720354, "uuid": "ee64cd56-a4b5-415b-bdf0-00d44640a29c", "value": "24576:04LpeAT/4TUmBmsV7ckan9wLb+mkA2NffoYF2zEg06nLnH8b/5cN:ptADBmsmkanaLb+XJwS2zECLH8bI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683720354, "uuid": "ee23e94b-3c98-4899-be8f-04b15657e481", "value": 1643520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683720354, "uuid": "ef9194a0-00aa-4edf-85cc-77b9af8cb67c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720354, "uuid": "f1e64f47-9e02-4ee5-816c-cd3c2dc9cd79", "value": "Purchase Order FP2305006.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5e73e5d-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688441, "uuid": "be6b1031-d6a6-45d4-813f-93fc8c1e5ecd", "comment": "Malware payload (Kovter)", "value": "453a0dc4df9c3b0acbdf47d80a7cb59e", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688441, "uuid": "9fc85c02-301e-4857-9d53-6f78251f839e", "comment": "Malware payload (Kovter)", "value": "e4d589c34fd5aa359701ea3b1e36c7de3327f2a8bcfba2708dff3b2ae7e33c85", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688441, "uuid": "d1b5c964-68aa-4d06-9c06-a97380403060", "comment": "Malware payload (Kovter)", "value": "fe260aad9e2d0f509c9e6886ab9f4f0e078353b5", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688441, "uuid": "95d81876-fb09-4c20-b781-0d94e409cf99", "comment": "Malware payload (Kovter)", "value": "cdc600964862707fe52ef27ceaa203f8487bd23d8659cd74e45570ee4640bfe9b182ed15bbe922e9e9642acfa995ed14", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688441, "uuid": "d515b136-2558-4032-9b0c-c24e9525f2cb", "value": "T1B6741935F280E537E4269CB8DD1FD2E4A57AB6302E381947B6E11F0C98F5193AA1B743", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688441, "uuid": "f25bbb59-850a-49c1-a050-5b6f17267763", "value": "6144:sbmiabKCSof1QEk+YGGq8ysIJVf++Zrx9/voNq/NbL/B44QFqCDF5:1iQdvBYG5VnZrrNbL/K4P2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688441, "uuid": "a2532ee8-54cc-4359-855d-66e394cf4c9a", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688441, "uuid": "3ec823e6-e8ad-4681-ab95-b44f5e6bba69", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688441, "uuid": "bd8f4239-9026-4e40-945d-75ef3418af17", "value": "2023-05-09_453a0dc4df9c3b0acbdf47d80a7cb59e_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "806497f3-eec8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683678043, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678043, "uuid": "d84193ec-d6d7-4755-8298-6c445234d1f0", "comment": "Malware payload (Amadey)", "value": "83d9b9a7c3f3364d72a409bf9ff56d07", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678043, "uuid": "adaf9668-08cc-4475-838a-dd2072bb4bfe", "comment": "Malware payload (Amadey)", "value": "e4f9bf323dcc06acac0174c164c36852a34a7d4c81f355297043d14c8ed77cee", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678043, "uuid": "967ed366-b20a-46df-ba2a-af32ced8a3f0", "comment": "Malware payload (Amadey)", "value": "19976523b9a7f3a744761d67cab6d0a75f0dc606", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678043, "uuid": "4abf1705-06ce-4671-9556-f303d8f0e0ce", "comment": "Malware payload (Amadey)", "value": "1bd68ccd8d2e6aac704d41fa7fc4ba68ac9b8b9ff82d0c6b87f5f2429c65dea92945d14c1834b2b42ac76b156ba22d79", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678043, "uuid": "96563fd8-b182-47f6-99f8-96149837737a", "value": "T167B4024AF7D55522EC752BB158F313D31F35BEA189B983671341698B4CB26C0A83237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678043, "uuid": "aae570b0-f980-4b50-88e1-fe49b5e15473", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678043, "uuid": "da1b2bd3-9396-4489-831b-c55f3d497bba", "value": "12288:vMray90ztdNYciptS9UPw2zhTEHtY6/nxTsTBUS:lyIyVHwIhTEaBUS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678043, "uuid": "b1ac19c9-0a57-4cf2-aad7-ec20e32f28b1", "value": 501760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678043, "uuid": "420194c6-dc08-4677-9c08-784d75c3e80c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678043, "uuid": "9885b09b-587b-4747-9079-541c623fa212", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5ecfae9-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (DarkCloud)", "timestamp": 1683700064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700064, "uuid": "f411e0c4-d0d5-4e25-968d-7a90aa5013cf", "comment": "Malware payload (DarkCloud)", "value": "0fd43f22fe533f0e4fe393d8355e2b2e", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700064, "uuid": "b6826aae-db2b-4c21-a8b7-fe464bdd6b4b", "comment": "Malware payload (DarkCloud)", "value": "e5106e6f71ece18c0546160026a566080c51f456f00e6e5e53756345eed48d99", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700064, "uuid": "f80f572d-3526-4e28-93c2-cc43502f3872", "comment": "Malware payload (DarkCloud)", "value": "cdd16111c37577ba705e9318570299eddffea0ac", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700064, "uuid": "4299025b-1aa6-4c62-a324-61f75a1085f8", "comment": "Malware payload (DarkCloud)", "value": "c97f5eab35dad697ebc6b5cc2810132ce816d60fc313310677bb04133cac9402a9c2d575dafe44036994286a7e338443", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700064, "uuid": "c3707947-7825-4201-8de7-5b5428f7cd05", "value": "T1D4B423D382DD2905F2F0F48B9B932628A1EDB59B933704335CA21E476BC21EA4C6B45D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700064, "uuid": "7970ffea-e636-4c32-9113-45ee40ef293b", "value": "12288:ophj36f8PIekUbooPqgTOBknM7dOkKenJll0YEQa4QEWlW:gtqf8PI8P6BCeOcJll0Y+tI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700064, "uuid": "953b0904-ccc5-4db3-b757-497c92f89e79", "value": 498705, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700064, "uuid": "1f8a583a-b06d-4174-ba30-e29ce74dd51a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700064, "uuid": "a0e04db5-5767-4a6e-ab1d-2cf6b80af2c8", "value": "INVOICE098765678DCOP.PDF.Z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ddebbc3-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683704533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704533, "uuid": "2b8125d0-6952-434d-b8f7-ad8d7c722b20", "comment": "Malware payload (SnakeKeylogger)", "value": "cc5c14558ff9d8483a19da5e06ac10f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704533, "uuid": "ba0d5113-fb3e-42f7-b878-fb2fa6e252e3", "comment": "Malware payload (SnakeKeylogger)", "value": "e51a6391514210d971a76cec2a5b8773344c36a57a2a850a678f3974abd5dc81", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704533, "uuid": "acebf1a7-a350-40fa-996b-d9c558786ebf", "comment": "Malware payload (SnakeKeylogger)", "value": "31e32e48c93fccb29a8cfb178b6635ee860393b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704533, "uuid": "0f92e22b-8e69-427a-b728-ee1fe7838c87", "comment": "Malware payload (SnakeKeylogger)", "value": "5358e6696aa788e0b4fc53bb0b43c1114084176a4013ebfd554211b2c01948f56d2ec7c688187157c622a2c866e2e78b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704533, "uuid": "9598be20-1245-4d86-bdc4-d4d6ab943602", "value": "T122058C3C22DA5D22C71573FA8955C6E103396F106FABD22A22BE30CC8971BA3ED5554F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704533, "uuid": "fec2788a-58b8-4134-be6f-cc7cb640018d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704533, "uuid": "bc7ffb39-21c0-43b2-b113-f53ab6f6d5cb", "value": "12288:w3lqK5MSTLxzKRHoqZfOtIyyjGUwJ8qOsGPojIDPrIklVThZuRI+U2+Abg2:w3IK5MSTLxhIqIXjIluVTx+U2L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704533, "uuid": "65c92884-8b3b-4542-8adc-0e8f5fe7359e", "value": 832512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704533, "uuid": "d0b9e33e-60b6-482c-8c0d-78b5590c5bd0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704533, "uuid": "69fe6ebe-fcf0-488c-8c85-7063ca806dd7", "value": "Vessel Details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35b1b48c-ef5c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Tofsee)", "timestamp": 1683741483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683741483, "uuid": "31b6ae0a-1870-492b-8ca6-bac9086a7a8f", "comment": "Malware payload (Tofsee)", "value": "1e93be0d225ce928393039c9771321fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683741483, "uuid": "b6582934-ae9d-4285-b091-aad234780a97", "comment": "Malware payload (Tofsee)", "value": "e54e9f7fe7725afa85dfe0d0e04cf873d01084989205d93b4b4e1e1de7d935f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683741483, "uuid": "fb4c30fc-0398-4efc-b387-dd6a507a82e3", "comment": "Malware payload (Tofsee)", "value": "27ffe470bee42d5ce14f3914bc710f68fbd74247", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683741483, "uuid": "1f70f077-ace8-446c-8144-45cf3e60c872", "comment": "Malware payload (Tofsee)", "value": "1046597ec68bf2fd3517be315e6b41e2f75df916f8cc6c5593026570c3a82a3448da41c95f4470a0cea345b8de5d0d7d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683741483, "uuid": "bece1650-189f-4036-9a01-52640c2edb02", "value": "T143648D02B2E06C61E5264BB28E5AC6F46B1EFC51DF1567DB330C7A2F2A7D1A1D132706", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683741483, "uuid": "47a371a5-2575-4fab-bf86-9ee3b37570f2", "value": "51ff29d4db4362644e59273b02a12d87", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683741483, "uuid": "15977f36-4229-4596-b32c-123e93294be2", "value": "3072:TNXD1CpI7TkxlIlY0I0n+sDiV6YtnEduisT58ThH8x/06j0eO/OfgaH9xWm+d/HO:hEpjXQYhIs6YtnEduisN8F81069lH9A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683741483, "uuid": "67f1b193-db7e-4269-b7d7-8c6cb59a72ca", "value": 322560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683741483, "uuid": "96651e8d-940c-4d45-a403-e17cd33ffe0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683741483, "uuid": "c35ee219-a594-4ea4-8825-5afc2c60e27c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "379d1783-eefc-11ed-b3cf-42010a9c0076", "comment": "Malware payload (a310Logger)", "timestamp": 1683700255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700255, "uuid": "7b9c1aba-d038-49f7-9f61-240050157447", "comment": "Malware payload (a310Logger)", "value": "f769df90bf6724acb38372442936f56f", "object_relation": "md5", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700255, "uuid": "1afcd6ca-7764-431a-be84-c8b137211e7a", "comment": "Malware payload (a310Logger)", "value": "e5615a6c90478a371040d8f7d4721e183b5efcc0b0e6ce64b7ab4ee1d04bf0be", "object_relation": "sha256", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700255, "uuid": "6f22f619-9b31-4690-b74e-913489cf1065", "comment": "Malware payload (a310Logger)", "value": "0b659a980a0328a5d3ac0ff2aa77708d5b305b2c", "object_relation": "sha1", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700255, "uuid": "1437d267-e92c-4ef8-b6ed-35c07eea487a", "comment": "Malware payload (a310Logger)", "value": "5def718473c4f621c21f48cca78ab22311c5ad508049c7e937adae2982acce79d680fd0adaa0fe94d50d5afe3e2425a5", "object_relation": "sha3-384", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700255, "uuid": "7aeb9172-7ea8-404b-97f2-db9e900676e6", "value": "T13135BE3C22DA5D22C75577FA8894C9E10335AF00AFABD22A26BD30CC9971B93ED5154F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700255, "uuid": "8751b911-33b7-4206-a5f1-29011f813c45", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700255, "uuid": "42ec76d3-96b4-470e-8bb3-3da8ab03420f", "value": "24576:TWDEINXcWNr+Kr1dA35TmmUS2FB8r90rm4zKrPsb4GzkjGlWOfJe0Vk:LwXcWdg3dmmps8r90rfzXb4GzkjGlWOi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700255, "uuid": "7e0b06e2-1af3-4a4a-bc88-9c2a0c5e1fdb", "value": 1162752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700255, "uuid": "228b5c06-dee1-4f4b-86a0-623622ca8c20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700255, "uuid": "849e50dd-ff38-4eaa-bb71-2e89fe6ab599", "value": "Invoice payment-102023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d366580c-ef3d-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683728433, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728433, "uuid": "ff17feec-2ea8-4028-8ecb-a6429f98b71e", "comment": "Malware payload (RedLineStealer)", "value": "84238bc383b82aef7cc67f29d1ed0714", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728433, "uuid": "102efaa9-8f6d-448c-a6fd-1b9e8a0877fe", "comment": "Malware payload (RedLineStealer)", "value": "e5c269f8a0e03548ba2167cebcc18dae97387b0ef9e181d11f1d6608709d6753", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728433, "uuid": "a1b5db8c-b52d-41b6-b953-82e205c8ad68", "comment": "Malware payload (RedLineStealer)", "value": "89f2b3087e9de5e16da74eb9852e01997fd56df6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728433, "uuid": "5cb9539d-e4dd-40c7-a24c-13f4c2d61c50", "comment": "Malware payload (RedLineStealer)", "value": "7a246b4bb54b1c9b399db33d6ef63b5d558e2db98eac8ad24ad56b310880ff5b4aeeb91bd493cba99299093dba16ac1f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728433, "uuid": "cd318759-ae49-4170-9326-b76d1d0e35e7", "value": "T16FB41202E7D88033DC75277458FB07D71A39FD625E74926F2B85AC4A0DB3A94A832772", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728433, "uuid": "713b3447-da4d-438f-8ec6-1dd9aaa891a2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728433, "uuid": "09edd6b1-c0dc-423d-819b-de1e5012209e", "value": "12288:FMrVy90mDtqu7Iu6HeRjBVPLZCkBld3SF6+S5b:gyxDUxPQxfDcF6+Ib", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683728433, "uuid": "c2f3be55-6d14-4fb9-92d2-d58e8f7e2269", "value": 499712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683728433, "uuid": "7a37edb4-13ca-4848-aafa-68b77104a6a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728433, "uuid": "0abae731-0a29-439b-b5a7-7bafdbbcc51c", "value": "84238bc383b82aef7cc67f29d1ed0714.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d92b2f4-eefe-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683701124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701124, "uuid": "df7f1ea4-6c07-4af8-ba72-5ec48b51e06c", "comment": "Malware payload (Amadey)", "value": "bf7b803b961c2d48655210a5dd198d39", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701124, "uuid": "8e3eb135-f071-4ab8-8ab2-9b689ccaa75d", "comment": "Malware payload (Amadey)", "value": "e6270068394194d400ccb6422ccaa72da89179294525d6aa0c615bd1519d685d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701124, "uuid": "41f63325-e6b7-4ce0-a09e-f0e597d5290d", "comment": "Malware payload (Amadey)", "value": "3b5aec597eec554e3dea3b20263d1059a450bfb3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701124, "uuid": "30136014-00d7-42aa-b38e-f92b490a1351", "comment": "Malware payload (Amadey)", "value": "bf39db80cc6f761ec5914001c3058051cd2ea899c8b0db870ef86c13b4b8ce3ba76173b26108d37fa9c2540fb069b653", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701124, "uuid": "57318fa2-4b12-48fd-baed-0c4fa83d7563", "value": "T1B4A40252A7D45072E8B517B018F343931F36BC71A834936B2791AD4E2C73AE06939B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701124, "uuid": "3d0b9538-15a5-4be9-bc2d-e8ba7d5a294d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701124, "uuid": "b4233c9e-93b5-44cd-9692-5724e9923e62", "value": "12288:hMr6y90x7OoC/pqTXWuI1KsJUdP6UnNYJ/q:vyAOoCsXWu27JYFs/q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683701124, "uuid": "bca6a713-ff74-4d02-be20-d4013ad4a50e", "value": 491008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683701124, "uuid": "23fe57f4-6d21-4945-b8c9-a4e3863cdfef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701124, "uuid": "9bf36812-0155-4828-bdcf-f0f8f342ee22", "value": "bf7b803b961c2d48655210a5dd198d39.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c631e57-ef31-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683723080, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723080, "uuid": "3f0874a0-9a87-4e1e-b7fb-69070677e610", "comment": "Malware payload (AgentTesla)", "value": "1f527b6ee13b61c7f651ba949fae47af", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723080, "uuid": "e65b93bd-36ab-49b7-a6b3-e9b6cf7b5586", "comment": "Malware payload (AgentTesla)", "value": "e68825ff41da2e93c1b62fc36588398b45bf901449a867066ec4b8ab67babfa1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723080, "uuid": "fe7d9934-d24c-4fe6-8cff-85dbaa874a12", "comment": "Malware payload (AgentTesla)", "value": "d6cdd503fa6050f281b3e0f8da85da72978728c6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723080, "uuid": "71cc265f-f013-40a9-9867-4d9a12b6f920", "comment": "Malware payload (AgentTesla)", "value": "65f8631409fe455de827cb5831bdf3625960b1de2ee8c9d9bc7dfcb3110bbe0413bc82703d2ad016535432078568a849", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723080, "uuid": "58890732-6890-483b-ac9c-dc67f4e14c39", "value": "T1CDF4E121322A9B2BC7A853FE0A28454513B47716FC1BD23C2EDF21CDDD62F114A65EA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723080, "uuid": "74052f10-a1d2-4674-9f1c-8c9ad860c7cb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723080, "uuid": "e08560ed-6470-47d7-adb7-38788dbcdfc7", "value": "12288:rNZfTnkmnq0TllyRO7ct9ALCt2qk81EHinaa8QVv5pDrb4GblgJKC4evA98iH:rPLnDqWlJcs2tot7a8AJAmCE8i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683723080, "uuid": "ae4e7ac0-7091-4954-9d1f-baaf65a09106", "value": 791040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683723080, "uuid": "e4572803-dd6e-4c7d-ae69-484071fa6d24", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723080, "uuid": "db6ab19d-aa2d-4814-8626-fa9bf541d583", "value": "transfer slip.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40ea2ad2-ef38-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683726040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726040, "uuid": "cebda495-19d5-49b5-be49-0750a48f3a91", "comment": "Malware payload (RedLineStealer)", "value": "23ae96501f126d3b38b1bedf18bfbea3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726040, "uuid": "a9afb557-0119-4aa6-9acb-fe161e4d6f80", "comment": "Malware payload (RedLineStealer)", "value": "e6df2c624182ed1a042693570094f4b73962b0d43ecaffaf5eb045948f3c8f58", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726040, "uuid": "f70da189-85c2-4451-8aa3-cfe26142d3de", "comment": "Malware payload (RedLineStealer)", "value": "759035391e08aafe8f4f7a4b0005388137b34edc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726040, "uuid": "bf56816d-083c-4d1d-b7ec-da056907b399", "comment": "Malware payload (RedLineStealer)", "value": "4b11c104339c79b26bac683caabce7d64c992295737a564ad63fa8261155d34502f9fd6a31e04ac95d7460052e97ffe9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726040, "uuid": "94667dd3-7559-4a9d-9a51-2cc12a25b203", "value": "T1F2C1C60AB7D49636D4BE4B3404B3831062BDF6429E279F0E1CE402DEBF2A774C556AD1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726040, "uuid": "927e0c8f-3645-4a29-b575-1df03efe3f57", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726040, "uuid": "3fe7f8ad-f352-4faa-9ed3-a2db84acfff2", "value": "48:67lzmldOWI5yAHN39fK0FplFcXJhyPFlL/J3th+kYvd4Yg63gp6cOulavTqXSfbi:YEOIQNVjrXcWD7RtwkYv1Yp7svNzNt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726040, "uuid": "b4890a0f-76d2-42fb-a1df-74c59f647af2", "value": 6144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726040, "uuid": "46b229ab-ac12-49c9-8722-2c867529735e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726040, "uuid": "6c6fd854-9c8e-4e7d-9a77-7a50392af685", "value": "23ae96501f126d3b38b1bedf18bfbea3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf0e807b-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683705663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705663, "uuid": "fe50dc5f-39a0-4a61-bd01-51f455f2dac6", "comment": "Malware payload", "value": "bf0422cf4356a756cd2ac1084eee9281", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705663, "uuid": "f90f2ac9-ee14-4c0d-b2e3-69ff3cc28bbc", "comment": "Malware payload", "value": "e76168fd1bc089ab3adefa66f9a7410ecf47cbc2fe1e259bf49609dbcc0a1d6e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705663, "uuid": "5f74de6b-46b3-4d79-820b-49d78010306a", "comment": "Malware payload", "value": "0b96dcff68f832c42221114b49667469e926fe99", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705663, "uuid": "db3f1f38-da8f-4f06-9189-0d14b880c694", "comment": "Malware payload", "value": "71ed1bcc5989202910cdd17d6ba93f5aa94ded466e306a9c8aa56b684e0a662f77f21256d7a904c6de7203e4bb2e0761", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705663, "uuid": "837ee73a-79d9-4782-991f-a34819824b39", "value": "T17BE523EE3CD10577F9C604754237A53A777378B686218033BBC468DA98AC7BD20396A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705663, "uuid": "d0848fc7-67e9-4547-a356-494c24b7ec07", "value": "4ecfbe6e42943fae92c4582752c63b2b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705663, "uuid": "1e682d7d-c821-43da-89b3-9f2f37317565", "value": "98304:/lEdXO+nYiEI36OI0ptKOnyedvt5cK8g1GfD:b+YiHK10+YVC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705663, "uuid": "eee306f7-d3e5-47de-bb27-e325bf8fe4b5", "value": 3264512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705663, "uuid": "9448d81d-ea14-47d0-82bb-a8c14f769257", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705663, "uuid": "92cb6df0-4478-43f9-ac4c-ba326c917442", "value": "bf0422cf4356a756cd2ac1084eee9281.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc49bdbe-ef42-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683730542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730542, "uuid": "65525ba8-a648-41fd-95ad-9b74dc20ecbe", "comment": "Malware payload", "value": "f8fd615ca82f06cde4400ad8b68d2ac9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730542, "uuid": "b0701848-4eb6-4146-b9f8-ac4a727b6be3", "comment": "Malware payload", "value": "e76d3a4274e6a678ccd1c6a15ee77ba449c949d0283f3ea93a985a93c353b9c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730542, "uuid": "64ed452a-3cec-445c-b38c-c7d19890ca89", "comment": "Malware payload", "value": "1cd9cb0308a2202e36188c3d36504e601fd608fa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683730542, "uuid": "07298a4c-2749-4f41-8ae6-dfcbc404e2a1", "comment": "Malware payload", "value": "843c5b981f9092df1b92319cd6028de6468dcc25a5b1acca4b104f20579127708e9d64bee93adb239178901e7b894776", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730542, "uuid": "05ae9679-cc8e-447b-be22-8dedefcf76ec", "value": "T148C21FE5BAF58D96EA11637E89E7C2366B3CF5E04A134717573078322B13ED239C120A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730542, "uuid": "17d46174-942f-4934-a015-809093de5f74", "value": "149530bffc48a72b4a5c0a3bc8cee0f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730542, "uuid": "9db53820-d33d-43f2-a99c-522a8138fb6f", "value": "192:UgkgjM+ulZUXqSSDTJCZHNqTH2oxt40h7YYJOToqatGeTq2196ftLMksAA65f998:YZUXJTqL2At40h7YJ9SfqtLMknSkEB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683730542, "uuid": "c392c4e4-31c8-48aa-8a6c-bf46547f7e27", "value": 26397, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683730542, "uuid": "8ad888c1-622e-4b21-9387-ff514f8ebff4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683730542, "uuid": "0efedfb7-5338-4cc8-9905-e9f584d6ba69", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2696e8e-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Autorun)", "timestamp": 1683688435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688435, "uuid": "cb7f39ee-a0b8-4bf2-8f24-bcf2dea14fa2", "comment": "Malware payload (Autorun)", "value": "32c573208432ecefb37ec23c24d8ee04", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688435, "uuid": "66c98fed-fa70-4b30-9642-deba71778ff9", "comment": "Malware payload (Autorun)", "value": "e8fd3faa231f7878bde3e048689a5f34c84d3e798cb4373608406871655c7d64", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688435, "uuid": "41d12975-5c2e-437d-9681-f16ade73e49f", "comment": "Malware payload (Autorun)", "value": "c7e61113a29122de1118accdead9ee60aad4f09d", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688435, "uuid": "1e026e26-c6d6-4559-83ad-c19d57298e12", "comment": "Malware payload (Autorun)", "value": "b383b242c75eb293457887320201ffc2ce2e1a91e67474d460b2bb3e70631b34ab119629dc43eb9167a8e9f916b3f645", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688435, "uuid": "ab57abd8-f064-477f-89d1-3dfd3987c2ab", "value": "T1C1E55C64E650D8BAF7D5E978E40E7F291CE1781107C22E4DA49DAB241FF0EF4E5B2290", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688435, "uuid": "beedc2bb-7d39-4c95-8af2-746ab08d8d7c", "value": "12fcd3183e0fb67f1e38925ed5c0c47c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688435, "uuid": "e67522a7-520e-45a8-971d-54665c96df7f", "value": "12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCu:eEtl9mRda12sX7hKB8NIyXbacAfh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688435, "uuid": "291ae0e4-7196-4f10-8381-a6cd690bf06d", "value": 3297729, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688435, "uuid": "0bd1164f-e019-46a2-91e9-8a3825342a02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688435, "uuid": "d8b01709-58ca-4f11-92e6-af46da05608d", "value": "2023-05-09_32c573208432ecefb37ec23c24d8ee04_ryuk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a728847-ef0a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683706219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706219, "uuid": "c0075063-8a85-48bd-b294-c267d2036ec5", "comment": "Malware payload (RedLineStealer)", "value": "4b146b81c07cbf0cb742e41eef02e09e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706219, "uuid": "6602eedd-f2fa-4230-bfc2-ebcf78349807", "comment": "Malware payload (RedLineStealer)", "value": "e97c547cced7e272f3695066bf3086013be74e24a21bf7bbb9302982edf255ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706219, "uuid": "78ef0512-3d4d-4187-9089-c1f8f3935391", "comment": "Malware payload (RedLineStealer)", "value": "266f345272a83302b3d25b701e440ba9d3bf571a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683706219, "uuid": "4df623d8-ff78-4d08-b7ab-e53f4f77f248", "comment": "Malware payload (RedLineStealer)", "value": "f840bc9d0c076a1800b6af16fb9e75d208502696a1f9739e3afb4baafd609bb61712a9a2f68b6ab0db04f7ce6ba7a716", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706219, "uuid": "7706f3d8-cf31-456b-a612-2bfcd1268270", "value": "T156A40253A7E99132E5F12B7015F307C31B317C96A878822B2B80591E0DB3594F9B673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706219, "uuid": "acead9f1-6962-4e34-9296-7378af2813f7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706219, "uuid": "174ba199-5cfd-4423-8904-383372a4becf", "value": "12288:VMroy90VEzDGobrMtgfFP+K7sTj/cF1L7FU:lyD5lF+Kmj/i1Li", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683706219, "uuid": "da6d5d7c-f2ca-417d-8d4c-1d1a746804e7", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683706219, "uuid": "e747c2a1-7011-4e9f-985a-aa1b4573a9ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683706219, "uuid": "1bbc0a36-6f9b-405d-958c-ab7d4c598c47", "value": "4b146b81c07cbf0cb742e41eef02e09e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c18d066-ef1f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683715456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715456, "uuid": "59500655-a2ad-46f1-b165-8c4c919ea5f6", "comment": "Malware payload (RedLineStealer)", "value": "c5b8547984eeaf1a79be506e3a0c0672", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715456, "uuid": "4c0522ac-d744-42a9-93c2-b20f54aa69b6", "comment": "Malware payload (RedLineStealer)", "value": "eb1751929c9c25b1d2630e54f707c8c468207efbd23164426a2f0f685c14bcb3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715456, "uuid": "605fb1c7-faad-4a7c-b1e1-a4a2fc27091e", "comment": "Malware payload (RedLineStealer)", "value": "11266c9847227573218f558bc9e23d8393e70b23", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683715456, "uuid": "746a57f1-3b06-4ecd-b10a-33b32318ba06", "comment": "Malware payload (RedLineStealer)", "value": "a178892ef5ebc1a16ce093b11fe4b7faeeedada728a149b27a8cba3ef1bba516703f01dbac9a101959e0ad7378deed56", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715456, "uuid": "d1578d4e-e28c-4a4c-8b4d-e257fa9aa9ed", "value": "T186A41223AAE88173ECB667B05CF603930B357DD15938825B2B855CAE0CB2694F53537B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715456, "uuid": "71202d15-b8c8-4e1e-b950-704b18219541", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715456, "uuid": "5820023f-333c-4d72-ad17-efdb35bca18a", "value": "12288:YMrYy90wgJoVjwqauNUQVitjY5G/ULPMJfL1b9P:wyi2NNauIjYc8LUDx5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683715456, "uuid": "62db4e76-cdf5-4eb4-a5bc-ef52749f4abd", "value": 489984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683715456, "uuid": "cd3b480a-e914-4049-abaa-bc92a69000dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683715456, "uuid": "1c9bedac-13f8-4c92-bd3a-7e984ca2dcae", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6752d77a-eec9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683678430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678430, "uuid": "09b57767-de43-499e-9f50-3a67ed09f7b5", "comment": "Malware payload (RedLineStealer)", "value": "78905688120d3b4aa7ba703ca79dc0f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678430, "uuid": "59d38d6d-c8a4-4669-afd1-31e9e4986b48", "comment": "Malware payload (RedLineStealer)", "value": "ebf21a68edf7b17901564c4ae1c157f357dcd7fcdc436db86c0b46f61057c794", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678430, "uuid": "ef3dc74d-54d3-47e5-91bf-6d51aa212bbc", "comment": "Malware payload (RedLineStealer)", "value": "9c86fa4e7eb8c200ef646223c74867b9bf2cb743", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678430, "uuid": "89c7342a-170d-4394-9df4-783604e755e3", "comment": "Malware payload (RedLineStealer)", "value": "da2ca2cee08c3bd34583d08cec38f40af6f72ab03ea2f3a174cc00a5c10e4e09bcc3cbf99918a5077d8948c57702942e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678430, "uuid": "72a8e630-2bf3-4514-92f0-72fbd921405c", "value": "T15BB40113E7CA4073ECF71BB058F602870A3ABDA25D78525B37456D4E5C72A9098B273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678430, "uuid": "0dd0347a-ee34-43f8-a8d2-6e4f70ef09ed", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678430, "uuid": "c3fb3dfc-71d2-4198-a80e-87084e7f6d60", "value": "12288:jMrEy908mZ1JWAKGt5dqRHppiVWk0DKD8I5oij0:Hyj0FK5HnGWL9ij0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678430, "uuid": "ec5d296d-2c74-48c6-b986-da1477a2eac0", "value": 501248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678430, "uuid": "c700e76f-79ff-4b83-91a2-8dc8211766ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678430, "uuid": "e29d3446-1a02-46b2-bd55-3d96f3a7e908", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fd5e5f1-eefc-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683700349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700349, "uuid": "522a7764-edd1-4b11-831f-1560df6f244b", "comment": "Malware payload (Formbook)", "value": "5ae8e76b75275627378bd2ee58c3562e", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700349, "uuid": "9d645707-eccb-4370-b9a8-da2387ff02bf", "comment": "Malware payload (Formbook)", "value": "ebfa5c11bc84f9873c31f6da62600ac8fa967f987a90ea125d2d006f42c21705", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700349, "uuid": "af7eaa0a-2b63-4016-bde2-4a79d2ef8c12", "comment": "Malware payload (Formbook)", "value": "1b56181dcc9150f7ec4983f769c5f4957429e0bc", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700349, "uuid": "0392c493-b41e-4a43-996f-433f4d672c3f", "comment": "Malware payload (Formbook)", "value": "32944984ea409de0b4f6440d6573880af3361a2020bb8952a6dc45371eb30aea3fcdea27ee8fed7873530053143ce3ec", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700349, "uuid": "1c95fe4c-a505-4dc2-96ae-94fdb32ffd17", "value": "T1E4C4235CFBEB2B4DF27C43FA7B2158D8447534B8A10799033AD0122646A05BAFEBD9C5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700349, "uuid": "95135142-ae02-40f7-bb36-a630994ff7fe", "value": "12288:0GPpHgrmJ+sfbr1/y82wuPeEBrKr7Zu9QRPP/nYgack4wL/baNf:0Dr3MbB/D2wu2ECImpqjaR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700349, "uuid": "55aecc9f-503d-4023-8430-17d9097674a1", "value": 582987, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700349, "uuid": "761094ce-9a47-4c6c-9970-5a9d47678277", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700349, "uuid": "cae350bd-923e-4639-92d9-44f4ad004f3b", "value": "Inv_7623980.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80d61bf5-ef23-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683717128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717128, "uuid": "6ebabf67-67c3-4967-bd64-0289e5a4dfa8", "comment": "Malware payload", "value": "051e1fae82260cb863d61c669ba1f153", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717128, "uuid": "ee1ead8d-825d-4d55-bd96-6eb1c3ed3370", "comment": "Malware payload", "value": "ec5e56c47bcec243ce0d97b37a23831dcac32008a633bda4ddaf5d97af4018d6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717128, "uuid": "14395a20-b2c8-47a4-b59a-e07788992811", "comment": "Malware payload", "value": "f36ac6a7b29719113e3514fb44c98f7b3b0a9d42", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683717128, "uuid": "daaa52a5-6863-4b1f-912d-6dd5acd6f640", "comment": "Malware payload", "value": "e8846d7717c93e28af4eb6cf62d62442375a15aaffae969a0eb223688ad824b92cea5549f2c4aadd52db6f7acb475316", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717128, "uuid": "2dc269bb-5157-4281-81b1-44d740fa5a5f", "value": "T1CBE55B22F6929476C13E3135C31E93BDE2B9BD704930817766E01E3B2BF5472A52867B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717128, "uuid": "ecd6e6da-096b-433d-9eb9-ab261cf934cf", "value": "739faf64a9c01a6ea88a694e95804458", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717128, "uuid": "ee301c35-cc57-4bd9-b800-19a6f83bb049", "value": "98304:7+7q7rWJ2OgETvdqeQBZwXOmLsLGdIKyrPz:S7qkGB7IsydIKyrPz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683717128, "uuid": "3d6f46f4-b20f-4c3e-954a-7fc38c4796a8", "value": 3224064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683717128, "uuid": "2e7f763b-74d7-4f1b-ac71-b8ccb0c06e59", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683717128, "uuid": "9d51dbe1-f3cd-4db2-9df6-44807e5a087b", "value": "ec5e56c47bcec243ce0d97b37a23831dcac32008a633bda4ddaf5d97af4018d6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46d35027-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (STRRAT)", "timestamp": 1683704575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704575, "uuid": "f4be6edf-2c60-43ea-b229-c4c19c84385b", "comment": "Malware payload (STRRAT)", "value": "55f4d38b350acac3674638253c814793", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704575, "uuid": "68f180cd-ab0b-47e9-8850-a4cdf8377ad3", "comment": "Malware payload (STRRAT)", "value": "ecb914f03ac66ebf989e146663e38808d286aa358a6948421a29f1884961d971", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704575, "uuid": "59da5efd-91ce-44bb-86e3-624570b338fa", "comment": "Malware payload (STRRAT)", "value": "9a3e34f2265651592fb39ecc85dff9374d1af8f2", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704575, "uuid": "bc00e7ae-4e57-4265-8420-54276bc4e0b3", "comment": "Malware payload (STRRAT)", "value": "c8addcdf585fafcf1b4f4753f8ac95c4e78e9cd80243d2b350290790014a24e678a4fe4cec1a54a87cd396688123424c", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704575, "uuid": "19e0bdd8-c4e7-47a9-84ed-84044f19e964", "value": "T17324F12BBADBC6B4D91B04301689D266BA5C4085F04EA77F25FD4C985DB2C2C0B52EDF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704575, "uuid": "cf6f726d-eea8-4c21-9f69-896ac8687ef1", "value": "6144:hYiaw8jbAgYafsR7zFLDqNRYcUf/AP6UpOgD:hYiaBbxs9FiREIP649D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704575, "uuid": "fbf91d88-9731-4311-82d5-bf4206189903", "value": 224760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704575, "uuid": "434e0c06-89d6-4530-a516-b722e7da41b4", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704575, "uuid": "23657883-d865-45db-a22a-2acf2674abfd", "value": "Quote_576857687.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c47be7bd-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688465, "uuid": "e6de7c4f-ef5d-405a-878e-cf1ade0ad43c", "comment": "Malware payload (Kovter)", "value": "eec3ddaddc3c264abc6149626881110d", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688465, "uuid": "acc50e71-b357-4cc3-9a1c-2104b5052dd3", "comment": "Malware payload (Kovter)", "value": "eccac578f46a848210bb96bc3d29c67245b7c7f66438f2cce79e4f68fb2ef3c3", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688465, "uuid": "a22aaace-122b-46b7-a843-66ad35562d64", "comment": "Malware payload (Kovter)", "value": "62e0271340237b0c2cc1889321d0c4bad3b0b919", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688465, "uuid": "1c1a3d75-6d2d-4256-8ef5-2f63df1b0194", "comment": "Malware payload (Kovter)", "value": "01fb1dac704883301b8e719679796d8ceb6471836018189320e7296967a1b0135e02d297d793ad516a5dd2aa87a54287", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688465, "uuid": "49ce1708-b135-442c-b748-ded6dd86c731", "value": "T14B744A39F680D637D42509BC9D0FD2E9A139F6302D341947B6E11F0C98F9593AA2BA83", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688465, "uuid": "e8ec5388-6e7b-4824-bb7f-bf881df23d55", "value": "6144:Ue9EV2vjQtuJxtH58AkeEf6sy4IV97isv9tv34Fu/ZZRDveQM8QRq+6n:R9EVgjhTP+K99vnZvveX8b1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688465, "uuid": "bf689e08-263b-434c-9588-4243c35d759f", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688465, "uuid": "3b184b14-3699-44a9-9554-a5b04f88bb31", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688465, "uuid": "9d021c59-133d-450e-b620-db7c4b7024ce", "value": "2023-05-09_eec3ddaddc3c264abc6149626881110d_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fca504c-ef2e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (DarkCloud)", "timestamp": 1683721663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721663, "uuid": "50115aa4-2f9c-450a-9817-a9494133f14b", "comment": "Malware payload (DarkCloud)", "value": "2aeace06535f4c7cfe60bf6ca230f521", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721663, "uuid": "e19ea58e-0dc1-48e6-996b-6d94bc8004e7", "comment": "Malware payload (DarkCloud)", "value": "ed6006755e51eded9bc077db183831125a767b605fddd9109a635b3af7e4f8f0", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721663, "uuid": "5d59b0f2-acc6-4bbf-98d3-b97776f9a4f4", "comment": "Malware payload (DarkCloud)", "value": "d25dedd7a0d4bbb2240561ef193164ed270edcfa", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683721663, "uuid": "ec059395-b3d2-4a21-8e40-eb24d4a583ae", "comment": "Malware payload (DarkCloud)", "value": "9a0400f48b6213bbcc719bf69d612fc6af5fd902b49a84a64173862392e818a2367a3800e27b16fee3c0e4d5209d1d83", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721663, "uuid": "30f21ef2-e670-4707-83d5-7e455a623e24", "value": "T14B35F1517226AB17C76983FB0A28484613B87716FD67D23C6ECF21CDDD12F104E62AA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721663, "uuid": "f65cf0fd-6491-4929-a456-d8d705922936", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721663, "uuid": "25f9cb14-865c-48b5-8094-30bc6cb3e1c7", "value": "24576:6kL6Jy1CVVSVi1G4umbRqIULaWZIUN6mT:nlC3V1G4umb8IULhZ/EQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683721663, "uuid": "e9f9bcda-c7cf-4c56-b595-5a981fb8cf8f", "value": 1061376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683721663, "uuid": "e7b0df80-3421-45b4-a38c-98128b62edde", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683721663, "uuid": "afd98460-3c70-4826-88e7-131745dd1f0b", "value": "INVOICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fa28f1e-ef21-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683716213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716213, "uuid": "3b5ed579-54eb-49c9-af70-bee89e511c48", "comment": "Malware payload (SnakeKeylogger)", "value": "076d5430af1ffea960bd52cfc641e99b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716213, "uuid": "3cea3e76-6b5f-4390-83d2-1ff8a3ce0921", "comment": "Malware payload (SnakeKeylogger)", "value": "ee0fac5b1ab0a1e4c8efadea7919f8f1105d0928ca3a7c359a65af0246e06cf1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716213, "uuid": "b134b62e-41ef-4592-a1d2-4312a0921cb7", "comment": "Malware payload (SnakeKeylogger)", "value": "aba1bf8a90fabe96565ecec2022d24e34626a921", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683716213, "uuid": "91c9812f-0428-4df5-92f9-a260fd947d53", "comment": "Malware payload (SnakeKeylogger)", "value": "e7910b768e8342a1d87f4872be9f0e526979b2e90be600ccceef7b49bae5318ce1224b38b19cc8fd215e9f0e2aacb698", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716213, "uuid": "e936eeb4-c0c3-4d53-b26f-42e5cadd6811", "value": "T1A9551202BED294F2C1721A365D7A6B22A97CBD201FA98DDF63D4392C9E315C0D7317A1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716213, "uuid": "f3562108-65a7-4f7b-97a5-daf898906490", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716213, "uuid": "ba401d12-2108-45a5-add3-9530b368ec25", "value": "24576:lTbBv5rUFcD6vbKBdqT4oDKvMrBW4eNTygt90e+hoyaxlI:PBH6vbKBUT4/vMr8jygt+0I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683716213, "uuid": "13bc2381-cfaa-4a28-842f-fe9b04236a99", "value": 1315533, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683716213, "uuid": "5d444960-4066-4765-a67a-367f5ae44d42", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683716213, "uuid": "f5a2147d-79e9-4ad3-8502-49fe4f443998", "value": "Ekstre.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82c77bf7-ef1c-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BluStealer)", "timestamp": 1683714125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714125, "uuid": "bc6b72c7-fa67-4dca-844a-cd045a70430c", "comment": "Malware payload (BluStealer)", "value": "09338b623f4473341a54191980901783", "object_relation": "md5", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714125, "uuid": "c8898a88-40e4-4d06-9de9-e34a1dfe9701", "comment": "Malware payload (BluStealer)", "value": "f1de1c385fac0c850ee30233c971a76beee78824500899f5c64db03c70ac2e03", "object_relation": "sha256", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714125, "uuid": "79199687-7a4d-45bf-8345-fce03c0e8a97", "comment": "Malware payload (BluStealer)", "value": "40c8fca01c37d1f1592dacc06f48b918311e37e7", "object_relation": "sha1", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683714125, "uuid": "515f973b-268d-424d-be0e-6b3e56276d8f", "comment": "Malware payload (BluStealer)", "value": "e2617bd5196cefabcea9d60bace6139313dc4e51f4754649d3ccd6c5f7b863b60b2ccdcb5c0b1f8eaef4bd05626168ae", "object_relation": "sha3-384", "Tag": [ { "name": "BluStealer", "colour": "#B2C98C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714125, "uuid": "065c4434-d242-4528-8c35-08f59689cd6f", "value": "T13885E03C61C66C22C31277FA4999C5E00339AF10AFABD26A257E30CD9971B93ED9550F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714125, "uuid": "882281db-1f96-4d19-ab66-3a4fe288dcd2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714125, "uuid": "390bc2d5-c0f1-4900-8a0d-7a651313da88", "value": "24576:+b3IBXM8LcvUtY+FGkacy9RjdMD84XKpJKbJ6byq0TyJN8Wo+uOZakN:WQXZcvUtYRcGLoHvJQb8WoIN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683714125, "uuid": "adcb9ce9-0666-4f6d-b157-43ec1327bc64", "value": 1740288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683714125, "uuid": "14b123b0-e712-4a02-b07c-ffca05bbe62d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683714125, "uuid": "ea182a56-09e9-472e-8d62-1740e9446392", "value": "Purchase Order 202319876.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21b29b31-ef06-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683704513, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704513, "uuid": "212bbc4a-db1b-4589-9f15-416fc029a979", "comment": "Malware payload (Loki)", "value": "dc566b1ea8709d61642c3641d1109708", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704513, "uuid": "0ae7359f-8619-4309-885d-c99be5571d53", "comment": "Malware payload (Loki)", "value": "f22f0f42d468f65578d438395e6c9bd9505e086761471b4ef45ee7779b4595f9", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704513, "uuid": "2ece98ee-7f5e-454e-8bf6-346b89aa93a2", "comment": "Malware payload (Loki)", "value": "cce442e2d4ea7c3368387f9f02bfc1d37f9b0008", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683704513, "uuid": "59daa1fa-9fbb-4e85-9f47-21a765fc42d7", "comment": "Malware payload (Loki)", "value": "7a38c3068b3653b75d9fe96c94c34072011c7e22abf0b5d4975965fb8193c3f5cf4b2c30e3cca63a8678b6082ec61f9f", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704513, "uuid": "bc220c3d-5051-4328-b69d-86f3f73ab060", "value": "T13D13185EE78B02648F4113B6131B4E895ABDB23DB35551B178AC833033EDC7E46666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704513, "uuid": "3dd0fd64-8df1-451c-99aa-acd331a35697", "value": "768:LFx0XaIsnPRIa4fwJMUrjdxkv054VH2UOUpu7Q7pPV6I18JH6CP:Lf0Xvx3EMUrBxkJVS4u74eI1qZP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683704513, "uuid": "5d62e680-d19e-40a4-b9a8-91f486a71ee9", "value": 43921, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683704513, "uuid": "22fae47a-14a2-4619-b20f-119b8f232be4", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683704513, "uuid": "9bab6861-7366-4f47-abe8-526f7bb8b445", "value": "Payment Transfer Request.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f4f5a90-ef4f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683736023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736023, "uuid": "96a87ce1-42d4-4457-92b1-1aba473090a6", "comment": "Malware payload (Formbook)", "value": "abca758df173419c3a31ec19bfbea8ad", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736023, "uuid": "61a252db-7a3c-48ea-bc7a-b4ca2e5e88a0", "comment": "Malware payload (Formbook)", "value": "f23640716e9b48d455771758fa9dc339dfb50e2a4b75d05191b60c93998cc105", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736023, "uuid": "436bb974-4b79-47fd-8561-85957d4dca5f", "comment": "Malware payload (Formbook)", "value": "105fbf3da6219f4a3badbb8c1776b7fa3f29da28", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736023, "uuid": "2f3621d8-0d47-400f-aebc-160282da6454", "comment": "Malware payload (Formbook)", "value": "26cbffc9df6d77f2efd13d3b8ed2398514a09c86e80e435a04da250120848202b37980b070137c1cb4159fa1f67cf91c", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736023, "uuid": "935e0c9b-796c-461d-b017-2ec6185f48a3", "value": "T13BE4234EC9166025905CCB9F95D3C8FC66D4CDD157197CDF798A2EB39A009BEA4E0B0C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736023, "uuid": "fc71ffed-67ec-4e46-8054-96d99e38bfb0", "value": "12288:PABUV1UqpZg+ec4+1nJfbnMwQaDoOiWTy2+qXXDrcxuYBe+gE:PcUHU+g+B4+VJLqMIqXXcxuHE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683736023, "uuid": "653b3f94-2ddb-4a4d-8e48-c0071bea2713", "value": 662212, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683736023, "uuid": "36d707e6-f250-467a-8af4-e2ab417ddc79", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736023, "uuid": "6dd2579c-0ab8-481d-8464-8636072a3676", "value": "PI.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b502befe-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (BlackMatter)", "timestamp": 1683688439, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688439, "uuid": "b838f317-73ed-446c-950c-b86596502da3", "comment": "Malware payload (BlackMatter)", "value": "41254f8ea69cb8aae142a1313ee4bb14", "object_relation": "md5", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688439, "uuid": "819d96f5-d99c-4f21-8b3c-5a398aab8e88", "comment": "Malware payload (BlackMatter)", "value": "f3162be215100b0b7e096086128b0dc611ff95c8309512f0e98c279b298c4891", "object_relation": "sha256", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688439, "uuid": "ed878bb7-9159-472e-aaa6-1a04ccb9f68f", "comment": "Malware payload (BlackMatter)", "value": "f2a61d1a37a481f3d0b99267b159cf3a3a28f716", "object_relation": "sha1", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688439, "uuid": "cb20d1d8-bfa8-4fa1-a3fd-11db8e80023e", "comment": "Malware payload (BlackMatter)", "value": "c62a3d222eafaeef02462e2641c06f025d2d9d81a7ac699ebb1ec00d1bc6f72d9fd0ef0707b0c0b9b94b05e6a83f7b74", "object_relation": "sha3-384", "Tag": [ { "name": "BlackMatter", "colour": "#F2287D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688439, "uuid": "25dfc7d9-98f9-4fbf-92be-9b20ec086716", "value": "T131B65B91B809B7CBD46A17799153CD612F7C13F896248B12A82C75BA6D53C803B87FBC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688439, "uuid": "049e7d30-8b37-4dc8-ae25-4e06edc4ceb0", "value": "49152:owaYoE4htZYBl+OHJ1V4dYFgZPsv97H4numCM1+7:baYoE4htZ2p8dfZPs54numh1+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688439, "uuid": "87bc817e-0073-4a52-8f63-a6b4ae6870c1", "value": 10485760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688439, "uuid": "f6c60437-4688-4c0e-aee0-cd9160f2cea1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688439, "uuid": "e93112b7-9870-481e-b23f-bbe7e7b4d6de", "value": "2023-05-09_41254f8ea69cb8aae142a1313ee4bb14_darkside", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9951bc93-ef2f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Pykspa)", "timestamp": 1683722323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722323, "uuid": "5857ac27-59e5-40a0-a65d-75852ec05c86", "comment": "Malware payload (Pykspa)", "value": "b6b545cfb87faabf6d0b55e53966410d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pykspa", "colour": "#9E62D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722323, "uuid": "c113a8fe-f12d-4055-a0dc-111e3e50a121", "comment": "Malware payload (Pykspa)", "value": "f3c7b8ef32629e731d631732244407bd8f9b0ec50b4302f555bf8346d0e7afc4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pykspa", "colour": "#9E62D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722323, "uuid": "33efdf90-3de2-477f-a4ec-ddffd3e7e435", "comment": "Malware payload (Pykspa)", "value": "f5c12b494d2fb26438735d81ea083cb2b2693fa1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pykspa", "colour": "#9E62D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722323, "uuid": "5ae460cc-8c75-46f1-b639-0fbe17765cbb", "comment": "Malware payload (Pykspa)", "value": "a534a97da27d75dcdc8c72fe11ca9af866d26cf5d8dbb1b329fedd2414f3919d9aa37a0eda34da4cd18d1a916d0b0eae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pykspa", "colour": "#9E62D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722323, "uuid": "b3674495-628c-465d-8352-e18afcad5526", "value": "T1A964C03BB780C8F2C485803176996E136EF56C301625EA5BDB60DE0A2EF55E4D72A34F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722323, "uuid": "9f32841b-321e-4ee2-b11a-c403df0a61fc", "value": "a1161b9f4081312e64af594f73664c29", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722323, "uuid": "e6a06f61-51f5-48df-9c55-79d833c6771f", "value": "6144:4TwZo1IV3puaibGKFHi0mofhaH05kipz016580bHFbl86JQPDHDdx/QtqR:WXgvmzFHi0mo5aH0qMzd5807FRPJQPDV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683722323, "uuid": "dc8beaa3-b6eb-44e8-a812-a9f12eac2026", "value": 327680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683722323, "uuid": "e749a1c1-c386-4640-8b8c-1d5a1f275c8f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722323, "uuid": "702dc9b1-bb72-41c3-a03f-3b20246e3298", "value": "f3c7b8ef32629e731d631732244407bd8f9b0ec50b4302f555bf8346d0e7afc4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da312ded-ef0f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1683708688, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708688, "uuid": "08482bfa-a131-4a22-bdc9-af0e4713baaf", "comment": "Malware payload (RemcosRAT)", "value": "8a1c01c673c1a146179b550a237077b8", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708688, "uuid": "61502aba-7f3c-4871-9470-cfe74ee67bed", "comment": "Malware payload (RemcosRAT)", "value": "f49ce19e111137c639501eda45a67b44f1eaaf9e6816162e4a26be45d56bfbc7", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708688, "uuid": "d34b59a6-8bc0-48f0-a38d-21bf0d3417e6", "comment": "Malware payload (RemcosRAT)", "value": "53a909df175d0885dfd66ff0de12b4ca45498d40", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708688, "uuid": "2d0de176-b7a7-41d3-838e-69a782c8123e", "comment": "Malware payload (RemcosRAT)", "value": "d9c10c74fab604a8db77ab385c4f77b972246f402b21c272c12e27fc6e6eb3920d4e0f76abe983ed4cf04777e9952636", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708688, "uuid": "2db26be0-4a42-4aa3-8839-b819dc250f75", "value": "T1222533FBAC1692628B449B3894E72D432AE3093DDF6140D01D294D6EF1D4FC0E6A6E37", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708688, "uuid": "d1a6a1e4-a056-4653-9635-62ab4f9e5c65", "value": "24576:vGrQuoAfpsZQlQBy4hIOmYie7BKLkCi8DxQf745jkPY8Pjb9H:OQubRMQ6qlze7BnADqf74pkA8VH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683708688, "uuid": "66f28e96-1bd9-4215-bac2-de66f487699c", "value": 964950, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683708688, "uuid": "a5c6e381-d9f1-4e0f-9b93-48afc3489de2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708688, "uuid": "e06b4f6e-e7e6-4ebb-8f42-16af308f9651", "value": "RFQ-BASE N9- PRICE 9974077497.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c12f6534-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Kovter)", "timestamp": 1683688459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688459, "uuid": "d0ec9cb7-b409-4eb2-8f89-e93b66743e75", "comment": "Malware payload (Kovter)", "value": "ccf79c6b44d1ead5fb0f389767bcfe48", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688459, "uuid": "e372a889-4c92-4ed1-b2ef-594857fecb0c", "comment": "Malware payload (Kovter)", "value": "f4f0ce339b798d81d901fc5a5244a436e0b30d9d707f54f225440b7b2e543389", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688459, "uuid": "b0d3d6dd-88b2-4063-8833-8d48d06a2d88", "comment": "Malware payload (Kovter)", "value": "09e9d9b5f2f65588274cf2743552591d6d4f2da1", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688459, "uuid": "60ae034a-10fc-4e20-bc1d-0d86c19eeb2b", "comment": "Malware payload (Kovter)", "value": "ed1689df4bd9fa4770e6f137503949522461721a15c8ad258e5b7ddecd5e2b100e786637ec7da5aab0310a64147e2347", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688459, "uuid": "80aaab0d-2651-4d73-acd8-7f936d44f5bb", "value": "T17C743A39F280E53BD42159BC9D1FD2E5A57AB6302E341947BBE51F0C58F91836E2BA03", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688459, "uuid": "9c3badab-e880-4877-a608-b9f8ac1ce406", "value": "6144:+mMM5iTRJ2eYNCRrWdZ2kxMS26MVfB0mCvpz1Smd3/ivW7GrQdq8FHf3W:+IQv2PgRCdfGB8vhivWKrbj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688459, "uuid": "021ce8da-17cf-4ed5-8bfb-6f0c6071dd68", "value": 370688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688459, "uuid": "9d9b0b12-b8ba-432b-9e83-e29ce5cfb5ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688459, "uuid": "c9838324-fd20-4903-9a85-b2967914763b", "value": "2023-05-09_ccf79c6b44d1ead5fb0f389767bcfe48_kovter", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe11fbbb-eefb-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683700158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700158, "uuid": "410adcae-eefd-4920-81a0-7cf2dbd8d90a", "comment": "Malware payload (Formbook)", "value": "0698e6fa3a6f9ce7e0432276a8669f19", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700158, "uuid": "67782b52-340a-4d81-8f64-99930209d6ff", "comment": "Malware payload (Formbook)", "value": "f56f99de1e3783b8cbca1bd1c7f00685cc04a283f93c8e9b03fb67d494388a1d", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700158, "uuid": "23d32569-8a41-4081-933c-c48160efd778", "comment": "Malware payload (Formbook)", "value": "ff31596f767aa6f6d5302bd71054a012878ffe5a", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683700158, "uuid": "c36bb442-5338-434e-9d46-3ca316dba252", "comment": "Malware payload (Formbook)", "value": "0f610f2b7ef416c61acabfc7c7b2c6646eab975c715c6d2899df0a2c2ac421cc494e2d21aad4297a2b11ee82186f8d21", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700158, "uuid": "5bc99bcc-a38c-4282-a703-de9bba373029", "value": "T171E2F1867C5EFAE56A050CE6CA4E43D7F04528B4E5992B4DBA188E6B01D033C9970E72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700158, "uuid": "1f0d392f-49b9-4049-92d4-2fbd364fdd10", "value": "768:sbdXpYlx6NSjvNRJrZGdagjBvxYfXkoVOj9WvORdsiAmwRV:sZZYlxHvNRrGdFBvxYf9VOj96OHUmw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683700158, "uuid": "ff24e7ef-255b-4dc3-84c0-5215c0791e50", "value": 31327, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683700158, "uuid": "b5d57826-6664-414b-975d-438c63bcd844", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683700158, "uuid": "a39d70ac-32b4-4111-a7e5-580406617f5a", "value": "po# 7648 and po# 7649.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f16a0563-ef2a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683720323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720323, "uuid": "f5c04d22-b6bb-498d-9a37-7bc0ccd14c93", "comment": "Malware payload (RedLineStealer)", "value": "145a0c14b7307e2a04efce07407ac093", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720323, "uuid": "64020aa5-e3ed-4849-8e8c-55b5835b4410", "comment": "Malware payload (RedLineStealer)", "value": "f6419a568451466e5790e80ce71439ec62ea952cf8784b2bc9b6375e09bdd7dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720323, "uuid": "b6adb725-5ab1-4727-a8b8-f2824646c275", "comment": "Malware payload (RedLineStealer)", "value": "f997f3917ca699d1bba71b6148412e6c3a9e7e5e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683720323, "uuid": "748f9a1a-80cb-43bf-bdab-ebd52d3489ab", "comment": "Malware payload (RedLineStealer)", "value": "18f6a914a55b91286c9f9b4968cba4b651d44f41953dd72b9db6c2014d3a66bea67b939797bff4eff8be27eab10bead3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720323, "uuid": "777dc6cc-5731-4ab2-b230-daf371f072d6", "value": "T174A412569BD84063DCB117B018FB01C31E3ABDA25DB8477B6345689A0CB2BD8E57237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720323, "uuid": "9a26c475-3a23-4ad9-a670-1d1164e3a41b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720323, "uuid": "4e89a446-9773-4c2e-ae5d-8d68e3d79aa5", "value": "6144:K/y+bnr+Fp0yN90QE25/rCR+zH0tczieempFQI02TKWujZ7x7eh0LXRFDe2SfMp7:9MrBy90YO+gpJi3kh7nYfMpMg7Cyp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683720323, "uuid": "b0fb0816-d9b4-44eb-ba94-a9870c30b9f0", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683720323, "uuid": "5ee7910d-0e71-4ad0-9275-9d9390d80dfc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683720323, "uuid": "eb597122-3f96-44ad-b6d6-cee14f9484ef", "value": "145a0c14b7307e2a04efce07407ac093.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1883fbf3-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707074, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707074, "uuid": "c3d67f22-f06d-4a29-a45d-797558bc9893", "comment": "Malware payload", "value": "eee10811fafbb6ecfba967508aa39ad1", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707074, "uuid": "29540887-61ad-4e65-b2aa-3a142cb4335c", "comment": "Malware payload", "value": "f72002b53514aefa1b46cc4593ce061106d07507d6f2edc64dea6927bc59eb37", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707074, "uuid": "4941b17c-6bac-4d30-b1c1-b12aac5bd0bf", "comment": "Malware payload", "value": "50bea1118bbb26d22ee35b9f9fccabc54e688517", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707074, "uuid": "65552fa6-c5c8-4063-a34a-a36604840a3a", "comment": "Malware payload", "value": "70f3debb665f41f9ac16c7b1bb07b1a60dd35beffeb4e8e6e67670107e672cd09e1b0eb488a527e268a063430f589807", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707074, "uuid": "b91afdee-e90a-4aff-ad51-f94ae7c01792", "value": "T10E55E13316A2BED937FE2E89D8861D480CC85CBF627889F4BC88554B61B9754EB74C70", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707074, "uuid": "d2a4fdbe-ff6e-4def-860f-2043c5307828", "value": "24576:2/DtW6psz725j0U4gOKa0rdbCpF2gRWC+ll27lBLYGehe8:Z653KKkBAZLQK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707074, "uuid": "34a96167-73bb-4732-abec-37b8dd501f33", "value": 1325056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707074, "uuid": "9bdba1fe-4774-4e6f-ab0e-1590daefdcda", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707074, "uuid": "8b969226-c17f-49a4-8b2c-4a5ad75a3e3f", "value": "Dpytzz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd9c78e9-eee0-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Autorun)", "timestamp": 1683688453, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688453, "uuid": "6fe0db3f-6e61-418e-8459-78c04fae2182", "comment": "Malware payload (Autorun)", "value": "9e24095aca768128d1fbaf64adc5c140", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688453, "uuid": "5623f873-85a4-43b0-9f91-3c9af3997fb9", "comment": "Malware payload (Autorun)", "value": "f74ceb260f9eb6da73b9d33a0f23bdf0ec8c6927c358bd98842b3e3325397b3c", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688453, "uuid": "96cdd644-def8-4566-b5f1-128015a4eb84", "comment": "Malware payload (Autorun)", "value": "2b33417c84ae118df22858ead61d613b1b6e79bd", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683688453, "uuid": "264abe8f-317b-47bb-ac19-c25de06fc14a", "comment": "Malware payload (Autorun)", "value": "3a47999557e517cd85c86cd3ed7dcf48d93caed46197dbb7c91c543a8d1abd41e045e71205554f1a247e19b640dfe472", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688453, "uuid": "63371b64-f86a-44e7-8055-7fd6663f4b4a", "value": "T125C55C64E610D8BAF3D5E978640E7F290CE17D160BC22D4DA49DAB241FF0EF4E5B2294", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688453, "uuid": "9ffc3bcb-9a50-42fc-91ac-0a75fd7630a9", "value": "12fcd3183e0fb67f1e38925ed5c0c47c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688453, "uuid": "3d86b5d5-a118-417b-84ff-071234f3ee46", "value": "12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCn:eEtl9mRda12sX7hKB8NIyXbacAfy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683688453, "uuid": "1addef3b-cbb3-44ad-a07d-6a7b3a07f337", "value": 2566102, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683688453, "uuid": "786c0673-21c4-4c50-baed-e0fdca8c15cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683688453, "uuid": "8a3099e1-68a0-4861-8701-eeace0d640b3", "value": "2023-05-09_9e24095aca768128d1fbaf64adc5c140_ryuk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "867ed33d-ef3e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1683728734, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728734, "uuid": "ef52fddb-8764-460e-bb32-4e3a2a2fcf0e", "comment": "Malware payload (Amadey)", "value": "b84b2f93011e93efa940bca149f4395a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728734, "uuid": "bfcc2ba1-15ee-43b7-b081-40b704458d2e", "comment": "Malware payload (Amadey)", "value": "f7dbdcec3578afd1cda065472888da575420319e2d8b856f2253e4862686846c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728734, "uuid": "40593a26-0a00-4f32-9e6f-e322754be16c", "comment": "Malware payload (Amadey)", "value": "99d2a30d5579c8a70d251dc8dac29fdf2e61553e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683728734, "uuid": "d4eb5e19-169a-43a4-a5b2-a0a3bad44f7b", "comment": "Malware payload (Amadey)", "value": "86e34eca281118dd71743eaa63d7a85ec37261c94cb9eaa794287cae5adcf766c5e22125593a03363d5394270315e7fa", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728734, "uuid": "ea18e45c-89d9-4257-bdb7-81665aaecf90", "value": "T144B41212A3C881B6E9F217B048FB03D71A31FDB14A39D2363749689E0DB3694987577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728734, "uuid": "54e3d819-305d-48b4-a6b3-679d6c32c95e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728734, "uuid": "24184e4d-f36b-4c1a-ab32-4d7dfa2140e9", "value": "12288:AMrvy90R2p4c3qS2x21qQ/PLkMWCm4K9U:fySHcz2G9rk6qU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683728734, "uuid": "9216b1bd-e2d1-4ccc-ad13-54ef250023ea", "value": 499712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683728734, "uuid": "ce01607d-03db-49d0-8fc7-9f4bfdb51e46", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683728734, "uuid": "7683319e-8fbf-44bc-98a6-8ed6b86a6a9d", "value": "b84b2f93011e93efa940bca149f4395a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cbc6857-ef38-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683726033, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726033, "uuid": "74d94bd8-b9dd-4153-b0b1-f5f1012ac113", "comment": "Malware payload (RedLineStealer)", "value": "602f08ecf1a5382d0c99e26d813f8a7d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726033, "uuid": "2022d9ee-d6ca-411b-9ab4-f8a71bdd83da", "comment": "Malware payload (RedLineStealer)", "value": "f853633959f91f2b4a95f77b0db593106068845a17957ee568515ac80f7bd81d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726033, "uuid": "951ad8df-e415-4b6c-a1eb-28ba6da881ef", "comment": "Malware payload (RedLineStealer)", "value": "1baa3f48afe80e0e16382e3cb1d1069fb5f2c803", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683726033, "uuid": "3a2819f5-dd3a-484c-a94d-478dca1f3137", "comment": "Malware payload (RedLineStealer)", "value": "74d2a0c816a161ae819f51562627d7adc7dac74ec12a9a44989792d0368d03d98296ad968b2be8b258fb885ab3fb0cc0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726033, "uuid": "bd3dee9b-557b-470d-a3d8-6a40881da2ce", "value": "T1E9A40123F6E85472D8B5177048F706871B3AFCA28974835B2786689E2CB35D4B47237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726033, "uuid": "197042c9-db63-4dfd-bd8f-bb680da8510f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726033, "uuid": "18582f5d-e664-40cf-a1c9-5eee14eee3b0", "value": "12288:QMr0y90yzPQksC0pcTSW4yudFKCDy96AzTd1o/i06S:0yBPxSW43Kb6qTd1K6S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683726033, "uuid": "81eb8c27-618d-4706-a649-d9483317f831", "value": 489984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683726033, "uuid": "6ea27b80-183d-42a9-b9ca-b9153de25c29", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683726033, "uuid": "db392c78-3274-452f-a8dc-7c21569c2994", "value": "f853633959f91f2b4a95f77b0db593106068845a17957.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fb6be12-eefe-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683701127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701127, "uuid": "ce8c2976-7dda-430e-9cfa-4313eefcb158", "comment": "Malware payload (RedLineStealer)", "value": "5cf3879bae5ec390686347bae3bce426", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701127, "uuid": "741ebaaf-877a-439a-81da-698af59e73d0", "comment": "Malware payload (RedLineStealer)", "value": "f88dfaf46f0fcf7409299c9649c3b15ae014ded28fe889ee15492e8fd1fc0f97", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701127, "uuid": "4b319069-3957-4ea5-b653-6431ffd910d0", "comment": "Malware payload (RedLineStealer)", "value": "5d59f6b49ea8a033f7a94b32ff0ceedc3f183cbe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683701127, "uuid": "35533581-8f81-4d82-9c40-e494102f33da", "comment": "Malware payload (RedLineStealer)", "value": "d266083413065c6df63ca5dd952646c3915b6e53219bb0369be0f7b1752c8d818cca0ebee30f0371f575963d7ba1d2ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701127, "uuid": "88e61572-31c7-4d25-98e0-177275b7a613", "value": "T174D56B036EE54430DC6F03370BA89D7D77E9A86137D688EF07DC993A8A157E095F8622", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701127, "uuid": "9844ce5c-4db8-4bc1-a1da-3e85dc7dd068", "value": "91af7e8e02c6932213ae27f4919f3978", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701127, "uuid": "0b4fec93-ff0b-4ff6-89b6-1c24271b745f", "value": "6144:1/r8dWwp7RZsdBbDOS1B2/QekbAOgwH3sOEuZ5UnSyPi+woXh:xr8dWwp7RZvQ9mwH3sOE+USGdh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683701127, "uuid": "46b94a92-02ef-4a82-923d-924e12b77a14", "value": 2809856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683701127, "uuid": "ccca397d-cf10-4c02-929c-dea14a73ff06", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683701127, "uuid": "bef6d764-2410-487d-9c93-96578652b24d", "value": "5cf3879bae5ec390686347bae3bce426.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db0fbea5-ef3a-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1683727158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727158, "uuid": "308070ec-a3ba-45c0-968b-54a985e65f42", "comment": "Malware payload (Loki)", "value": "0cd65b9d45842969995cf1fef0b6f015", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727158, "uuid": "3225a537-f0ce-46ab-98b9-a98677c419a2", "comment": "Malware payload (Loki)", "value": "f896eabea3c68b0518d1d5e58ed4168ee38f1464aafb4bcfb0e18b5c573be9bb", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727158, "uuid": "cdb48f4d-9920-4d3a-9bd1-52c6d4a0cce3", "comment": "Malware payload (Loki)", "value": "bb3509012d1eb0754bb537a4fb63bfd6c75574b7", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683727158, "uuid": "de7a92cc-4abd-44e2-b7e1-63ed08c33006", "comment": "Malware payload (Loki)", "value": "43b281f0fd9b747fae0a0425ca679ccf6efe83ec400f98153f0fa5ccd94c78d2fe5ab5a0772a08f74c4b03ccee66e07a", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727158, "uuid": "323295ef-8a7a-401f-ad03-e9550d4b99fc", "value": "T100D312E7686CA6F043EE7D143B8285B508493F0AFF3484C85E4F61D538C52A65E78EE9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727158, "uuid": "f97e84df-d093-49d4-a904-a93650f1e28e", "value": "3072:6pOz8IaL12Wc5HwMtau5FlsGXA+VkjkC67UuQSnhR7WTKA:6pU8PL16d73rekC6IQhRCTKA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683727158, "uuid": "380ac730-c430-4f06-8f42-c946de6823d2", "value": 135036, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683727158, "uuid": "e37bd9ec-d467-45e4-a534-3dc4343a9327", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683727158, "uuid": "babcdf20-0466-4520-ba2a-4114bd6acf7d", "value": "RV1-INV-2023090.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4d49865-ef07-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1683705243, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705243, "uuid": "60a1f5ae-c1c4-4961-8f58-f06c2a4da460", "comment": "Malware payload (AsyncRAT)", "value": "cbeb06a3d40a900530409f2912338127", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705243, "uuid": "a9d9b001-fcc1-472b-a0ca-e8b0ed3f2612", "comment": "Malware payload (AsyncRAT)", "value": "f8c834e092629c8a403b3c036f0d6c44ff3b1066ae58aefea1c486849943c66a", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705243, "uuid": "8b8b0839-86b0-4f02-84e8-16ca2a3a45d7", "comment": "Malware payload (AsyncRAT)", "value": "eaaa8253008ae92487026328a33934061ba30d72", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705243, "uuid": "d1031ab9-e108-4d73-a7f2-0b7eebfd4a19", "comment": "Malware payload (AsyncRAT)", "value": "7ca49cf95efffe810a36802f0a3b60b3f71d2b1b6759f9221e6d69216a6347082c8dbdb8cedfea6920f3c84c74cb4da9", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705243, "uuid": "2294df9c-b3ae-4f5d-af13-2157edece104", "value": "T118052379EF611673D00374A5AD585FD4340B601CBD2BF678C2EE02A91DB2C03E2AAE75", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705243, "uuid": "795a7002-3e3d-4867-b05c-c60b1c7adda5", "value": "12288:3xR4g66mmi9DL01gGMGSWMuKW8jdpdqqe3oxJLZNlG/zAuu3YCCzlJjc6HYvVHP:YgfBi93vWSndfrlJtNlG/tZJC6HWN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705243, "uuid": "43d30d5a-61f2-4770-8732-5b413b57bac6", "value": 818108, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705243, "uuid": "c54f4fe6-8ef7-489c-9672-ee6212723d9c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705243, "uuid": "9ff91f12-050a-48db-b2db-245ec8c24221", "value": "Odeme_1.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6af98786-eee7-11ed-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1683691321, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691321, "uuid": "ea801f1f-440f-4fff-9a76-63162c6da0a1", "comment": "Malware payload (GCleaner)", "value": "89597e240acfefe70f0b03003e553aa0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691321, "uuid": "1adcb37f-8916-4aeb-a23b-daddf6ced20b", "comment": "Malware payload (GCleaner)", "value": "f8f02e022fc2ec56d9947b506874a56ca5d8f8a8c49354a2b452992faaa197cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691321, "uuid": "1b5930bc-b8a9-47fc-b12f-14edc5032852", "comment": "Malware payload (GCleaner)", "value": "ef8a50fa02d71e4afa6126223f96b0b8d0a2797a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683691321, "uuid": "5c5b2186-db96-4ea9-a456-6ffdb5cc666a", "comment": "Malware payload (GCleaner)", "value": "55ed0dab2fae0cd553f44ce3ee78c6238df60d66a48501b0955e77b4bf462dfff4412dfd0d82bca826655bb0023ba725", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691321, "uuid": "68baf196-56d5-45e8-9eb5-530933963925", "value": "T18B953302E2B1C539D8A06F702E5F2610583BB52370B55E40B5B2AD9DA733ED60CE376B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691321, "uuid": "55c50a13-245f-414e-ac86-0643bb4833db", "value": "da86ff6d22d7419ae7f10724a403dffd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691321, "uuid": "9cf580b2-e32b-463e-a400-8ae8cfc0e5c7", "value": "49152:gwcvY8j1aC98gOVCjaE1En9k7O3rIwxc4IrAG5cv:gTwWN98VWaMEztx5IrXcv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683691321, "uuid": "8e14e8be-6820-4f8c-9062-a4cf3e08d015", "value": 2009208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683691321, "uuid": "e14da8ab-d07b-4d83-85dc-c06c51451df1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683691321, "uuid": "4aff17b9-9ac0-464c-8efa-a47d9dd6c895", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "779c071f-ef17-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683711958, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711958, "uuid": "868fa6da-0407-4b5b-b2de-329b7688dc84", "comment": "Malware payload (AgentTesla)", "value": "736046acefa521d753a5e48140de09c5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711958, "uuid": "991386a3-5987-4633-9158-c6af1ce54f02", "comment": "Malware payload (AgentTesla)", "value": "f915cf0f5eb675004b57ade3a2f94ed79c017064db1367e7b068adca66ca16f0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711958, "uuid": "e72644e3-70bb-4682-aef9-bb6e45132523", "comment": "Malware payload (AgentTesla)", "value": "fce97aa0d2403109d3452b005f3b415e08994b47", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683711958, "uuid": "a300ad22-19ec-400b-83e3-8d945897e435", "comment": "Malware payload (AgentTesla)", "value": "c5b33b3cf1398563e979052bf45fe354391d5fb8741cfa0fd7e4d8ba9989998bae6ab4767d15d4a371556431b6c240d5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711958, "uuid": "22f2a93b-a6f5-4315-87c4-60caaa9d2968", "value": "T153C42373622D9B45CE03091B54CEC33180A777D1A0E37B7A79A352E23F8A767648E5C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711958, "uuid": "a94e1871-ef88-43b1-8a32-8094a2562764", "value": "12288:u2vU5QHxtpvK3qSPHkwqbuLheBH5MwA+m/MZhUPCdAW0sO/TgFE1NdZNm1:hveQRb90kYheBH3m/ihhuWSTgFB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683711958, "uuid": "98a64a85-66c1-4d9a-bbbc-d8cce94c1f92", "value": 591463, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683711958, "uuid": "b5b1c57b-d54a-445b-8869-2dfc375edacf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683711958, "uuid": "1f79eb33-72de-44e0-9955-679ed6d5c2d5", "value": "SHIPMENT DOCUMENT.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57984f12-eef9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683699020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699020, "uuid": "e82e5258-40ee-4b01-a0d8-3b782e707f7e", "comment": "Malware payload (RedLineStealer)", "value": "1baeb24fef83cecc8f0d475d96006ede", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699020, "uuid": "62b38335-a6f3-4462-9ac0-142208a351c9", "comment": "Malware payload (RedLineStealer)", "value": "f984811ca20f0022a21840ccd29a68b8a39d44569b4ecdb9634405e4f404af57", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699020, "uuid": "cd8840d5-c548-49fe-b77c-de86761632bb", "comment": "Malware payload (RedLineStealer)", "value": "1347b3fe22d3e5a5843af3a700948660fcecdebd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699020, "uuid": "f9394afb-9f71-49ec-8028-296a6ec00018", "comment": "Malware payload (RedLineStealer)", "value": "d7d533900c30e619436e3fde4bd694ad771668e93fb1f1335e9acc9fdaa2a9d7979b5b40d8051d52381abeeaa29618ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699020, "uuid": "e2b5d672-2ec4-4334-ad7e-1eac6b8dabe3", "value": "T193A40213ABE84477F8B52BB428F603831B35BC625C74435B2B829D5E08B3685A97177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699020, "uuid": "d924473c-aa48-471c-ad80-f27b36b20fcb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699020, "uuid": "ff475032-59f4-4611-b903-5424e09e4d4f", "value": "12288:xMriy90mr5H8fcI2TKjvaAJRplmiKYhuma8+ep:PyDr5H8UI2T6THmiFhhp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683699020, "uuid": "5cf4b994-b158-425a-98b1-10164437e73e", "value": 491008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683699020, "uuid": "182e4303-2ff4-451b-990e-73139af51991", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699020, "uuid": "cdfa0935-4f20-4fd9-9131-782355073858", "value": "1baeb24fef83cecc8f0d475d96006ede.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f87b8d46-eee9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683692418, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692418, "uuid": "a195c4e6-db0e-4df6-9919-7c13870cf735", "comment": "Malware payload (RedLineStealer)", "value": "7483f14dbf6e5fd2d6fe102fad09d090", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692418, "uuid": "702da7a6-e3ac-4898-b06d-3c9152e736aa", "comment": "Malware payload (RedLineStealer)", "value": "f9cfd4cc7fd814ed426c494b0d79ad26c7e0c2763c2cf5da86974dcf1fdda6ef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692418, "uuid": "282eae82-be9d-4f30-85ca-81423c816aef", "comment": "Malware payload (RedLineStealer)", "value": "1de4b29cf62136a0f3cc0a85122f1f84e46e7867", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683692418, "uuid": "ff51f2b2-5a36-484f-a91f-6347ffc9f2df", "comment": "Malware payload (RedLineStealer)", "value": "b840d40cbd752ee922786bec89183d7fab57c9c0947db40495f0d1d2782b2c25fa63aa21adb71c2ad07110b0f087d134", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692418, "uuid": "7c8176a9-080f-4761-9dc0-c6c5876a331a", "value": "T131A3285D336430EED4A7C035C9A55C29EAB07036131A92DF52D385BC9E1EAC3DF396A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692418, "uuid": "a4244586-2d75-421c-bc26-092b07ad5b2f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692418, "uuid": "2c9c31d3-20d3-43fb-a445-baf9255a3676", "value": "3072:yIf5nj1wIvdSDMvNcNIObQsS3bsNkZZj+E:ZfZj3F1v4bCbQkZZj+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683692418, "uuid": "1aa5c30c-c08e-416b-969d-03716de93b9b", "value": 106496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683692418, "uuid": "bf9bf410-7c1e-451b-8444-b6184aae7bcf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683692418, "uuid": "84d6eb8b-8dc4-443e-94e8-53212008a1d2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e74dcd67-ef0f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683708710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708710, "uuid": "7b88e26a-4608-497c-ac61-de4a9ac4b461", "comment": "Malware payload (AgentTesla)", "value": "bf07107f47803b5f80663a2bf4816c32", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708710, "uuid": "1fa5d69a-1d98-48a6-994e-edd0441b83cb", "comment": "Malware payload (AgentTesla)", "value": "f9f32bfdbb9f300d51f2262d2df37fed814fda5fb065b27f3d5064426de3ef95", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708710, "uuid": "efa41289-eb45-4726-b785-88d463fcc0e0", "comment": "Malware payload (AgentTesla)", "value": "765c935059e4fe1ee8d898d60ce501a732c9a340", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708710, "uuid": "2060a21b-ee71-4f20-8410-69d34d5dedec", "comment": "Malware payload (AgentTesla)", "value": "9241d802dce210a77bd92c34a4c7ea1fb2e3b4eb054351d34fdd8f91b99295fe30f015414a791c6a2c2696846a3fb433", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708710, "uuid": "3aa6dc62-868d-4052-b67b-c590ca004b99", "value": "T1FEE423561AFFA5CEEBD05B7AFDBF90C045698086470099A95F1F283F5C323E4A804A67", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708710, "uuid": "efc4192f-269f-4684-a119-46c41e47ec60", "value": "12288:KeSxt8KUSb+vdEzCMUuNV47OiaN+whxJByweW2B8AiuqUWH58jOc1KgC4Z:BSxcdvwIu74aiatzF2uuLrOcFbZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683708710, "uuid": "65bfc208-3ccd-4695-89a8-efb0ffef6f66", "value": 668876, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683708710, "uuid": "ead87ea3-7c90-4a44-95a6-32f97abece12", "value": "application/x-lzh-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708710, "uuid": "2ee1182c-c5f2-4167-9b8e-ef43f4b9c101", "value": "TXD REQUEST 9974077497-PRICE.lzh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "429eb691-ef60-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683743223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743223, "uuid": "92b5cc8b-1d89-4c6c-957c-4b642ac2eabe", "comment": "Malware payload", "value": "92a798d76e73c6a822cdf4a9ff6d022f", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743223, "uuid": "6c05d2d2-c84e-46ff-b5d1-f8246ba5b45b", "comment": "Malware payload", "value": "fa5e6602d106c340dc48d4558f4cdefa3ff749b2fa951d3b0e0cfd23419b66e9", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743223, "uuid": "df5f1dbc-0830-4a34-9e9d-9e4e9a3e3ad1", "comment": "Malware payload", "value": "f75a0fa96958ac9f54daf48d033e5e4f67b965e6", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683743223, "uuid": "3044ba97-97c1-483d-b241-8a37817869b3", "comment": "Malware payload", "value": "6c1afc33fccaab751cae937765f0764c304afa86d884475e723170ff523486adb01c0af7a7b97ff739461ae886d3ffc6", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743223, "uuid": "750f2021-7ae6-4869-a36a-118029363afd", "value": "T10CD423A81658F15234BAA2F07804AE31F274A73D6D6C652F03FFE154F18A5071AB35FA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743223, "uuid": "85ea49cd-eeec-402b-a456-204e08f0c05d", "value": "12288:9han6kmvnWYerzk0/7LCD+xcVyj/b8tLXN1r4ExgS7wSxKFwYv3zLYxjT:L065nV0/3COcM8tLb4SNslbv/YxjT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683743223, "uuid": "7af9cd8e-2409-4449-8283-73bcaa799de4", "value": 608667, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683743223, "uuid": "7475c7a2-38d7-4592-80fd-c46e29d0936a", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683743223, "uuid": "088cbb2e-9006-4228-a263-09923ff13274", "value": "Transfer copy.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28070e76-ef0c-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683707100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707100, "uuid": "020f70df-2365-4db4-908e-d17c06acb8ae", "comment": "Malware payload", "value": "f32653c52517e853280540db2f5507fe", "object_relation": "md5", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707100, "uuid": "a133d9d1-690f-4038-a7c9-e73536757995", "comment": "Malware payload", "value": "fb7df147ec4a27325eca01a97e91384f038c7f891a77c2bb9b4bcdfcd636a133", "object_relation": "sha256", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707100, "uuid": "63997368-e32f-4a6d-829c-6667403656ac", "comment": "Malware payload", "value": "1ff2993c8657f3506fe44fab4c6049f0c9256d52", "object_relation": "sha1", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683707100, "uuid": "2ee62849-934f-41bd-bb69-c48f103969a9", "comment": "Malware payload", "value": "d3de51cc5e5cb501ba5ab37f57e53da1b4f98728a0c58de68c14b10eade173ba0ba40c72336ed9dba236475d7e12fecd", "object_relation": "sha3-384", "Tag": [ { "name": "103-232-53-243", "colour": "#7BD1C8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707100, "uuid": "5e28517f-eeb9-4474-a1f1-3e23a6e07840", "value": "T14355E0330E83FDE523630E54D98119588C80F8F76F1CF195B988B5EA6AA5D14EE9DCB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707100, "uuid": "0070d85b-cc7a-4191-81bc-6d229b552e78", "value": "24576:sxk5j+/cQXFmUHlTCLy3UEOecx5YQZOR/7XX/jN/1dprwX3xk+z:BMdXFDFTCFEGNKzLMGC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683707100, "uuid": "0d7612b5-821f-4674-ae78-ffa8467adbdf", "value": 1323008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683707100, "uuid": "509463da-b16d-41a4-8371-4789f2effcfd", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683707100, "uuid": "bd13b70c-e9cc-43b5-869e-282d17c36fc4", "value": "Fidaeimavz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67eec89c-eec8-11ed-b3cf-42010a9c0076", "comment": "Malware payload (EternityStealer)", "timestamp": 1683678002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678002, "uuid": "531970f8-ba33-42ad-8c91-e8753b45d182", "comment": "Malware payload (EternityStealer)", "value": "7fc09e90a6b01b4e45dfb74a398ab841", "object_relation": "md5", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678002, "uuid": "a2ee602e-b6ee-4ea3-87f6-46708caec747", "comment": "Malware payload (EternityStealer)", "value": "fba557d1ea30dc5810637b80408cc8d6491f33e5cb4def703f2b3413d476d93d", "object_relation": "sha256", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678002, "uuid": "b1d8abc4-881a-4aa6-a730-68867f92d160", "comment": "Malware payload (EternityStealer)", "value": "54100dba7c005481041743622794bbe7e2aabb63", "object_relation": "sha1", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683678002, "uuid": "6dcfe9d1-4bfb-4e91-92ba-d70dd7a5a077", "comment": "Malware payload (EternityStealer)", "value": "5635b449761a45c14e97d44b632de3da9e86d260231305943e1d8512eae52c07aae7b65abc43cc99db4888c45634f14b", "object_relation": "sha3-384", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678002, "uuid": "0ff5e63f-48d5-4413-8600-a269026b33db", "value": "T17FB4E103BAC086B1D422153316299F21B57DBC301F7689EBA3987D5EDE352D0A7367A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678002, "uuid": "7c5e98c6-5e79-40a7-bdfc-d725109155b5", "value": "aac51396886833dc961fcd7aab7711e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678002, "uuid": "23472013-c0dd-4ab4-ad93-3bbef92d88d5", "value": "12288:ygZXEAO/BUdG3gVdt7K9T+tkwCEq+GVE1xQ+/Htbat:ygZXoZUTVdt7KfwS+GVEjQ+/HVat", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683678002, "uuid": "b5fd594b-6f05-4e62-9870-512a9c1d16c0", "value": 524616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683678002, "uuid": "6f69e72d-03b1-488e-a9ec-bf535a45ff57", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683678002, "uuid": "47efb72e-648a-42d6-a9c3-ddb16a06897b", "value": "FTrondtloadws.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b65ed26-ef50-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683736339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736339, "uuid": "8a8f954e-d8ce-48a0-9da6-6f3085f82c3e", "comment": "Malware payload", "value": "ea486ef914ecafe12341c4be5b9b5571", "object_relation": "md5", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736339, "uuid": "69c80e53-b782-449b-b245-1cc1bfc63493", "comment": "Malware payload", "value": "fc4fb344a0619027e4b76e581fa0b1dfb1d5bc71633f691f561774fafa27794e", "object_relation": "sha256", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736339, "uuid": "8a2ecbd6-7f5b-4dbb-bf8e-e69f43dfa1c3", "comment": "Malware payload", "value": "572d1bf6619617fb043af9db5d52232fe20afc5b", "object_relation": "sha1", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683736339, "uuid": "3f1e5fcf-2c6c-4336-a5dc-d63252dd279c", "comment": "Malware payload", "value": "ea78c9c4e81c17018ccd61d1f74adac9f8885874ea8e894b7262644ec4cd08a97b1fcbac6d56197be9b6729e06090c9b", "object_relation": "sha3-384", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736339, "uuid": "b4f4ed29-c304-466a-a474-d349a6c9c078", "value": "T17953F89CA48DD598C9B9EBF3E752F0CAE24D737B4A8A44B271AE5FD20203D15E943C41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736339, "uuid": "431e6a51-cd98-4dbd-89e5-2decf39f50f6", "value": "768:I0jVjgocGH4FBncGH4FBQNsgecGH4FBscGH4FBIacGH4FBPYLnnndTVrXmm1wDsP:nXcs8csxecstcstacsaMnnn76gmc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683736339, "uuid": "c86b6a00-d342-4987-b674-5faec1a846ad", "value": 62163, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683736339, "uuid": "3adfa882-02b5-48d4-9f4f-789651d78fc7", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683736339, "uuid": "9bc5f29c-7dee-4472-885d-38e28d2259ec", "value": "=?UTF-8?B?TkRBLTIwODk1NDc2NzMtTWF5MTAucGRm?=", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a6a31c1-ef30-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683722566, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722566, "uuid": "d7e51b06-e715-4482-a1fe-601d1d89639b", "comment": "Malware payload (RedLineStealer)", "value": "3f2db0592b5055a86277c5abc07429a8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722566, "uuid": "26c7ee79-7583-47ec-89dd-c9ecc49afdc8", "comment": "Malware payload (RedLineStealer)", "value": "fc6d4bf3214b6386e4bc7c46ecbea0eee92ef4d57f420b6e87633cbf4c7d73ec", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722566, "uuid": "0ceec3a3-4104-4b56-bcf0-3e135a99a7d3", "comment": "Malware payload (RedLineStealer)", "value": "c62e2962f8c4435a36310d709cb91fb4f2edd8e1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683722566, "uuid": "46d290ad-f377-4df3-b2ac-092a29531252", "comment": "Malware payload (RedLineStealer)", "value": "1a76fd7f8b6f973defcea1eaa85a2733e5f8c1743e7763b82fff30841a7a062fb098d2b6c2a5d3c63cc151405665565c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722566, "uuid": "ec0ffbe9-5a16-4baa-8e99-4b37d93f7510", "value": "T116A40206ABE88073E8B00BB459F612970E32BCA65D74972A3784995F1CB3B94F431777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722566, "uuid": "ac2ea445-d68b-4057-b3dc-7aba34836754", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722566, "uuid": "ed8db142-f5fd-4a17-854d-5ca1a6e2faef", "value": "6144:KUy+bnr+pp0yN90QEXSSMZncReWE8VyLn6R5Xfc9plHEsYGBh2RfsAwicAC8LqzS:oMrFy90F5Oc667spl2Ly8LqUpJKuB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683722566, "uuid": "7eeba627-bc26-4e3c-8ced-080a564d1d8c", "value": 491008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683722566, "uuid": "bb6aaa75-3bcd-41ed-b018-3ed579aa35e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683722566, "uuid": "3303be4b-3820-4351-bb46-e56a2eef1a74", "value": "3f2db0592b5055a86277c5abc07429a8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38949353-ef31-11ed-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1683723020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723020, "uuid": "98b896da-fe16-4044-a5cb-5527788fd9ca", "comment": "Malware payload", "value": "8f9394435551aa93bf22adf1763a50b7", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723020, "uuid": "fb5f6a6d-878d-4409-9401-a9211f7c6b49", "comment": "Malware payload", "value": "fd64653a442693aab99b5c6ff6c7a52a6fa37661fb96253f619da7af56520694", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723020, "uuid": "689aa815-6d44-4da6-8d23-8b990a7c2f28", "comment": "Malware payload", "value": "3bbcfd8b69ac1755ab291986552dc7b2a1cfbf76", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683723020, "uuid": "ccaac6ba-1d9e-42e6-a7b6-105777c94d50", "comment": "Malware payload", "value": "a3faa7d856abff7ec4706aee55a6c309ee98035cda1adc3cdde2f56586e1d132ea21be91155b2128c3be919eddf747a6", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723020, "uuid": "f9a0c67d-1c1a-44fe-a5a9-6eeae7b1fc66", "value": "T164853FC1A3E67C82900B1B713316B7E6E4288B78B59985DFF4447D58F2EE900FAE45B1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723020, "uuid": "906f9716-9e44-4755-b0fe-9c65d8f4de81", "value": "49152:CETY5ArAjIapF8AKpu5wMBPAHfjifal4go+rnjYAAublMXQCskVnhAmHnRhTQkjP:dY5Ark", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683723020, "uuid": "8d2fbe01-d088-4dd8-a3ea-af19acecec19", "value": 1722880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683723020, "uuid": "09c59d99-a0b8-4509-aad2-1392a8791340", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683723020, "uuid": "494375de-1ecc-4908-9554-91891e604efa", "value": "Q Curr\u00edculo maf.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5ffac63-ef0e-11ed-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1683708198, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708198, "uuid": "d7ce6306-8f67-4129-af48-6c522f9972e8", "comment": "Malware payload (SnakeKeylogger)", "value": "aadf0cec059c6bea43390f4cbda89a01", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708198, "uuid": "028b0dcc-7e4c-4863-9eee-2cb2a42a730a", "comment": "Malware payload (SnakeKeylogger)", "value": "fd6a88c61e8b5b68f3f70d8aab48dabdfc21d96d81f823647d310ccbe1fd968a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708198, "uuid": "c8976632-cb57-450a-81d2-45c74da48e48", "comment": "Malware payload (SnakeKeylogger)", "value": "5d14c29e1f9b80de80b4e5e17d688d02c0652ea7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683708198, "uuid": "1964cc05-85dd-4c71-9054-0c0ea22f2172", "comment": "Malware payload (SnakeKeylogger)", "value": "7cb288fef96c3ce1a640e0cd42c5e51d362d7589169db088a917f0482e1381aae372542edeb2d7bdd03069f79b98d9c1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708198, "uuid": "73f8cb2e-db72-460a-b70b-92f5089f4c63", "value": "T17FF4D01162265F2BC7A843FF0A28494613B57B16FD6BD13D6DCF21CDDC22B114A22EA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708198, "uuid": "2571ccea-8dd8-4933-96d4-604d1c08df52", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708198, "uuid": "a294f849-b89b-40f4-a211-6ad12729abe6", "value": "12288:UlZfTMVrwn4CjD7KGDCXBt9yCdBKC+Eo2Nx5O17cOfejPSgeLbT7lYEAG:UXLMV8VIxt9y3Zh2bgyKbT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683708198, "uuid": "1b571026-d133-4202-8d1a-7b494c5f53dd", "value": 752640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683708198, "uuid": "fc7f6eac-6f67-422f-be70-c9b8dddbfa85", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683708198, "uuid": "e092987a-3871-41d7-ab4a-ddc1257dcf57", "value": "4o2gVSxWoh4GNBn.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4496bbfe-ef13-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1683710155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710155, "uuid": "15ab79c4-c958-464a-a8ff-9150aa8a17d7", "comment": "Malware payload (Formbook)", "value": "53b1e7f76a13975256d8da6ecd38498b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710155, "uuid": "4b81484e-adbb-47d7-86bd-2e6b36f93cad", "comment": "Malware payload (Formbook)", "value": "fd9e7154fa56208655424e51f68199716e3e39ca42e12b0b96d1dfe60bd9bdcd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710155, "uuid": "50301fa8-1eca-4e7b-9a1f-1943529000b1", "comment": "Malware payload (Formbook)", "value": "9a9739651d0dc7faefa201e80c54bff3e2d9b168", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683710155, "uuid": "098ae705-88d8-48aa-80ed-3e7b031c4b4d", "comment": "Malware payload (Formbook)", "value": "debbca16ef3a421ed1b9e63e51e3e6eec648d111c2f401e583a64b058e41bd120a42b119aa721094ebf2ed0ffb6bc0bc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710155, "uuid": "c1927929-40c6-4af0-adb1-cbf707fd2725", "value": "T19344121636F6D857DC7217BE1E7F2D2B8BD6F91101B49B4E630C414AFEA72418A083AD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710155, "uuid": "1909b5da-529e-4480-b565-402742a8dd96", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710155, "uuid": "3ae1bd35-439e-473c-b9b5-d7e0538e21e8", "value": "6144:8Ya62WraQ0WpS1M1rizgKPpCfIwg43eenx2g//l7:8YUWrauSqpivPpA1g43eeMgF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683710155, "uuid": "8e23bd60-14e3-4393-9262-5f9220b50823", "value": 272710, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683710155, "uuid": "e39eaa8b-318b-4ae2-9842-4b022fcd0d53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683710155, "uuid": "43203aa0-2b5d-410e-aa89-f7e0f6e617bb", "value": "Potwierdzenie_przelewu_SD717.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "567fdcf5-eef9-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1683699018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699018, "uuid": "c86c78b9-f1cf-4423-b5ba-fa611d81bac9", "comment": "Malware payload (RedLineStealer)", "value": "e17b02d0445dd7f79d2ff81ffcda9e3b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699018, "uuid": "6ecb81a2-1205-4d77-849a-00801e3d2915", "comment": "Malware payload (RedLineStealer)", "value": "fda782d36cbd967d0c3f037110e2419d4676af0a089648fb8c6f8656e97fdb83", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699018, "uuid": "60dc2b4a-88de-4dbf-a75a-36a30e932701", "comment": "Malware payload (RedLineStealer)", "value": "b400930855e956255a98dc9a9cbee0b79c2121e4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683699018, "uuid": "40558829-a3c0-493d-839c-1b6700f2c439", "comment": "Malware payload (RedLineStealer)", "value": "03761de2d3403a5c7675cdadad5e094964be587cc7d39980d1db94acd92e14bcadfdbccd6f99cb1c6f24fd70d28f0958", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699018, "uuid": "bed361ad-0e99-438c-93ff-5dc01db6d6df", "value": "T10CA40156FBE84427D8F513B058F707831F39BEA59C74874A278659AF1CB2A80693133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699018, "uuid": "1bf4a052-ffd4-4391-8459-908611234a5e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699018, "uuid": "026f5eb2-7b8d-4a1f-a9fc-a1fa74a6fdf9", "value": "12288:QMr+y902wUP+F0s/Kq+11wSg5je4oPnJ0h:+ye4rffsjDoPy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683699018, "uuid": "3dee9c0d-e417-4c3d-bfe9-9f7525f6c865", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683699018, "uuid": "7d27b12a-1d5b-47fb-96d3-ca8db43c6735", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683699018, "uuid": "083747ca-81ac-4546-8700-49ae84ab52bf", "value": "e17b02d0445dd7f79d2ff81ffcda9e3b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "783d2586-ef47-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683732575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683732575, "uuid": "09b771d3-7029-49a7-bed2-07f6a521c959", "comment": "Malware payload (AgentTesla)", "value": "2995f8cb434b9975cc3f6f74dd1d1719", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683732575, "uuid": "53f6dff7-c0a1-4736-9e10-de5b5567883e", "comment": "Malware payload (AgentTesla)", "value": "fe233b4b31a505cfb89413f4cc218a34f3bcd7a38589cfd029e01c558b0cb47e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683732575, "uuid": "9b23279f-c204-4016-aaab-2e1c48c3ce24", "comment": "Malware payload (AgentTesla)", "value": "c90323b5566d5b618cd1689060ae95c188a1312a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683732575, "uuid": "9f0c6b67-1d14-4286-abcb-98bbedcfe6ed", "comment": "Malware payload (AgentTesla)", "value": "e4c1c2c82d2ebd5c3a26a560a8ec67e59bfafa5db83e386372b887e569e42b50f72bfde3fca856cc846873e8bc58baba", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683732575, "uuid": "8786b3f5-9dd6-45c4-9ad0-b14ada378b94", "value": "T19FF4E055722A6B2BDBA883FB0A28444513B87716FD67D23D2EDF21CDDC22F104A21E57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683732575, "uuid": "f73f0d97-9d99-4d26-811f-f615234bc4df", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683732575, "uuid": "4854c674-d0d6-4d30-81ca-8bd66063e985", "value": "12288:FhTZfTiAc4ENBb3Rwbva22Qj9UbhnlWfiCUa2TrHlwrZQ+THTXpfNd:LFLa37IFYbCf2NwVQIP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683732575, "uuid": "77efdb0c-11e6-41b2-97df-d0ba5f53451d", "value": 771584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683732575, "uuid": "bc8e728d-e481-4343-a232-0d32d4932550", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683732575, "uuid": "022881b2-5961-4e70-af4e-50f4c48bf311", "value": "SecuriteInfo.com.Variant.Barys.315692.14960.4771", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6e45aa6-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1683705729, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705729, "uuid": "f349b6dd-1d1d-4d4e-b1be-5c3100bd849c", "comment": "Malware payload (RemcosRAT)", "value": "e9628cfc2fa49040e0317a95e96f2f02", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705729, "uuid": "84fb03f9-1268-4364-bf19-26d6a0ad6a47", "comment": "Malware payload (RemcosRAT)", "value": "fe5441d6898cf0dea8ca087588a0b8cbc0154a011f4b81de03d370a237b86ebf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705729, "uuid": "230dc290-5113-4880-abf3-01f855f21907", "comment": "Malware payload (RemcosRAT)", "value": "2ef4c92599ecbe650c7ad44f2da124a057ab8a4e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705729, "uuid": "2b75c219-d34d-4dc2-bf6a-5f2d26c9735e", "comment": "Malware payload (RemcosRAT)", "value": "dd1e3f5c6371baa1843e0be6418b295c2607088a4988693f0a054d0c24442b2827cf46d59759d9139f5fb93898b5fab4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705729, "uuid": "94e0df79-6f63-4da2-84bc-1aa1c236c17c", "value": "T14135F112622AAB27C76843FF0A29458513B4BB16FD67D23D2DDF21CCDC22F514A21E67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705729, "uuid": "c7d30711-4d4c-40c9-afb5-7b9295986f84", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705729, "uuid": "f50bd02e-73e9-484b-b8a9-1fd95f73fff8", "value": "24576:EsNLoubt1FjvDANYfS8DHMaRgWKZZ3xICsFit4:FdpTLANYfS8DHMaRgtZ3xIXFa4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705729, "uuid": "ec6a8953-f2bc-425f-9d28-57fcaab0e94d", "value": 1089024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705729, "uuid": "5e3f848c-72ec-46f7-8522-bf13af638c65", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705729, "uuid": "48585910-6176-4d38-a6d6-cc755e3cb32d", "value": "e9628cfc2fa49040e0317a95e96f2f02.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb06a14c-ef08-11ed-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1683705656, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705656, "uuid": "3da7fe8f-a73e-4416-8fbc-c9ffdca8ca02", "comment": "Malware payload (AgentTesla)", "value": "f7125fa520a668a2ed34c0acc9b86f15", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705656, "uuid": "ffab1ef8-a74c-4502-9e49-8d7bcf8094ca", "comment": "Malware payload (AgentTesla)", "value": "fee8b0a5bd69e9ca4d343dbf309b19ecc9a510dc26f7d84d1095fbb494763a99", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705656, "uuid": "be2100ba-f9c8-49c4-bdd3-30fea79d5980", "comment": "Malware payload (AgentTesla)", "value": "ca6cf452b96bcfbb04828158d9c1115a42aea50a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683705656, "uuid": "fc3676c6-e70e-401e-9e90-06a6cc0de0cd", "comment": "Malware payload (AgentTesla)", "value": "75d097773b0c97f4e0fb2c9c1a96eff54a9c9221945630e5f5894b7390475e0c17931df149942baabb00678eacbd3bd8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705656, "uuid": "b20fa667-edb7-4583-b92f-c7482c17cc93", "value": "T1D0F4E02162669B2BDB6843FF0A28458503F87B16FD67D13D2EDE20CDDD12F104A22E97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705656, "uuid": "0c4213a4-f06f-45ee-b8dd-1b3b679e70e8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705656, "uuid": "c8de49e4-2fd3-4143-b5cf-a607f6d7f66a", "value": "12288:M2ZfTFrfU9CWvDN3FdNLTMaGrCC5mf5iZrauvz/dR7:MkLhfcCWvBE54+rL7VR7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683705656, "uuid": "3e8d8409-c645-41e7-950d-a91601860919", "value": 781312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683705656, "uuid": "aa9ff52a-39d8-4bde-9097-23b3f50af19e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683705656, "uuid": "dca50277-32cd-43d6-a373-3b808ecb44bc", "value": "May Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "378c1a80-ef3f-11ed-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1683729031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729031, "uuid": "10ac4064-ec8a-4306-9c80-15873ed2eeed", "comment": "Malware payload (Mirai)", "value": "c9801e7f33c0e9dc2d8402a248e98f38", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729031, "uuid": "2e283d9a-0474-4cfa-9e73-aa4fd3164070", "comment": "Malware payload (Mirai)", "value": "fffc9e95e26aad721ca04db02a49c23b5317b558b3ab6fa32f22f97c671e222a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729031, "uuid": "c6c9ba35-2d9b-4be1-9818-24046b0277e0", "comment": "Malware payload (Mirai)", "value": "f0269c321fb291edf6b888816f74143493c89e07", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1683729031, "uuid": "8715fe4d-f5f6-4bd1-8481-7c5c7264e4d4", "comment": "Malware payload (Mirai)", "value": "9cc9cbbbfffe9b0ea395e50d3bf461690ef6a7abf29c594fc6e786127f4dfc170c886cda116ae6e64435d9645628d770", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729031, "uuid": "29524065-8cf6-48aa-babb-d2f02d352151", "value": "T153C3F731E8044B1BC2D223F6E75A469E3F351E9793E733115A3879B06FF27992E29520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729031, "uuid": "3a31fa01-64ca-416d-b8b4-e6721edb5c22", "value": "3072:6jVlyaL5JCrIpv04sNbttiEiTmP46aQyfPlfKsNb:yoCJCN4sNbHemP46aQyfPlfKsNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1683729031, "uuid": "cb0b7206-606d-4139-98e2-9921194d69d6", "value": 129898, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1683729031, "uuid": "6ee27415-d97f-4053-b226-bfe12db709b1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1683729031, "uuid": "cbb63617-e0eb-4bf3-9f98-131f1537d5a6", "value": "c9801e7f33c0e9dc2d8402a248e98f38", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }