{ "Event": { "published": true, "date": "2023-10-26", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-10-26", "timestamp": 1698364981, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "158b0d27-6abf-4fbe-a014-77d6decce134", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b94ead1f-7408-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698329131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329131, "uuid": "b8506654-ae8e-47cc-99ad-ccbb017a634c", "comment": "Malware payload (RedLineStealer)", "value": "c0ae72ffc9662e9e3423b1d1a030b001", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329131, "uuid": "eb6f6486-fe06-42d7-95c1-b850954087c6", "comment": "Malware payload (RedLineStealer)", "value": "0011d97090a713f1eb4e4c4b565470dfb58bed32ee20cf3d38df3a76580dd6f5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329131, "uuid": "e4a7d906-3c91-4a34-ba0f-45e31ea0f9e2", "comment": "Malware payload (RedLineStealer)", "value": "f384c1c7f7e8aabb1aac0a4382f0bc3aab03fcda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329131, "uuid": "db4bb1a0-399c-432d-b29a-d82d8464463b", "comment": "Malware payload (RedLineStealer)", "value": "55d44670d9d6c83d502ffb9cb93f05015f2d29690c193e2bedee4f04861448061854e6ad627a3c2b917c1085d20a8a73", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329131, "uuid": "b6e7571d-ef32-40e6-afc6-f39e5b5a485b", "value": "T15F159E2138C09176EDF220B747ECBA2543ADE0B4071956DF06E85BEED7606C27F36686", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329131, "uuid": "3d082834-5e8b-486f-8a1e-1e4a265a0578", "value": "f030c1fd78181b976a79f24c5afc47f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329131, "uuid": "e9f7948b-a584-4b94-a391-3792901ab867", "value": "12288:QjjzdYmmNwOIbDh6z/iuuu9gHgr6w4AtVCVlgzIMGKumjgUVpLvC:ijzdpmNwOIbDh6TJ6K/CVl0N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698329131, "uuid": "30619ca8-4b3a-4068-8cf3-88d09a0df965", "value": 927744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698329131, "uuid": "1cd7ff75-2060-4b00-9405-4d72e9b63874", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329131, "uuid": "f1f259e5-6564-47f4-ad8d-8dbcc95969ed", "value": "c0ae72ffc9662e9e3423b1d1a030b001.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bace79b1-739c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698282748, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282748, "uuid": "d1afff87-c2ca-4529-b75c-710ec2435fcc", "comment": "Malware payload (Mirai)", "value": "cf914fd2d021fcaa0226459ccf0d743c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282748, "uuid": "c4c5861e-90b1-443e-bc28-890ba4a1995f", "comment": "Malware payload (Mirai)", "value": "006a88229b852a62419e472d8d14193526553a3e360e800fbb7d438b46596b39", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282748, "uuid": "68402da6-c2ed-4719-8b63-a8e62a279b6f", "comment": "Malware payload (Mirai)", "value": "471b3ef67fec044f8bda4d0b5c9f8092a58a411d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282748, "uuid": "73262af6-f366-4444-b826-44aab6c8406f", "comment": "Malware payload (Mirai)", "value": "37a501d1264580031579e614eede801ccae456164fa6bd4f0f2222a3cd551740b3312c390ee0a22c879a99fdd01121b5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282748, "uuid": "505b6ee7-a52b-4370-8000-539183b3dce5", "value": "T188F2E0EDA0A8B9C0D45CEBF7A0FC5A495F285680F0CDDB0DA73A8C4D2379CA3A4D9054", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282748, "uuid": "310ff8ca-b164-45c8-8324-3b69ddacb335", "value": "768:c82p/upCf2LnBzXt3+NJq6ITshXKnfY7x5f3L0y/oKMuJHD+hPaW/:c8+/ieUBk3ncfYrPL0XKMuRg/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698282748, "uuid": "5619d70c-0da7-44cd-baaf-7bb5c076d681", "value": 34764, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698282748, "uuid": "972ec6de-fc4c-45e0-b82a-543afeecac79", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282748, "uuid": "257affc5-a1dd-4794-9bcb-2ead4a0cec81", "value": "cf914fd2d021fcaa0226459ccf0d743c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fc49832-7409-11ee-8907-42010a9c0042", "comment": "Malware payload (CoinMiner)", "timestamp": 1698329276, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329276, "uuid": "6aca421d-56da-4116-89eb-539f5fed3a82", "comment": "Malware payload (CoinMiner)", "value": "962b07e17326c1141654532f4f307d4e", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329276, "uuid": "67fb5905-29ec-44f0-b321-5c13d8b639a9", "comment": "Malware payload (CoinMiner)", "value": "0097a9426a4c40673425c9d58f0bc7b724ffcf06eb816a527db36bc68053f6b7", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329276, "uuid": "a3b2a743-f9e5-420b-9034-5098d582afed", "comment": "Malware payload (CoinMiner)", "value": "0a3bfc107e8c82363c2b59c30225f207ca99170a", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329276, "uuid": "6c6c9718-bbb2-46f8-8c76-d1a27617cef5", "comment": "Malware payload (CoinMiner)", "value": "8df39bd8ef1a455bb169f5ba18b78207e96a2313d9ee87ef0bd1ca72d0e1f25339d3b74cfd1fdf728a76926ddd036f38", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329276, "uuid": "a80a3c1e-fb4b-442f-8825-d44c1bdce246", "value": "T1AA04D025B6D0C0B2E0B345306971C6A51E3BB8736BB6448F37941E7D1E707D0ABBA366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329276, "uuid": "a980fac7-b46f-491e-b71f-222857b7e798", "value": "f47591d0b63a3123eeb3a45bb77919d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329276, "uuid": "76f4472f-0e59-4833-9c22-dcf7c5157ade", "value": "3072:MHBNJdiSzhhUooH4vVHJYBikwL8J9bYdBnnnITLxHzaYDGPscHuN5:EvdiSNkH4vbYBikwK9bYDnWxHGYaEc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698329276, "uuid": "f17ee9df-ff89-4a33-870d-12d31a7479f7", "value": 184320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698329276, "uuid": "28f7bdd6-a5e8-4ce0-b9a8-9e8625f49949", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329276, "uuid": "300f20c4-f24c-4ad4-b419-f5f47395eda2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4590f1d-73a9-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698288293, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288293, "uuid": "7e8e6ff2-8e73-4a48-973d-4491ae2b6cac", "comment": "Malware payload (Mirai)", "value": "99cee0c2a25e12010e92ed2d8f591cfc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288293, "uuid": "de2c03d2-9139-4f78-bc81-b9dd3196f024", "comment": "Malware payload (Mirai)", "value": "00a123a0be9cb9e8ed02100de819f1db748790c5584be3277e51131ee09f4edb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288293, "uuid": "ecd66ec7-725b-4d1a-b8b1-5b1638c4084f", "comment": "Malware payload (Mirai)", "value": "66e87ab2c635c04b39daa615186b60b53cfcf4d6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288293, "uuid": "872d07e8-b648-40ed-8846-99118f26edf0", "comment": "Malware payload (Mirai)", "value": "ca724de5732986c967f2a02107a78c56ca5cd30a6a371440614bb81ef8570ba991ae1b0c184f1e77aa3c728008c696f6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288293, "uuid": "01e9b472-4c1f-49f4-a26d-9ef4ed112eac", "value": "T1FF82CF3051AB35E4DBE10430FAAECEC6572A0BBDD1FC36D31658AB7C894610661F93CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288293, "uuid": "42891397-b590-432e-b0ab-da81023bb705", "value": "384:MnfzRV0P6iOwrkom0DRnVATuSlShu6NvmPWtUn+KMa9hymdGUop5h5lW:2dV0P6+kom0tVAoNvm+to19s3UoznlW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698288293, "uuid": "bcb8fcaa-9fd5-4eff-9d54-e712c8d9abc3", "value": 18488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698288293, "uuid": "e79dd714-7fe9-4483-8a82-5cdc62648ce7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288293, "uuid": "a63d14b6-b9ba-46ef-ad5a-3d892f274e9a", "value": "99cee0c2a25e12010e92ed2d8f591cfc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ddb1fca-740d-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698331232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331232, "uuid": "51891f1c-0248-4806-981c-6cc571bf3fd7", "comment": "Malware payload (AgentTesla)", "value": "aa7e97fb76df38362f223fcaae4cddb0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331232, "uuid": "c1ae25ca-b6b5-4171-bcb9-6326f7e5c210", "comment": "Malware payload (AgentTesla)", "value": "00e6686cfbc84d8573b732c346f9d5e4e0f850ec4b67fd36932a25bd0dcbfcca", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331232, "uuid": "4170d9b1-c0ea-42ed-aaf5-6163e772b1ef", "comment": "Malware payload (AgentTesla)", "value": "60db8f08fa9104783f7d25de967a8a2ad6dbd9bd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331232, "uuid": "be4da035-883b-4f16-882c-3fa92fd74b63", "comment": "Malware payload (AgentTesla)", "value": "acb573f5eda31fc06b969e51e8b1c3b0b465b54ce0c51c94a98a9334b123479c8c0be55de94c6ac0bde42bea673ab120", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698331232, "uuid": "8ae9fe34-0ce2-40d1-bb22-eef551af999b", "value": "T1A2D423F0663760169FA0DEAC65DED0B4A2479860B02C454877911AEBF7E1C2B2DF1B7C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698331232, "uuid": "95aa1399-5177-4d6c-8cba-774d8636e777", "value": "12288:oJx1lpAksbuunc5D08JIkkYWNnVWz/rdmlWnZ/z4BFk:oJx1rArb7n+D0ikYsnocC/zH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698331232, "uuid": "d20490b6-5acc-4592-b55e-cbfb973431c8", "value": 601920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698331232, "uuid": "42645a10-51c2-417e-8db8-bb60a7f6ab99", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698331232, "uuid": "7570be3d-0940-4c57-b6c0-dab7563cbd3b", "value": "Purchase Order,pdf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad69ae0f-73f9-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698322668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322668, "uuid": "f9f9acc2-df63-4bd3-9b89-d6b250f56322", "comment": "Malware payload", "value": "36559c0f801adaed7fc90bcdefbcccce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322668, "uuid": "335c8cc3-5233-47d2-a5f4-4771201cb64d", "comment": "Malware payload", "value": "00fb743cf8eb4f04e6f2c76aa53e58f39f430bb1663d2afda1c9287e381c6ec3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322668, "uuid": "1f029911-b501-4422-9554-e33b16d9f16f", "comment": "Malware payload", "value": "70122abc9c683201d24f841f1827517c1c41587d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322668, "uuid": "f18363e6-63c8-4457-bb35-45e1b2e91881", "comment": "Malware payload", "value": "ae0050211d8a27013789eee33cb8a9a53df93cf88657c63ff22dd2c738d331dc09f116b5dbc5f18f450d8997cad4fc92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322668, "uuid": "f2dbb27b-c762-49e7-83bd-b2856cc8ee91", "value": "T192F401143AD9CA16C6BE0F3B48A251001FB1E813AA57F78F39C867AD1C9B7DD4913762", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322668, "uuid": "0f22b0ef-e0a7-4260-bceb-fb6f22f4b4ad", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322668, "uuid": "5e6c081d-ac8e-4631-9511-baa5f6e2d36b", "value": "12288:pdHNF6EsaxIFFpvWr9Ilk1v3zp+7s0UHdb3lcxl3b94y:5FRsK8Fperzzp+bUcxl5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322668, "uuid": "707a3688-eeee-4e5c-a12d-c5339b70686a", "value": 782848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322668, "uuid": "92a59d57-3aeb-4b98-98ba-f2f56c6be995", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322668, "uuid": "a067ab49-f58c-4eb8-921d-2f62e84100b1", "value": "SecuriteInfo.com.Win32.PWSX-gen.15616.9762", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd5149fd-73b6-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698294026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294026, "uuid": "9af30012-72e5-4cee-9a52-d55df485ca34", "comment": "Malware payload (RecordBreaker)", "value": "ad2e81c0aaca39d0a9418cfbb1542e30", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294026, "uuid": "e978749f-6622-4021-934f-7e07a78cef10", "comment": "Malware payload (RecordBreaker)", "value": "0115e19759aa860bfbe33b08e00790b70df11bd6b703614bd916f25e56c74147", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294026, "uuid": "13ca769c-6127-415e-9b78-f835a86bbd7e", "comment": "Malware payload (RecordBreaker)", "value": "f39711323a2488db9e3c6ddf226f4d16fa44e5d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294026, "uuid": "6bac8710-46fa-4e0b-94e6-3a50441f38f2", "comment": "Malware payload (RecordBreaker)", "value": "efb0912ea0d1baa0cd4cb3e172560c61c5dbc9977ac6d18104366d6c73d9f10a5899d176190a9fbdad0b3e0d837e8de8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294026, "uuid": "2aa619b2-7949-424a-82d2-c9c1de2b334e", "value": "T11485235276F85533DE535B31AAF8439347343D2106BC226B3698D4BF2DB21D8A8B271B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294026, "uuid": "84121146-0336-4fa9-a0e6-8c007cc75b11", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294026, "uuid": "0a2af7ed-4b56-41fc-bb92-c81d43eac7e9", "value": "49152:C0+2qNAIq1xoc1zRknHhOnpRMBKvi6SiQU:o2iIfdRkBOnpuRLk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698294026, "uuid": "7a065078-96ca-4575-b15f-2b7d670d4d66", "value": 1840640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698294026, "uuid": "49707ed8-8256-4364-8573-afccd00560b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294026, "uuid": "8224a459-68a3-411f-a444-54a47a7f71f0", "value": "ad2e81c0aaca39d0a9418cfbb1542e30.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "947370be-73be-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1698297286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297286, "uuid": "64734215-e720-4be9-b9e9-9c1e98658ed2", "comment": "Malware payload (Smoke Loader)", "value": "0613ace72a2b87551e65806c2ab874a4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297286, "uuid": "3643b9b9-672d-43ae-94e8-3b395b4e3c37", "comment": "Malware payload (Smoke Loader)", "value": "02a8f44506f086128b18c4efb473c58406026d467f4fdcad07c5d02ffe97df47", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297286, "uuid": "a9e4d1cd-96bd-44d6-9ff0-18368ce80555", "comment": "Malware payload (Smoke Loader)", "value": "a505d064a22a2b377b8d2cc1a3a7925d1cea9705", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297286, "uuid": "316dcc4a-2702-4d28-a30f-e02ca4b842bb", "comment": "Malware payload (Smoke Loader)", "value": "4933bac4efd4b664e4f9fd81a5336f79f6b9443520567c141702b1eb28a261514f989c929bcabf4f680c8fda6d97b9eb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297286, "uuid": "9a09ea7d-2783-4948-82f7-882300182ce9", "value": "T11E4533EB7B1CB0D2DE1D5A3966F060FBE9FD24F9F0786462514826BD34385688F2241B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297286, "uuid": "f66b8cb5-f9d4-4a4f-a171-e8c08f27491d", "value": "71cf2569222413220257b218ceff6838", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297286, "uuid": "724c0892-db59-451e-9263-511b49b7c830", "value": "12288:RTogevdMW/IiJI881r7pyeOJaxyfBtGHKlwRkRkiOo58rHhugNfA4Lm3CQ3rLgio:RTogev4W87pjU5MRtrHqemycwt7Us", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698297286, "uuid": "b30be1ed-c8d1-4396-a4af-aa0a26b83384", "value": 1177824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698297286, "uuid": "9a2190e6-43a0-4c6e-8e81-7843595e98d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297286, "uuid": "5095b11b-274f-4243-ba7c-58629c2f4566", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b16edf2e-7441-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698353599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698353599, "uuid": "5aed6a47-9732-4e54-a5b0-3b58ff1a8ada", "comment": "Malware payload (AgentTesla)", "value": "106a0a1173a5b0dfaad06457a3a55427", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698353599, "uuid": "124290bb-9449-41f2-97b3-aa4616d9eb6a", "comment": "Malware payload (AgentTesla)", "value": "02c5fead904f60ca2323e29856fc67df8e091fe877d68d60a5f00ec6b2a16240", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698353599, "uuid": "62ac721f-d4ff-43a7-a803-b26a7205990e", "comment": "Malware payload (AgentTesla)", "value": "0ab49281182f88045e1e088bf6fe66f52595477c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698353599, "uuid": "966c0e76-29e1-41de-bc1e-ca2120e93abb", "comment": "Malware payload (AgentTesla)", "value": "d5d39199696810c485546b3c0a344a10cdd3009c40c8f1986decf68aa6707fda13019f60785a8431a225d6b4c9be3ff0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698353599, "uuid": "57ad32d3-8170-4df1-9a83-aefeacaf8ca7", "value": "T1B9D4120A33EDA752E5BD1FF9A8B191504B31B966ADB4E30C0C9520EF1673F5187A0B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698353599, "uuid": "31612cb0-5c14-4401-9624-e6cc56496e96", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698353599, "uuid": "8e4aa8f9-3071-4de7-ac09-075b80aaab21", "value": "12288:qGug9gTDAtta5C8XjOdc6wtM0D1tK8DqK2LOLRc9yN6a3C:rug9gTDGMC8X6uKS1tKVKBLRlN4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698353599, "uuid": "95992e00-4289-4051-9821-8f38cae4cee7", "value": 635392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698353599, "uuid": "9e21a136-214e-4a07-add7-0f5138c12c30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698353599, "uuid": "4166a9e9-267e-44f8-bd82-570eeba02ca0", "value": "SecuriteInfo.com.Trojan.Packed2.45852.28711.22800", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85bc88f6-73d8-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698308428, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308428, "uuid": "80ba13f6-da4b-41cc-bed8-c6138ed41f6f", "comment": "Malware payload (Formbook)", "value": "699b84a4a3c73a574bc51f461ad209db", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308428, "uuid": "f4863b5d-3b8a-41cb-85e1-906069c6cbb8", "comment": "Malware payload (Formbook)", "value": "037500eba0044c05416217ea9936c6b9f4d9ee9a0a05d2d7860245fffdd347b6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308428, "uuid": "3473fdb0-101e-4ac3-82be-4143f0484cba", "comment": "Malware payload (Formbook)", "value": "72e373546f81cff47a2c9bd948751fab35a65e2a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308428, "uuid": "d1b4305c-123e-477d-9a44-cc184e45a619", "comment": "Malware payload (Formbook)", "value": "a8f37d44691da6883e568c712e04422024e5e61917b644097b1ccbb0f8b57c2d46bc4f96ff2045ac010655ebc862777d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308428, "uuid": "22443694-e400-4c92-9e30-c6b6baeed3f0", "value": "T1D7E422D8B24D9A65E2BF93B59081718063F6F90AB532C75C0D8F20E90A72F47161EF72", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308428, "uuid": "d47a0a9c-971d-4fe8-a3ca-88e56e3f0097", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308428, "uuid": "be69be94-e6a0-48cf-922c-a5646f0b0117", "value": "12288:bwmi1J9z8Vll86H2O/YJGkcOCXZXr+MNIPXSQ9GWpxgJI02k+warh:bwTJ9gVj8xXeVr+MmPX/0Hq0r+L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698308428, "uuid": "b234a24a-de4e-4b5d-a6d8-475588be74d3", "value": 685568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698308428, "uuid": "e76f1d40-045a-4879-8780-6377af304f69", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308428, "uuid": "a0512f90-bc43-4cad-8580-4fbd03f9b781", "value": "699b84a4a3c73a574bc51f461ad209db", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d92c496-7403-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698326883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326883, "uuid": "113b0c97-f5b1-4c17-8a0d-8ab63698e148", "comment": "Malware payload", "value": "a7bf7255f30df555bf218525eb7238a3", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326883, "uuid": "07dc6f9e-16fd-4d9d-a6bf-1968233b7a87", "comment": "Malware payload", "value": "04168ac939b429be58cbe1561edf7e7fffbb3c458992e693855e98bc7d826418", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326883, "uuid": "dad06e4f-998b-4a8c-a137-88e6e26d97c8", "comment": "Malware payload", "value": "d91799b918499d4fb76c52bc92af4777b5f2a5c2", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326883, "uuid": "4b522da3-227c-45a2-a2b1-7dd910185459", "comment": "Malware payload", "value": "c9ee37bb5da38aeaa63510ee19d57ff2e937765175c1721e2c5c0e3c4ad5abc7a45269acac79bcafd3e57b3d10e73b09", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326883, "uuid": "a6b8db9c-d9c5-4cb1-b3f8-e40d3bf1d332", "value": "T1A277D021B282C03BF47A36B8852AE9D9C9A8BD15072148D777D53EDE8B735C22F35217", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326883, "uuid": "72efce35-e08e-4eca-9598-292caf677af9", "value": "393216:gCtLeMji/ROle+7pcA1jz2KSevGRB/C1rh6c:gMe/aeAyKz4R6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698326883, "uuid": "58d705d4-6b0b-457f-8ae7-eb5e36df8d03", "value": 35770368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698326883, "uuid": "e84371a0-3d83-404d-90d6-61dc126c7802", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326883, "uuid": "6ed5d5f3-3286-4561-9d2c-ae74c4876923", "value": "JPVM-FJX-IETW.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66edbf49-73f1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698319114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319114, "uuid": "5ffb0392-b849-4b66-96ea-6ac7753674ec", "comment": "Malware payload (AgentTesla)", "value": "d021a1bc2d9b10328a7bdb52c6bb02a7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319114, "uuid": "00e8afad-813e-41b5-9ef3-b02356624ec9", "comment": "Malware payload (AgentTesla)", "value": "04accd77cfc52de1bd788eef3bf1b82c9909effa2bd640680901a92b756ae774", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319114, "uuid": "39824f45-b961-4fa3-ad8b-1022685e8528", "comment": "Malware payload (AgentTesla)", "value": "5af8657afe2479a18e55300208543004c4d9e345", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319114, "uuid": "75af4e02-3429-4f11-a4c7-20966042932e", "comment": "Malware payload (AgentTesla)", "value": "196b0e2bde4ac1646d497a73158d28df7f50727fd66fbf14afbcc92ec9fcf35c16d8e377775daccd0ca1ab26cc411ff7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319114, "uuid": "0a75ae32-d1d2-428e-a7ce-785dcde53071", "value": "T1F1D4232A403E95F264AF3F62B3A740C85A3E6C9D9269ED1781317BEC14644F32B14F72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319114, "uuid": "710a545e-d2b3-47ef-80a6-3fc50ce8df4f", "value": "12288:CsRYnFZNv2YDQVpNCdLua4Ye8BTFFMEJi8QmZxLkhWyFHSavhqwHb6VI9W:CsmnFZt2FVHCd6eFWx8Qm3IhWy0avhDa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698319114, "uuid": "7d7ad624-5101-4c71-921e-261c9e52926f", "value": 650823, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698319114, "uuid": "671425ae-eb98-404e-8d93-ab4d37335fd1", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319114, "uuid": "2d8abb8f-63cf-439f-b1d9-43b487e33b5b", "value": "RFQ.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0589438-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1698304259, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304259, "uuid": "1cb6d2e4-7a6b-47a0-9d92-56fb54399f83", "comment": "Malware payload (DBatLoader)", "value": "4d42a98983e76faf14071bd30f3eae65", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gunzipped", "colour": "#3986AB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304259, "uuid": "51c29b38-835d-421e-a9ef-20a2e3ce093a", "comment": "Malware payload (DBatLoader)", "value": "04f083fb8b7b8ff01c98b972859d03db4de185f81877e180317792e2361043cf", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gunzipped", "colour": "#3986AB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304259, "uuid": "1864c4ac-e7c0-4a52-b422-878ac105c1ce", "comment": "Malware payload (DBatLoader)", "value": "85d5b0d5671c51803149bf5da6ff915f98a2bd9d", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gunzipped", "colour": "#3986AB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304259, "uuid": "2f9855df-4c7d-4223-84de-b87057141b6e", "comment": "Malware payload (DBatLoader)", "value": "3affdec82ecb59941f764837eb1c35f86107b7e1f0baf1de67ca98645e109c235ff4048c4c954edcce8c5e1823c5ea49", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gunzipped", "colour": "#3986AB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304259, "uuid": "31a31b1c-a45e-4595-8598-da4f9147238f", "value": "T14555D017E6608871F02A0239AC5B4B2DAF196D2D6D68784E2BFD7F481F31346786D0B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304259, "uuid": "a016da89-5d03-40e9-ab83-4846575343b2", "value": "91a1eb4157c5e26a9ad6d8fdf398dbf8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304259, "uuid": "95f1d125-4d21-4a9f-8b9f-31a5e97eb71a", "value": "24576:UHQhZtDKt9N6+arvC0/hfYPzyB+4Buxrhre0Qxd/0hkEBSBrTFJ:UPt1h24mwe0uMkEKFJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304259, "uuid": "1d9190fc-b040-4935-a1e6-7076541e34d4", "value": 1296896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304259, "uuid": "8ccb53e5-680c-4e7e-9e63-73f80e0a0d8b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304259, "uuid": "d7dd8796-418c-4a4d-a79f-92d26cda9a30", "value": "gunzipped", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00852017-7452-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698360603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360603, "uuid": "8710bbd3-0f95-48aa-bb7d-4a8ef37c2006", "comment": "Malware payload", "value": "f94fa0907f3dcda41619c566a6034cd0", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360603, "uuid": "c31cab72-c793-4ad9-85a3-4fe436887e8d", "comment": "Malware payload", "value": "054f4552ddec2da605090c2fe9836bdbe0a7eee74f3851f39336ea4c69164212", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360603, "uuid": "46291312-24b8-4091-b783-0725b9de6fe8", "comment": "Malware payload", "value": "390786f1ea3e8c0cbef6dcf562d775bd6dfcd8b2", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360603, "uuid": "9be61914-2d36-4a69-b50b-da518ae97d4a", "comment": "Malware payload", "value": "207cf7e7fa5d9f36f563c41cc49b02699368e1f37fe809a8d7e5c6a4ee5e1a0a9ead3c81d24eca9410b39840a7310103", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360603, "uuid": "662a53ea-2ba0-476c-b52a-7a4cbd743d2d", "value": "T135530258DE819C38F6F3273EDD7E815E0BD38EB140972B710A289B90A4C126D5F552AF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360603, "uuid": "62a83f2a-dedb-4816-add8-d465dc2cf6ea", "value": "768:r8YyfqMRkVtciRe0lqzrnoFrj57BKT1rZkygx2sDOA0yFSaAeSq3U7ldMdyfrs7M:UbkTRe0YnoFpNKTVZkMySTjlhASc3k6q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698360603, "uuid": "019dbb99-149b-4bcf-b84a-6d89c7fb4028", "value": 63000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698360603, "uuid": "02b54424-c63a-4c0f-8b69-959de2362dab", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360603, "uuid": "60198cb1-b0c3-40df-ada5-10321afa56d8", "value": "arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a2f3b45-73fb-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698323468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323468, "uuid": "eab0170f-6d92-46f2-8a00-45632fcfae04", "comment": "Malware payload (AgentTesla)", "value": "0a15688ef7e3840060d07209ba4c741b", "object_relation": "md5", "Tag": [ { "name": "141-98-6-124", "colour": "#B1A02F", "exportable": true, "hide_tag": false }, { "name": "irradia-com-bo", "colour": "#DC5390", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323468, "uuid": "df24792b-6de9-4eae-869f-a1955738baca", "comment": "Malware payload (AgentTesla)", "value": "071e26871f3113cbc7687d851e5b7ee6c0ae147470e426164cf65f537839d5b1", "object_relation": "sha256", "Tag": [ { "name": "141-98-6-124", "colour": "#B1A02F", "exportable": true, "hide_tag": false }, { "name": "irradia-com-bo", "colour": "#DC5390", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323468, "uuid": "3a9576fe-4984-442e-b61a-508f4aa94801", "comment": "Malware payload (AgentTesla)", "value": "44377bba9e56c0412d875fe48f30294d068acc91", "object_relation": "sha1", "Tag": [ { "name": "141-98-6-124", "colour": "#B1A02F", "exportable": true, "hide_tag": false }, { "name": "irradia-com-bo", "colour": "#DC5390", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323468, "uuid": "200eb6ab-32ed-4ae7-bb15-8b1cf32a997e", "comment": "Malware payload (AgentTesla)", "value": "f16f68ad129365106f0842234bdca2e93e821b2dc18516bffcd15a2db623ec1c07d07e711ffafb4c08f5157d497af41d", "object_relation": "sha3-384", "Tag": [ { "name": "141-98-6-124", "colour": "#B1A02F", "exportable": true, "hide_tag": false }, { "name": "irradia-com-bo", "colour": "#DC5390", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323468, "uuid": "b76ab1d4-5890-40c1-a167-1d438d17dfd1", "value": "T1796475FAA036ED8A86370E80D1043F179C299EDF667887F8768815D1C19C68C9DE75BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323468, "uuid": "91b76acc-ec2d-42a1-9d85-c959964d1c41", "value": "3072:4HZofjFT4vlFnKscDSmiWWtBMZe/eD4g9Y/9DYn5/RyDX3R6D9OUHtWKRIB+UEYp:gorElGNk3W2//BmHtFry1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698323468, "uuid": "f7027f50-e38a-4159-8e62-38ecb78802fd", "value": 318808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698323468, "uuid": "abe9db77-8174-4bcd-b460-0df6e7b20b73", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323468, "uuid": "53c27773-f8a7-42e0-a0f2-dcb5f20ad783", "value": "co", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9266b634-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304155, "uuid": "369679c7-e56d-4b44-b499-efdd21c1ac28", "comment": "Malware payload (AgentTesla)", "value": "0eb1dd8751b270494cd39ef9c7be7083", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304155, "uuid": "8bcfef37-40b5-4faa-9a96-12ea6a780ec1", "comment": "Malware payload (AgentTesla)", "value": "072c14de8eb9167b65bbb097b169c9bacf15a3412075983fb523f64640359a11", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304155, "uuid": "a7e43113-501e-4885-87b1-6572172311ff", "comment": "Malware payload (AgentTesla)", "value": "25a36f98da41ff5829c1740390f401f551752454", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304155, "uuid": "bb0a8476-4736-4813-b8f4-f51ebab3a89d", "comment": "Malware payload (AgentTesla)", "value": "a1f7a65886dac03cfb33d45bb36c132b109d353b0f227a2b7f82fc5d30974b3c672f48302804e86c7829005c80c5d74a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304155, "uuid": "b72e1f8c-93af-4f1e-8005-c3bcbb7ee319", "value": "T1F6D55A03FA4789E2CD491737C6DB040843A4D7A17623F60A798F2366394B3BA5F69727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304155, "uuid": "9324cb2f-b33d-4eed-8e08-bcb3e6202233", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304155, "uuid": "55a31245-e389-44e8-98ac-372905d44e40", "value": "49152:JyRdHP+1LjQqTBa0f6WBC0W/ygcZR2LbM+WC:JyRZPYVyW0T/7c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304155, "uuid": "7e2ada45-32ca-4b05-bad1-a92b564ae383", "value": 2878464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304155, "uuid": "a54c457b-af9d-4196-859d-2a43bef0bf02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304155, "uuid": "e0b025e1-4909-4117-9379-761e12032eac", "value": "dekont.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "764b6bac-73e4-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1698313556, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313556, "uuid": "d66b0dc8-eba0-4567-ad39-23ee3d27864c", "comment": "Malware payload (LummaStealer)", "value": "88e2bc80fc2fa38e59d1357dbd4dc2e9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313556, "uuid": "96e97ecf-fd49-4fd4-bb92-7c965be72db0", "comment": "Malware payload (LummaStealer)", "value": "07850ea1732b07aae1b520bc4e07f939a29ea8f842993a5849965d71aec14cb1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313556, "uuid": "bf2ea375-1018-4271-8b03-278ac2ca0092", "comment": "Malware payload (LummaStealer)", "value": "2e50e36b3de9ccb4d8a628d31aa1094d5d06170a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313556, "uuid": "577a9226-c61b-463b-9e05-a0f193831be8", "comment": "Malware payload (LummaStealer)", "value": "d22e39782fc8515acb9e36c3782d4a4d3ccb930f466a56d9fa52474487d47f665371d1e330a789ef607048c0ddd035f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313556, "uuid": "e2903fc6-b01a-4bcf-9f10-996fd6b1fbac", "value": "T17C04DF26B6E1C072E0B355305531C2721E7B78326BB6958F77881B7E0E707D0ABB6366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313556, "uuid": "3834b6fe-8f2b-4508-b139-64790dfda1e7", "value": "3eb61bde6c067dec159cc6a0cbd631b3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313556, "uuid": "5a09822e-522f-4291-8366-d922ab602ab3", "value": "3072:4HBNIPSI0n1N0Dia6Autky4D/v3mhGfOYhmf/npcA5lBKB6/Bnk:YOPXWn0DT6Autky4DX3UGFmf/ThKB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698313556, "uuid": "380583b0-3da7-4216-8126-127b761422f4", "value": 184320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698313556, "uuid": "424f8046-7c79-4c48-bbd9-857d43bfa401", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313556, "uuid": "994d82a7-917f-4cc4-a7d6-b6d935046906", "value": "88e2bc80fc2fa38e59d1357dbd4dc2e9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72100976-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304100, "uuid": "61e43d3b-55b8-4f20-bc76-75a22c06bb93", "comment": "Malware payload (AgentTesla)", "value": "d2c54ee5545665b2b26d63419e31ce79", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304100, "uuid": "becb3733-bc45-40d3-a957-cf0cb203c11d", "comment": "Malware payload (AgentTesla)", "value": "07c25b3a189ac13245c109b4d63de2a2eed5570b5a0f831a2a8248bccf849d21", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304100, "uuid": "a1fa4710-670e-452f-a83b-1c0568181911", "comment": "Malware payload (AgentTesla)", "value": "c33b748f24e95fe142ff5248660d4b2b5ce9e715", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304100, "uuid": "0a66a35f-118f-4217-939e-18d5e73aad48", "comment": "Malware payload (AgentTesla)", "value": "dde6e2d16d5ab3841555c559a4894fa5e4a5fb2deda9c9bf51c1d54ff12004f3a629c1b7d3e5cc3a0c724b6a42ec5fa7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304100, "uuid": "edd3dfb8-c5bc-4734-aef5-0dd7c289f403", "value": "T161225C39ED390078E71AA13A616353104F2A39D30E5722163BB2DB5E6DB73F6732E508", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304100, "uuid": "5aeefc47-e5d5-454a-ba1b-a5b3a3398888", "value": "192:Wu5AZcf1fLRnQOV8vdQjmzMZM2J8JZUYv1FSyJgyoLDIYuUBfc/Wa2G5M9pQbugP:H5AQ1z38qmwKrZrbxOuUlr0hbuyV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304100, "uuid": "dfed9ed6-3dcc-4dcc-a691-41bdbac4c599", "value": 10024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304100, "uuid": "3bc6f185-999c-49b8-aba9-521f62fd59ee", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304100, "uuid": "d0269406-cdc2-4956-bddd-e63810c436e6", "value": "Nova Ordem\u00c5\u017811142023.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1df8952c-73fe-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698324575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324575, "uuid": "543b4e50-31b1-4218-a3b4-0d65cebf0146", "comment": "Malware payload (AgentTesla)", "value": "dd9e0aee52164d56cd1cbabaf0b79885", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324575, "uuid": "7e5605a9-0aa2-4c4a-b33a-d794ddb2d1c4", "comment": "Malware payload (AgentTesla)", "value": "08dfe704ee9001d625c1ff19f0a1805cf760d014af5a3cc0b5aa3b8d128645c7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324575, "uuid": "e20f2a59-1d87-47f5-80a8-42efc63fbcca", "comment": "Malware payload (AgentTesla)", "value": "83acfbe1329fd4343d34c867291c6691d3ddf7c6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324575, "uuid": "9aa997b0-0a49-4e06-a028-a14ed8db85fb", "comment": "Malware payload (AgentTesla)", "value": "40efd9bd23a762c0538a0b8dd5be83c1652c1b20eb9faeff561712f744c6500c761f44c88da1bbcead0bc472502618dc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324575, "uuid": "235b249b-a0da-4b6c-ad3e-4237eada686f", "value": "T1A1B4D090E2F6220DF5E30A759E7562F5A63238227B02D35ECD84D14D742DBD7CED0AA2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324575, "uuid": "085500dd-a28a-4a91-bce2-8fbd313966b4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324575, "uuid": "bcbf4a93-f1ff-4700-992e-c6115ed4689d", "value": "12288:JGsuBM57Bmm7PHKsJkcOXqi/maMSf13tq:JGs4g/KsKfqdahd3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324575, "uuid": "ea4232b7-d369-4685-840c-996c1160a555", "value": 525208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324575, "uuid": "cf144dbb-2661-4d5c-af8b-fdc908add354", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324575, "uuid": "764d5337-b761-4ddb-8ee6-e119bc680aa0", "value": "RFQ# 6200046003.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec724d7c-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (RevengeRAT)", "timestamp": 1698303876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303876, "uuid": "72f17fd3-c7b0-4030-9b08-dda6a2cdeff8", "comment": "Malware payload (RevengeRAT)", "value": "3901e82dfd40a987d4ed553596dc2546", "object_relation": "md5", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303876, "uuid": "d9d30674-9159-4c7e-8854-0e01d1346555", "comment": "Malware payload (RevengeRAT)", "value": "094833746aa8d44ee821da851cf28bd5fdee07d93b1800afb61a8060c434098b", "object_relation": "sha256", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303876, "uuid": "448769d1-a0ec-48b0-bbe7-326f639645d3", "comment": "Malware payload (RevengeRAT)", "value": "129217f67a32b49dabe45b58526deba57f4867d1", "object_relation": "sha1", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303876, "uuid": "7f4f9782-9f59-4642-a492-4d333e243c12", "comment": "Malware payload (RevengeRAT)", "value": "6d6e8052da238e22aa7cd2f225f9beb7befafd87e9c80952b0c8c2b92e704d464510a1ef06f85cba6f7438289df002a3", "object_relation": "sha3-384", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303876, "uuid": "dbc901b8-0b6d-4d0e-9e75-0e1d4cadaef4", "value": "T108F1AFB1E8D5D156CD63463AC76CCA2EFBBEC25695AD0A4FB4E8E42C019000BB393225", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303876, "uuid": "5bc689e1-6120-4a8a-a799-6681454be14f", "value": "192:xrXP/MVcrr38xCIr9RUQqHDajuPrLu01f5y+Ewx5GE:dXPDrYCM9OTCuHXxTxx1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303876, "uuid": "051a471c-bb07-4f98-bce8-3b50411e8df4", "value": 7962, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303876, "uuid": "feb82e7d-9ba1-48ea-ad43-00516f8727a5", "value": "application/vnd.openxmlformats-officedocument.presentationml.presentation", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303876, "uuid": "81205158-2078-4a55-8605-d4db6953cfc5", "value": "Reserva Detalhes.ppam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50aa3570-73e6-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698314352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314352, "uuid": "6dd26679-da9f-43fe-8e82-3b022cb20b63", "comment": "Malware payload (AgentTesla)", "value": "7265cfd5aed20530bf359291841f7ca1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314352, "uuid": "84f79611-8925-4def-9821-9f48a51dab35", "comment": "Malware payload (AgentTesla)", "value": "0a26a32f561ea22a70dd7155c5485400fcb112c055909c6e79b49158d48f5090", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314352, "uuid": "df90f1d7-51dd-4dba-a409-7afb30bef049", "comment": "Malware payload (AgentTesla)", "value": "52ba6b93b783356d019bacf6062943eefe5def44", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314352, "uuid": "31422471-8c4f-429b-a666-ae1ab53d26a4", "comment": "Malware payload (AgentTesla)", "value": "0eaf32b04fe0ac0a5f76afdc9f38e36e39c83a4d7270ef32995f3c71fad54bb2de44fa978639494d8c492e7ef90ae7cc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314352, "uuid": "2873b36c-0a55-4877-9085-a0406c7e4d81", "value": "T10AE42304F8411BA255660CCE7CFA03E413735756A35FB79AA32DE4CD4E893BC085BB59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314352, "uuid": "263111ae-181e-47cd-a500-19708bae8ce0", "value": "12288:AqnWKRnmLMCJCS/NTlEzTtsPifbc8MMk+TCy9LPPh18DdObPLlJE9B926:b3nmLMCl/NTl+Y38zKY756koB926", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698314352, "uuid": "a6be0d1f-7721-49c6-bdd1-e82a35e897bd", "value": 718949, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698314352, "uuid": "14627a53-8aef-4122-bc2d-2d103c01d09a", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314352, "uuid": "28a6b8ae-dff0-4c6c-82b4-ac6f6203e2c7", "value": "Swift Copy.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d817664-7408-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698328950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328950, "uuid": "0ab6e9c5-fee4-44ab-8547-4d2bbf397a93", "comment": "Malware payload (AgentTesla)", "value": "70e608199c385dd8d7559cad4aaea7a9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328950, "uuid": "c7d8dcec-f984-450e-ae13-e416fabf6570", "comment": "Malware payload (AgentTesla)", "value": "0d14d4e3b742bfea99aebb68954101b2509b7c92de33d27006fe81110e5ea3ae", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328950, "uuid": "6e78079c-88a2-429b-a63d-4e60d64c4b7a", "comment": "Malware payload (AgentTesla)", "value": "7b4b8159f7092f588061283d8281618b04aab024", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328950, "uuid": "3bf262c7-88c7-4b3d-9b5e-7d08604206c8", "comment": "Malware payload (AgentTesla)", "value": "3ddf930f2d03dd10196fba65b3d8d8cd50fed92ec9a55507556570a1278251c44d8f8e049a15708981e8dd1e6afd260f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328950, "uuid": "b0c0d972-65ca-4594-b646-b7e82e30ac6d", "value": "T186B41250BBB90328D7D1C7FADA95249067BA2A537410D22CECCD65D63A20B735AC4E3F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328950, "uuid": "23065cc9-0546-4e1f-b82f-02b6c7040216", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328950, "uuid": "c17e6566-9f27-420c-a3cf-9cf40c44337d", "value": "12288:zXcvVPnb7kyzPriAs0aESpPYFSbxVjNmT2PX8NNGJxObmtEeu1ogb9OY:8VXjP97kPYYbnOI6UF89OY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698328950, "uuid": "c65f19b7-4507-4909-a6f0-461f287b1ae3", "value": 537432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698328950, "uuid": "e01b8a89-c3e6-420a-9899-48e049455f4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328950, "uuid": "eb45553c-3486-4954-9b22-9d256d1ba1a6", "value": "SecuriteInfo.com.Win32.PWSX-gen.11192.4604", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c80e87a7-7456-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698362656, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362656, "uuid": "1cdc2a5f-e6fb-48b7-a0ef-3e1eabed6aec", "comment": "Malware payload", "value": "b59d0b9a3c471e97cf7cdc53828400ae", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362656, "uuid": "7d594dc6-355c-4dbc-b398-7b758a73d623", "comment": "Malware payload", "value": "0d50a68e5533baf5b38f1313b7f0805c3e9e9bb134eaa966ce9e1b77c3f13423", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362656, "uuid": "c65cf63b-bb67-4188-8483-7bbe85865bb3", "comment": "Malware payload", "value": "1207ff6d682880d4bccfb81b4c0665be0a89671d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362656, "uuid": "37c13046-43cf-4f72-afe6-4ea77f91b04f", "comment": "Malware payload", "value": "2a6084558b1f0d048156b7b9c0a8ec7e9a5c93550f64363f6eb028f9d9509ada71a90dfaeb68c7aaa7a1f46c07c2d60d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362656, "uuid": "206b7558-d7ed-4990-8f37-8e8222dda851", "value": "T1AFF2E0322A89F471DAA22C75F9AC9F4B13294AFDF0D6351716D00B3CF6532A38436A53", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362656, "uuid": "9daa534b-1748-4ffd-82ef-d349417a7341", "value": "768:NnhWYMpSp93FZmZ/lDnbJBMr6Q16TrjeaUx4NP/k3U1:NnhWYMopa1nLMrXArgxSH/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698362656, "uuid": "8e8e35eb-c85d-4c4d-bd9e-991e55e23195", "value": 36932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698362656, "uuid": "c5db5d39-fe67-4c8b-aa48-6c61b51175ef", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362656, "uuid": "1f624e65-73a4-4c19-a5ba-791b71ee5ed3", "value": "b59d0b9a3c471e97cf7cdc53828400ae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd91e21e-73f4-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698320548, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320548, "uuid": "4ca8cdc7-b250-4cc9-8e1a-7643945daaaa", "comment": "Malware payload (AgentTesla)", "value": "3f9ad1ca27fdba1489e9a8d051fae7d8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320548, "uuid": "91640325-5d6e-436c-91cd-fea6084be41e", "comment": "Malware payload (AgentTesla)", "value": "0d811777a1bb73b20b361ce2f48fb990a802a43f4e9dffe1feb2791160257463", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320548, "uuid": "31afd30d-0dc9-4334-abf3-4d36e6e75a96", "comment": "Malware payload (AgentTesla)", "value": "14e359198a60010af33b505f3096f421451bff46", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320548, "uuid": "bb317f2a-0b32-436e-9277-f52488f0cf21", "comment": "Malware payload (AgentTesla)", "value": "64338f81fb8375f5621494bff7b2ba79b2c9f5fc504e131da43f21049257ee6f6f1b3e70948e789725efc912127efd10", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320548, "uuid": "6b566fd9-1bf8-4861-9211-6d07ae339a31", "value": "T186F423515D51137CCF07E059BE62115EE6A1643C93F4FDCE3123A880C6959BE8AF22AE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320548, "uuid": "11fb93e9-c95c-4404-a95f-823f6ed7f177", "value": "12288:H1ui9bvVbICGzsKf1fxqJyUnEna0SgkMChhqfEQi/rlztVbHFU6hfgpdhC2:VugdICs5/q/nE2VhqfED/rlzxFIpC2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698320548, "uuid": "1abd432a-6261-49b1-b7aa-bb088a4bdeca", "value": 740137, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698320548, "uuid": "5bc9433b-84d3-46cc-993a-bb49a39c8df7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320548, "uuid": "0c5cbe5e-2841-4939-9e4e-5eee110b1c3f", "value": "Shipping Documents,xlsx.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16b8b59e-7399-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698281184, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281184, "uuid": "688793db-daff-47e9-85b7-86b42374cbc3", "comment": "Malware payload (Stealc)", "value": "a422564dc6c6e14c00e0c1156578afcf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281184, "uuid": "90610e5c-21e4-44ce-99f8-6e2043b8c62a", "comment": "Malware payload (Stealc)", "value": "0da52986a600276659b8a0d16f08e88ac05eec7dbebb3bd6138a94ebf8f1fa75", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281184, "uuid": "d5cb5245-9568-4b51-9b08-145c4c02eb4d", "comment": "Malware payload (Stealc)", "value": "c4bee811a90e120647d5785418bfbbb63a9a89ae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281184, "uuid": "00392ca0-a951-47c1-93ac-362f15937476", "comment": "Malware payload (Stealc)", "value": "c9bc3892698164a5176bbccc9c09cae8c66a4051c32265c57b6a2c2140f96b0cc419aa44bf81ce31f0524ef10cafda35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281184, "uuid": "b844f516-5c92-4bc5-a744-d335dcfb1033", "value": "T1FB953353ABE51460DAB45BB018B512431B34BDA0B8785B4B1392622C4AB3ED4F773B7F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281184, "uuid": "ebeb7f01-c35b-491f-93a6-4fa4dfe401e7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281184, "uuid": "a9231eb5-fe31-44f1-bd88-d143036a7fd9", "value": "49152:Vsi6Frs4n9GJaT4FYrep/0O4UF5HEGeMQEr8vDW:V96FTncac2re90a6G7ro", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698281184, "uuid": "b3e8283b-3bba-4ce6-8774-5a9e54f7842e", "value": 2011136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698281184, "uuid": "a30a1199-fcfb-4807-8eb8-09cc3451bbc5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281184, "uuid": "33694e75-1e24-4f58-a151-0c3799ca1a7d", "value": "a422564dc6c6e14c00e0c1156578afcf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f200d81a-7442-11ee-8907-42010a9c0042", "comment": "Malware payload (Glupteba)", "timestamp": 1698354137, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698354137, "uuid": "1b49fe50-6a69-4e0f-8354-62aba752e044", "comment": "Malware payload (Glupteba)", "value": "2c4bdd123db302b99dc949f27930fc8e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698354137, "uuid": "1cffbf53-066c-423b-8200-0ab5f5d807bf", "comment": "Malware payload (Glupteba)", "value": "0ff5066a1c9caf9db55ddca514049faa9badfd6bee0a6e8ba825ee8198b65efb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698354137, "uuid": "f4bccbb1-410a-40bd-808e-712e4fdb3294", "comment": "Malware payload (Glupteba)", "value": "eeac90eac276a84b9aafcf032469c61a7c7f5082", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698354137, "uuid": "37d3c93e-7e22-461a-8929-0a497c436250", "comment": "Malware payload (Glupteba)", "value": "5ce86f5c1989bd378bb35e6920a3f537005d4536356c54ab6ec91bcfac5e4a3bbed79192038cc5bfd4b00f2f7c79cd7c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698354137, "uuid": "10748028-c405-46f6-9073-f810b199c37b", "value": "T111A6232DB09A8803E5F7C731DC685397929B3636B6126C7FE2B949E4B433078F974684", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698354137, "uuid": "78d30955-082e-429d-8b42-c05b54455df2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698354137, "uuid": "08117bc9-5a22-45f0-a4ab-1f52b092ef0e", "value": "196608:0FpJ15dS860sFh2Np+qFZDLhwEfkzO4eWsfloehi:w50FhWDLh5kzOhfCs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698354137, "uuid": "a9d57c58-3bc0-4a6c-a33f-3ec83fd22422", "value": 10352640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698354137, "uuid": "1e33e6bc-aa5b-4cac-ac63-fc1ae4f2109c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698354137, "uuid": "ecd7f65b-76d4-4e1f-a96b-38d74e842734", "value": "2c4bdd123db302b99dc949f27930fc8e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f4a7c6d-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698303666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303666, "uuid": "d37e8dea-f1b0-4df7-9bb7-d73b98e14289", "comment": "Malware payload", "value": "6a419d41d96de80983f2d54c6860aa6e", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303666, "uuid": "a899dba0-b771-4009-bec8-b437421f947b", "comment": "Malware payload", "value": "104c4b4b3e9c92d7d56c7b809e6f5b1f2e6cfb41ca3f8ac9ac2c7c5346934488", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303666, "uuid": "903faa7b-ac17-4544-a248-3e50785e405f", "comment": "Malware payload", "value": "3efd347283bbaf84774f8460c65d61c640ec6bb5", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303666, "uuid": "e03b36fa-6aaf-4ba3-956a-a564e26f6002", "comment": "Malware payload", "value": "602ec7cfc5b808413f62996651a708bd6f44b7e7e2f68579572ecbf8893adc31d3e169a022a7787c7adbeb84ad876a3f", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303666, "uuid": "130e407d-2fb0-441a-94d7-c1e901edd718", "value": "T189C08C68987DC107E9A7B0820333CB2C45D0EB823324EE230A04DD9DA34C6909E2A086", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303666, "uuid": "73a7fd49-3792-4dd0-903a-e7156331b171", "value": "3:j+qAHmcYonhcDQBfBwzjDcYWA6/hEREaKC5SufyM1K/RFofD6pYWtH4rjLAA:j+qf+hnfBaPYA6/SiaZ5SuH1MUm2GtA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303666, "uuid": "cfd07422-81b5-4c08-88e1-41c0f15011b9", "value": 170, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303666, "uuid": "2abf9aaf-81d6-4fe4-9222-014fbbe96839", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303666, "uuid": "ceed76a3-00eb-4dcc-9a0c-8100ddf0bb3b", "value": "Svchost.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9fa558a-7396-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698280277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698280277, "uuid": "6afe2adb-5eef-4d60-82bb-33850213092a", "comment": "Malware payload", "value": "9f56bccaabe7f93036bcf24f2ce2eccd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698280277, "uuid": "5bde4eca-a45b-4040-a5a9-21f7541560c7", "comment": "Malware payload", "value": "125aad835e55a82fab2d5115ca711ebc1dc96ba29facab1bf356ed5557ee00e6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698280277, "uuid": "ed95ec7e-e61d-4335-a6f6-c50162b4e57f", "comment": "Malware payload", "value": "b890276c64bb3af9137ea029f70c98743a87e707", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698280277, "uuid": "955ed725-c241-4584-a6cc-4ad8a26dc76e", "comment": "Malware payload", "value": "8a194b8eeb07aaad38c0ca1a378c7cfff1833a14e9bc70b1f9811bd2716688677564afc9bfc6a02883122aac3101e7bb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698280277, "uuid": "875848a3-a7f2-4de8-bb2c-5b3546d67c52", "value": "T13125F12A7EB3CB67D50CF9335CB38AF4E8626C718C12867F1749699D3936314EA27046", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698280277, "uuid": "7d878b6c-e0eb-49f1-9108-0a630d41438c", "value": "deba71fcd4e68e93af678f2a5e291977", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698280277, "uuid": "332b62f0-ad30-484f-b51d-d70a3c62f0eb", "value": "12288:+R5nWFpPoSxgiXiMhr14hBb0QwlPImIyGLj5cExVbR7XPTHhcJ:VboiX914hBilP4yGikVVX+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698280277, "uuid": "e0a6fe0c-1d6b-4f6d-9bc4-6238b6dc351e", "value": 970933, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698280277, "uuid": "fbd6b1c6-613d-479f-bb18-1d37c06aebf9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698280277, "uuid": "06281620-0379-4d39-9cfc-2716c49d532f", "value": "SecuriteInfo.com.W32.Agent.NNJU-2136.2626.8330", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1517440-7456-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698362672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362672, "uuid": "21e29537-b0e3-4b48-89c1-9e149a5bafd5", "comment": "Malware payload", "value": "24e1c8e99cb200ab314d8f350e304c7b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362672, "uuid": "009705d0-2de8-4dde-9b4c-3f0c89e921cf", "comment": "Malware payload", "value": "12678e4c016b2b7705df77f2798b94324dec50ae5d0b7438528e6c976113e7e8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362672, "uuid": "713f800d-335a-4b04-b3e2-b62809b15eb4", "comment": "Malware payload", "value": "6f9a73e17334ab581c5f44c175b7b2bf3690bcf3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362672, "uuid": "7d5c5c95-03d7-4b4c-ba91-ee3caab010d7", "comment": "Malware payload", "value": "62137694c769d0ab89a9ee7630ebc7e317e2cf6fd063c44aa8fb35fa105919c70fdb3cc60afffab30846e75143ceed18", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362672, "uuid": "56652e15-a32a-47c8-bbb2-2d0d07d76a81", "value": "T149F2E162D3CD9AC0FFDF0A727CB6CFD12FA4C68296A685D0A4213F6441364327464EDA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362672, "uuid": "8686c7e8-1651-490a-8c6f-1dbb5b49370a", "value": "768:75nGGh+LqAIHoAzVkOZYihMHEGgM00x4uVcqgw02NWXs:RGGelVOZtMHiMtx4u+qgw06WXs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698362672, "uuid": "06d32c53-1226-4bbe-8ace-b7b493421646", "value": 36520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698362672, "uuid": "76c7b099-bf5c-4fc4-9890-bf6795aed443", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362672, "uuid": "42ae80df-9137-4c57-bcf4-e179ce6d2cb8", "value": "24e1c8e99cb200ab314d8f350e304c7b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0665853-7418-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698336041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336041, "uuid": "64ab4d34-e8e1-44bb-a91e-d640d39423d1", "comment": "Malware payload (Amadey)", "value": "75e248e0090790b20954629517ac8403", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336041, "uuid": "be927215-f878-4cb4-95bf-6b5e07720c21", "comment": "Malware payload (Amadey)", "value": "129f458362f24528aa343647b84e6554384bb79e174ba52268c2988038bfb4f3", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336041, "uuid": "612fece9-6361-4545-a414-e19fe7589dcf", "comment": "Malware payload (Amadey)", "value": "8941ff81b5505c5d45c67ea4fa31025cac68023b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336041, "uuid": "5e28a9d1-f66c-43cc-8e4c-8161c7c1364b", "comment": "Malware payload (Amadey)", "value": "b85e8a795d7abc40fe769b56a96510407cbeba8aee1ed437f1d588bb38f610fb315d6ee4d29b5a5cb66dbe0414550f64", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336041, "uuid": "f1abb49d-1d21-482e-9f40-364f624f27b1", "value": "T1FD158D2178C08176EDF220B747ECBA2542ADE0B4071955DF06EC6BEED7606C27F36686", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336041, "uuid": "aa042855-8fb4-4762-9076-fa676dcf7a28", "value": "f030c1fd78181b976a79f24c5afc47f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336041, "uuid": "e1b9a347-2c1a-45ac-a00d-58b717d1dee6", "value": "12288:6jTzFxmmNwOIbDh6zvqWuu9gHgMSw4AtlCVlgzw0+6umjBgmnTLv4:sTzF4mNwOIbDh6DqSa/CVlEn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698336041, "uuid": "d865cd06-4eba-4df8-ad44-b30f914450f8", "value": 927744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698336041, "uuid": "97ea5ace-9cb3-43b5-8253-234cbfc4f4df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336041, "uuid": "eda11e61-7b3e-4ae3-b574-d0f2e4905228", "value": "75e248e0090790b20954629517ac8403.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bd84167-7408-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698328947, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328947, "uuid": "b2db2e87-d4ac-46f0-a4e3-74e07470263f", "comment": "Malware payload (AgentTesla)", "value": "460b2f9237e4977227a16e51e897ab2e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328947, "uuid": "f351bf9b-7025-4d0f-9cff-da553f2f9a30", "comment": "Malware payload (AgentTesla)", "value": "12b0e9070b1cb188d48c3b702307c7c544e0f4e9126b6552653b5bf72c9530f3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328947, "uuid": "58b61d13-840e-463d-95e4-5345af5bd799", "comment": "Malware payload (AgentTesla)", "value": "28a6a1b66e43d8387ae2966fc712a7aec5e64472", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328947, "uuid": "95fd6880-4696-4ef5-bca0-f685840e68d5", "comment": "Malware payload (AgentTesla)", "value": "db92bb5995ab35ccc00f08541bbff7a3f97b17b8c5ec5202163ced0a19b513ab9c3944139c9c5538da470308f36a4f56", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328947, "uuid": "bf61500c-3376-438a-9a0c-8a2bed25149b", "value": "T191D4124833F85762F2BA1FF99C7050505FF5B32AAE71D64C1EDA21DA1263F508A50B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328947, "uuid": "50dc60c2-9ad5-43d9-aa05-30fac6df2dad", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328947, "uuid": "645fa476-0fed-4905-8dbc-4f61123270c7", "value": "12288:zGeKIbuJ8RDDDVakqEO9Cnblo1UMby2mv8aUe53mCi5Zez:Se7RpCEO9+Zo1+Pv8Zkm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698328947, "uuid": "da8a82b4-dc77-4901-b4ae-0f93b3ad2c87", "value": 637952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698328947, "uuid": "5b24b976-e946-4da3-922e-7b64a639c4e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328947, "uuid": "50411f82-9d43-43e7-92c9-7097f53367f6", "value": "SecuriteInfo.com.Trojan.Packed2.45852.23659.14503", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95f12fde-7429-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698343245, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343245, "uuid": "36dbc91e-8880-4ac7-987e-148cb2e5b0d9", "comment": "Malware payload (RecordBreaker)", "value": "7b23cb927ad0c830766c27f181f97802", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343245, "uuid": "b102e1d7-fecd-48b9-8c92-fbd9dc860a7c", "comment": "Malware payload (RecordBreaker)", "value": "13bd886815f300ab9955f3297778405485125ad64d8661dc9c9772a6ab0e04d2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343245, "uuid": "9829f665-8e14-4458-90c7-07d17f3bb069", "comment": "Malware payload (RecordBreaker)", "value": "c749edbd541dd733ab4d5adbb2c2cf8bfd989bd5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343245, "uuid": "438d0297-8588-4283-b028-4a8b497f14da", "comment": "Malware payload (RecordBreaker)", "value": "6d782f3a9ed55d89f1e524c1310ec3b02d530d9eeffe95c14f322a222fa3b6ec332b7c1802a2a0416693c2df8867fd42", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343245, "uuid": "25ce8a1a-0596-4ba0-8e8d-a469890773a1", "value": "T12E157C2138C09172EDF320B787ECBA3682ADE4B0071916DF06D857EED7506D27B36696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343245, "uuid": "00f0ec31-2576-42d4-a147-3c05bcca6e15", "value": "09b5d280d2d122a8b769c1e2cd1b4ca6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343245, "uuid": "d159a6d3-0c92-46fa-b155-74384be2ae4c", "value": "12288:LVSsmNwVMzNcmaq6GoBREa5q6YCHn9uq9hjaSOUuvSw/JD8:RmNwVyNcmaq4Drq6YUEq2l8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698343245, "uuid": "0bf7619b-e857-4be4-83fb-1c25b7b19e4c", "value": 933888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698343245, "uuid": "af4f99bd-9630-4fc4-8e09-55d427a99075", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343245, "uuid": "fcacec0f-5894-4a93-a24c-b7ae0024c9a5", "value": "7B23CB927AD0C830766C27F181F97802.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fad47e7-73f1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698319048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319048, "uuid": "5f0b1db2-01a1-4036-ade7-ec7a76cb66c0", "comment": "Malware payload (AgentTesla)", "value": "3d15268483227137ec402523e248fd87", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319048, "uuid": "571e7f8d-5e78-4a8a-9740-74157b9ab32e", "comment": "Malware payload (AgentTesla)", "value": "141a5b247877921ff5e4b58b0aeaa36e6e4de38d87599ee6956308e2b70589a5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319048, "uuid": "713c6a7d-2cc5-4a88-b329-1ffa3bfc33f4", "comment": "Malware payload (AgentTesla)", "value": "4927dedd804fbcfc605d87e19b9fd73487ef0e8f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319048, "uuid": "669b7a63-a588-4b02-8d74-c6ce4865a297", "comment": "Malware payload (AgentTesla)", "value": "d781a1ad8914ab059634e2f0170a5f058863ab335d7d9f9066bbc31dc36d1ce082f927c87a353dc013397a687b70bb6b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319048, "uuid": "37f9e152-b6a6-4c2b-9dd3-3c5c77f1cd82", "value": "T115F48D84F0D62591EC2AEBB1C776CF748663BEF96539A41D2CCE3E1337B75829611022", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319048, "uuid": "208d609e-6fe4-4b58-b5d3-9c156b49012c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319048, "uuid": "0020fe62-95fa-4d4f-8f48-da1428875d62", "value": "12288:fCJ3CMumFgGcw8yMaIQ3CqnLqzXjVp4sg6zFTf28a7sP7r9r/+ppppppppppppp7:W7DCGv8yk/GLoHZY/7s1q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698319048, "uuid": "52102ea3-50a6-43b4-8511-878e0e56ad63", "value": 746544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698319048, "uuid": "d4d39c07-df4c-41ee-855d-28becc4e0285", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319048, "uuid": "cffe0852-cc70-4cf0-b2f8-5fab6d92b19c", "value": "PO_4500188776.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85b5e7e7-7449-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698356961, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356961, "uuid": "18dd70c5-9732-4c5c-bdce-b01d46000195", "comment": "Malware payload (Mirai)", "value": "e73bfc59a73c41914781e994543becf0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356961, "uuid": "f4201f32-9009-4ddc-bb1d-2b9c2e8defa1", "comment": "Malware payload (Mirai)", "value": "14d4dc1bedf5c64abb28fedcbd196ce8aca55fdf1e18449ddbb9afe1b694dedd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356961, "uuid": "46aa49c0-cae5-4795-b70a-2d990fc33771", "comment": "Malware payload (Mirai)", "value": "afa0f1c20243c2168e246fcb48c46794c7a51bb4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356961, "uuid": "b1efde4f-f000-4287-b7e5-9157df558947", "comment": "Malware payload (Mirai)", "value": "c7023a67486042b0fea843775144daa8f7495db8074215984b4245c9cf75478768775601f37cb0560f840340d80d82a7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356961, "uuid": "bc5b3c01-dc08-476a-9ae4-a6d01f5c04da", "value": "T1B3535A20B8792A17C0E4B63A22F3C325B2F5234D35A8C65D7E360F8EFF1569069575B2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356961, "uuid": "d207e3e7-fca7-42c6-bff9-6c67d6774cd1", "value": "768:lX7kc1yZ5xFh6Sozq9h3DNN0Piw58NSm2+Np6kvLDeKWmGYO+X2tPppXm5vhu:5kc1yZDpOSh3DsPiwyNSSGyyRL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356961, "uuid": "38bb9140-89a9-412c-a0b8-6a4746c9b72e", "value": 66388, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356961, "uuid": "b8191f3a-3ab2-41eb-b9ef-d24928c57da1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356961, "uuid": "2a76d689-7a3d-46db-b3dc-d6b31f40cb4b", "value": "e73bfc59a73c41914781e994543becf0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59743bed-7434-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698347868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698347868, "uuid": "1765d7c6-166c-4858-b954-a053d1b7b08a", "comment": "Malware payload", "value": "8c384ca8dfe532def099b7735413997c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698347868, "uuid": "3ffab74a-d9bb-41f5-9854-9103669dccfd", "comment": "Malware payload", "value": "159ae7a37292dc5f373b76bcf7570cf4c58ae78178faaf8e2a41813d312996a5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698347868, "uuid": "00ec5a3b-33f8-4235-b767-f086e3a97f79", "comment": "Malware payload", "value": "d5513eed75b715fdb0c3376ab9983706b9927507", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698347868, "uuid": "d25d0b3f-1353-4cac-8063-fd217d169d27", "comment": "Malware payload", "value": "8accd2b9ac330d6c76823ea0740a2635fbde4ff6dee18a76f10583ab3a9241c6b874d6f2ee97abe966f4b11a398da268", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698347868, "uuid": "19562892-6179-4467-8560-a439f7632650", "value": "T11A7523476BF84053E8B263F019FA47870F357DE26EF4821F2292A94E4972784167673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698347868, "uuid": "7d43edfb-1311-45c8-a36b-9d6509873367", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698347868, "uuid": "f2d1ce7c-366f-458f-831e-9fbd43c87caf", "value": "49152:56A2h9Zpl13Pk8+t/cb/9GwInCBAOcG/k:488o4lG0cG8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698347868, "uuid": "0a989cde-fe30-4dff-8433-ba8f312ddc36", "value": 1625088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698347868, "uuid": "a1de4fc6-e250-4bbd-8241-18e5cfabe32c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698347868, "uuid": "1de0bc96-b85d-4ace-b5b4-8aed41fc4cfa", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc93de94-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1698311527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311527, "uuid": "b89f25f1-cdad-4358-b944-c5175a2cd795", "comment": "Malware payload (SnakeKeylogger)", "value": "b32777ec3e6822e6de38fd54a813f179", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311527, "uuid": "adf2873d-f0fb-4d3a-8b04-56d61e550f41", "comment": "Malware payload (SnakeKeylogger)", "value": "1700e539cd41c00e4b3b8b4405ee0bf338192f0b24836939e14f8b9d2c6bd9f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311527, "uuid": "ef0d5dca-fcb7-45ec-babc-3ef7e8ae84ac", "comment": "Malware payload (SnakeKeylogger)", "value": "dcf73ce955dbbbc34b132d7c224c871266daf4fd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311527, "uuid": "b76a50db-8cfd-43a4-973d-d548a4e6b1f2", "comment": "Malware payload (SnakeKeylogger)", "value": "728aa4d5668feadd7dbfe2071beb11cc8f07a31a70d7b4d7efefb613547a8bfc085c77c56f24126f21210e6452d3fc73", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311527, "uuid": "73023109-dde3-44db-b4a3-80ab60d47ff0", "value": "T17F64F1D9F3659326D2231ABB8350E561C63D3E70E879D87B3E52718E47BF60CC552A80", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311527, "uuid": "bd972bb0-9ec1-4da4-a9b1-9a4e27ec3082", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311527, "uuid": "a67cef95-aa6a-4150-bfc5-fea69a243b3b", "value": "6144:CeOazRkjEMgrtPJhz9HLAuTQfc/VsKQqeYOtYYE2Odtyqd72f6QD:CeOazsIPD9Au5qWZlYrOiqod", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311527, "uuid": "a360ba2c-3521-42d9-b9ce-1922d3c59056", "value": 334848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311527, "uuid": "df7ad819-08c0-4459-b4ae-8e7fe5d3dd96", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311527, "uuid": "66f2b34d-cfa1-471e-9efe-5936539bf562", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98b561a8-7449-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698356993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356993, "uuid": "b3fd509c-eee0-4c35-8afc-5b721058b7eb", "comment": "Malware payload (Mirai)", "value": "9dab75acdff1d82f97417e15a6153f33", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356993, "uuid": "22f9a993-a6fe-407d-bcc7-20a14b719849", "comment": "Malware payload (Mirai)", "value": "1722e9aa6b4d64f0d57ca134103f36fe47ce7219999091daf4547edf79aee1ac", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356993, "uuid": "85c125ce-d6b8-428c-878c-ed9f0a3c457a", "comment": "Malware payload (Mirai)", "value": "c8fcfd35cd3c01788c8bb4de9d5e1573c2694b6b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356993, "uuid": "81428347-e104-4021-82db-7ef8dd6642ef", "comment": "Malware payload (Mirai)", "value": "014c434c5bc1227bc7b7d8220ab27db71e6c6cd489b2d395041706ed93f8ccd4804825431d59686f30bd80106f509fd7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356993, "uuid": "4443f2aa-0ae4-405b-8d9c-e025c99aae8c", "value": "T1B0E2D1A1D247EDB1B5F01D3BFC984C0A73771EBCB4636923311AD268E575642F2A01C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356993, "uuid": "d790e45e-25e7-4c4a-80b0-8a610b0cbcaf", "value": "768:QfhxmK94d0nV9MzFQVIPi4MYELvVG7flHYbq3UIjxc:QP/CAMpfi3BGrzG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356993, "uuid": "0a3b5778-31a7-4f3c-a8e3-7c3e1d49d65a", "value": 33436, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356993, "uuid": "0a9a8a93-f64d-4fcc-8a4d-8b9f9400b084", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356993, "uuid": "b2355067-d7c4-4d21-af97-9634c93b9b16", "value": "9dab75acdff1d82f97417e15a6153f33", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e832b31-73f5-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698320818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320818, "uuid": "ed38f18a-7e47-44c4-9667-9c40d03da52e", "comment": "Malware payload (AgentTesla)", "value": "90636b945352af0273db41956534c3e0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320818, "uuid": "551ad8a6-201d-40e8-a629-c0ef6ae109c1", "comment": "Malware payload (AgentTesla)", "value": "1736436ebcbed3d131e8dd6f02451478409db4396b15a81335e8e98f482fce9b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320818, "uuid": "84c30ada-cd7b-42ae-b71d-b5e41ee6fb96", "comment": "Malware payload (AgentTesla)", "value": "6bbf7057b4d21d34364fb5372de041c917032536", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320818, "uuid": "6352f2a1-0ae3-4bb3-8f50-4e0de66188fa", "comment": "Malware payload (AgentTesla)", "value": "9405b54232a5a00daf335eb05d27a3e29bb4ecbe88b5236e4964594a8df2a6094fc1f10117b03b319810262ed89754fb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320818, "uuid": "98a7c958-e39f-466b-b9c1-b95c9e1f0690", "value": "T13F9423CFA1A97614903A6E5D99561ECA30B43A76778C673CC8DA09CF1502789833EBD3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320818, "uuid": "fef67e8b-9827-47af-abd5-1be587a2899c", "value": "12288:s+WGoQlwB1cbK6XFl3aWNJ08gQ8cOdnXDwHu7gkzh:s+WGn41cGGFxaWj08XOnXDz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698320818, "uuid": "30673f77-ced0-4d4b-a635-20edaa719278", "value": 430320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698320818, "uuid": "208d44cd-7850-46bf-958b-9bde8b017caf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320818, "uuid": "bb9e8dff-2e57-45f1-8b9b-c38d4a03b8f1", "value": "112-43185133.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7076dc11-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304098, "uuid": "542d5624-8f02-4946-9e87-58130fbece13", "comment": "Malware payload (AgentTesla)", "value": "6d4657a962f0875afbd4a45f3ef94b78", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304098, "uuid": "9785ef8b-4df0-43af-8a0a-9f176feed7a4", "comment": "Malware payload (AgentTesla)", "value": "1747c9eecb6f81f3b1ef91706439dfe2a5f9a6c3ee4f04ae2057d7aca6e6ced3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304098, "uuid": "83a53b76-4bfa-4f7e-bad0-e2d057fb3dfe", "comment": "Malware payload (AgentTesla)", "value": "99694fd5f8b4bf5619e5019b3765d6079d8ed4c8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304098, "uuid": "279ca170-3cab-4f55-9cae-8d9627ee24ce", "comment": "Malware payload (AgentTesla)", "value": "1816723d9c0076a897ecc0881ff6b25ccc9ab159f36b6ae8592b2894705aba52b3fe1c4c45b0294d7f8b6efb13dc18cc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304098, "uuid": "36ed6685-3caf-4995-b7d4-53dd4542c029", "value": "T18B225B29A6B700ACDB9DB83AE14C23055F2034A30A5B16173AF1DA5F0D7BAD6570CB3D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304098, "uuid": "263a6815-84c9-4e15-8bd6-3dde95047fcb", "value": "192:j5i21PRgOV8vdQjmsOQ8JZUYv9JSB5mLQYuXBcqjY7ACGHpTq:j5i21PL8qmsO3Zr9JRuXtmM2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304098, "uuid": "bf574cf4-d13a-4598-aef9-9607b2171ad8", "value": 9940, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304098, "uuid": "af8ac6e2-4525-4c4e-a98a-6ab192622209", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304098, "uuid": "7f279a8d-63be-4ee0-92c2-fa55f25d692b", "value": "contract order.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88d992c7-7400-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698325613, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325613, "uuid": "28294104-373b-41c0-b26e-7da8a5eba083", "comment": "Malware payload (AgentTesla)", "value": "fad7d023aff71a16dfe6dbbfe5aaedbf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325613, "uuid": "a23d556b-16d0-491b-a441-bce8929ae03d", "comment": "Malware payload (AgentTesla)", "value": "17fec4727755de3e1c699bafb556c82a03bb4879d706c9dfd74bb15a7fe68703", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325613, "uuid": "d8180a00-5a5e-4dc0-9715-80dce5c7332b", "comment": "Malware payload (AgentTesla)", "value": "ee43b205e1086d315fdde21e7fede4b847cfab7c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325613, "uuid": "ecf5eca2-230d-4968-9315-12314fd00c47", "comment": "Malware payload (AgentTesla)", "value": "dd93cd393617b0a7ffcf1df75364d93f855e54a3de22571418bea0d5b9e7f48bc76adcfddf48ddb7f2bf0dba7c2d9f6a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325613, "uuid": "28ce5b70-c5b0-482a-a329-586818832a88", "value": "T1D5942367C9C4B00E32E3A8FB9B8545322B144E5BC6343D9672508E2194CBDE7EE99CC7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325613, "uuid": "a674d36f-d309-4ccd-9eb3-3a7152a510f0", "value": "12288:Oh/n7KuIXvBvN9vvKLBZO8CO0M/gx+x7SeEDU8i2K:Oh/n7KZxKFZO8R0M/gx67IjK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698325613, "uuid": "24d3a379-b621-40d2-87e8-06c524f39547", "value": 446040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698325613, "uuid": "2e671323-87df-47b2-b7fe-d75d30943d33", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325613, "uuid": "a2d8640b-f78b-408f-844c-05a4f6a7a206", "value": "New_PO_6608.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7897922-7456-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698362682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362682, "uuid": "03198df4-1d00-40e2-8578-ae68c6838d6f", "comment": "Malware payload", "value": "8d3053f9de7b83e3765d91750844eee0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362682, "uuid": "02f47076-aff8-4ae6-9000-802910db6412", "comment": "Malware payload", "value": "1927e229e67cf9baa80e4cf0b9b6f043e842227742877efd97b1e5fa0cd73dad", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362682, "uuid": "4416790e-4029-4fd1-bc5a-e78819279fd9", "comment": "Malware payload", "value": "55bc6ccfc24a695bd53d6da3c721ed5a8bdc939b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362682, "uuid": "360becae-bbb1-426f-b4a0-c41c5a613207", "comment": "Malware payload", "value": "26f8226f0471106e6368e95feee3cfe87a505e2fff24b5fa7049e3bacad7b1fc678a0831cec0dd40ff69eb1a11db573d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362682, "uuid": "c16b624b-fc54-4799-a1b2-1af6c9ac09aa", "value": "T1FA530258DE819C38F6F3273ADD7E815E0BD78EB1409727700A289BA0A5C026D5F552AF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362682, "uuid": "2f5c0a16-18f2-431a-924f-bbb10b69c4a7", "value": "768:r8YyfqMRkVtciRe0lqzrnoFrj57BKT1rZkygx2sDOA0yFSaAeCPq3U7ldMdyfrsk:UbkTRe0YnoFpNKTVZkMySTzlhASc3k6K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698362682, "uuid": "6b8608df-4b73-4432-92d4-7c598fd9139f", "value": 63000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698362682, "uuid": "fa0e4ad9-9588-44f5-b2f7-332eeba85e06", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362682, "uuid": "a6dac6fb-9348-4208-9b30-811754e9939d", "value": "8d3053f9de7b83e3765d91750844eee0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1255d1a9-73fd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698324126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324126, "uuid": "3e4fe1fe-e5c7-4a2e-b442-08d7681a3247", "comment": "Malware payload (AgentTesla)", "value": "4d71c6594c33f82904d85cf804ab250e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324126, "uuid": "c021a73c-73f5-460e-a72b-6355e353c3a9", "comment": "Malware payload (AgentTesla)", "value": "19414055ba6f7834a00873361347630392a963f9cf21d5d02d634e0ff3ad747a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324126, "uuid": "26219bd5-c0ae-4f4b-a02a-158c0ab11018", "comment": "Malware payload (AgentTesla)", "value": "c2795f7053eb6e867e7859b70e70cba4ee74c885", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324126, "uuid": "edd55907-a8bd-45fc-9746-6bb4da49e727", "comment": "Malware payload (AgentTesla)", "value": "6f345ba2bf0e596ab6a66fb0f126793772e48bf105719f16543a1aa8f4d4e06ae85d7437f627165acae7323b41d9778c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324126, "uuid": "a0a869a4-d9e7-49ae-840c-0d5c393b9ce4", "value": "T1EFB423CF1A25DA43A8ADF1D7436FAB96EC0D68BDEDD23C1B31E0851451ABED10E5C214", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324126, "uuid": "280e59ae-7072-416b-90ab-f65402c2d175", "value": "12288:0QXwmCfO07LBfuAR5CBk2cdWuDF7sDo84mtiR3O+afV5sW5FteNG5mA0PqfumpfG:0qmBz/AbcdWyd8eRfsV5sW5+NG5mYDRG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324126, "uuid": "4f83dcdd-3d69-4332-9d6b-446aabbbcda8", "value": 531097, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324126, "uuid": "8f977a5b-635c-40f6-97ab-c17c22962dc1", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324126, "uuid": "de32518d-9f24-4009-bb29-60eb24543be5", "value": "NEW PO (YST2310-1010).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1a3811c-741b-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698337251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698337251, "uuid": "e585e030-511c-4346-83da-1fb0f9b7a1ca", "comment": "Malware payload (AgentTesla)", "value": "ce547c4c1ad38662d3f3423f407be87f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698337251, "uuid": "1db251ff-ea6a-4eca-ae92-de923de8bf1b", "comment": "Malware payload (AgentTesla)", "value": "19b66081e0f96186f0137b0394af64cb6382981527204f2272c019c00399d780", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698337251, "uuid": "f783f998-fd40-4631-8925-5eb41868e4e6", "comment": "Malware payload (AgentTesla)", "value": "75a56b603c6e5473ac90e7bb2295690968812ccd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698337251, "uuid": "165599bb-7264-427d-a6ac-a46a4039ef4d", "comment": "Malware payload (AgentTesla)", "value": "b0da174521f80241e5e2f31efaaeed9ec15142bd482213c842f9c165d7f8b3ec09688cec3ce97f8b3238ae9cfa7f01da", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698337251, "uuid": "6e4d70d3-fa22-4ecb-af32-77addbec42d0", "value": "T16E0502103A88CE22C26A0FBB45B112415BB0D927DF67F74B79C8775D18AB7DC8906B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698337251, "uuid": "7bc2228c-d8de-457f-8ea1-459cb6ccd102", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698337251, "uuid": "34b73635-ad81-4774-ad3d-35085241a834", "value": "24576:fWEO/kCQ9tFpvW2eP9xWuhUTvZO8dvGx:fbODoFBHeP9xdUdOUux", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698337251, "uuid": "11c2f6ac-3562-4bae-ab5a-a40f32187c14", "value": 804864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698337251, "uuid": "818d4522-6f77-4b2b-bfe8-616be60c308c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698337251, "uuid": "da627e19-ba18-4c0f-8f8d-3643b6671f44", "value": "#Quote.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2589f0c6-7430-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698346063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698346063, "uuid": "fcb26b39-93d9-42a3-83ea-8a4297b419f0", "comment": "Malware payload", "value": "cc1eba2308c9e1c01eb9cdf89d082e95", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698346063, "uuid": "35148644-1e7c-4d6b-9e1d-0a271a572666", "comment": "Malware payload", "value": "1a689ffb09b407e1305fbb9903c4edca6c2339e8102cab6301aed1a85959d029", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698346063, "uuid": "47188b4f-9700-4c1e-bb1a-87843412e160", "comment": "Malware payload", "value": "4e2559719871e05874abbdd2efa96240a65a0485", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698346063, "uuid": "89eafdb0-db7a-43ab-a4ef-6d5b3d4d1ce8", "comment": "Malware payload", "value": "aa3a02e4fec53e1f860b36c6d26c00975bf140f08636b19f052704f03a9f8aac0209a5145b4765ae3f88363b1990e673", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698346063, "uuid": "d6b7c733-9661-42a4-a4fc-c822438f0246", "value": "T14BE422112AE44F72E7BC8BF794727138A7B0252FBD80D69E4DBB64C824793811991D73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698346063, "uuid": "40525529-37ef-4aa6-9b68-58ff40e5d44c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698346063, "uuid": "68571e7d-f360-409e-b979-585f5f7430b7", "value": "12288:2aBU+WAX5k0FFpveNIUYWaWfOOluhgyVjmUvhmnlBGIF6WN4rajo:2aBUZXYFpgyWGWuLjdW7VDs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698346063, "uuid": "378870db-3cfb-4f83-b9b1-9b6599152b6c", "value": 690688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698346063, "uuid": "9300cfcc-7599-4cf8-ad8a-7e8c2f4565b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698346063, "uuid": "70b7f268-8d00-41bf-a284-a78f724053c6", "value": "SecuriteInfo.com.Win32.PWSX-gen.31044.28485", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95f95485-7449-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698356989, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356989, "uuid": "83bbc655-04d3-4c04-98b6-c3cb4823a2db", "comment": "Malware payload (Mirai)", "value": "f589e5bd93bf0ef869819587603c09d8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356989, "uuid": "8ef49c01-9c43-45d8-8afd-d0e1d0ddc95b", "comment": "Malware payload (Mirai)", "value": "1c07888053157dd08402f9d4a98b2061159a29763d2a4515a8b1d3385b0f29c5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356989, "uuid": "3ae44797-0cd5-484a-8142-b6e1e15e6696", "comment": "Malware payload (Mirai)", "value": "70be373ca42c7900889ce7c556928a10f9fdcfec", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356989, "uuid": "f5ae1499-191d-4a4d-b566-cc7ee767a04b", "comment": "Malware payload (Mirai)", "value": "921f75babf4aeb4044570d0200cdebb74104bd0de5f3e0e970f5ca62439f4a8d380b33168ec2e8a6dafab26b9bea495b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356989, "uuid": "d0e4451c-c501-4174-a08b-eb3516ff5531", "value": "T1E563F8B51985B3BCEAF10079F44325D528B606283B9CE2E361C3643BEF74F487269E59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356989, "uuid": "71d08708-7460-48d8-8db7-bae0c8716cff", "value": "768:TMrssG248/uVZKLcumFPGtAOKwd/W4jSdWynBBOYMZeX2ZvB:I4sG243PGmOKwd/WyenBBOYMZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356989, "uuid": "3f5a5487-ce6c-4e7e-bb4f-d186e076c270", "value": 66936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356989, "uuid": "f4f61119-abc9-458b-99d3-603f651d53c8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356989, "uuid": "a9906216-54c6-4105-985a-c7a5cc5bac2b", "value": "f589e5bd93bf0ef869819587603c09d8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb72c6ac-73b6-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698293996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698293996, "uuid": "2e06cc43-f1d6-4f26-a9a5-fe41ed6321e8", "comment": "Malware payload (Mirai)", "value": "4590d3ca42efd128edff2b57366b81b9", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698293996, "uuid": "5ee8b1b9-1ebc-4263-b3fa-e9085b669ecd", "comment": "Malware payload (Mirai)", "value": "1cb92d807471c32fab6af48702be6ea35a6b8f70aa239d89986475b65f14d92e", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698293996, "uuid": "21162fb7-7330-4348-a53c-bf973a72fa2a", "comment": "Malware payload (Mirai)", "value": "3d56fc560c331b36eb52f4cf07b905746cdc1764", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698293996, "uuid": "9b134426-78fb-47b8-8570-924112b3b47f", "comment": "Malware payload (Mirai)", "value": "be2b3792420464d7c349f4f0efd60affc88a7c022ac082d7d6a28b10518db0da7696ff72f3de58bd2718c8f303194c50", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698293996, "uuid": "68e6e772-8350-4880-9347-6f4a05d2341b", "value": "T1DCD2E1E7E1BB62F9D4F3B8B1746ADD80F5C5302B8314535941AEBE85DBA734C5130A12", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698293996, "uuid": "e682a6e4-ce0f-4a63-89e6-9386b56f5616", "value": "768:NYSoXdJZgicCHD+C98MP7L1YVPb2X/2rNSx0sB:NYJdJZuCj+CiE7L1APbaWItB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698293996, "uuid": "f98c3671-d469-46e1-8181-d52788407b37", "value": 29440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698293996, "uuid": "3d8f4d13-5a57-493a-a391-127a776903a4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698293996, "uuid": "5be4ba41-dc5d-4aa4-85c8-3a998da15907", "value": "4590d3ca42efd128edff2b57366b81b9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8b6e7a5-73bd-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698297025, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297025, "uuid": "f589b87e-c389-4d73-8989-452361fb8058", "comment": "Malware payload (RecordBreaker)", "value": "af7ad7b5625ee775666b4dfa022a1660", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297025, "uuid": "24c7c8a9-b99f-46f6-b0f8-8fb1139a41b1", "comment": "Malware payload (RecordBreaker)", "value": "1cd15a7945ed6b2761150e79b67f6a64a2f693e054ba23997dcfae07a4debe38", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297025, "uuid": "fb3c177e-2c95-40cc-af17-6883bca1d1da", "comment": "Malware payload (RecordBreaker)", "value": "d9d2348b381b3d8dd609bee8703afaf1faab1bb4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297025, "uuid": "17985a76-331c-4ee9-87c1-8410dad02e19", "comment": "Malware payload (RecordBreaker)", "value": "9a8f03a5b8650864bfe03755ccbd7883f07d4c54a93eadacd55ed781fa150a86918fa36db35cdfa2a8915cb35db60709", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297025, "uuid": "14155cd2-5c4b-4987-9589-e4a87fd07779", "value": "T181452347B6F85457D8F5077069F903830A30BC678A7847562787B98B0E726E0AE3276F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297025, "uuid": "fa956f47-d41a-4ee0-bccf-9a6205912b43", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297025, "uuid": "98c6ecc2-9b65-4624-a235-9314d6bf72d7", "value": "24576:KyTdQ5/elk3+VCbAUNTZyh/DZwJnShNaDY8EweO9BrLuH+MNOInn5:Rk/z3EuVNEImNagGI+M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698297025, "uuid": "28a79d13-71a1-4b88-8efd-988d04ff25a6", "value": 1165824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698297025, "uuid": "9bdea000-0e64-487b-9b4f-633d8c2d3a92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297025, "uuid": "ce81cd28-168d-4ec3-ba6e-7bf0ef53e500", "value": "af7ad7b5625ee775666b4dfa022a1660.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba27995b-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698303792, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303792, "uuid": "3868519e-da39-4e6e-a0e8-80d395b857a9", "comment": "Malware payload (AgentTesla)", "value": "d76b962e144799cfd0747cdb25d836b5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303792, "uuid": "8d074fd5-ccdd-4518-9963-46d050a52ce7", "comment": "Malware payload (AgentTesla)", "value": "1dddb74464d86618a3a8d4dc15da4595c2bc518677c001155e3399cc15a642ce", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303792, "uuid": "21b51959-8fda-4c59-b67f-81fcdb92323f", "comment": "Malware payload (AgentTesla)", "value": "53a24da9fac875514ead49cae2b4f88184e4bd21", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303792, "uuid": "4f0f7fad-653c-46fe-b044-46a876961f75", "comment": "Malware payload (AgentTesla)", "value": "c444749f5379861fb7e3e03342a8c5a04499d9f474a9706233d979429d1103fd7d838125687c11c3de7e248305dabc2f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303792, "uuid": "09e368b7-d57d-4231-95bc-af8cc7d9f6ee", "value": "T1E1245B2B95947DD6C0FAB63CA8B442384614CC532C3EA49376B119EF8CB1257FB9EB50", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303792, "uuid": "172883df-58e2-4946-8e14-fc673aa4b33f", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303792, "uuid": "6a19b1c2-f0d5-493a-9474-8bb1d3dcd2e6", "value": "6144:Ry0MRnVOr1Iytwqvu6/qZSgUbX4o6Jl5/uZu:aOr1IytwqJqPoK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303792, "uuid": "044201ee-5dce-4363-87a2-2c41d9842d95", "value": 222208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303792, "uuid": "33dcfbb6-7241-4cba-b14b-ff0eaafaba53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303792, "uuid": "f59c99b5-83c7-4d28-9bc5-a1563f1fe609", "value": "06_output.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d417139-73f7-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698321729, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698321729, "uuid": "006e40d8-af5b-4e21-8bad-09da72025367", "comment": "Malware payload", "value": "d2fb6058dc9bb29e133202c341a69489", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "g0njxa 2", "colour": "#1C2BE1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698321729, "uuid": "6396fd4a-5dd9-4780-9eb7-aa47b008c7af", "comment": "Malware payload", "value": "1ec11dd36652e17027732784cac9b3d4977168a36bee4cb495ec5f946b96b9b2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "g0njxa 2", "colour": "#1C2BE1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698321729, "uuid": "2fd25e89-96ed-4b43-b684-0978744e7cd6", "comment": "Malware payload", "value": "83e3d7fc165d302b307bd7f557c286e6ae8de38c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "g0njxa 2", "colour": "#1C2BE1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698321729, "uuid": "67596590-67c2-4ff3-8775-2c12729f0964", "comment": "Malware payload", "value": "bbf461a13028e41e8f4f76aa52d02c7d6fd5308f7779722a5b4f7f94974618018682d9deae013eed210337543bc91cf4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "g0njxa 2", "colour": "#1C2BE1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698321729, "uuid": "4b1d7605-4fbc-421b-8add-5eed420f12b2", "value": "T1E426E149B26500E5E0AAC2788A27CD0ADAB17C554F3897FF15857B072F37AD71C3AB12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698321729, "uuid": "09ae08dd-df43-4ed0-b341-c7fc695267cb", "value": "5b17cdcd7423de715ecc215aaa5a3003", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698321729, "uuid": "ce5be3ef-14ed-45c0-9830-ce71e03eb8f2", "value": "98304:uiseyR8TEF5JLbG6sJfOno6WCfsvoS5rN5q:u5h8Q55yzoF/yrq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698321729, "uuid": "5b5be156-83e7-445d-acbf-b7dc8870a037", "value": 4703272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698321729, "uuid": "9b4058a2-8d12-4217-ac50-c898a8e6b746", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698321729, "uuid": "73fb17f0-77e2-4b71-8025-f95f26e67db6", "value": "DOCUMENT_SCAN102921012.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0796b9bc-7420-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1698339141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339141, "uuid": "7eeea26c-1806-422e-81b1-17114b8e812e", "comment": "Malware payload (Smoke Loader)", "value": "194a9294ebbfab312065849d118105c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339141, "uuid": "210b8209-9314-4984-8098-21313ac96d5c", "comment": "Malware payload (Smoke Loader)", "value": "1f98a65cfd49d6d8f8addddea0b3aba1a5f228f08fb636716a59132d24cab56c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339141, "uuid": "5eb334c5-f884-4c73-baa9-5ac4f50ae37a", "comment": "Malware payload (Smoke Loader)", "value": "ecba1003d581ee65c8b94bdeaf3497f060b8acee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339141, "uuid": "69e5df49-9cb3-45fd-afc5-01f1692b9320", "comment": "Malware payload (Smoke Loader)", "value": "91e0c1a0cbc958e593240dd39a5b86805949a8a2c222489d931b3ce70623b47dc25ebe79359a5e10c247fb9a5a21a973", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339141, "uuid": "cabcfc54-7a53-462f-a6ba-0eadea537838", "value": "T13C753343DAE85437E8FA1F3144FB06934B392D90A675D62F3310644A1D63BA86D3A73B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339141, "uuid": "99a03cee-cb00-4a59-b714-5663c2ce8ace", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339141, "uuid": "c06d34cf-90aa-47fb-a3de-745f92f16203", "value": "24576:sy4KIYPEwMuRMED9nEWeLTJrUPGWyzwXjm3j5NfZImIRA+QwZC6z:b0qEBun9ElJIAwXj41N2qhwZC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698339141, "uuid": "388b8cc3-0bd7-4a29-a330-f8fedcdf3263", "value": 1630208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698339141, "uuid": "7385a1d5-f0f4-48dc-a026-855ef3e16edc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339141, "uuid": "686b9b88-084f-4639-a2f7-27c8854538a0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94ff7975-7419-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698336371, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336371, "uuid": "c39b7074-3d92-4b1e-a4ab-fae37d9032e8", "comment": "Malware payload (GuLoader)", "value": "82ec2fb78e5553180492340afaf2d69f", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336371, "uuid": "54f7fb0c-788b-4c67-b427-3986043007f9", "comment": "Malware payload (GuLoader)", "value": "201be9e9d833ee58b6bb7c14c864b6b97fa8d445d6f9eecae696670160dce8e1", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336371, "uuid": "d909a8d0-5ad3-40b2-8336-e9a62d6b36b2", "comment": "Malware payload (GuLoader)", "value": "f9d47505f9253960f91eabfad4ff09b9481c3fc8", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336371, "uuid": "23fa1262-05f0-4c03-9b66-063dac714118", "comment": "Malware payload (GuLoader)", "value": "0e8adbecfaf621e753ebef13cc11a0d595b067c3500a2a3fd0ff65aca94bbe3dce6e7364160695dff25dd5bcabd909bc", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336371, "uuid": "87ad09dd-4ed9-449c-90ac-c5ae0cc32cbc", "value": "T1C045333F7ADB1E18C3BED55636346E6895A432403376A9FCBD602C543E372840BB4E26", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336371, "uuid": "2b671701-d5cd-4885-9e2a-dd95c004aa81", "value": "24576:9Ca3DLPUI7jqvncbGCBtGaPppWI1IQMZVcQgcXvQAk5bGvWodB:9RAI7jYeGeBpWCIVrg4toGuW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698336371, "uuid": "6126d738-a9f7-483d-8efb-170bd75add1c", "value": 1172102, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698336371, "uuid": "f6b9f6f3-eae1-4b5a-9fd5-74c1510da08b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336371, "uuid": "ed5c1389-cde8-4ca3-b957-96c1d8c7f037", "value": "Purchase Order 1021234.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae06a949-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1698304201, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304201, "uuid": "2b61087d-e540-4c35-a1fe-2e8889e46ce6", "comment": "Malware payload (DBatLoader)", "value": "3ccfbcec0028bbc708d82b5e94af8e93", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304201, "uuid": "8a195794-f9a8-4139-97ed-e795fcde2e7f", "comment": "Malware payload (DBatLoader)", "value": "204d5541a347bee64224d392403286271bc2351c50101e89b19e896f1756b389", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304201, "uuid": "1e304c4e-b06f-4a27-a4c6-38954027e7cc", "comment": "Malware payload (DBatLoader)", "value": "a9ac4663f271a7975b710c6bce772f84091e9a1f", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304201, "uuid": "e58be937-6803-46f7-bb5f-e018d93869a2", "comment": "Malware payload (DBatLoader)", "value": "601ac427af654876962f02582eeb63146587d80187442ab65ff80468a7abad7cd087e6dcdb66860f6be9e2423201cad2", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304201, "uuid": "39fba5f6-fc7b-4fb9-907d-ae4264c1f0db", "value": "T11555D016F66188B5F03B0A396B2B57DEDF1C6E2929A4284B27FD7E580E35243345D0B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304201, "uuid": "9d2c3a3d-906b-4656-a9dc-f899784505c0", "value": "b4498ed238a5d5d6510e036e3bb29986", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304201, "uuid": "50643183-21b9-433c-b21b-7e432ee2f4cc", "value": "24576:bKuO345cRv/kabphVsJhfYPzyB+4Buxrhre0Q1d/0hkEBS/:bLysS24mwe02MkEe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304201, "uuid": "93049ac3-5815-4464-a142-d380a67cd594", "value": 1315328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304201, "uuid": "663c7029-8ed4-46fe-b169-bbce00c8f0ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304201, "uuid": "f8e41df4-7087-426e-8d8d-c6c0a28149a4", "value": "PO23310763 - Laspool.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5b9f7ed-739c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698282739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282739, "uuid": "242467bd-bba6-4ca7-b4ef-c6dc9cce89bd", "comment": "Malware payload (Mirai)", "value": "d1fff97656b52ca93cfe665d3a980105", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282739, "uuid": "68b93b1e-7165-4052-87f4-eead04d335a9", "comment": "Malware payload (Mirai)", "value": "20f21adb566ffd66f9e789c27b4de63f76632ef18e204e14a35b26475102f37b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282739, "uuid": "3a4ba137-5399-478e-bfb2-f05f832fc15a", "comment": "Malware payload (Mirai)", "value": "f14eb8355d902cebbb07c55ad6fe0dd16a3256e0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282739, "uuid": "388a0e62-51d8-499f-a2b5-613785b73a55", "comment": "Malware payload (Mirai)", "value": "e5b1cda82b3d8f447017d8ca52732e1315a817f4c5851160859f99b5edfdef3ae0b03b7bcec0151abbbf0b98196d45c8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282739, "uuid": "492d6cbb-7ae2-4e66-ae73-def7b366f4a4", "value": "T154D2F134CA4D9D98EB74BCB51CD7DDC073E427A9237F0E6039D69B542106862B448AE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282739, "uuid": "a935bee2-62ec-49e8-8192-6bcd31c2c6fd", "value": "768:YLtmXl9rzzoI0OYJEJFfZgqcJGynaw4uVcqgw0+Y:YLtmXlVzMI0OYYiqcGrw4u+qgw0+Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698282739, "uuid": "1ec99bea-f3bd-444a-afc3-30074d45ebd0", "value": 30588, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698282739, "uuid": "5f973f62-b48b-41dc-b952-986104fa9f22", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282739, "uuid": "73e47746-721c-4f3e-98a7-ad811be16925", "value": "d1fff97656b52ca93cfe665d3a980105", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1a0fac8-7448-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698356686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356686, "uuid": "7309d637-2c72-4f0a-8458-c56c16d60cf6", "comment": "Malware payload", "value": "4adab0de667cc1567e040f0281c36502", "object_relation": "md5", "Tag": [ { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356686, "uuid": "1e2aff08-f18c-45ee-a015-8cf566c24ba4", "comment": "Malware payload", "value": "21234262eb8be8c3022ce6f0a0dc09de2a3fbaa0c741f84c4e6308ab3de040dc", "object_relation": "sha256", "Tag": [ { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356686, "uuid": "82200c96-f1cd-4bda-8df6-760fa4f828bb", "comment": "Malware payload", "value": "4a58b326d2a30bc675356cfa40b45453a1e2264c", "object_relation": "sha1", "Tag": [ { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356686, "uuid": "de50e2ba-1261-4c35-8701-2a3420a60e3f", "comment": "Malware payload", "value": "7e9f9e62b780e305ea9c658b369995f01a119c1df4a0e945a9a21d96d3eeb0a8cdcb8f8b91a4ab2259952864b29be46a", "object_relation": "sha3-384", "Tag": [ { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356686, "uuid": "2f88dcca-0d6d-4eb7-99bf-f52ba95dc192", "value": "T164A32471DA852A9B4BF751AF0885E154F9E9423F928C2DC0F85C8018BFCA72D82759F7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356686, "uuid": "71815133-e6f2-45dc-8724-5dea67d45801", "value": "1536:yfGvEzAjG0lwTXYdyu1OA4JH8Z8BjTbDP:yOcmuGOA4JH8KL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356686, "uuid": "f86e3b6e-c92b-4926-bedf-bdda17f8bac9", "value": 100669, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356686, "uuid": "46b6e432-938d-4b16-9460-8b9b825fe1e5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356686, "uuid": "93cfa08e-3973-44b8-9141-6d47d6e332a8", "value": "apt29.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58b1a918-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698303628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303628, "uuid": "ac632a7f-ecc7-44b0-90c4-59649ed2ddae", "comment": "Malware payload (AgentTesla)", "value": "875436e70763af0344b8b70f545add41", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303628, "uuid": "a5744519-7721-422b-a533-a768213094d2", "comment": "Malware payload (AgentTesla)", "value": "21445db597a3e5be3d011a54863eb7741a66261d190ea522c4c29156966a3939", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303628, "uuid": "35b3dd8f-7fe5-412a-9b06-2a2b28e5741e", "comment": "Malware payload (AgentTesla)", "value": "1fde43a0ef340beb28af48e9866ed0022d3b5aa4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303628, "uuid": "f899fd9c-06cd-46f2-bd3a-cccd52db4c88", "comment": "Malware payload (AgentTesla)", "value": "1193248f7417673b18a83d9f37661e0c9f863efd2a2f21b2bafa0531e67fe67d78ca64a67b2f33aed42841a1a1547762", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303628, "uuid": "990cbf19-70e9-4e55-ab32-a914920ad860", "value": "T115336DA1EA94071B0C0B27C9DD424991C1FED01D093A9965FFED13DD920B59CE3BEB2A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303628, "uuid": "957620d3-a01d-45e3-ac9a-aac968b86a02", "value": "1536:KbfpXy3Of/1HL3Am7IPs6krSmm3g0+Fj0:Kb8WBTAmIPdkrS+Fj0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303628, "uuid": "3e06d5ee-2add-4afe-8de6-82206419f2cf", "value": 53635, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303628, "uuid": "38c709ae-ebd8-4ae8-8161-03b9ed1a96f1", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303628, "uuid": "ac6ce17d-9cb9-4242-814e-6bbca743925a", "value": "RFQ20231025_Commercial list_pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f185695-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698303639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303639, "uuid": "3c8d06f9-bfab-475d-9c5e-7f2d502f1390", "comment": "Malware payload (RemcosRAT)", "value": "554c7cdfb4d20ed4ad52df3f33add1a6", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303639, "uuid": "2ecaa139-84ec-4293-b78a-618d4fe6c6a8", "comment": "Malware payload (RemcosRAT)", "value": "218df187d09574437927ec74bb7e6c0d956e184d7051a17e9d14634772c75d18", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303639, "uuid": "2ae10861-668f-44de-8f77-b0c2c6c7d7ac", "comment": "Malware payload (RemcosRAT)", "value": "a480031e70d5eb20cdb369817dcf7a34ea17846c", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303639, "uuid": "bd646863-e9e3-4716-89ae-27049a1dbbdc", "comment": "Malware payload (RemcosRAT)", "value": "713dd7174aa6c7c0c284280b9fbf20cb8be16124e22bcc11bd23f6fc99dcac2aa3e3e8b79573a462b9f5b693f59d6fd2", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303639, "uuid": "051fe439-1974-4e13-b3e4-90c79785e8eb", "value": "T146435BA7DB5915190D4F27D9EC42D98589BB81653126003ABEEDC3CEB28785C83BDF0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303639, "uuid": "7f7ce626-7e16-47aa-87eb-290d82de90d0", "value": "1536:jTJBx+7Jf6nPkBTvHqACkGdLzTtHwNZWqlidzcO4bf:PJBx+7JCPI7HqAClLzTpwNZWq8dgDbf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303639, "uuid": "67685a51-141e-4d1f-945f-687fe2cc546d", "value": 56143, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303639, "uuid": "9e6541c5-192d-481a-a920-3b73cb9472f1", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303639, "uuid": "3e3a83bd-a8af-45fd-952e-c1caa0862c04", "value": "23-72688-BL.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d956a18c-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698322313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322313, "uuid": "4e9681b6-4615-4f17-9d9a-2b91aee15094", "comment": "Malware payload (AgentTesla)", "value": "bef5c963b4cae15a468b43b6925335b1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322313, "uuid": "1abd0769-d73b-460f-938f-19fbc4e2b5f1", "comment": "Malware payload (AgentTesla)", "value": "2239140094a7718ee18a8aab483b57ed1d57da9a26e6b77550ca721c9e5cded8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322313, "uuid": "a73051be-6ffa-4736-aa60-590071302dfa", "comment": "Malware payload (AgentTesla)", "value": "b9930d140eb3cb1671ca99d8aef7511673fd6cca", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322313, "uuid": "80dc5b73-2bc1-43ae-871a-83f72cd6a877", "comment": "Malware payload (AgentTesla)", "value": "e7e06a127cfdcbb7c38bb57aabf4054afbde9a64769aa5f4dd94a7e4471e625ddea8319992ebaccbc996e9ae5874a311", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322313, "uuid": "43b17fbb-509f-43a6-8522-6b284cb8efdb", "value": "T10AD34B11259E609C70B37F631BDD79EA8F4FBBE1271BA0AA664403078F52E44CE95372", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322313, "uuid": "b35d2261-dc7a-440a-ad6b-426efa673152", "value": "3072:oTl2u/UTiTwTITpfXdTKTYTwTBTNuWQtF5EK:oTl2u/PfXJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322313, "uuid": "4610fe6e-4db8-4f9d-b684-fd01ad9ce84e", "value": 130792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322313, "uuid": "d67ef435-4118-4a7a-980f-9416261f8ea7", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322313, "uuid": "5455a26f-0793-434a-b2df-85715d38f755", "value": "DHL0966779898.pdf__________________.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a082516a-7424-11ee-8907-42010a9c0042", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1698341115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341115, "uuid": "1581e86a-60d2-4293-9c96-23750a38d282", "comment": "Malware payload (RaccoonStealer)", "value": "1e89cf0f1350d407d7395c3068ef1e3c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341115, "uuid": "3fc76fcc-4764-4d4c-884f-4f8f8b06f54e", "comment": "Malware payload (RaccoonStealer)", "value": "23a0e0b7881daf21a294c88f2f058208d78b32fdaddf6d655339d6f93c23784b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341115, "uuid": "032c28e0-a3cc-4a48-bc44-7f33b0fac42f", "comment": "Malware payload (RaccoonStealer)", "value": "16c17715d8256eb1550b8c09f24135e825b38347", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341115, "uuid": "b1cb0e24-1b94-4276-8b18-73918c8a3e98", "comment": "Malware payload (RaccoonStealer)", "value": "ba2c314d478e81da211b1b00ddb812e6d41800161b47697f9fd9fffeb9225446e4194155c9e2c1b593e47ea77b1c1e40", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341115, "uuid": "d1ab072d-a392-4342-8a54-f5cb4aad0d0d", "value": "T17124C676F304555DE87E433DB01C38B09E707C62E16EE32E45EA7AED683BB498A144D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341115, "uuid": "2d1bd19b-8846-4c8c-b408-2f7c3666c136", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341115, "uuid": "53117b4b-b90e-4482-ab4e-67e72823590b", "value": "3072:vgo/MO/GdnONgcngvMv2s4t/qRB5aoX4TGKawmCqX:HkO/4ONgcn4N/+5aooTjawmC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698341115, "uuid": "6ac02679-e91d-4015-811e-4bd28ec55ee7", "value": 226816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698341115, "uuid": "196f389c-dd0f-47e3-b640-2a0169327339", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341115, "uuid": "123e9505-95bf-444e-ab7b-cf9851e0046c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35a48014-7419-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698336211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336211, "uuid": "a4bab5ce-db3d-4692-b559-671c7f9cf5e8", "comment": "Malware payload (Mirai)", "value": "210f789bb0f4be31d6280c468f03b124", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336211, "uuid": "7c893b0a-26eb-42ac-bb9c-6f2ee0375d1e", "comment": "Malware payload (Mirai)", "value": "2568726085ff09d2223c08f94cd947b17d1cd2508d5dc70e33e50ce736cb13fd", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336211, "uuid": "4d416120-ab24-47ff-80df-33c17866d02b", "comment": "Malware payload (Mirai)", "value": "b27974ccedf102450312c6d6b63e02e4f0b398aa", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336211, "uuid": "4f030c2e-c7a4-440a-877e-2ff68a6acc7a", "comment": "Malware payload (Mirai)", "value": "eab1d6cd8801acd536452cbbe914a2766fc340cfeeb0bea8270063c9695d13756764ce3ee5ef624f3036713b590b5798", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336211, "uuid": "090fbb39-eb69-430f-b375-88dbcb13181e", "value": "T1DDD2D0AA81D7F1F8D1AAA6BA013C0BD8FE75B112C1149AB718D83076DE471C94D30EE3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336211, "uuid": "3e68c64b-b1d8-4e84-8bba-80b8bf80e635", "value": "768:3YSoXdJZETc51aBfdNRQkHy3xWEMcw6qBo0FkVYcShuZ8:3YJdJZiy1aBnQfTqBo0FRTuZ8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698336211, "uuid": "dd648d69-46a0-4ef2-b4f4-36cef6800e00", "value": 30104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698336211, "uuid": "4fe0234b-2bcf-4b68-a5cc-4bc9cc3c095e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336211, "uuid": "21acb873-c044-42cd-b3f9-6adabd56450d", "value": "210f789bb0f4be31d6280c468f03b124.x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d49851c8-73fc-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698324023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324023, "uuid": "42264423-9c0f-4563-b8d5-9085af68bf12", "comment": "Malware payload (AgentTesla)", "value": "6a1d93639fd510ad253f350c0dae5452", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324023, "uuid": "4a0b55d2-dac3-4df4-8b84-5d016e7a7de5", "comment": "Malware payload (AgentTesla)", "value": "261699041e638a75437a633a1ccb761e82235d369819185e93daf915f1dc69b1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324023, "uuid": "ed61c01d-0961-4de2-a72f-4b2909bacceb", "comment": "Malware payload (AgentTesla)", "value": "4d7e4523125dfb3ff46adf41c4a3efd112a63197", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324023, "uuid": "4023a135-d82d-4bea-abea-0e7a44af17d5", "comment": "Malware payload (AgentTesla)", "value": "b2abd9ccff9e2fa34d2dd722beb50953b76a4590760567d08cf4e01d60fe70e9bf473ef470f7712cc87373ffd5bbcb2a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324023, "uuid": "dfd3c1be-8f67-4ec3-86c2-833db5f146f1", "value": "T1C9D4233CDA1C07B096B5B867349D776729263BF1313FD029E2414CE6D60CDA7BAAD224", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324023, "uuid": "6cff9574-718e-47e9-8cc0-e381f85642e5", "value": "12288:llbT9RZGJso8D3EaFIYH8aajsT9qvZqTjNnhjCcJ7PG9ZajbH0SjHHg0bjv:7fZGJX8FFIipqBqTjZpCcw9ZajzzHHgI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324023, "uuid": "c5582d4d-b210-4d61-8711-30c30f0693f3", "value": 617637, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324023, "uuid": "ce7dc191-d376-47a4-9e9b-7f7592d5ece8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324023, "uuid": "9b84c624-09ea-4755-9162-f22cd54e6b9d", "value": "VINLISTS.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2958177b-73c2-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698298824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698298824, "uuid": "0257ff66-030b-4f6c-b04f-6269917b3715", "comment": "Malware payload (RedLineStealer)", "value": "18c161f286064c75736da8fe3b75a0c9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698298824, "uuid": "9e25c139-0286-4335-b89a-a0c324092c69", "comment": "Malware payload (RedLineStealer)", "value": "277d378b86ea01e832b4ab001b2dbad606bd0f7075322513b849be28332ae2ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698298824, "uuid": "c56e6a7e-cd0b-4e16-a089-5a02a3f2be5d", "comment": "Malware payload (RedLineStealer)", "value": "079a698035899b91140ce957d24c49d651f92f93", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698298824, "uuid": "6e1bf541-9a9b-4e08-b0d5-2196cc6013e5", "comment": "Malware payload (RedLineStealer)", "value": "e210276a3085d06c964fec346e269c52ae7b887593ce7205f6ab62ba45b398a309d8220d43fce210be2cbdfad1712f65", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698298824, "uuid": "d796e9e9-2f93-4651-a4d9-3902a6a4d72f", "value": "T19F84393074FC4A32FAE1A171E7F862B55989B1F303447BC3DF666EA84E3E5E10A16542", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698298824, "uuid": "b42ef234-e1ed-486e-8189-1f269943e0e4", "value": "c0fab0d4bac04914d2d10033feae834e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698298824, "uuid": "0d9317b0-759c-4939-83da-2ed1da857297", "value": "6144:2I3SjK5YkkKOJOd2fccQjONurQQsnuAKcnA8zvmG4YzhmNh:2kSjkkK0Od2fccNnuAKcAnL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698298824, "uuid": "c2d5c914-c0af-4f0e-9277-30c01a7891da", "value": 389704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698298824, "uuid": "ce64f11c-d8cf-4370-99eb-8f79260f8e3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698298824, "uuid": "e140773c-f55c-44af-9051-2000bbb85674", "value": "modest-menu.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20c58c0f-73d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698307830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307830, "uuid": "0c5ee1a1-c2c2-4bc9-b3c3-d989129d9848", "comment": "Malware payload (Mirai)", "value": "4a75f7d17b142b78e033c1395cc5e2f2", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307830, "uuid": "55a6ee22-3b68-4d17-99c7-ca5c952c53d6", "comment": "Malware payload (Mirai)", "value": "28720492baab709176176d1bb81884a7180e73c1879cb5972df1be9f9798b643", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307830, "uuid": "49f596a6-5157-45da-8081-819674ed80d2", "comment": "Malware payload (Mirai)", "value": "0c6292841e6fe5a865f346b903f7a61a3f7f0f65", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307830, "uuid": "0efebb8d-a846-4044-9878-349fc2ef8e32", "comment": "Malware payload (Mirai)", "value": "dd7e719dfccd698dc127bd82e14c2b6d10b2ef37feb08ab9fe57ae191542af7e69cbaa96d717e0235613f338d1ba7a9c", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307830, "uuid": "b30ed783-7bf9-43c4-a7a5-12c43be19565", "value": "T1E163B61A6E628FBDF759833447B78E21AB5823D627D1D641E25CD6002F6034E681FFA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307830, "uuid": "07dd42c8-a1f2-4e4c-8715-45de3d4b1ec6", "value": "768:bPWek0n4CjdGQKKWumg0QhJkJkaYA+koydFXyApGqFDjOZ2uyyQ5NeNTP4wn/IZ:bj/hVmCjooUdym2Uu6eBPZn/q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307830, "uuid": "9f30b9d6-3545-498f-a98f-2c7b71c459c2", "value": 72628, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307830, "uuid": "af38b64c-5071-4027-ad62-c130c837db3f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307830, "uuid": "82f59134-e08e-42b0-bf83-b543fb65e172", "value": "mips.n", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a85ffe49-73c8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698301615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301615, "uuid": "9aed8074-e54d-48c0-a8ee-493e01903e5a", "comment": "Malware payload (AgentTesla)", "value": "80cfccb354603a4609756214df39bd9b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301615, "uuid": "b0a91b4f-067e-4077-b8bb-9e03b8de4377", "comment": "Malware payload (AgentTesla)", "value": "2943e3738dcbad7d3e712d6da3b570735941e9bcc900f4bbe684f4e18ebaed8c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301615, "uuid": "cbe95104-310c-4dda-8860-2f523219a5e0", "comment": "Malware payload (AgentTesla)", "value": "514ba3754c09cfb7a0bd3af7387981db90b72c9e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301615, "uuid": "c8ff662a-de40-48e0-b585-39cedd0c7969", "comment": "Malware payload (AgentTesla)", "value": "299b0a001b7b3420792f50e9549f265a308c863a3a596262fe35255b6be1cdfcaa15fc11aea5e32440b5b29f6bcf515d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301615, "uuid": "88e816a6-f652-4186-a513-a40a484c26fe", "value": "T19D54233E8E2E8E7B579719E4E4386749EC0BE0D504EB3CC9084D1EDBA37D9E081A6D45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301615, "uuid": "e3293606-03aa-4879-ae99-4d48e1a7274a", "value": "6144:aAWq9VJM8w+zZGeQBuC4n+oomH30YCfFAx291PIQotkAhR7wNa2LVaEfTl:p1TVL+VDzvPIxtkiwgoVa6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698301615, "uuid": "5679b585-37c0-40c3-a626-e9e74bbe96c0", "value": 287108, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698301615, "uuid": "8094f9ce-cf92-40ec-a4a7-c4efc1736788", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301615, "uuid": "466b62b2-2ea7-4149-81cc-feda2cbcfd4f", "value": "TBUSMI_PRD0000161033_1.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee1e9b38-73b6-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698294001, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294001, "uuid": "f2fdd998-a2d7-4be3-9eff-40ff45efca49", "comment": "Malware payload (Mirai)", "value": "4255c1dbc4cb701cc9818455ec5a540f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294001, "uuid": "151ae8f3-6c03-405b-8190-3a3d34e10dd2", "comment": "Malware payload (Mirai)", "value": "296d50336f70da15810a4445ad9b2d239dc04562c3770e9c4c0fe19518e97c7a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294001, "uuid": "29253f80-d702-4676-8965-8bbbc76eaeea", "comment": "Malware payload (Mirai)", "value": "4e7269cc3d520e33a0dee613a4e48d4f251a2fd8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294001, "uuid": "4d43aac9-a2e5-4f53-9769-92dad621cc68", "comment": "Malware payload (Mirai)", "value": "ac6132093c53bfd726bcfde6d5b5920e7981c6544723ea28a0905824bba7bf5d35b67535602685fb1adc20cf2e4d0af3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294001, "uuid": "c46d6ed9-7fdc-4a2a-bd2b-1e88331c1b89", "value": "T131C2D044F181DE81DFEA69F03A50D6DBFBE02F1E6A528E9026A153C26E5C3A74345DCC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294001, "uuid": "3afadf91-7dfe-4e07-9cf5-5e3b75b0d121", "value": "768:FVdafO76jpmNJJKehmA7trpfIX9KeA7PwE4uVcqgw09A:tam+AnKehPRa9az4u+qgw09A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698294001, "uuid": "b0144f09-15ac-44ce-bea6-2315c640b4f6", "value": 27048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698294001, "uuid": "1a8c3cd4-f8ca-4ff8-af17-657ec6f51183", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294001, "uuid": "73b84d37-5820-43bd-bb1f-aa2924aba690", "value": "4255c1dbc4cb701cc9818455ec5a540f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7d0be87-7402-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698326578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326578, "uuid": "0788d293-7ee3-45e6-b0cb-f6c95957e5d2", "comment": "Malware payload (AgentTesla)", "value": "c2acbc748ecc2eea7deef681d64b36cf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326578, "uuid": "0cc20bc9-c3f0-4fe3-a574-04a104028214", "comment": "Malware payload (AgentTesla)", "value": "2994d5d9965778bf6d739ad76f95c3a9cb13775490e19fdda9e21634cd5f538b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326578, "uuid": "7ec8cf94-193c-4076-a0c3-14fea5434fa5", "comment": "Malware payload (AgentTesla)", "value": "5ef6f4063f488dafdb2f6e5bf6aacd232bf2ec74", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326578, "uuid": "f0b3b4ff-3cd5-43fa-a02d-8bc39c9a1283", "comment": "Malware payload (AgentTesla)", "value": "ad2d418bcc3e5b7788675a364e0aea2f67c04f560e2b34bec00103142209d611c5205327266600f87a8974ba85bcbff4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326578, "uuid": "5603abab-eeab-4b15-811d-956bd9de4ac5", "value": "T1990502147A99CE12C66A4F7F456200001EB1D956AE8BF78B7DC8BB6D2C9B3DC4813B53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326578, "uuid": "b1e73143-7081-4c7a-ba78-c1b1a88f2c69", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326578, "uuid": "051930da-c6e3-41ec-8ef9-26a8ae113bcb", "value": "24576:+UmSXQFqFptthCsmDwY9oF5SX1BU1ffO:cqFLtnmsko5SlK2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698326578, "uuid": "0f63da41-c20f-4db1-930b-dad84a1579fe", "value": 809472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698326578, "uuid": "72a9293f-a9e0-401b-aaa2-dde4c367c206", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326578, "uuid": "e2792854-a461-49ad-9cab-7780ad735ae2", "value": "damianozx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3632b5d-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698322329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322329, "uuid": "bee90b31-06ec-4715-8b88-33a68462cca1", "comment": "Malware payload (RemcosRAT)", "value": "0c2f79499ae84eab4d4f4493642a0498", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322329, "uuid": "dc4ebde9-70af-4203-8456-5f75d4c8289d", "comment": "Malware payload (RemcosRAT)", "value": "29990f6f2629f016a5608a1618494d91f44866f069e26a18c28f0c14f13a2f87", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322329, "uuid": "f94d608d-ba10-4b6a-b744-c7e494cb9a53", "comment": "Malware payload (RemcosRAT)", "value": "8a7cf5abe896eeb04049874fcfa75022d6851b28", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322329, "uuid": "c82fecad-f3b9-4fa3-8bb5-a9b9b6f752ab", "comment": "Malware payload (RemcosRAT)", "value": "81895e6efbd80c90b0955a995b2ac35c12d4ca5bd6d5732553f507dcc38005add8fb00e4b454c73060a2fe17ebff5ac6", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "tar", "colour": "#0BC0E3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322329, "uuid": "38253af2-082a-4b2f-9a1f-ad90428827bd", "value": "T18BF43307618DD7EC65A03BEC007D644FF1509BCBB8C90D2AE20B99E29D056BD6E0F579", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322329, "uuid": "b7488a79-d4b1-4436-be2c-72ef54b8bed2", "value": "12288:CB9/rwKgbxc+JujLZBZnu6AxGpno1ggjLKLjwl0Qf8POeFnFJSuCDPDxhXsSiYwq:A9MH11Juj1uVkpn9LLjwuPhZFObDxySV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322329, "uuid": "daa2d446-637e-4e20-bc5c-598587f4bcaf", "value": 785420, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322329, "uuid": "78aafb08-a2d2-4c40-9221-55160c1af7ce", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322329, "uuid": "48778e63-a2d0-46bc-9aee-ef6be94deff6", "value": "proforma_Invoice.tar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5ff808e-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698322334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322334, "uuid": "dc1d4eb2-a2f3-4205-ac63-6e33316a9b29", "comment": "Malware payload (AgentTesla)", "value": "381d1603b7541103c381cce1d7f2130d", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322334, "uuid": "afbc0da4-8b26-497c-8907-687cac3ceeb6", "comment": "Malware payload (AgentTesla)", "value": "2a0f1693b263a944c3ad989264e9ef39278fef02b77b3fd2c8c5c7b9d3c7e28c", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322334, "uuid": "1f4a1ae2-f721-4961-9c7f-65e1d37a2cd3", "comment": "Malware payload (AgentTesla)", "value": "4c0634b558ba2e4c6f008660a3584a797c245f79", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322334, "uuid": "c54ea854-59b9-4f55-a4b1-5c0376dcec1a", "comment": "Malware payload (AgentTesla)", "value": "3d5d83d4e86f2dbe205be74e5f4d81a7f2f89c0ac8c7def1bc3c783cd96adcdd58a37c4f4e1ea7f9fa2307a3f6c8259b", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322334, "uuid": "75c04549-e82c-49ae-a786-05a7aa174791", "value": "T1FFB4236D7417AF77A8BB883E97FC484905831CC5A2D5FAAEAF2168230704DB11B5DD38", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322334, "uuid": "7233791b-43ae-40a1-866d-6010212511cf", "value": "12288:qVcgIq5nL/U4dQHraTkhW2vks9HwZsxBPk0AJ0q:qVcgzdtyC6ks5nFy7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322334, "uuid": "9806a293-bc8b-43b8-b9bd-e87d812f16d0", "value": 540389, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322334, "uuid": "521ef74d-57a8-4936-a54c-a3b542f3c35c", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322334, "uuid": "bf568edb-135a-4ec3-91e6-f3ce77ab39f9", "value": "RFQ-PO45103320_1.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b4df3c5-73fb-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698323470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323470, "uuid": "041d6d16-cbba-461f-afe8-402a29c08c00", "comment": "Malware payload (AgentTesla)", "value": "b9c6ed8b837bd3508c37fb951c97ebad", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323470, "uuid": "e9e29c99-722b-401d-a4ab-e83f9a0e8a89", "comment": "Malware payload (AgentTesla)", "value": "2a45d5a155c528b9108bf8c0fc0863a763f3d3365bbbec57195cc22065c5b47b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323470, "uuid": "b5f6ba6d-8d29-49ee-bf7c-bbea9de6a324", "comment": "Malware payload (AgentTesla)", "value": "55269e0115419c22a091a067a7225f7a75ffe0e4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323470, "uuid": "e26d4770-6050-448a-b34e-728e69429da2", "comment": "Malware payload (AgentTesla)", "value": "d3d3b94d11b402dc10ae82037b61c73d0a9b10a3ec2ca3e7cc83926140c238b926b98db0f8b5ae424a20e8f81b2c096f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323470, "uuid": "40702b68-62d3-45ee-853a-85f4400f3060", "value": "T1CF2523601D5938BA4B74863C339B5F02427B96B994AC71FE0ED6B4DE726C2199F43C38", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323470, "uuid": "7e79d2cf-1bde-4cf4-869a-a7bcada765ba", "value": "12288:Gxzpw5y10acVn5meNSbJbFeXuyM6aqRtzzAryZO1N8/Buwt41EhtEIGq+MKeVMEl:v5yiV5zwbMaXl8/UwQ/BiFwCZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698323470, "uuid": "fab48c83-4ff0-4af2-9bc1-7a03c219c6ee", "value": 1032345, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698323470, "uuid": "0c652409-68fb-4948-8fc6-d2afa5672a48", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323470, "uuid": "fff78c69-fd97-4b61-b1c7-971354c149a5", "value": "SEPA 2023-26-10 PDF 4100038724991802.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad0ef33e-73c8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698301622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301622, "uuid": "5661ba55-01ea-421a-a940-944aaca3ef9c", "comment": "Malware payload (AgentTesla)", "value": "64be29ac364feee920d790b49beaaca2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301622, "uuid": "1ce4d2f3-bae8-452d-b923-c034c99aeed5", "comment": "Malware payload (AgentTesla)", "value": "2ad246c95f79a3f21623a89e7de935f8ec7e42c6875a15b30e219a465f4e4907", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301622, "uuid": "dd39199f-4405-419b-bb0a-723460f0ddb0", "comment": "Malware payload (AgentTesla)", "value": "8af3b456636901f562b207d8bd2682ef754020ad", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301622, "uuid": "b9ee9062-eac2-446a-b247-58a98209483c", "comment": "Malware payload (AgentTesla)", "value": "da39ed8e4e00c3d393d187f931b669cd674ae6d36c0c258366685308c22f5be5536159f80c162d7696b435108c887c93", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301622, "uuid": "7d54d60b-d7f7-444e-933a-939a94eca8ba", "value": "T18425D5212799DF05C90F8672F05582F907A3DE06DE81A7E76AC0BFA036B77D26E4414B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301622, "uuid": "fc90c972-83e4-4a61-8633-cd7b79a6dc50", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301622, "uuid": "da424631-db9b-498d-8d73-cdb9cd6fe572", "value": "12288:5ZRR9LA5hAH9eqpPLEMAy5Y854BbdVfiBxnDObA8:foQd5YMAy68CxExDF8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698301622, "uuid": "0da0e791-88cf-46ff-ac82-ec84b0d7e3ff", "value": 1019392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698301622, "uuid": "c963078a-afd9-4da0-b3ca-1b573bb2fb07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301622, "uuid": "022f530d-0fbe-44a9-a7c3-fef18203b25a", "value": "QUOTATION_OCTQTRFA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19133a7d-740c-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698330580, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330580, "uuid": "b6bca4a0-6145-42e6-a579-24365b08c5f4", "comment": "Malware payload (AgentTesla)", "value": "1ae7e1fd7f797979b39420c5bf543b3f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330580, "uuid": "950c9cfb-2f90-4ff6-be6c-d360ce3ad3c2", "comment": "Malware payload (AgentTesla)", "value": "2b54c4312a492a7eec0ed32309679cccd77df716f962f552faa7f8c9159ee5bc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330580, "uuid": "15c7364c-bb61-4ae5-90d5-c2e77baf4824", "comment": "Malware payload (AgentTesla)", "value": "9c19557d8d9df4c5dfe7f4955f96a4cf93419b77", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330580, "uuid": "9ccb5e5a-05c1-4bd0-9d45-5b195b06a2ad", "comment": "Malware payload (AgentTesla)", "value": "941ad2b121ac6264703978b29436f665770debb5edb82c26f0e9264af252ed1b649840bd341904b3e2f86f9644c284a6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330580, "uuid": "8df7c2bc-f093-446f-b4da-2c0aecda6424", "value": "T115B311526BEA2108B5B7BB444A7A51744F2BB9DA6C7DD54E01CC5A4C0BF3E80CC60BB7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330580, "uuid": "35d22860-a090-4f27-9db2-570491b3e0b3", "value": "1536:F+ae4Mi3mI2hb7KZ18C2NGkikGkFjGkikGkKEt0eEKU+kCKGWGPrbrbTDDpOAWG/:5eBQZxNj53e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698330580, "uuid": "636c6ce1-a982-4d2e-955c-a3b1db637a02", "value": 109356, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698330580, "uuid": "8eae51df-70ea-4aae-8e9f-b6bb39677c4b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330580, "uuid": "60da6d08-eb5f-4a54-bcc0-3b5053434933", "value": "Orden-de-Compra-00501.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "646a325f-73d1-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698305366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305366, "uuid": "7aed8b92-51b3-4125-a728-097fc862bdd1", "comment": "Malware payload", "value": "d1b50bb0d0b1e579cee1afa710cbb482", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305366, "uuid": "3dae0e45-866b-499f-a7d7-d9126cb54ff9", "comment": "Malware payload", "value": "2b7183a647d0b13312fd7e234896746d988db6870b2adf2ec1f2f0cb84a648e3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305366, "uuid": "8902e3ff-bfc5-478e-a021-8b90bbdce0a0", "comment": "Malware payload", "value": "1fabe39b0281cf70c77575a62fcdccc0ff63938b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305366, "uuid": "dee078b1-3fe0-425a-b70b-6e616377c738", "comment": "Malware payload", "value": "5afddf2437d89ba391e60843af8a39f30e47784aaf78cbf8159e4f2282ffa52970be4cee9dc624869202779ffc6050f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305366, "uuid": "6b2fa30a-3275-4352-b5d4-6ed1c77c4a93", "value": "T11F658303BA6789B1C148D737C6EB1C3443A4C7A17223D61A798F236619633BB5B4972F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305366, "uuid": "0c6d9455-594c-46e2-81ea-7aa3e670f552", "value": "24576:59yWRD2bh6lYnZ1BsH8cvYWUqwV9jjCkOffP28Z4rAE7QjT+:Ryh6lYnZ1BsHjY1SP8AE7QjT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305366, "uuid": "7c76505f-dca7-4428-b8b8-994583236207", "value": 1534464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305366, "uuid": "75b2a485-d87c-461b-bb08-2d5432fd4ab3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305366, "uuid": "b1653bcb-044b-4663-9ce5-cadf4bf7908f", "value": "AsiaXEnquires.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46e33df5-7408-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1698328939, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328939, "uuid": "e8a820df-0008-4929-935c-cd6e8b070e44", "comment": "Malware payload (Smoke Loader)", "value": "5b77d0d739f777486554e93b9e96c485", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328939, "uuid": "4a74144b-42f5-47f2-a595-2d3bbb70fb04", "comment": "Malware payload (Smoke Loader)", "value": "2c0fb18b2e43ccfc041607fa3b09d9ed8d8e230be6bad2f3603bd0750c1c5fa6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328939, "uuid": "59894541-7fb5-4605-8085-daa96af75cfa", "comment": "Malware payload (Smoke Loader)", "value": "44350758c879a1d24797e563905e815927b76f84", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328939, "uuid": "de277dbf-9990-4497-bbbe-8359ba37b701", "comment": "Malware payload (Smoke Loader)", "value": "8242364e5a3ed82e15d09cade4771a44d5695fd23cc93684512b98380b9409d49c9bcfd1b836bdcd92626a4c5f23068c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328939, "uuid": "d4940e5f-f5e8-43b2-9ef3-c64e1e07ec47", "value": "T1C4752342ABDC0566E9E04B3108F357C30A7ABC518C7A83DF5364BD1B49E3198E575B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328939, "uuid": "2ed438a8-16eb-4631-a89c-2155eab92806", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328939, "uuid": "91ddfa5f-3d90-4146-8657-0410875b3b83", "value": "24576:eyMM1R3aeE9QF+2eMcK9dXu1v+jt88PXOVWk2w9wLlHIMIBSANb:tMSlGOZcGZyeEIwiLlH1IBRN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698328939, "uuid": "432ec622-c69f-40bb-a32c-bfd0ae722c61", "value": 1624064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698328939, "uuid": "5d28e162-56d5-43b5-b268-994d2c821826", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328939, "uuid": "921b217d-86fd-4cee-a83f-1460673d8ef9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "973f83b7-740c-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698330792, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330792, "uuid": "c95b77b0-9f25-42a1-8f4c-f0912d993f3f", "comment": "Malware payload (AgentTesla)", "value": "e5b233c989efd44132906bbe51f2ed20", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330792, "uuid": "f0ee921a-067d-4993-8554-7bdc30874b2e", "comment": "Malware payload (AgentTesla)", "value": "2c1caf053509c4cf8f14ddd4ed4f6b301e942eb58c93d56e524340ff7ac14d89", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330792, "uuid": "524b19a4-8fe1-4cec-b276-54db3382d764", "comment": "Malware payload (AgentTesla)", "value": "0b844204b438886c2d756df0760266cf1bbcc865", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330792, "uuid": "aeb62886-7877-43eb-aa51-92a7c3aa0dbc", "comment": "Malware payload (AgentTesla)", "value": "ef90f4bd242d4cf56e431cb11c32188ca859aa62345e81476fd0223b3f95d8cd07e37fd32e59a9b58e84d34798f6de50", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330792, "uuid": "4499e937-ae95-4707-8d80-661de3fd01ba", "value": "T1DDA4239ADC7E4426B272A3F507C2158EF9A031ACDD1B209ED9DAE175C1248CCD4B7C6A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330792, "uuid": "a70052f2-3fb4-4de4-8f58-8e72121706f7", "value": "12288:5Qv+imBMGwM6DoE8Dd4VBJZqG46bkMOhwR7DNDTHFUw9:5LXOGwfD75qG46bkMOORNXHv9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698330792, "uuid": "34798502-91cf-4a4a-a06d-c6aa12252ab4", "value": 465962, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698330792, "uuid": "2dacbc00-bb42-4f45-bea8-7a56fcc4c01b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330792, "uuid": "d432c6ae-98e4-425b-a845-fbb7169d16a7", "value": "NEW PO (YST2310-1010).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d17d5b4-73b7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698294294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294294, "uuid": "b68c4142-30f9-4836-b9fa-097f5dfefcde", "comment": "Malware payload (Mirai)", "value": "0bcdb8b9438447ed9abe7f3055898738", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294294, "uuid": "33d1f25f-9140-4cac-b8e9-fa50bb2f52ea", "comment": "Malware payload (Mirai)", "value": "2cbb41e517b8b8d3ef04157e83faab3a6a691d5c6b9544355aa3dbe5c465dce2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294294, "uuid": "bb737460-d2e6-4825-853a-0a345b002686", "comment": "Malware payload (Mirai)", "value": "d2ec8bc257f694513ef9ea869e3f4ba06d4091bc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294294, "uuid": "70af36dd-b416-44bb-9c3f-39051d8fe9b8", "comment": "Malware payload (Mirai)", "value": "9cf45e5cdc2d5794b85acfc35affd9acb7c8fc54d7bdf51f868c2c44ecc907947dd4f5cce6deb4441debcbd6988d32a9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294294, "uuid": "fe4348a2-e0e9-4c55-a4e4-7949ebbe7448", "value": "T1C8B2D1A447D19706C1B0B475A27CCF921B3B15F0D6F639271A2093BC968649633FC6C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294294, "uuid": "acf8a95d-ebcb-4891-b6b6-08d247ae66c2", "value": "384:4GHKXlJIDFUS0Mggks3aIrokYVDoDDRRKj55N7LB9U+BRJcFMRhymdGUop5hu7a:4GHKQFH0rs3zWoDDRsjt7LB9U+BRemsD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698294294, "uuid": "61c2555b-ab97-4a73-9696-cfaf7ece11e2", "value": 24536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698294294, "uuid": "ca27be34-8f81-482e-87bf-1c65a018537e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294294, "uuid": "64f62266-1f90-4e68-98d5-b982358e8d90", "value": "0bcdb8b9438447ed9abe7f3055898738", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4d9af42-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1698304186, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304186, "uuid": "86b8046f-3006-40f8-9147-c9f396d7442a", "comment": "Malware payload (DBatLoader)", "value": "f6fca49eb46335f03f799374285d16a8", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304186, "uuid": "174adeab-25af-4a71-a547-d0e6549200a2", "comment": "Malware payload (DBatLoader)", "value": "2de867d8517763734d6a3d0f73152371ea29f1523d070ba099ec9cafebacb20d", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304186, "uuid": "3977a685-4e15-4dfe-93dd-1c6fc0d659bd", "comment": "Malware payload (DBatLoader)", "value": "00585e6f55a1b79c41daa40b817f5b30c8228d09", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304186, "uuid": "7cb89806-699c-4b45-bf4b-5c7d0d8d4e7a", "comment": "Malware payload (DBatLoader)", "value": "bbf8b9608c7d2bfd9bbda0a2227bb9b60bdbfc464534413ff2dabc2bba4de41d7e5f6a0a89392a1236b55b90407e9098", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304186, "uuid": "981e7c39-b863-496d-b0d2-2ea7f28b9a5a", "value": "T19555D12AF26188B1F02B0A397C27671FDB186E692964795B27FD7E540E35343386D0B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304186, "uuid": "0619c44d-c382-49eb-8636-b0f77b9371f6", "value": "b4498ed238a5d5d6510e036e3bb29986", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304186, "uuid": "7cbc5c2c-ccab-412a-b82e-822c35175752", "value": "24576:bKuO345cRv/kabphVsJhfYPzyB+4Buxrhre0Qhd/0hkEBS/:bLysS24mwe0eMkEe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304186, "uuid": "721fffc5-beb1-4738-a17b-463177c58e43", "value": 1314816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304186, "uuid": "6825be38-8514-46dd-80ea-4f89b98cd295", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304186, "uuid": "5624be8e-4b74-4963-a6a2-66931464ac69", "value": "PO191023-R02X56UGJ4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a51a6e7d-7450-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698360021, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360021, "uuid": "baa8b717-80a4-4ad3-a9ee-7d0a44a1d2ab", "comment": "Malware payload", "value": "6b52731c45246987956829ded01331e0", "object_relation": "md5", "Tag": [ { "name": "bankfcyprus.com", "colour": "#43F050", "exportable": true, "hide_tag": false }, { "name": "chocolatey", "colour": "#F9C5A3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360021, "uuid": "25936761-9739-489d-820e-9d443323aef6", "comment": "Malware payload", "value": "2e3e40e8bf13d88396f22e7c6ae25b2725871e32237538414dff8485ecf19fa0", "object_relation": "sha256", "Tag": [ { "name": "bankfcyprus.com", "colour": "#43F050", "exportable": true, "hide_tag": false }, { "name": "chocolatey", "colour": "#F9C5A3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360021, "uuid": "26526cc8-08bf-4504-914e-d2e8a2f9b192", "comment": "Malware payload", "value": "d3ea331bdcc214ec7ea134492d2af8cf5195cc63", "object_relation": "sha1", "Tag": [ { "name": "bankfcyprus.com", "colour": "#43F050", "exportable": true, "hide_tag": false }, { "name": "chocolatey", "colour": "#F9C5A3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360021, "uuid": "cd8545a7-1e10-420b-9fdb-0dfe571f546b", "comment": "Malware payload", "value": "db25266779995c815ef61afb35cb5a84f2a4a8c8e887cc34863a55a7956a82e7d92830afe22ff0032641f6422feba68c", "object_relation": "sha3-384", "Tag": [ { "name": "bankfcyprus.com", "colour": "#43F050", "exportable": true, "hide_tag": false }, { "name": "chocolatey", "colour": "#F9C5A3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360021, "uuid": "fd100b92-8981-4405-87a8-636b5521f1e7", "value": "T14AA45A9767D432D5E83AC438C82344524762BC79DB919BDB49D8F23D0E722D09E3EA27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360021, "uuid": "682fdfbb-865c-4475-b9ee-d1211ffe0793", "value": "e3007c8e0098d06abf617eee6f0c5abd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360021, "uuid": "1ce9e7a3-4cfe-433d-b1a8-a2dcc4445ca4", "value": "12288:GegR+xKnNPW2KXzJ4pdd3klnnWosPhnzq:GnUgW2KjJ4Td3kJnbsPhnzq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698360021, "uuid": "c1318361-78f5-46b5-88e1-0bc631cf14b0", "value": 493568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698360021, "uuid": "2998fc19-cb4d-4020-b7d3-4a1392d12bb0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360021, "uuid": "638bfb45-b631-4088-a557-423ce4b2f670", "value": "b75d7253d17c4ba6d2075683023aca2e76a29646afe76132f7ce4607dc9def1b4463ee5b4ce079fad47a5aad2a437273.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0930d5d-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1698304205, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304205, "uuid": "51fb23b2-755a-4edb-b337-0853e7a47de1", "comment": "Malware payload (DBatLoader)", "value": "e7fbc01f303e7ab6f5279ecf88963a26", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304205, "uuid": "3afc64c9-4b23-4c43-be61-326fc09ff5cd", "comment": "Malware payload (DBatLoader)", "value": "310fef60a83b23ae386a9fd256ee6025493365aa9233a69446f63519e1f6a2e4", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304205, "uuid": "757322f4-5b51-4fa3-9f15-3891d871cc21", "comment": "Malware payload (DBatLoader)", "value": "449b576eea3278e5b83203c3d1a0b841a019a973", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304205, "uuid": "2be5e9f5-c3a3-4b41-91f8-f37dd7aa60d6", "comment": "Malware payload (DBatLoader)", "value": "1b0c14ab0d55d5c98af8b4378433412e05f860760c78f9611f6965e3b03e05ad3bf8af49d02818f9e614ecb92fd632e1", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304205, "uuid": "5e799a8b-6d6c-409e-910b-0df1b737833b", "value": "T11255E062F25144B5F03716396C2B5F0EDF18AE2929A9291F17FD7E540F3264335AE0B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304205, "uuid": "99a4174f-d6c6-4c22-9a19-e0314e29dab0", "value": "b4498ed238a5d5d6510e036e3bb29986", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304205, "uuid": "ce7af0bc-9929-4b0e-bc9e-cfbda161a557", "value": "24576:bKuO345cRv/kabphVsJhfYPzyB+4Buxrhre0Qqd/0hkEBS/:bLysS24mwe0RMkEe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304205, "uuid": "c7ad12f2-cd27-45b9-b244-b02813ee77a2", "value": 1315328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304205, "uuid": "dc911a2f-75b5-4535-992f-175c6f87e7e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304205, "uuid": "61e63f11-606e-434d-bbd8-56709f9bd812", "value": "Seprrgqgdrspec.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd6e9123-7419-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698336466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336466, "uuid": "49c2c9a7-953f-4a3f-bb75-9e4729ee6939", "comment": "Malware payload (AgentTesla)", "value": "625f0ff6df69788f6ee95be7ed1bbdf7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336466, "uuid": "a031ae91-40f4-4506-b5ef-b9a03f3338e9", "comment": "Malware payload (AgentTesla)", "value": "31ae993f4b4e0bdee766a3004bc8d943aa327d8915effb5a2b1695086dbb1eaf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336466, "uuid": "309d0762-3662-458c-b51d-fd591710394d", "comment": "Malware payload (AgentTesla)", "value": "bd53f1b27f98b53a40030a50d066c87f5634c07a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336466, "uuid": "17f44532-8bb5-4064-908f-e33191f8ffe3", "comment": "Malware payload (AgentTesla)", "value": "2922a55bf89b4096db3cef9db2ddb0f90e996deebbc210948f658042317b4ed2d1872a9e6bfee0e09633d0e90928d6d6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336466, "uuid": "2dcc0399-6ec7-4bf0-b8a8-ebf2d1c2e4dc", "value": "T13DD42393BEA580C508CE49EE3053F197B8966CC129C125BF9880A377F96E78ED763043", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336466, "uuid": "112b31f7-950e-45c1-a343-de8330ed4d84", "value": "12288:k6g+8DOpmiFMKkbW4Zy37zfy/s5FzQSmeAfGgTM+0DeRsdYMO:k+8DmX4oHfh5SXeAfnI8RsdYMO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698336466, "uuid": "5946af88-b560-4fea-ac9a-917fc5accba1", "value": 602840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698336466, "uuid": "4efc7c8c-f7ea-4e0d-8755-f38c7dff4292", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336466, "uuid": "bb6f618e-f49d-430e-99a8-eeb2c53524cd", "value": "bank account pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e005fb78-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698311586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311586, "uuid": "230c3cdf-a81a-4929-aa0b-b6760cb7a934", "comment": "Malware payload (AgentTesla)", "value": "9ab4897fe79569cc927fab675bcbc6dd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311586, "uuid": "d4164cfc-cac6-48aa-b1a0-e1fffcfdbd4a", "comment": "Malware payload (AgentTesla)", "value": "31d426a6f8d3aeb86e729e203b0d99259e560c92c6df9bbb74daa414530c5e82", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311586, "uuid": "bd9d5577-0cc0-438d-b94f-5573da33bfa0", "comment": "Malware payload (AgentTesla)", "value": "dea13dd199625f665db18e06f49d4a3855fb7480", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311586, "uuid": "a5d4fb4f-2fa0-489a-8be2-f7a52df550d3", "comment": "Malware payload (AgentTesla)", "value": "e12594457f9bf274bfa8c94242a38a9730407b5b5b998e2bc3d2af86b73ebc4bc9cb4d0bed95ac349add5cedcf61d7b7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311586, "uuid": "4d2c96b2-7d71-45e3-b313-327622d2a671", "value": "T1AD45DF07D804DB83D41D83F8BE434DE90F4AAF18E88969DB10577F8F3A31A625E9A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311586, "uuid": "5a950b47-4b0b-4681-a384-19f026c398fa", "value": "24576:ExBXZyww6/TnH4Zyyw6/2fa/rZuJfIdQ8T4xLeQyE0iL7MdD8lq:Qe6/+U6/qWNUfIdzTemriH0W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311586, "uuid": "730daa86-c24c-4998-bd9a-ce57314f9a6b", "value": 1186816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311586, "uuid": "57345160-5544-4f38-b6ba-d88288e1232a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311586, "uuid": "8873743e-bbb5-4521-a516-41c3fd06ea45", "value": "freight quotation for 50K Fertilizers.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a04f7f5-73fe-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698324569, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324569, "uuid": "ce000dfb-c079-482d-b965-8849400411f5", "comment": "Malware payload (AgentTesla)", "value": "3bcf47a5334c4bf63022f38f3542900e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324569, "uuid": "50ef7a76-ffe4-429c-a6b5-df83c02d7110", "comment": "Malware payload (AgentTesla)", "value": "31d949b7ff4157dfb376c9ae9ed0e8b3ca04eb5c26b1d769cab625399770face", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324569, "uuid": "7b7c7d8c-6fc7-43a4-9b44-be949fcfca19", "comment": "Malware payload (AgentTesla)", "value": "a0dfd923e5d96b5e7280ca18548c7e5181ce3b48", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324569, "uuid": "eb3bbf20-6cab-42e9-94cf-7161d388c1ba", "comment": "Malware payload (AgentTesla)", "value": "b17033c525258fb55bf4faa196eafa56f2d09444e6d8a4dd1d3a1329bd86ea920bb215523f54860c4e89d187f1d614ad", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324569, "uuid": "c4cbf96b-9f37-4925-88d3-66d7653249ff", "value": "T16F9423D737B54AB41B20FE116287BD8F2E74179E2C2133FA65B994C33A9C68885DC85C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324569, "uuid": "33ec0b57-29d1-4ae1-9558-0e3cdd155e1a", "value": "12288:Mk6o07VMeuYCi6iZ0g329z+Z/HwX2W2PDxxb5j/fBuG:LZ07CeuYhv0MmyZ/HW2W2Pjb5l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324569, "uuid": "7523b09a-dd7c-4392-afb2-26d3d76f9a4a", "value": 439963, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324569, "uuid": "d91a3483-8fbb-4e04-9b8d-f050cd6a4377", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324569, "uuid": "283aa4a9-6e0c-46bf-816c-b15841ed2909", "value": "RFQ# 6200046003.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb8de5e8-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698303902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303902, "uuid": "b1365e0b-800c-41bd-afdf-a3b4c0e24ef4", "comment": "Malware payload (Formbook)", "value": "aa4277cf5cd53eddf16885bb411e6ff0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303902, "uuid": "ebf73825-0e88-4635-8edf-31dd7e20c832", "comment": "Malware payload (Formbook)", "value": "32290d3a44ccd56a41469cda2bd09d79dde405d398b76705c0de70faede87bc1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303902, "uuid": "0f49832d-8c24-4420-b729-25f7acf672f0", "comment": "Malware payload (Formbook)", "value": "a77582cd84fa3439fc0be48257f738c3bc001746", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303902, "uuid": "297f5cb8-df9a-4612-a2ff-a8c3c2f700e8", "comment": "Malware payload (Formbook)", "value": "2fd85d8462a62b65643e32e904dac7754e390f4e2bb93757eccae9dcfe0ccc3e28cda548bcf4abfc3723c6d9afd7f647", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303902, "uuid": "498f73b3-998b-4592-b437-c1fb34bd32aa", "value": "T1CEE52803BA86CBA6C148D737C5EBCA700764DFA16213E61B35CF6B6734433A65A4436B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303902, "uuid": "222ba7b2-ba4b-471c-92ca-0fcbb6855aa2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303902, "uuid": "4fd1ca81-142d-4e42-b451-86c9fa604f74", "value": "49152:TPBtuuYv4QLSC3UZjJ8MXM6fq1CYLKNPXns1dal1U:DBE/vsV8UMIq1CYLKlXns1dal1U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303902, "uuid": "d04bc96c-207f-448c-9e9a-cdbfcfcf6270", "value": 3061248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303902, "uuid": "79dbfd9c-0aff-4d16-8435-540b0e5f9500", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303902, "uuid": "9ce41025-0be5-4dab-8c8e-b3674314edb4", "value": "\u00f6deme talimat\u0131.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4876acca-73b7-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698294152, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294152, "uuid": "32562543-5e65-498e-a7c6-4f040eb1e9e5", "comment": "Malware payload (Formbook)", "value": "aa3642ab5f92898c68e0f07e9612359e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294152, "uuid": "6a8e6ef5-8617-44c8-9aa8-c126eaed33db", "comment": "Malware payload (Formbook)", "value": "3477f385ec44e432b8d57b4697139a266913d63a4e0d0c6ded11ac5eb3329f37", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294152, "uuid": "374fb4c0-dd14-47b1-9af1-d392f327c8bf", "comment": "Malware payload (Formbook)", "value": "4e311fdd1628bfff15960d3c742531cc0f9d5698", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294152, "uuid": "392335b1-8257-4a9c-bd2f-181cdf68d395", "comment": "Malware payload (Formbook)", "value": "8a7787042d221838dd61626642ff2fabd615f6ce3aa9946262d4a0cf829d6b37d194e81f7172990212f3e88776f16858", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294152, "uuid": "beac734e-c419-4e78-aaa4-35c753a51ed7", "value": "T103741227CA51C4AFE6260AB2C6B7EDBCBA658D5CC903000B079D3F2F75B1093291D95E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294152, "uuid": "62e1cf4d-dceb-444b-8ae8-b77694cf6c0b", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294152, "uuid": "a1dab4e3-a618-46e5-8495-dea930cfab34", "value": "6144:b8LxB6jSiKTMe4IrEkXlSjclj/pZBLE9hkEqxe3iuikieLd0QiLJ8z649Z+5Hnki:rSiMFn5Hh/pZBrFxeS980QiLc6bp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698294152, "uuid": "639fe15e-0a02-4214-a9fd-0d39200823e8", "value": 369928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698294152, "uuid": "ed4c940c-8ebb-445b-8101-47c4847c08a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294152, "uuid": "eaab1d74-88e1-430d-b451-86bfdb686cf4", "value": "A0719_016_9900_F5_001_D_A_1M_230714.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68f76d0d-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1698304085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304085, "uuid": "df5a0e27-2e67-46fe-a5ea-0b0f2483751d", "comment": "Malware payload (Loki)", "value": "000184792bc9472dd3ed2e0d8f83da29", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304085, "uuid": "26e5e44c-5160-4107-88b8-1114d4086e45", "comment": "Malware payload (Loki)", "value": "34d1a565a2750157284ad787009e5a2973c4f27518375a9af7f2d080d9461686", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304085, "uuid": "3c74cc17-bd4e-4c9e-b42f-12a12101ee0e", "comment": "Malware payload (Loki)", "value": "797b323875c1f0e56b1a48539dcb11cbb895ae56", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304085, "uuid": "b638239f-607a-4e73-ac8d-3a33a6527196", "comment": "Malware payload (Loki)", "value": "65f63077a7ec31308340242618fe972e9df6bf23a7a8eb082a1ecfaff44b73ba2f8528cddd1392386f2719b5fb47457b", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304085, "uuid": "af5297a4-3397-42ce-be4d-c5c460c42bd6", "value": "T1A685AE10E3F4AA08E4EE8771AD7066E4A7B27422B727D74ACC44D595386DBC38EC4763", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304085, "uuid": "84b5ea17-8e70-41c5-9d1e-28367cd17fd0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304085, "uuid": "9c480846-87a8-4379-9e6d-dc7a5c44cf5d", "value": "24576:lx30cwQEkQ1V/ke/UL5W+TV0Nfz/OE6iQd9g61tVD+7AB7L+KgyrrrrPrF0BMnln:lx3g6QP/ke0kByHd9/mkODyFBnK6Frd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304085, "uuid": "90469d19-17fc-408a-924c-9b90d104843f", "value": 1866240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304085, "uuid": "664b0dae-34bb-4bf8-80be-5af78f4b0603", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304085, "uuid": "708c9dfe-c041-4e28-997a-1bba1d432587", "value": "DHL Express - \u0130thalat G\u00f6nderisi.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "692ab951-7414-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698334150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698334150, "uuid": "f2d596fb-a03c-4e4b-b5ea-e350c4c68b60", "comment": "Malware payload (AgentTesla)", "value": "d47f6e1e28dd97ca9e7474160672febd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698334150, "uuid": "e7fed321-a31a-42d6-8146-88761351b58e", "comment": "Malware payload (AgentTesla)", "value": "35b79f43070792e2052d3932ea31324b44b493cb68d8c9c8e773a161acdd3056", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698334150, "uuid": "2dd854f3-b180-40b2-80b4-e2de1e7e7ff0", "comment": "Malware payload (AgentTesla)", "value": "9582244ead1b0d4eef792f66860060336ec3c82c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698334150, "uuid": "74d18020-8acf-4f7d-a786-8726bc20cf56", "comment": "Malware payload (AgentTesla)", "value": "47fb1be79f266279c7de236c705a3d235d81839b3cd2eefc0d79c57572da9b7a1c4b06c61a255c5c80c73b670c000ffd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698334150, "uuid": "648e7897-9e89-488e-b82e-be8b7e72b2e5", "value": "T129D4234EA979E283BBB35E9E4D1420D2ABF58322674CCD5453FE6F21E392F785409078", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698334150, "uuid": "11bce9f6-2dd1-4142-a58a-54cf777c574c", "value": "12288:YIc+bux8RDDpVssBMTCn5po1UKJyumv6yUaVWfJmTy6U7vzSOd:jDRjFKT+Po1M3v6xpgputd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698334150, "uuid": "d97eea2c-e4fa-4218-ad94-fbcecf087519", "value": 597820, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698334150, "uuid": "5be3465f-000e-4cf2-878b-b78faf53cebf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698334150, "uuid": "e0ff434c-22fc-4aac-ba46-a13022930e92", "value": "BL.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fb5dd07-73ec-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1698316928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316928, "uuid": "21625246-1dd6-4440-be2f-8f080d5af2cc", "comment": "Malware payload (LummaStealer)", "value": "7102d2f457071b2c66c6c0ec3035ae7e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316928, "uuid": "a4b96b8e-28ed-4c78-a7c9-1c80c450eb16", "comment": "Malware payload (LummaStealer)", "value": "35de04e339d38073cb60f31b07e58326953236f1e72a2a023bb699619f7493d8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316928, "uuid": "1d4968ca-b707-4cca-8653-5a783a86cccd", "comment": "Malware payload (LummaStealer)", "value": "3074bd72eee6000e7e9ef7dfee24e3d27d9c550f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316928, "uuid": "76ef1099-6fd2-4b5c-8d10-15de498504df", "comment": "Malware payload (LummaStealer)", "value": "979b49d14b2c5090caba398796185d9d72e8309ebce1b3ac5e7fe81e7db67d3996ca615c768698f33b7d8b5359e7e286", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316928, "uuid": "a96804b9-73df-41b1-a25d-606d06ea9f65", "value": "T1CAE4B005B714E022F133AA70A7E8952202D8F8E7D794D1DBA4ADF2A5FB017BD95F0172", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316928, "uuid": "64ce8429-393d-4bd6-b91f-0d1769909cf5", "value": "66bc811ac894535ffcee36d78d1ccd29", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316928, "uuid": "a129d1d3-8727-467a-badb-ab57ad9c4a77", "value": "12288:89lnaoj5V1hCbwgNX3x02IvNYATdvoISl47lN5R/:AaobrC1NHx0do7MlN5F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698316928, "uuid": "295a575e-7ce3-429c-a26f-f96bda236602", "value": 667648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698316928, "uuid": "3b4a74bc-571d-47fd-89c1-1924b0273a92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316928, "uuid": "219cfc2c-fc9a-4690-99a0-05be9186cf62", "value": "7102d2f457071b2c66c6c0ec3035ae7e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a89efa7-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698303954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303954, "uuid": "392bc496-439c-4923-9940-52de17d1fe85", "comment": "Malware payload (Formbook)", "value": "a28d7a05ee9ea6bc973a8f4396cbe2f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303954, "uuid": "77dc09bd-d5c0-4006-b207-d8763f93c83a", "comment": "Malware payload (Formbook)", "value": "364980858b6722f2c40d3cf7c28eea2540fc6e7b7a63f65dec5afa23d9f0731b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303954, "uuid": "2e266599-18dd-4780-8a6f-30072258d968", "comment": "Malware payload (Formbook)", "value": "82770a5d239cc7f96dcd8dc20ec9307714669cdf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303954, "uuid": "dfa2959b-bd0b-4785-8ff1-48abd9a4b22c", "comment": "Malware payload (Formbook)", "value": "9909b8d7f91b6a86aaf895f39213fd39516c8f9192dac5f2b2aafea71fcdcb3d9fc034e4075e0e4e30ba5f4f0cbc8581", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303954, "uuid": "72b50bf3-a17a-4b30-99f8-8cffc47a03b9", "value": "T169A4C0DDE71198E5EC275271283EDE770A5B9C2E285818992AC37E373C71593303B98B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303954, "uuid": "ea2db7c0-9830-4181-a608-2273c89f48ec", "value": "9dda1a1d1f8a1d13ae0297b47046b26e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303954, "uuid": "08fba755-d66b-45ea-9ddd-761ba6e59f12", "value": "12288:nnPdTrconfsbfC+7pc+nKRW14X/Y93lyRzdczvvXnvgYLJ+8K:nPd5fsVnUW2WVyMLvnIyK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303954, "uuid": "922d1b8d-e3fd-4ee3-ab03-81406ad3c503", "value": 455694, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303954, "uuid": "45ac9cdc-669e-4b0b-b853-06b977c99f9e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303954, "uuid": "5ce281a8-a91c-40a8-8d2a-a18419b525c8", "value": "stamped Proforma Invoices no 003InvPI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99a4b95e-7399-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698281403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281403, "uuid": "5d64607a-fffe-4fae-aeda-f1a8d29c3110", "comment": "Malware payload (Mirai)", "value": "f0de349e2b6fc6844db8dc915b005880", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281403, "uuid": "048fd841-3c60-432b-a52a-df4d894ccb5d", "comment": "Malware payload (Mirai)", "value": "37db6d554b503d9bc6e38681ce15e1db260cc6043ac9f3e244fd888d2e8853fe", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281403, "uuid": "d0d877be-6745-4b05-bd29-a795ee649a6b", "comment": "Malware payload (Mirai)", "value": "b1dfbb87e60004a6a3c17740dbe988d73ac19430", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281403, "uuid": "a9851ce9-ec3a-49e8-a90c-1ef8de749bbc", "comment": "Malware payload (Mirai)", "value": "ea960d987d8aa0bd9fbd8998dd87b08b56a8a3d54867441cf441773e0e80838cf0946d22b2bc6687592e38ea1772462c", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281403, "uuid": "4d2a50b4-71b6-4eef-b4ed-4ec41455c396", "value": "T1104302162A4F7A70E27015304CBC4D623B0B6DB5E8F97B5E92A8444DBE2B4C235E5385", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281403, "uuid": "616241f3-8ca7-44e2-9547-ad9879148eb0", "value": "1536:3ZFlQaZ6q/c5kdngOzkt3oLS35UPlZozHy:3ZsaMAc5kl3kt4LnyS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698281403, "uuid": "eb8b02f7-84dd-492f-a97c-6ef55cb7e480", "value": 56184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698281403, "uuid": "25c255e7-d736-46ab-8a2a-9b760833bbf9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281403, "uuid": "e0161b8e-1811-4119-8dbe-883abe6e5b54", "value": "scorp.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79fef8c2-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698303684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303684, "uuid": "87894935-2277-4bd4-b6df-aacd0aff9ac6", "comment": "Malware payload (GuLoader)", "value": "efdd80d89779f0df0223a210407b51c1", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303684, "uuid": "56ace19c-f699-4936-b272-e027486c072f", "comment": "Malware payload (GuLoader)", "value": "382364955e1622f7cc873c56b689da299cf4416c489060b45b439126f9a34a90", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303684, "uuid": "61d3792d-29ee-4c28-936b-0371c3c20349", "comment": "Malware payload (GuLoader)", "value": "91cfa2779ecca26c7bc88d5dcd5617469a9cb169", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303684, "uuid": "692fca69-ad77-4529-9c81-5ba6e1b319c7", "comment": "Malware payload (GuLoader)", "value": "3e65534dec0caa82f0072f3b804820449407366ef84beb95f0fa4a31f1cd341c97098e7c6892dd7f832a54a2c6e261e7", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303684, "uuid": "76e2ad20-940a-423d-8e5a-f70238542177", "value": "T14C335BA1FAD40E0A0D4B23D9DD415981C5BEC019193651A5BEED03CE920B9EC87BFF6A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303684, "uuid": "798b6bec-5d03-48fa-9728-de4954581260", "value": "768:dVkvk6egiysCD1FJWK/FG1RKVeUylHFiut40MfoGaW0gETsngXFkEEt6AiFj0:3dpXC3JX/FMRKVkvX7RjgckQkEFj0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303684, "uuid": "2a14893e-c281-4272-b05e-ded7e8841635", "value": 53410, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303684, "uuid": "4f43ce25-1c5b-4ee6-9a73-1d0f4e6576ac", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303684, "uuid": "085d4fb9-ec15-4032-8863-f826108a5649", "value": "comprovativo.pdf.gz.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fee26741-73fc-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698324094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324094, "uuid": "ce4ac10d-c5fa-49a8-aacc-e69466c21e42", "comment": "Malware payload (AgentTesla)", "value": "ec1baf75a7aa4fc3e064fb55474fe6d5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324094, "uuid": "5b0dfe02-a486-4add-8983-0c5848bc07d2", "comment": "Malware payload (AgentTesla)", "value": "383bb49e7e8020637e09b5da1d76bca5ca00f87a9f8926df4fc7bc5cd95e4a54", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324094, "uuid": "798001d5-b172-4287-b381-a2eba92987d5", "comment": "Malware payload (AgentTesla)", "value": "19e01fe59276c08ef67309b7123fffbc50cfbd69", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324094, "uuid": "98564be5-0a3d-4afc-afbd-13c9e469fd9f", "comment": "Malware payload (AgentTesla)", "value": "893347c0bb981dd57bb218fba0c7fbff1b87834f54fd42f50a1fdaede84be10c90707166d3e76ca970a0d0a63a87c6f6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324094, "uuid": "a5d314ca-ccf4-4f8e-b198-69cba610097a", "value": "T177F4334C498382AFC5E93CCEE1ED32066BC501E4B98D46FE3902DA81E5CCBB54ED56B0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324094, "uuid": "98f7dd97-ce28-4466-a34a-49df8e1a579c", "value": "12288:axzH/9MdisRQSZtMACmlPLugDDvy80N3WE0NQh8ZP5pocTIdLlpQx1umTqYpV7y2:Qj1MgXfZmljTDzy8m3WEKB5SBlpnAqYf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324094, "uuid": "4ed90cad-4e25-46ee-ae72-4c1edd7f33b5", "value": 784097, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324094, "uuid": "3bf80deb-9e76-4c2b-9f0f-c86f82dcffd3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324094, "uuid": "dbeb0592-a805-40dc-8b0d-082fe2eabf45", "value": "DOCUMENTS SHIPPING NOTICE.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e35f5db-741d-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698338051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338051, "uuid": "ce769a03-b3e6-491d-9069-7a839c0c3c16", "comment": "Malware payload", "value": "bb62a53367546be8637400ecfbcfff33", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338051, "uuid": "8766e9ec-5528-4c75-9548-5b9b5881c117", "comment": "Malware payload", "value": "38901253b92a455fb21d030bab3ac86aa94cc96de4bca087c444f896cfc12cbb", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338051, "uuid": "c3f9d907-059c-4f9a-9084-4674eb9be579", "comment": "Malware payload", "value": "dff05d18e74bb2705308058e1fa6e683da4bdfcd", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338051, "uuid": "f031d5f5-6248-4f39-8a30-408b3c1654b1", "comment": "Malware payload", "value": "e7899a2de2b612356e8806736395e801ab6faa37d8fbed3ac12d835d93fc944256890d3cbfe059d23946806581306f4e", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698338051, "uuid": "4d2ba5df-bedd-400b-82fc-278044b78678", "value": "T1B095AFF876047DE6266F576BDA96ACEC13B616638ACBA4CC80A477C30563375FE02C05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698338051, "uuid": "83c95daa-44f8-4c0e-8877-6296cd24943c", "value": "24576:aWXh7KFJbgFXCetTGuaXe/R1+rU71jdH+Fr0acR76LQIvblBLGUQDyx2wkebOEbe:P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698338051, "uuid": "edb2dca4-bca4-4d33-9dc3-aadea78e7d60", "value": 1899997, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698338051, "uuid": "bc9609b3-750c-4363-821e-b985069569e7", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698338051, "uuid": "98a34b09-531c-439c-83d5-a43dd5c18df0", "value": "63611-RFQ.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7349feb-73fd-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698324483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324483, "uuid": "bd4150e4-3d19-4c7e-8efc-1147290ff5c7", "comment": "Malware payload", "value": "0474cf4731d3cb15c90333caa1d18bef", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-2023", "colour": "#C041A2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324483, "uuid": "83e28bc4-328b-477a-ac26-ad7114b03dc4", "comment": "Malware payload", "value": "3a07f660d244e2d62b11b555a1373e5fc5bb11fbedf6bdb92eaf5c35bf8ee0c9", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-2023", "colour": "#C041A2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324483, "uuid": "5d03c77a-d804-4de3-8bd7-1e96eec45586", "comment": "Malware payload", "value": "2d2c2b9c467e8f75f2c55f173783721cb71b36dc", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-2023", "colour": "#C041A2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324483, "uuid": "7477b2c0-1b15-43b6-ac88-4bb7c43484bd", "comment": "Malware payload", "value": "0d9917cc8281f6726ad5ba82d43fb8726eecfd13fc596803da01009d19e37abbe8849b5643fe296fd39f5f5bdc976e31", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-2023", "colour": "#C041A2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324483, "uuid": "bcb4e419-aac5-4ae3-8f8a-0548648d8eca", "value": "T1082733D9A96BBCE3D8C50CCEB91F9201251819EB14B7CEB150612F5173A12EC76E4EB3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324483, "uuid": "d0eaf289-7ea6-467d-8977-8b70adc915ed", "value": "393216:lycQp4CAfYONcH/GiO6K8gneIFdnfKaxM6bhOeE/NxYSppKlg4:loAfYONcH/Tannaa62GBfKlg4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324483, "uuid": "6587607b-a5e7-432a-93a9-360532806d22", "value": 22111643, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324483, "uuid": "11a37b37-9aae-434a-b38c-2dee34c0027d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324483, "uuid": "55020f0a-4962-42c4-98fb-94a47f7b838e", "value": "new_che@t.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e95c3ba1-73e3-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698313320, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313320, "uuid": "f042b434-3424-4b04-af71-96caa1946a90", "comment": "Malware payload (AgentTesla)", "value": "6aa0a83ae8a3878b82f332f789af1987", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313320, "uuid": "6606e44c-f745-4ffa-bb27-eaebdcab14c5", "comment": "Malware payload (AgentTesla)", "value": "3b8dec23bd3b985e4172e317f9d9d7f5d02f48ac308646714c83f237dc5eae05", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313320, "uuid": "23d4228e-747d-4401-bfd4-3fa6b4be0beb", "comment": "Malware payload (AgentTesla)", "value": "0e940b8c35363b00401eb96c4ac3a7331f551644", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313320, "uuid": "c66e2931-15ec-4db7-9c7e-4224e2a66c89", "comment": "Malware payload (AgentTesla)", "value": "479577676444af0e24b6fc231f1735d8792442dde8a8d51070d6de3d54a62a51fedd37e00482cd1f7c2855d2c159bfe3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313320, "uuid": "bbf23052-dfa8-40c7-9679-bfd0355dc23c", "value": "T1DED4337D37558B2B708F80E99DD2B6CD7052B9140F7D49BE0A2B6CC1860D9C28E6F927", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313320, "uuid": "81a55475-094c-4f27-91c0-16bf5fbf8696", "value": "12288:sexQ476ApDMhJVcXcGk1XsaZ+ehhlBe1TtY5RDjF2hiF6TV/GRsxTNvhn:semRWQ3VmTOZnlmTYdFIiF6xr1N1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698313320, "uuid": "c4b126c6-3ff1-43d5-98d6-70d881549fa4", "value": 644117, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698313320, "uuid": "fe050a67-f144-4df2-b32c-ff42a01e5c30", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313320, "uuid": "ca33ab6a-5e8b-47c8-a7d2-9fbcec86b092", "value": "Updated Quote.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c878641d-73dd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698310688, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310688, "uuid": "bdf90bc8-5255-4f13-b48b-28354048498b", "comment": "Malware payload (AgentTesla)", "value": "c7f433620df3bf86b856384ac8d76cdd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310688, "uuid": "e0325fa1-201a-40e1-bd61-96f57ef15f18", "comment": "Malware payload (AgentTesla)", "value": "3b970f7fc1156f86f5a3c34dbacbe658dfe66cffa0f837a151a1739275798879", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310688, "uuid": "cf7228c9-370e-4d63-a48e-54ba9f971c18", "comment": "Malware payload (AgentTesla)", "value": "34235a8f8c93d1812aaab1cb222dcb1bf6811bed", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310688, "uuid": "d65a8cc6-c712-4745-ac1f-031a1ca08129", "comment": "Malware payload (AgentTesla)", "value": "4a3676c8ae46db8e1457d7921c7f431118a41eba8b5c80d5977fab21db27a364a1aaed9295397d167157e1c05a4a844c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310688, "uuid": "e08815ae-da33-481a-8fca-4f32ac9006f4", "value": "T17DD433CF4A51C58CC1AE2CDB66B0514501369AAD301EBB71C0F370BB52EE7ADFAA7509", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310688, "uuid": "cc3c7093-975c-433f-b198-7e22cb7539b0", "value": "12288:X3ObBSNp0qxhtDPmzdcPxg2pCPO+Hn5wUxvibY3tTkLLvzc17qAa:XelOtxhtqePx5dunmMtjZRa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698310688, "uuid": "37a7853c-c038-4083-a877-dd972a722952", "value": 649243, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698310688, "uuid": "e1e1d1dd-ba9c-4afa-9fb7-91a211da93cf", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310688, "uuid": "ca010ee9-fceb-4555-9e22-896108a57853", "value": "bank account pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2590145-73e1-11ee-8907-42010a9c0042", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1698312369, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312369, "uuid": "1e531362-6265-45f2-a464-37f394a94c69", "comment": "Malware payload (ArkeiStealer)", "value": "58c67f538037fcd5bf31d8b857c59ec2", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "DropBox", "colour": "#BB1E7B", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-123456", "colour": "#E2C0E8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312369, "uuid": "e161c9ac-11db-4a75-b912-a9a2043d5e93", "comment": "Malware payload (ArkeiStealer)", "value": "3c33f8b20f9f9a667678ad6fcb0bf14c8ffb73706af3fa88d80b2211da7a2758", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "DropBox", "colour": "#BB1E7B", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-123456", "colour": "#E2C0E8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312369, "uuid": "b81baf25-d518-432b-8245-5ed0ed6ccb48", "comment": "Malware payload (ArkeiStealer)", "value": "6a2a76177748ce76986a6d8af7a49f6f8a6dbf4c", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "DropBox", "colour": "#BB1E7B", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-123456", "colour": "#E2C0E8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312369, "uuid": "3f9d5898-c0b9-49eb-96b1-bbd0db47aea8", "comment": "Malware payload (ArkeiStealer)", "value": "c17cf7bed2bce30cdb46b9476b51ff1b5bc5ed2873c274350e1a7f3f22a2d45811d31755887c45a206370f13686630dc", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "DropBox", "colour": "#BB1E7B", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-123456", "colour": "#E2C0E8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312369, "uuid": "6eec5b55-3226-42bb-a940-03dbb315b158", "value": "T172C733F39A5DEA08D7B3D98C22C782F05A59ED11133EDD74A8D107DA99D027AFE40A31", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312369, "uuid": "e6c9f49b-5391-431d-839c-6b246c00cba7", "value": "1572864:PXw+Yemyco2bK+RnjdaH4m1iLs+1k9bgvl1x:vwFemyq9jdaHX1ojwevx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698312369, "uuid": "b5fcd235-96b6-4ac1-a785-09bb0771777b", "value": 54222845, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698312369, "uuid": "8de020d1-d516-4a05-8aea-b671e695bb54", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312369, "uuid": "33a3f276-039d-4bf8-b89f-bf6271566c9b", "value": "Hotel reservation.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1fb2896-73b2-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698292209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292209, "uuid": "ee9f9979-ef89-4c94-9ecd-241abfdbeed1", "comment": "Malware payload (Mirai)", "value": "2f3918156247e89f700290b6e48ddef5", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292209, "uuid": "0f23d1de-5cfc-464f-a562-d63df7e056ca", "comment": "Malware payload (Mirai)", "value": "3c727076e86403ca2182c52457b7b0259e5ef81e349ff6d5922dc6d3ffb38f82", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292209, "uuid": "2efbc29d-e1b6-4dd2-a303-4d7cf86824f9", "comment": "Malware payload (Mirai)", "value": "154cf986bc6a07624fa46c089efb2388f516d488", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292209, "uuid": "89ccaaf7-bc07-4054-a0f4-1705465b846e", "comment": "Malware payload (Mirai)", "value": "f8f9ac715450e97062d7b2c0c01af9719f9b7d87b5a80d573e47e147c8bf781add4c82be8ad7acbd66c325184d429af0", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292209, "uuid": "4b88ef9f-5f11-44d0-9a0f-2abbb6973b8e", "value": "T1BB33F2626B6E2AD291B05376FC33AC15A69C17F898A730973CF46A1977C58014FF2782", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292209, "uuid": "81044536-8be0-472f-afba-9c1c435cd547", "value": "1536:s9O/ZMAXIxNUk0sTLcPqF1aBexo4opKZby:s9O/ZNKywTLGqFUFr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698292209, "uuid": "a4bf8c8e-f57d-4382-bab7-2fddc91ba774", "value": 52520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698292209, "uuid": "c6077c7d-4d65-41cf-9f4f-9b892072897e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292209, "uuid": "dfb9d6d3-be16-4483-a9c3-75d41d731cea", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2aa7f1d2-73de-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698310853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310853, "uuid": "93bed84e-ff57-4a9b-ad8f-17274bb3a8ed", "comment": "Malware payload (AgentTesla)", "value": "0c43dab80bcbc6962ee37229b2c8b712", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310853, "uuid": "b1d2987d-8f13-4f07-91da-38505fb196e1", "comment": "Malware payload (AgentTesla)", "value": "3e54581864d394dcbf3a73fe9820b34dfea79b7c10c702a2e2f6cc49f8a8ff42", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310853, "uuid": "8a846258-b7d9-434a-a603-3ed81cb15a6e", "comment": "Malware payload (AgentTesla)", "value": "d25c9e6dfe245f92469c4d45f405b02b42d3f3ea", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310853, "uuid": "6a9c079a-c640-4f38-bb6d-f839000ad19a", "comment": "Malware payload (AgentTesla)", "value": "0124bb7ba7637fcba9bc1587430e808fda682cc299606343c90b2f9dd55cfbadd13a65936e7140f46afe05b8dac6bb3e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310853, "uuid": "da9c5b0d-1218-4188-a275-a1b6b592da1c", "value": "T130D42365E6DC61AF27897D9D70F30625485A0F522EA25281BBE165834DF2F02EF2CDC3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310853, "uuid": "93ae56dd-8316-4795-92cc-1acedeff52c9", "value": "12288:v/sabbwec8IaYytf6yLLAJyYnVq9sGQpbB2R6EE5NgIGEmb+acN0AukNg:vV8n8IaYKLLCyYVeubUE55WIk4tuku", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698310853, "uuid": "6acffc52-ae16-4462-b6f1-ea16b9d4f045", "value": 626257, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698310853, "uuid": "987ba780-eac9-46b8-ba72-8c11ff71f784", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310853, "uuid": "668fee1d-cbad-4d69-98b9-4d7e4f94d677", "value": "DOC pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65bc2e71-7410-11ee-8907-42010a9c0042", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1698332427, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332427, "uuid": "473297ea-04f0-4fc6-bca0-044ee4b51c40", "comment": "Malware payload (ArkeiStealer)", "value": "103d2bdace2d363af7c6c7d068ed90aa", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332427, "uuid": "bc72ec98-a424-4aa0-83df-1f24449e6086", "comment": "Malware payload (ArkeiStealer)", "value": "3e55003084e4fc72fd586f3672ec61ab74c8efd5f928ab89b6ef8560173098bc", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332427, "uuid": "7d9b5db0-979c-4720-8ed4-19737bbe1a20", "comment": "Malware payload (ArkeiStealer)", "value": "6dd18b72b27e961b37ea6f49ef4a4c36069c116f", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332427, "uuid": "20d6c51e-2d44-4c59-8589-c9ce81cddb7e", "comment": "Malware payload (ArkeiStealer)", "value": "fc529bca5b928d24f450721630cc0492c3e1bb936703158b200100fcb704c6876b9ffbc9342cfc44df573c2cff58ef4e", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332427, "uuid": "9b9b6ba6-1fa1-47b6-a03c-c67eae67d507", "value": "T1F025ABAC74B5B99AF6D8437FC6892CB6DB2CB040D7993D8B8E2001577D8310E5F6B861", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332427, "uuid": "70c9024a-7c79-4afe-aa9e-5b8c9aa94fe8", "value": "3072:A+qm4BScGslKKMiF0gMuSuFuH5SoaI3RNAsrpqx9eDUdGanjrGSS:A+KBT5FME5SxLj3rAcwxImk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698332427, "uuid": "b0017411-a5a2-4917-aef5-e57c9deb3400", "value": 1041289, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698332427, "uuid": "6c89bb28-6fe7-4a6c-9983-d5ad3b990547", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332427, "uuid": "8de5488b-c517-41bd-86cb-1f7fe7aef950", "value": "photo-11-10-2023_292.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8316e6a9-741d-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698338059, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338059, "uuid": "dd991434-e997-4133-b0e0-a80ed79f0485", "comment": "Malware payload", "value": "a015fb9f51db68a29ff6a50756dcecba", "object_relation": "md5", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338059, "uuid": "f6f74902-f1c4-47a7-b16a-736ee5eb7410", "comment": "Malware payload", "value": "3e7c5031879ea7495734b8302db8262bf515ef80934e6ebfcdeb610afabf1512", "object_relation": "sha256", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338059, "uuid": "2f3bb7e4-b014-4cdd-ab24-e43043ca0c1e", "comment": "Malware payload", "value": "11e850defee08c069007863d084ebdc1d67e45e0", "object_relation": "sha1", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338059, "uuid": "d423e7ad-1721-469f-a980-b88e02a3e3e5", "comment": "Malware payload", "value": "1efdee7fbe1bb87ae270b96b76545fb11f700d45f7da949341e4dfbc8c177011873e69d064c42e7cbc6fd5998b638a82", "object_relation": "sha3-384", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698338059, "uuid": "bf5e5474-2a0a-4821-b3d6-9c64f1e960c2", "value": "T1F6840272E2B2C0DCC54386709C582BD28CE7C9AE45D8197162E94BDE3A1FFC5E8605F9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698338059, "uuid": "436c310a-b654-41ae-b884-897c39f72c1a", "value": "6144:WgdCzTr7cXsEyvpDstcWcTe2iwPeBonZheuHHtb3LwCz9HlwUPMQxGKzjanI1vmb:z0zTr7+sZxst72xPeB8ZhVNb3Lw0FpM9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698338059, "uuid": "163bb9c3-363d-4bbd-a2d2-ff753496c532", "value": 373436, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698338059, "uuid": "7322db5c-962d-4358-b98f-ee41761a593b", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698338059, "uuid": "a7303cb7-2dca-4fe9-889c-54dc06d71f95", "value": "XO418EI-OCT26.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98884388-7433-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698347544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698347544, "uuid": "7f303e7b-8c42-4b93-acf0-c39bbed09d0c", "comment": "Malware payload (RedLineStealer)", "value": "a9cb6eeacb2eafefbb7fc202401fe7c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698347544, "uuid": "d0f1f01a-065e-4201-b64b-6d34ae05dc1f", "comment": "Malware payload (RedLineStealer)", "value": "3f2ac5e2b182544300f6bd36a6f35a0ab6972c46c1d8a783d23d4eaa247c0f48", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698347544, "uuid": "8f71d909-40cd-4cd5-962a-651fb0e760b2", "comment": "Malware payload (RedLineStealer)", "value": "abd64f524ce6c055fe3016c4f1a1f44dba30729f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698347544, "uuid": "52e5ccd8-34c8-40c1-9293-0f20c8a9fd45", "comment": "Malware payload (RedLineStealer)", "value": "e8598eb521cd3a80d1514ae3e43ca8fb4e76755c3a54bf5cadc07647a0aa6d80272c54400b1b496e812840889afd234d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698347544, "uuid": "fc927bf0-bc1c-4940-ae02-797a5657528c", "value": "T1F5459E717884D1B3DED224B6479CBA7582BDE0E0670A02CB06F9E7DEDE101D72A3574A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698347544, "uuid": "ec981c68-d54d-46ea-9f4c-6d014053a0bb", "value": "f030c1fd78181b976a79f24c5afc47f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698347544, "uuid": "bf48491e-0893-472a-ab43-c3163b893f0d", "value": "24576:/SOKs3Gv5W1TxGQcQkgYYzHpzUcah94OLw:/GBWTxGQcQ5YYeLhKO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698347544, "uuid": "083cba91-c9b2-417b-810d-e7209a7e8702", "value": 1165824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698347544, "uuid": "5ae94e08-43a0-4e69-ae59-e056c1c483d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698347544, "uuid": "c437f251-bdbf-44c2-9018-54cf31f9f7cf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a0762e3-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698322153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322153, "uuid": "64c5173f-8ac9-45a8-8744-ebb285d852a3", "comment": "Malware payload", "value": "c83b1ddad51cf56760a3ba2a3b666552", "object_relation": "md5", "Tag": [ { "name": "g0njxa 2", "colour": "#1C2BE1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322153, "uuid": "5fad60aa-b1e9-4f3e-8fa6-6d687eaa2169", "comment": "Malware payload", "value": "3f4906592fd92d3978d00307a1d8fbb3b2e593c02ad58e110757fe1dccc52991", "object_relation": "sha256", "Tag": [ { "name": "g0njxa 2", "colour": "#1C2BE1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322153, "uuid": "98a66333-b45a-4c82-b1ef-a4e820a83a96", "comment": "Malware payload", "value": "6c56508aa08b0e393b70f92aaa992dc39af391c2", "object_relation": "sha1", "Tag": [ { "name": "g0njxa 2", "colour": "#1C2BE1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322153, "uuid": "bc59dae4-4ac5-4b8f-9540-289b419fc812", "comment": "Malware payload", "value": "65efb63657a6a26732cfc806e419030c6b130216a7d93e278e4178478e579c6ba3c94d77c83e8cb18dc57b03f0cd6db0", "object_relation": "sha3-384", "Tag": [ { "name": "g0njxa 2", "colour": "#1C2BE1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322153, "uuid": "1dd2217a-ae33-430a-a5b0-2b7d39de6e93", "value": "T1181523BDA307B06CF8B2787EA7D5045E094F4A4463C5A5288A57F44F9E31E4F25C898E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322153, "uuid": "d9fdd651-59b1-4609-a522-f2827fb33e61", "value": "24576:gvFjtWI3MNnkaO81aFrEYWc74RhNDTRMa//8k6NldrpXU:gvNtW3tsFYgsDNDTT/Bcy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322153, "uuid": "85284553-67f1-468d-b38b-c46d71bc0b2b", "value": 921114, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322153, "uuid": "329b092f-c903-4b78-a5b5-a43aa4f48873", "value": "image/png", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322153, "uuid": "537d19fb-e559-4b0d-9ec5-6df494a2a52e", "value": "1896686425", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d1889a1-73aa-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698288577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288577, "uuid": "9b662a22-5ffc-4224-b57f-fc0dc9ce20c3", "comment": "Malware payload (Mirai)", "value": "b1430edd9ca815f33ed9432c3991012a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288577, "uuid": "aa41cd40-b4c3-4607-8482-5b4a39dd9669", "comment": "Malware payload (Mirai)", "value": "3fb6d219f085be5455bba834c86243dda00f2a70a9a0d39d6d02318c5aae463b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288577, "uuid": "f5251b20-e85a-4835-ae80-fbb9ab73af4c", "comment": "Malware payload (Mirai)", "value": "73b9fa45a3c63219d164588bb8a65016cc3c7778", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288577, "uuid": "99bd6677-ed01-4d16-81da-d3c6c097b15a", "comment": "Malware payload (Mirai)", "value": "d1971efdb60f91a301bc9db28b85f5fb8d4d6a13e18f1b67c8ba8554793b15b8b9191961764162db5c9e9b572f89060f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288577, "uuid": "5a40a5c5-1c19-4f51-ad23-54ec74b7678c", "value": "T13CA2D025E345AEF4DFEF9D9053C1C2C276E983C6678AC8E340EEAF016506056FB89C59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288577, "uuid": "6861a907-ace0-40a3-8d89-a1cce610431a", "value": "384:m/JywWc84Tp2YshxqlDeAkSqjGJLeCE5zRW6C5OM4uVcqgw05VxJ9:mRxsSVsMD6xiJJE5zRWNL4uVcqgw09H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698288577, "uuid": "f21da404-da79-4f19-a142-70bbf1003d8c", "value": 21884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698288577, "uuid": "3cfdf23d-c041-4e99-9e46-e54c830b087d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288577, "uuid": "f51637eb-533f-415d-912b-d5eccb001ebb", "value": "b1430edd9ca815f33ed9432c3991012a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8f8182f-7396-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698280275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698280275, "uuid": "21b7ea76-7d71-49ea-acf3-cce6253035f7", "comment": "Malware payload", "value": "eb86d7015e53107b256bcc381e7188c8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698280275, "uuid": "f1f3ff6c-6cc1-4ad3-99b5-ee0868d575aa", "comment": "Malware payload", "value": "45590ed0cda245015f27251fbecc5a08c817b6c3917bd4def5fe0650e668ef74", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698280275, "uuid": "cca146cc-b086-4735-8394-b8b00eb75a29", "comment": "Malware payload", "value": "a53983c12b146b87f073fe63011eefb4de337a01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698280275, "uuid": "af439e41-fbd0-4ab7-a506-839c934d0c37", "comment": "Malware payload", "value": "9c1a1f0ff143561c19b001ca7bef7e87510f47cbfe03665bdd07ab81ff71b1b5f191cc6d27c727c0cdf5bded29fc0610", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698280275, "uuid": "2e70f4ed-e462-4170-9c14-6774261a73ed", "value": "T197A4B85366CB0CB6CDE223B491C71776A738DD708617CBAAA748C832DFA32C16D59712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698280275, "uuid": "8de36201-9075-4a3c-abee-7b57a2123c5c", "value": "655f6c5930f07558d33e1315b47a8e78", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698280275, "uuid": "f2da3bb9-e5f6-4ddc-89fe-2eb96eb46e73", "value": "12288:MaqWPubjOC6xYP0ziFY5Iq69CmXV+hw74Y5/zcmIWV1pPZaveucYIt:Mavub96c0eFY5D64va", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698280275, "uuid": "7f6e2eac-d420-45af-9dc9-3b540ca485ca", "value": 472412, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698280275, "uuid": "e2c3bbf8-d6c3-455a-aa8c-4de29457451c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698280275, "uuid": "e3023b6a-8921-4e4e-8ae4-596ce631686a", "value": "SecuriteInfo.com.Trojan.Antavmu.19948.22889", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd65ee1f-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698322319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322319, "uuid": "61331d03-08e1-4802-977b-8f65132091d7", "comment": "Malware payload (AgentTesla)", "value": "a82117356aba85a89882917af39662fd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322319, "uuid": "f099b329-50ad-4ad5-857f-7fb0792f669b", "comment": "Malware payload (AgentTesla)", "value": "45e98e952c7b55d2a5d1c508bd3a7009e5c4ad2f162bdf883dc280f6997c071b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322319, "uuid": "159b83ee-7206-4ac5-9154-fcb5a011cf05", "comment": "Malware payload (AgentTesla)", "value": "18f3edaa2c51f8a0f31ff9d43b0aaa1f1f674f8f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322319, "uuid": "f54612d3-e77e-4601-8994-93540c08a5ee", "comment": "Malware payload (AgentTesla)", "value": "bd1e6dccd529a47bd67ebd814d783e290d7490badc8e588067b2a7d97b38b6e6aef9b3140296411d59c91b26cfc2ec7c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322319, "uuid": "7cee49d3-e42a-4525-9b5f-4852ca000abc", "value": "T10FF49B0566669A11E7E9B3B98F65D13003A62C5D2079D28C4EF93CCB3BFEB830551B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322319, "uuid": "5690159f-84e8-46f0-83e4-635ca0e35e0b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322319, "uuid": "90419dda-a06c-4b6a-98ef-988d56e4fb62", "value": "12288:SXWClKe0Jldn/i4aQurTTjh652kslHZZsxBPa:SNyDntyNCsR6Fa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322319, "uuid": "bf0ed322-5c83-40e7-8fed-b3b8d8e16720", "value": 770560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322319, "uuid": "5efcd9b2-4ac3-4c97-9d99-6e9f55d083b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322319, "uuid": "e193b6ae-eac9-46c5-af93-35f9c66d399c", "value": "Image001.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b63e5127-741f-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698339004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339004, "uuid": "be5d6461-419b-4713-b98b-7d99620ca5f3", "comment": "Malware payload (Mirai)", "value": "ca00a9282ffbe24783cadfd7ab6f6062", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339004, "uuid": "1f8d93d4-942c-4311-8e77-80e6a9868cee", "comment": "Malware payload (Mirai)", "value": "45f473918080d6bb3a8adfc3f0b16ab957927aaf00f17f8c8924d66c0aec4fd9", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339004, "uuid": "e7ced8e4-3f84-4838-8b7b-04e8879afb99", "comment": "Malware payload (Mirai)", "value": "33f7309f9563f9f4990c66f511df11ff3a864d81", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339004, "uuid": "a9e15df7-6956-4bb6-a922-b25678746980", "comment": "Malware payload (Mirai)", "value": "d05fefb6a75425fe3801de8082bace1fe11a2aed278756a4c67b7cf5f8ad2f9fc2a05c91faa3623ddcb1b73fd74a6141", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339004, "uuid": "55c36d11-83b2-4920-b31d-594f5a901dfe", "value": "T1F5E2F17B828B4999CC5CB1F3F8CC64D0089166613BFF4FD2291C09E6220B0D5679AD87", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339004, "uuid": "ba14a384-095a-4acb-952a-547114624386", "value": "768:Dq3yhi2rg98FdmvPyQw7NABkcEfUVBVVtXSIkh9roK6xK1:oiFdmvPgACcEfUVL+dh9pAW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698339004, "uuid": "e2caedf5-91cf-434e-825c-34a3eaad5db7", "value": 31336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698339004, "uuid": "42b9d7f6-69da-4989-9f42-e20bcb77fb91", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339004, "uuid": "c71ad968-cf78-4bdc-9bdb-c22a535a171a", "value": "z0r0.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "798219c9-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304113, "uuid": "c259d6d4-b556-406a-a334-0ac0bfda2283", "comment": "Malware payload (AgentTesla)", "value": "aede1aed5db8f05c6919d19c449d4b28", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304113, "uuid": "dece4b5d-4c68-458d-98d5-d431f41ffc2b", "comment": "Malware payload (AgentTesla)", "value": "4601921f29d8465ae877e83bcffdf57c3a2d0353bf6824cca719d992729dbbee", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304113, "uuid": "5d132937-1282-49a1-9eb1-5df04abdde8b", "comment": "Malware payload (AgentTesla)", "value": "3ec39f1bd0f325ee087ea9663305e8ff8de13ce6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304113, "uuid": "34e626e4-2ac6-4046-b714-f64262a9322a", "comment": "Malware payload (AgentTesla)", "value": "867d2afeac8f8ae05bedacf36416c5bf218e293a273bda82c69952909fa76f9984daa3de9d4c4966c3c180c60a268daa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304113, "uuid": "3ab3a0d7-6cbb-4f8e-8525-06c0855edcde", "value": "T1ACF423AA79CCC4ECAED056FDF4349E8083100DA41A6EE111B87E5B6C79D126C3F6426F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304113, "uuid": "00e7a0c5-a65b-4d21-a2e7-5b26dadbcb90", "value": "12288:Uls8srxfvn8xs6tjp+vc4JQp+gH8SzkgUz93IVFaSQ8UK38NfbAF72wItQ61pl:X88063up++8SJUzVSaSI1Zk5f6B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304113, "uuid": "73cbb536-bf79-4435-bdeb-85656f3de1f0", "value": 751240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304113, "uuid": "533a4b2f-da14-4cf1-b391-9448eadf23f7", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304113, "uuid": "fe9331ee-5e14-4f92-bb80-458a9765a78d", "value": "DHL0997745764.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d6a30a5-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304093, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304093, "uuid": "fe9d60ae-3295-4924-a18e-a18ae4cd3b63", "comment": "Malware payload (AgentTesla)", "value": "fca11d4dcb73469b6beb49c092bed3dc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304093, "uuid": "f27769b5-f060-4a33-a91b-e6319d9fe6af", "comment": "Malware payload (AgentTesla)", "value": "46bceffa660ff068fcdb424d68b8b773b8dc059e8d7499639342568f38273032", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304093, "uuid": "9097ed7f-81a3-4b22-a98e-ba26593b7109", "comment": "Malware payload (AgentTesla)", "value": "5826f9402ede7e60c646a69d2784bf49bcb91a8d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304093, "uuid": "52e8e7f7-c35c-4a66-8100-69a922d9c6d5", "comment": "Malware payload (AgentTesla)", "value": "bc4ff72d8e8457be533e4ca2bb7c7159cbc68b9061df7509a092355ed541470ca5815dc17b5fb331e71d97725715f4aa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304093, "uuid": "ee3a70a3-7f29-49a6-9cc9-113969fe3fdc", "value": "T125E423626B06561FB2FA2B2408F1493CBCC5A123D4F752618FC4F0D6A9896C86B76DF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304093, "uuid": "14e0c5bc-a13e-4861-b256-894b23292656", "value": "12288:LAbUTsX8a8Nx3Jmqgg6wufpB9sEZ88kjZjy8EAggsR1GdTiOsr1/Uu7+FjQAmejA:LzkmxAqgg6Il8kByjtgsfG9iOsr1v7W+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304093, "uuid": "f931aefa-2e5a-4815-8acf-50a1669b994a", "value": 672636, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304093, "uuid": "07158222-f803-4473-ab2c-a70be56e2092", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304093, "uuid": "604ea45d-20e6-4a48-9d72-d89d2f4a70c6", "value": "cotizaci\u00f3n.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f01470b-7449-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698357004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "0271b075-62c2-470c-b51c-e65a35cc301c", "comment": "Malware payload (Mirai)", "value": "7a2e708fefe63c4fd6bd9dade4841e3c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "107c6899-f06a-4e19-a2a9-9766465fe0b1", "comment": "Malware payload (Mirai)", "value": "46c75c5ff18b9121c3927395f18a803074eb3f3271791ea5b42f73a666045500", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "a1c61fda-33e5-4e65-8c40-1311440f2432", "comment": "Malware payload (Mirai)", "value": "07b06f4f10b741856542babed8bac4b8562ecfee", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "4b0237c4-9bfe-4d6a-922b-40b02a064ed5", "comment": "Malware payload (Mirai)", "value": "097bc0c8378d787ed74a1e6ea9b532198183944973ba99430d708583b08656fd110c10c12cf720ba865c7bd3363a57a3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357004, "uuid": "07978a10-dc2b-4a40-ac55-0edd9ed0b901", "value": "T192D2E1E9C3DA8382FB1CE7F5C9C51F93BAA714A0931A87F46D2D4E9126933C2F941464", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357004, "uuid": "714a2df9-15d5-4483-b482-def5532599f6", "value": "384:MG8CJg03o+Ps7saX1nSyRyUxaasNXOyVtu9SF5g4GeudmiOY6DKrp:TVJaX1S83ELjtu9SFZaOrKrp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698357004, "uuid": "812662a9-1567-4e29-ba39-37ca1b60fb45", "value": 28592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698357004, "uuid": "3ba09e30-f7b6-422a-adb5-57d7596d05a7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357004, "uuid": "0471bdda-fe5a-4dc5-a0c3-923add3ce43b", "value": "7a2e708fefe63c4fd6bd9dade4841e3c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26af2cca-73da-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698309128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309128, "uuid": "97124863-32e5-4d58-af7b-07f1f3063621", "comment": "Malware payload", "value": "c48fc806e086f8c43a447f63c1c182ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309128, "uuid": "e1971f29-5bf4-4f67-bc0a-513a30a921b4", "comment": "Malware payload", "value": "4732b574a00a1be27ec6b4c1f6b64bb7d99dadf32e3ca5a1354b126976fd21d2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309128, "uuid": "2adb342d-05af-4675-b48e-12831e5cbead", "comment": "Malware payload", "value": "6a6fa6e0326d8af2a3bfe5851504697f09c0793b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309128, "uuid": "50807b9d-eb36-4ae6-9fc3-1797e968c987", "comment": "Malware payload", "value": "7c68625b65c4a2aadafd15a9399404c7a3531b172601f79c2c088519c099df9e127bf1687261c96d08675aca6083c5ad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309128, "uuid": "d69b20a6-c499-49aa-8328-7263f03d352b", "value": "T133447E0170919032E8B319334EFE5569A63DFC500B1469FBA7D81A3ECF356E1BB31A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309128, "uuid": "2d76103c-376e-4530-a50d-7626f11944da", "value": "c1e92a5f7462fab0da64a6e1ed7da1a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309128, "uuid": "d2408317-11dc-4147-8c00-45f91105ac02", "value": "6144:Vssi88b8Mzf1y2QSANv993b4B60AOoia:V9i884MzEll+B60N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698309128, "uuid": "ae27ebb4-7e9c-40a9-890b-ff2cb8fb481e", "value": 263680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698309128, "uuid": "b826aec5-7d64-4b01-b794-11d76ab37a0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309128, "uuid": "9df11212-e6f2-404c-a7fd-f030e56bd657", "value": "SecuriteInfo.com.Win32.TrojanX-gen.8456.26719", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fb809ce-7408-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698328954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328954, "uuid": "d4622928-2bc3-4c53-bb79-87425c62deb5", "comment": "Malware payload (AgentTesla)", "value": "81d0b610bfc2355b6786507ff92cc867", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328954, "uuid": "1993fa41-940b-4be3-b405-0c8ba2a49428", "comment": "Malware payload (AgentTesla)", "value": "474f06b633df4bd1a96c607939cca087c7326eeeea52b28d9d925f7da35d03dc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328954, "uuid": "8af51d4a-d5cc-4638-a151-cbb0e5b64728", "comment": "Malware payload (AgentTesla)", "value": "21becc44add9336caf943664b91252b21026baee", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328954, "uuid": "6d4f21d4-d189-4a70-a7b1-daf5a3eff3ca", "comment": "Malware payload (AgentTesla)", "value": "d748b8885c2d692c2557d7995dc6f2f7d4f92e068362d5cb2f44c7839e0e70aa8dcf4952f84651939aff9c3a8bee9e60", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328954, "uuid": "468b26b6-2b7e-429a-a9e2-769a37ea9038", "value": "T17435F1427289EC8AE0A31AF2489FC56455B83D8E9024D60D3B43BF5765E3393609F79F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328954, "uuid": "efba3622-f8af-4397-a96f-8dcb8f25fbf0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328954, "uuid": "1bbbb41f-71f2-456f-9f53-69acc86f5747", "value": "24576:LTt1XH8TjEXo8xChIaV53wq0Gp3/Iba+6lEJ/0d8k:3rooGpr+d/0K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698328954, "uuid": "55c71b00-300f-437b-972e-529489347063", "value": 1158144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698328954, "uuid": "b3c14512-6ebe-4037-8ac5-ba0483613c2d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328954, "uuid": "2d93b199-5d5e-4bb3-aa4c-bc24bd009777", "value": "SecuriteInfo.com.Win32.PWSX-gen.30341.30028", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb5bb25a-7409-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698329564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329564, "uuid": "c5355356-3489-4eda-862f-3112c229c54b", "comment": "Malware payload (AgentTesla)", "value": "fd275a5262b4a48dd5639c459323a06a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329564, "uuid": "b0cefa58-195d-4d77-9717-98b2c96f9a46", "comment": "Malware payload (AgentTesla)", "value": "479f2becd93f606414f43c8fae0522e743d9dff3b3d03cacabf3b6406e28ebf1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329564, "uuid": "8cbf3605-855e-4541-a34a-bcd965e4674c", "comment": "Malware payload (AgentTesla)", "value": "69fbca459ce4f32448eeb6946fbca2f9df9729c9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329564, "uuid": "24dc2d79-0292-4b89-b53e-0906ab0962ae", "comment": "Malware payload (AgentTesla)", "value": "7494c3ba5db408c8b09bdf9fbeffd2aa426be7bf849f066382348d104c1e738082d9222e369bf740352d286ef2d7e8cd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329564, "uuid": "e5c9c0cf-efa5-49cf-a8e6-66039a17ee83", "value": "T1ADD423A396217C520DAE0BD00D0360B84DB54F3CBCB796FA82F8E95475D9067BE4AB17", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329564, "uuid": "c7afad5d-3ea0-4300-89bf-676e2255a3a3", "value": "12288:wIu1+ogod96IEl18Jnsa7rVgGTq+mNqD2meF8tdwGJ7s9YKV55x4:ju0Bo76IBNs3+2c2m6eKqsCKM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698329564, "uuid": "1fe125a5-11a3-41e0-9fcd-ed4de9d78c24", "value": 614415, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698329564, "uuid": "3e433385-b3b7-48fb-9355-5390dfde83fc", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329564, "uuid": "e8a45f42-e06f-464a-8a8b-41476a645c41", "value": "Swift Copy,pdf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "beb24641-73fc-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698323986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323986, "uuid": "610bdc6b-5f0d-44e8-bdd6-b569d8cdcc8b", "comment": "Malware payload (AgentTesla)", "value": "54577075fd135f422c171972d5525d9d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323986, "uuid": "0afeb675-1b60-47fb-9211-df999b93af42", "comment": "Malware payload (AgentTesla)", "value": "480dfe38da3e2e4d27bc338ddf0329404d0e6ffe9a1ffd048aca6ffe0ef140af", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323986, "uuid": "9274614a-80bb-4d4b-9b42-ba4108d4fae7", "comment": "Malware payload (AgentTesla)", "value": "a73059f23f75b1605c2ba6549db8c31f770e3b42", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323986, "uuid": "e09e56ec-b298-4e34-b2b5-bf1afd12d408", "comment": "Malware payload (AgentTesla)", "value": "3f8ad5e790a5d62f468087afbfdffba37e37b785e8345055ad0c4cd65d7e050d9cda191e652f91b2fb7f542e69efc4b3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323986, "uuid": "0dd62369-f588-40bc-a068-f6753c6d0c67", "value": "T1E5D423BCDC6C617AA7746C1ABE9FE4FB9A5741415C8CA092B0A6CD124FED47A01B40CF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323986, "uuid": "e36586ec-db2a-4486-83c8-816240df15be", "value": "12288:TQcyFK0vOGCZ87CkiYnpiViZqXie3Oh11tulxFYpzsy1AptL7esrGhZkZ:TQ5FBha87CXYn44ZqXz3WQl0fGptLSsF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698323986, "uuid": "0c249f69-6684-44f7-a304-ea1c4c167970", "value": 637636, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698323986, "uuid": "0020c90e-dac6-4b80-a988-8e920b04eb30", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323986, "uuid": "ce9d55e8-2593-4dbf-8fa7-62404a788b03", "value": "PURCHASE ORDER_INQUIRY.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb1e7bff-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698304250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304250, "uuid": "f5e34b63-069c-4742-9e2b-845d2ae90170", "comment": "Malware payload (RemcosRAT)", "value": "bcd7c746a330e013f8758dd88b456d68", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304250, "uuid": "631a46b9-ef62-44ee-be0f-234c9a9bcb07", "comment": "Malware payload (RemcosRAT)", "value": "48b290c2bfc5741616cef2f1904acebfc3366cfc99388f075aeb26100881ea98", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304250, "uuid": "2e3deee5-8867-420b-bd47-3e5ccd5668cb", "comment": "Malware payload (RemcosRAT)", "value": "c4061eb70c7822435783731938032ce5043118bc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304250, "uuid": "6ede70da-23f1-4875-a4f4-fd2482915d5c", "comment": "Malware payload (RemcosRAT)", "value": "3b5d9a4288064fe3d64df93ec58d5f30bb5fa7ae8c6a8ee8d451f197bc6d8816ae0776ef97c57bcd0c7178001489670f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304250, "uuid": "be984d59-58d0-4d3d-b56e-c3d7858ae773", "value": "T17055E01BF2648875F03A06BA9C2B5B1EAF1A6D293C646C0A27FC7E5C0F34246746D177", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304250, "uuid": "fb6c570f-df43-4554-87e1-f324b0f199df", "value": "91a1eb4157c5e26a9ad6d8fdf398dbf8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304250, "uuid": "4ee4c013-aee6-4aa8-8081-a03bbc2ecef6", "value": "24576:UHQhZtDKt9N6+arvC0/hfYPzyB+4Buxrhre0Qqd/0hkEBSBrTFJ:UPt1h24mwe0xMkEKFJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304250, "uuid": "ce31f422-3a76-4db0-b4ae-6bf8169f0625", "value": 1296384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304250, "uuid": "ee219f0b-8422-4b40-9d4c-fe0b2957da0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304250, "uuid": "dfedee8a-2e5c-43af-a419-45c45b07d018", "value": "proforma_Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8151459f-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304126, "uuid": "12bf5c4e-feaf-4f3f-8d5f-4dc3604b49cc", "comment": "Malware payload (AgentTesla)", "value": "1c9035d5a7bef6ae4cd7e8dcd1d77e51", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304126, "uuid": "f97aa53b-08da-4477-b813-84f7f5eb5a19", "comment": "Malware payload (AgentTesla)", "value": "499b30583ce8d14ce58535aa423294c61eefda4cbe4032a3926d6b2cb8e26520", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304126, "uuid": "3e2beb2a-6ef7-4ea0-958d-884f6b1e4e97", "comment": "Malware payload (AgentTesla)", "value": "7e307847f11a81f58021815f6e3fc3d1b14456f3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304126, "uuid": "d88ce9fb-398d-44a3-b053-29622fc15c56", "comment": "Malware payload (AgentTesla)", "value": "9fca3a78e01233460db8bfcb3ef50385d903d4c809c2b34a13f0701c0d278138e6f28abf03d19f9cd4ff951fa8f73448", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304126, "uuid": "8a098d9c-49a3-4b19-a593-84ef68dd3657", "value": "T187D42398C3B5C067FF49D167C18A2B34442A7065D087E562A5E63D4F9EA38B3FF44682", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304126, "uuid": "976bebf1-e735-48a3-ba98-5defc309862a", "value": "12288:9PwmdxgGU2Vg3Rw2m06AdE0jy98Hbx6zzKYh9lxscp9e5DihODbB8llRTi:9Pwm8GsO2fVM9K6hXlxjp9e6OvBORTi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304126, "uuid": "1f990155-59df-4f8f-8a02-8d76e149a3e0", "value": 618000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304126, "uuid": "96ae7631-f637-46b6-b5f4-60044afde6b0", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304126, "uuid": "77b458d5-425c-473d-a7b7-89e5f76203db", "value": "Dubai Project 2023.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9856a65a-7422-11ee-8907-42010a9c0042", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1698340242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340242, "uuid": "b7d221c2-92f7-497b-bb24-7fd1360eaf3d", "comment": "Malware payload (AveMariaRAT)", "value": "d4eeb984eb487a78d9d463f677dc1d22", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340242, "uuid": "cb117303-a83e-47ab-b334-1df73eacf60f", "comment": "Malware payload (AveMariaRAT)", "value": "4b251cd96731540018f009f2bba5781785dccb7cd707a2b2da745c8fffead22d", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340242, "uuid": "e13933fd-2a7b-446a-bb19-ad95f7dd019f", "comment": "Malware payload (AveMariaRAT)", "value": "d4231cf0fa234234db07dc0481ff2d86d062be7d", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340242, "uuid": "2f8cc6d7-4757-4c25-9b43-4963b94b2419", "comment": "Malware payload (AveMariaRAT)", "value": "ffbc36d8faab6673518789908def93f53bb5ded559d25c4f6b034a0055910c61d91997914d3b9d99ba7cab61886d54df", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340242, "uuid": "339378a8-0a9c-47f3-837a-711465266e2d", "value": "T17AD5E513BB46C9A3C5485337C597C63403A0DFA2631BE61B2BEB2B6774433A6D946327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340242, "uuid": "50abbde1-1e2c-4054-a221-f68f80c67db5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340242, "uuid": "cddb13fe-df39-42e6-b653-0d91e17e7217", "value": "49152:AgZjcz5YC/Nmxhorodv8eHBK5WvXJ9o90/0bZ8EV3BP/:xo9k8eHBK5WfJCm0bZ8EV35", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698340242, "uuid": "8f76841d-0178-44d0-8217-41eaf2bb2d3b", "value": 3000320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698340242, "uuid": "c49229eb-f305-4de5-b827-1a8e95a9a2b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340242, "uuid": "bea3596c-902a-4400-88db-c1b7b1e4a65f", "value": "Shipping Document.scr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "527b14c5-73ec-11ee-8907-42010a9c0042", "comment": "Malware payload (1ms0rryMiner)", "timestamp": 1698316932, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316932, "uuid": "c0450fad-4a2d-4a7e-b40b-b32c8c507173", "comment": "Malware payload (1ms0rryMiner)", "value": "0630254696658572f31b822013f00a6a", "object_relation": "md5", "Tag": [ { "name": "1ms0rryMiner", "colour": "#FEF34E", "exportable": true, "hide_tag": false }, { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316932, "uuid": "49f9ac20-fd99-4855-930e-34bed32d49a0", "comment": "Malware payload (1ms0rryMiner)", "value": "4b881729396aae4d3e2db8717899acf7a07a0979075f633e83c2e397ba1d0498", "object_relation": "sha256", "Tag": [ { "name": "1ms0rryMiner", "colour": "#FEF34E", "exportable": true, "hide_tag": false }, { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316932, "uuid": "4f4e031a-644c-422a-84f0-1149f119770e", "comment": "Malware payload (1ms0rryMiner)", "value": "241bcfe568b698a0560c646bfd392f39f18b7eb3", "object_relation": "sha1", "Tag": [ { "name": "1ms0rryMiner", "colour": "#FEF34E", "exportable": true, "hide_tag": false }, { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316932, "uuid": "5f8be21c-cb27-4c15-aae4-0316c48537e1", "comment": "Malware payload (1ms0rryMiner)", "value": "b6cb698d1f3f004e10ba151507a63dd3b905ff0c6a38fc1db1ee8df5b5331f94428deb84d23eb4c88f69a9a38fc5c56c", "object_relation": "sha3-384", "Tag": [ { "name": "1ms0rryMiner", "colour": "#FEF34E", "exportable": true, "hide_tag": false }, { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316932, "uuid": "3c88508f-9343-451b-9e77-afcfb1881ecf", "value": "T1D0168D5CC755E690F831F8B9B51F252B59DF18FB6E4A773B2018F1B2B9A50708E080DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316932, "uuid": "fd1fd80d-63b2-4ace-b693-9746402530bd", "value": "66bc811ac894535ffcee36d78d1ccd29", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316932, "uuid": "8b4037e2-7c6f-49f8-aa65-bb67540893ae", "value": "49152:e5ZyS3M73PwAERsyxudJziMv6nWPdofD4Oj03DC:e5ZyS3KwAERJxudJpd04n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698316932, "uuid": "33bc58b9-f815-4e82-ad75-680f8133fb50", "value": 4307456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698316932, "uuid": "3baec91e-1a30-43f2-9c5c-77f76c5e468e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316932, "uuid": "bacb883a-cf01-4517-ad07-3635d0ca4009", "value": "0630254696658572f31b822013f00a6a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c56a11a-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304091, "uuid": "52249444-5e01-45f0-8f9b-2dc90988c434", "comment": "Malware payload (AgentTesla)", "value": "fe744883775594a66fbf3d850732fec0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304091, "uuid": "47d24d09-f0c1-4b2a-bf07-a47d12278241", "comment": "Malware payload (AgentTesla)", "value": "4b9bd9441358e7d427d98b2fbe55d90ed85ad0bee61d0b2874f5664f8b65333c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304091, "uuid": "e728b26e-a1df-4cc5-bd46-5ed0aec6b3e6", "comment": "Malware payload (AgentTesla)", "value": "7cbbe8ba0e27b1c4633cc976dc233aa58464502c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304091, "uuid": "ef7f1f1e-0fdc-4a9f-aca2-ab007d789f3c", "comment": "Malware payload (AgentTesla)", "value": "c9b6d3fc462d52777bf4d65bbe6e82e21ae7def2e045e8d637acaa723b8432bef7f93e8c1dd538f0dd2dac9418811178", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304091, "uuid": "b540ccc8-4c86-4918-81e4-26f082df808c", "value": "T175E433E037A0B424DF4DA98D98C673924DBE0E4D510BE1C55F33D8E8F5A27B32295CA9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304091, "uuid": "608b3013-5821-46bd-ac97-b451e877ec2d", "value": "12288:/hv+2zR5ElwfGDot9kHj2c5G71he/PLt9nT6GGG1IytpB4Sk4G10tEZB:JvrzRdGDz871OPp9nT6p+vfK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304091, "uuid": "50ece6e8-f25a-40b1-a6e9-a2949bdafadf", "value": 684231, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304091, "uuid": "ddb51c37-9a9d-4bfd-a6c7-21d29111e9d6", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304091, "uuid": "54e30fdf-fa4f-4637-b30c-c1547c14bb36", "value": "Enquiry#234342.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96b97870-73c2-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698299008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299008, "uuid": "a1b9519d-3b09-434e-96a7-2ee88e7fcc3d", "comment": "Malware payload (AgentTesla)", "value": "f79db9c2b080caf888082473857c461a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299008, "uuid": "d0aabdb8-f308-4230-b317-5242eb6c8388", "comment": "Malware payload (AgentTesla)", "value": "4ba7fb9274f7ce6228d22fc641de91c75718181b0e099589ad15b7acca43323a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299008, "uuid": "9786595b-ff5e-40eb-8544-0ca8658d6a60", "comment": "Malware payload (AgentTesla)", "value": "b9fb9607860883787d59fa9005c923ff5c1887cf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299008, "uuid": "7a166374-e670-4e12-b433-6d38c0ba9c9d", "comment": "Malware payload (AgentTesla)", "value": "5f7cbdc1f63d96c4eaa4362618ee1a10087aee7ad6d49cf6ab81c508b491e4c6ad523181850e9950c2fb5cbaa1a22ae2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299008, "uuid": "45074ff4-37ed-4be0-8b7b-660712984246", "value": "T167D433B17ED0028BBAA3C5C4413D75EA96DE2933D61C7CFA6438236972B6B7C8451C0D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299008, "uuid": "fa347c05-da0e-480a-bc66-1c3c90f5be7a", "value": "12288:hZmkwPiTNiN8eYifAXB3y40oLNJrB7Mw0Gv9YEsj9gVI7fkJmrN+jqVLRvnR6LtB:PQiTNiN88AXB30A/d7MwhWEsZgs8JxjT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698299008, "uuid": "4e97cb69-470e-4aa5-938d-83bb456fbd56", "value": 651151, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698299008, "uuid": "3b5e5a71-4dd7-4964-8259-f920bd951004", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299008, "uuid": "6a307c74-f4e6-4b6b-b3ce-dd959d323a0d", "value": "Advance Payment.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fd4de88-73c9-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698301815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301815, "uuid": "f2d2558e-dcc5-4c27-9a5d-d3f6fd419868", "comment": "Malware payload", "value": "3ce60957811533a816e5d9103a22e284", "object_relation": "md5", "Tag": [ { "name": "stego", "colour": "#5A8280", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301815, "uuid": "c4681c85-85ba-4de9-997a-a4649fd46c5a", "comment": "Malware payload", "value": "4dc2a8dbaa895e72949ec2590aed35c2f91c96996176df3c7e1fee16f6b47d7b", "object_relation": "sha256", "Tag": [ { "name": "stego", "colour": "#5A8280", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301815, "uuid": "8596e0c4-e1b5-4fbd-b7c8-f5ce055be358", "comment": "Malware payload", "value": "98e8aadcf15c072c40d116ef6d28c59da153c3ad", "object_relation": "sha1", "Tag": [ { "name": "stego", "colour": "#5A8280", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301815, "uuid": "db97afde-e7a6-473f-8ec3-cafefcdd2d68", "comment": "Malware payload", "value": "b5028852fcef6ae0fe45cfb65c5659c29de9f4942441f42c4a1868927811f5ed83deba876230f0fad9a8d3251cbfb87c", "object_relation": "sha3-384", "Tag": [ { "name": "stego", "colour": "#5A8280", "exportable": true, "hide_tag": false }, { "name": "Vhzyogenfgv", "colour": "#E07728", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301815, "uuid": "ef999343-f24e-40fe-9b3f-639e26ca7f09", "value": "T1C7558C494F5BEA13CE1042709056CAF72A49DD9FD612A3735BEDBDB33087388568C2E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301815, "uuid": "c5787b8c-17fd-40e4-a0c2-bbe7d0d3d32f", "value": "24576:7BNVpBPfJNTSUB20wKb6SSa77gGQuY2FYh+J+9KHM8MI:5pBPfJNTT20wKNSaXgoY2FYh+A96MI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698301815, "uuid": "935b3257-75c7-4345-b564-03e1b4a87db6", "value": 1349686, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698301815, "uuid": "77c50d67-552e-4e74-a19a-349f5b97e8fe", "value": "image/x-ms-bmp", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301815, "uuid": "7ad83b09-c73a-482d-ab6b-0fe93caeef15", "value": "Vhzyogenfgv", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c34cfb01-7446-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698355776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355776, "uuid": "33ed068f-6682-4f63-8b13-3346a897b6fb", "comment": "Malware payload", "value": "180cfc9f9a4f59b8fe9c285c0bec7244", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355776, "uuid": "bcf42723-b8f7-4766-b39c-72d34febf8ff", "comment": "Malware payload", "value": "4ea1e3ef414804a31a5110ccbaaf53160e91d02790416f6e6705e630a06bdbed", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355776, "uuid": "4fbabace-c863-4424-bb5c-458ddbfa460d", "comment": "Malware payload", "value": "2f2a2424c7fca5d9b7ca8ddded353c3d4efc47a4", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355776, "uuid": "d4d6c942-82dc-4d17-b6c1-ceed2f7aa7bc", "comment": "Malware payload", "value": "72e47950a055a7d1673dfd11493b92165458a5b03451046a2b74a02b664267e75a8877d10e07679fa1bfbc3963beb5ed", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355776, "uuid": "1920a698-ee20-41e2-9287-7e1cf2f6352d", "value": "T19DC29DF45EC19C7792AD8F379B7AEAB451B74143C88067CAC679F95A112A37B800FC18", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355776, "uuid": "e82138b6-c666-40b8-8e98-d7a1acdf0de8", "value": "768:C7eBsBxlUyWkzafMUIv1PWUPDPm8+Va4d1qx:C7eBsBxlc+afMphPjfh44", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698355776, "uuid": "d046fa56-f13b-4445-90e0-14e5a8adf2ae", "value": 26839, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698355776, "uuid": "5067b8cb-5671-4167-bfdf-ef782a410fee", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355776, "uuid": "69d62415-03cb-43d1-be06-117dbf2db352", "value": "ReF_comprobante_85523364312723157089271.HTA", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c32055f1-73b2-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698292211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292211, "uuid": "8928c8b8-6038-46b4-8a19-07f15b2f7752", "comment": "Malware payload (Mirai)", "value": "f37af7ce8610aea9e62792a48d29cf6d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292211, "uuid": "3cba20fd-6aa1-4951-b13a-fc9bea5f2e6e", "comment": "Malware payload (Mirai)", "value": "4f0f5de4b20aa3b6a083ce5818d7773cdf0cc2861e7c146fbb8d9e4140e9dde4", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292211, "uuid": "0bf2040d-94bd-48a2-b532-b11b60c5c38e", "comment": "Malware payload (Mirai)", "value": "efa0623111d75c97f0759fe573ccd96598323b9a", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292211, "uuid": "c7e8969b-b360-4421-851f-de41457b4b05", "comment": "Malware payload (Mirai)", "value": "7a776466587537615e325d76ef29fefd4b67ec6673daddc0a014e10aaf67f23ebb6a6b76592ce42145823a41cb4edd8a", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292211, "uuid": "1e3f4412-5cc1-4067-989e-e38acbb11c8d", "value": "T1DBC2D13092EE1CB6C6600532E7B89AC97E130FBDF6FA3C90114157BB794190969EA9C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292211, "uuid": "453f95c7-6f4b-4896-9f5e-fd141e500794", "value": "384:Aot/koxisa34beDtZwuaCBsk+G9lLSsLYSTFs9u8OtqlrNEPiBpDbhymdGUop5hp:A8soTAZ3alkXLvFh8nNEapPs3Uozn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698292211, "uuid": "54c1a484-d08c-4402-b7c6-454b766e344a", "value": 28176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698292211, "uuid": "62d5cbf1-540e-4f16-9d95-db4ca0c5562c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292211, "uuid": "f3117ede-5a13-42e2-bf9d-aa0f4ca2f5bf", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d909285-7400-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698325621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325621, "uuid": "67741acb-91c5-4aa7-9111-bbc5b1df5015", "comment": "Malware payload (AgentTesla)", "value": "4d065f3106ce988e24aba1b5125f7190", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325621, "uuid": "78d2a23d-4613-4e3f-8e02-6dd7afed38ee", "comment": "Malware payload (AgentTesla)", "value": "4f4a0f32b487895326dda7c4fb8bb0f730234682df8cea537f3e6de52a402c3e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325621, "uuid": "cdd101ca-2cf9-4e19-a4b8-4e3ce8dd0c35", "comment": "Malware payload (AgentTesla)", "value": "a5f55dbfded10f69465cb1f4f11aeb2b0bfd5974", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325621, "uuid": "2500cd51-ccb3-419f-befc-527b81d2ff67", "comment": "Malware payload (AgentTesla)", "value": "0f8bafb5aad0ab3e69f73da661d8fd9932aaacbe9e5df722a1a44f1bf75b106a5ce4cd9ff49dbb3db892aadbc1135f43", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325621, "uuid": "93a0c64c-3f80-4818-b9a9-01afd439279f", "value": "T14AC4E085329CEF27E03A9BF55474222043FA293A2121F385ADDB74DB55B6F088B41F97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325621, "uuid": "6e877266-e8d1-4d6a-ae35-ce64694bf1b7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325621, "uuid": "1bbcd5b2-cc4a-4977-97bc-5327cce675d4", "value": "12288:guYF8FOOazC9Fny63khmMdt5w1Zuvz9X6JYrOiqo:guvOOazC/X3khmMuPA9X6c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698325621, "uuid": "1882eb24-caba-440b-ae30-afb9333364db", "value": 544768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698325621, "uuid": "3040c949-5fb5-4b08-a6fd-fbe3b55f97e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325621, "uuid": "7d8fe8dc-3fb7-41f0-be1b-2bdaf19a93cf", "value": "order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dde5abe9-7428-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698342936, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342936, "uuid": "57615c93-cff3-4d5c-a9ed-76b3ab2ad769", "comment": "Malware payload (RecordBreaker)", "value": "65418ede8730d7a9c59b350508f849e0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342936, "uuid": "a96bc4f4-dc7d-4955-a617-fcbeaa844e95", "comment": "Malware payload (RecordBreaker)", "value": "4fab2ba8dd9f1734ef25973eaae2122ac7c0390f2cd8af9b1e182bef16115d74", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342936, "uuid": "d7a73968-0182-4209-a119-bdbd75c15be6", "comment": "Malware payload (RecordBreaker)", "value": "912e1110fcb9794c8ca552751e4da545cf0e51a0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342936, "uuid": "eb52fb79-e152-4979-9858-151cc179e191", "comment": "Malware payload (RecordBreaker)", "value": "455093fbbbb29c50cded9b5af87cfd01744426582ed94154edb439a2bf7233ebbd9f4ad0603913b11eedea994527ef7d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342936, "uuid": "863a0b4d-6319-4bea-8c16-772e8892633d", "value": "T1ED158D2138C08576EDF220B747ECBA3542ADE0B4071956DF06E897EED7606C27F36686", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342936, "uuid": "dcceae98-ac16-4da5-8546-703ae54d80f4", "value": "f030c1fd78181b976a79f24c5afc47f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342936, "uuid": "be91d359-800b-4f06-a7bd-effe06e6910a", "value": "12288:KjTzpxmmNwOIbDh6zvqWuu9gHgMSw4AtlCVlgzw0+6umjBdrEqLv4:cTzp4mNwOIbDh6DqSa/CVlEjrE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698342936, "uuid": "1eee6aa6-2a48-4ba2-8ce1-b1083d72ef87", "value": 927744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698342936, "uuid": "bda69bae-5e2f-4839-b89f-593408adcbc9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342936, "uuid": "dc85192c-03ac-41a1-9648-828b049b8f5a", "value": "65418ede8730d7a9c59b350508f849e0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7303bf6f-7393-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698278762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698278762, "uuid": "2fdb3e0b-7281-4daf-a66f-a6f378245a9f", "comment": "Malware payload (Stealc)", "value": "63b76c3f55c8277e0e71b4544592154f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698278762, "uuid": "632049f9-803b-45bc-9a0f-355b471ff50f", "comment": "Malware payload (Stealc)", "value": "500e43e6a7019a08e4fec2c08e23ea8e430577d9f1b72f2faad77f9f54132827", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698278762, "uuid": "dc890152-2855-4430-b455-edca1972dc20", "comment": "Malware payload (Stealc)", "value": "e9a8661059c09908df9c49ac1e4bc094abe9b050", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698278762, "uuid": "f1f8fdf5-d8f1-4577-aee9-4400a39737d7", "comment": "Malware payload (Stealc)", "value": "69b3e10bb3f55fab1bc575db1047850f16db8b089d15588b453414389d0fdb882a05d7c7270b4faa24252b73448262f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698278762, "uuid": "6dfeb089-4949-4ee6-a36b-5e311b4c22f9", "value": "T10275231777E8A477DAB5773094F25A832830BD318C38824B2F42ED455CE76919632FBA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698278762, "uuid": "d55a9c14-a16f-4f2a-b807-edee4c031440", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698278762, "uuid": "343950da-cc75-4741-b893-6175fadd8688", "value": "49152:je1cVDO9psPfMr9SuKKkYdP3gE7hxMaSHBt:jCpsPfSJK5YdP3jzMaSht", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698278762, "uuid": "a8bca509-e9a4-4a0e-b3af-83807b2c762f", "value": 1630720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698278762, "uuid": "2a21d420-b2cb-4277-8674-9b5a438b3e9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698278762, "uuid": "f7e506aa-0787-4e0d-8831-7592578fdb4a", "value": "63b76c3f55c8277e0e71b4544592154f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bbb2b51-73f1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698319042, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319042, "uuid": "32fe5b64-3169-45f6-bf36-8b0ee33d1cb4", "comment": "Malware payload (AgentTesla)", "value": "eb6fbba4e7cf3e3ad32304e5730fc9a6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319042, "uuid": "93c1822b-d8a8-436c-85df-c1f090ceefcd", "comment": "Malware payload (AgentTesla)", "value": "509aabd0d42fc9b1b5d88d10cf22e82ccf49aecd89175acaed0aba1f1bdebfb5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319042, "uuid": "241abdf3-1baf-4091-a0c8-1a2bba01a8f2", "comment": "Malware payload (AgentTesla)", "value": "9c6e5d1e048135abac421a72ba5387f80b9dac0c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319042, "uuid": "a62ceb0e-aa58-4c73-8c90-0d0957bf3fa5", "comment": "Malware payload (AgentTesla)", "value": "9948c400485ebd1db2a9566257a6056d18649d829db3651db509d9cc0acfc89dbfc7401d6a9379af44650566522b79ad", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319042, "uuid": "dbab2e57-f89a-4f62-b099-8258c288aaf7", "value": "T1E5A423D274F2ADEB94C726518FDA66E2A840B8EF55AFC7D210D3DCC88B12904605C79F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319042, "uuid": "81835961-9bc0-4b15-bb48-4f09a8f67187", "value": "12288:JOUf+AXGcE8yYaIQRCwnLqRXjhpesgizyvJCJWD7vwK1:Tf7Gp8y4l8L8zhO1z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698319042, "uuid": "f3e3f585-57db-4bc4-b16c-88358d50715d", "value": 485420, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698319042, "uuid": "ed9ff0ad-c2cd-44d7-93da-509d508329b8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319042, "uuid": "7ab00cc6-14cf-431b-8a2d-65b1c35798f9", "value": "PO_4500188776.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "735c7b50-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304103, "uuid": "23fcde5f-7d8a-4d7d-a858-ed54f7387f92", "comment": "Malware payload (AgentTesla)", "value": "1fcf785d2c4b0b3cc556f0b332111ca6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304103, "uuid": "c4b39840-cf6d-4d32-871e-1abaab0a17d0", "comment": "Malware payload (AgentTesla)", "value": "50c608c711ecbaa083628b238671bfea5da91c4a2c35025e6f8d119e5bd3ae44", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304103, "uuid": "e3e18f67-5095-4402-9070-03eea407c91a", "comment": "Malware payload (AgentTesla)", "value": "2e21625cea60ae91b75a2c86ddb3ae9678778d9a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304103, "uuid": "a09ad40b-8790-4770-8eed-7e9b2968f5a5", "comment": "Malware payload (AgentTesla)", "value": "f873c947b58ea6d7ca1438b42011d0fd324ccbd156e01d2acad29c4d0c3e2bb429c39e4fe2711fa4931931c46627c223", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304103, "uuid": "c9e5b0d6-17f3-455c-be37-ed0093d2321a", "value": "T138224BAD86B9042DDF199936524022088B213AB50B9772573FB0E77F0ABF7D31F09269", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304103, "uuid": "9a49deff-b3a4-4644-b728-d5dd3cc75d2c", "value": "192:95qm15RWOV8vdQjmCYu8JZUYv9SQOL2Yu3vV5tXJW3HuL+IIiIEq2CoZRkOiO:95qm15t8qmCYRZr9eu395tZW3C+IIi1d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304103, "uuid": "47b622d5-0a55-4272-843e-cdc39d31bf39", "value": 10164, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304103, "uuid": "65865062-4b97-477b-bc95-25fb57f186ca", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304103, "uuid": "b06417f6-6436-4ef2-9c0e-9de4d1b52ac0", "value": "Nouvelle commande _FR-WJO-10-24.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "942b33e5-73ff-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698325203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325203, "uuid": "98c1885b-ffbb-44f7-b396-3a528f9a9bc3", "comment": "Malware payload (Formbook)", "value": "e9353f3724be78a9e04fd2b63da682a0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325203, "uuid": "80740c3c-3e02-4e3c-aa87-e7cd420c02cf", "comment": "Malware payload (Formbook)", "value": "51a539d3d4b1594552e1f6ac43182bce7141f56ad940e8bef0221f3074b22756", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325203, "uuid": "5efaaf42-39a1-4f93-80a2-2e46e8fd1746", "comment": "Malware payload (Formbook)", "value": "2a5052a602c4652e2a13e14f48cb1875c65212c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325203, "uuid": "05fb8804-260c-47b4-bd21-ee85446f703e", "comment": "Malware payload (Formbook)", "value": "44e4067ff076c8f3ec687a10211a8c683270b6f3b98f2d9df03ab5d5b8af6e65149976ff30e42f4672f09545c605444c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325203, "uuid": "42b34d17-cb3b-465c-b40d-05ee6dab8847", "value": "T1BC941295238891B7E2838B713AB1157C957AED6D11D0E70787A9BE2B7B32343874E703", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325203, "uuid": "10cb3a51-1a75-4806-8000-aa29ca263b75", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325203, "uuid": "bdc98c9c-4151-4513-8e70-757e93550a37", "value": "12288:uzSxv/Yegz6q1neLOE2FlNYL2SJT3ohHwn09Jv1thx8V:uzS9YTeKPPmsc07Thx8V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698325203, "uuid": "52b074a1-a9f3-4013-863b-78edbf043f2f", "value": 423276, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698325203, "uuid": "f6f047e5-2915-4fe2-9c78-e50209bf6bf2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325203, "uuid": "f8f8dc8f-b09f-4435-81fe-f602ff2acb53", "value": "IR-82405- F-431A.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e404af01-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698311593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311593, "uuid": "a5ae1d7d-30e2-4972-a2da-4352885c3084", "comment": "Malware payload (AgentTesla)", "value": "737b11ec09054dbd0afc8595afb0e09f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311593, "uuid": "fa69e703-4ccd-457d-ac90-1bb5a982cce6", "comment": "Malware payload (AgentTesla)", "value": "51cd3a38551778cd1164f00703a3fd38da8f2adf2cf8a46f483a396f3cb7d569", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311593, "uuid": "075a5e16-6b86-4161-bee5-17078f980fbd", "comment": "Malware payload (AgentTesla)", "value": "6a73db1cdbf056c166669c268d4cff185277022a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311593, "uuid": "ed7acc10-8b4c-4708-b979-82fd72289792", "comment": "Malware payload (AgentTesla)", "value": "653ec986569f709b1583acad884849d252fbcdec244f662f46feb36f798f8afb1cefb20ba912f6f812cf5bb51106da40", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311593, "uuid": "49e2c202-565e-4edd-b5f8-4a8462e708a7", "value": "T15E344A5036FF614CB2B7BF921BE879DE4E6FFB65261B689D600003078912D44EF91A72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311593, "uuid": "7c19b202-3a87-4166-ae9a-8ecf6a5bc951", "value": "6144:xZaHa/aHa2aMaLaMaNmafa2aNa5aZabazaXauaYaYaia6agu2u3uquzuAuMauR:xZaHa/aHa2aMaLaMaNmafa2aNa5aZab/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311593, "uuid": "3d96d218-d36d-4f99-b810-9fc6e2a0b3c3", "value": 242122, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311593, "uuid": "cc5df228-d266-4f3c-92ac-2b05060bd3bb", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311593, "uuid": "a67b6412-bb02-42e4-b6cf-d7bd42253201", "value": "Orden de Compra 00507.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f73a7b8-7401-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698325866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325866, "uuid": "2fb37d05-f503-402b-83f3-4f1aee7cb6fe", "comment": "Malware payload (AgentTesla)", "value": "f11d72bc4192b2ed698cc2b0200773bf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325866, "uuid": "70e998b2-3411-4d2f-86b5-972eda5cc757", "comment": "Malware payload (AgentTesla)", "value": "51f3c279d3fa8690b49d1bd6b370ec18d055fcb10aa3cd83957afb1f7fd911f3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325866, "uuid": "4a2efa22-84a5-4640-b81f-05bc3462aac6", "comment": "Malware payload (AgentTesla)", "value": "ddd0ced405649d509129ab69510ef413cc2cb86f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325866, "uuid": "a398eaa6-06bf-49d0-b2b2-04c5f3f08c6a", "comment": "Malware payload (AgentTesla)", "value": "8d35bac5b3c465de00535155d1b93b805097194f81a7d6f1481f672be996437278641a9102f0ee6575b38b31df176185", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325866, "uuid": "2a3398d1-c228-4ce8-937f-b6eeecda8f61", "value": "T19D341F037E88EB15E5A83E3B92EF6C2413B2B0C71733C60B6F49AE5524516925C7E72D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325866, "uuid": "8fd44580-41cb-4aa6-ac3d-9b1c28dab2c4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325866, "uuid": "e163c352-9fef-438c-8f5b-83ba9d96d40b", "value": "3072:sEyvSeOeOIKnIKeCqz3H1EZd5wb5r9c8MBtZO:sEyvSeOeOIKnzenzVEZd5gc1T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698325866, "uuid": "af73da8b-99c5-4fd2-95ce-4f37fa0e6322", "value": 240640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698325866, "uuid": "5a388dcf-58e8-4b12-8237-87a0cefabae7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325866, "uuid": "4952c3ec-00d8-4496-b7a8-51234ce2a5da", "value": "1698325865ef99317cfc489a9071194b4741e94ae900ed8019929e2f8c80c527bd52e1e6a5292.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3147fa3-73d0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698305122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305122, "uuid": "3198d9b9-c887-43db-b035-2393780c8195", "comment": "Malware payload (AgentTesla)", "value": "1b944b775d9ffdcbec738253decd7d77", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jse", "colour": "#5074D3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305122, "uuid": "dbe6d585-0c69-41e3-8671-7c752b2c12d9", "comment": "Malware payload (AgentTesla)", "value": "5200574199e54089e02c98983b96399eee52a928cf543fdf60804fb70f056814", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jse", "colour": "#5074D3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305122, "uuid": "cfd2f3c7-c6e4-4a49-a4fe-9e156140392a", "comment": "Malware payload (AgentTesla)", "value": "7cbdd021f4fbe80be9e3719c8e698840ade6db3e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jse", "colour": "#5074D3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305122, "uuid": "a6361402-dbbd-416b-bdb9-aed6a17656cc", "comment": "Malware payload (AgentTesla)", "value": "3734d72d294ad28d5cd18dea3945af319f9187bf14b7cac2c357f6aa2a4a027699a134675280d1c7523a67c2d7134697", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jse", "colour": "#5074D3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305122, "uuid": "9342f854-a48d-4464-ac4f-7ba38ba28dd9", "value": "T1A4C35858DF5E12D774622B59AFCA48C9422F5E21AB0F8E84143813CB3B23DD5B262F35", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305122, "uuid": "d192513e-894d-4f44-9598-86035892d1af", "value": "3072:lYVa2VeKq8vPtoWOujPX5QCEEFyKck7EQ+/FQbU7vzn:iEqlt7sl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305122, "uuid": "43e1420c-3167-49f4-903e-8c8ea93d4926", "value": 129186, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305122, "uuid": "a928b45b-7979-4743-b5d4-e8c25ab3e32b", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305122, "uuid": "6ab26114-831e-4c2d-be34-23b6f23c703f", "value": "PO.jse", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d454d5e2-7456-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698362677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362677, "uuid": "4bd65541-f21e-4b9c-810a-32f7b6ac62c1", "comment": "Malware payload (Mirai)", "value": "d24fe28c9b74d57379995853b2ddad25", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362677, "uuid": "e9c22a87-a216-4650-9dd9-4bb1cc3380ee", "comment": "Malware payload (Mirai)", "value": "5311c63ea68ea29cd5133884df8f286c4553d82da9348311db6bb13fb43e4a16", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362677, "uuid": "606e6a6f-9da1-479f-9b3d-2219b4df7706", "comment": "Malware payload (Mirai)", "value": "ca29492b073a916fcc7aa7be3c0958d69b89bae6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362677, "uuid": "749dec76-2f35-4c31-8b9f-310f44f44de8", "comment": "Malware payload (Mirai)", "value": "9cf8e773759272cdc9919372e10ae1d6ca58604f3b3d2aeede30fd39033f1bda5d45e6480c28a72ce7b51721ed6b8d4e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362677, "uuid": "30b523db-01fa-4155-91c8-172e541ea32f", "value": "T146D2C00BB283A1C5DB7D1432DCAC3D0CAD10A70AE5BE42BDAB9C7426C835B7453AC765", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362677, "uuid": "44a607dc-ed3d-4b44-b08a-125894beb3db", "value": "768:iYicrAqMzfOwljeIqOgo7XyB8YnF2krnbcuyD7Uryqm:1zAVf5gGmHMkrnouy8mqm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698362677, "uuid": "d9717088-181c-4aac-ad86-724054aee24a", "value": 29508, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698362677, "uuid": "97dcc1a4-b998-49ef-b3cf-b3c897309d8b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362677, "uuid": "822479bd-f868-4d04-b85c-7676177ec31e", "value": "d24fe28c9b74d57379995853b2ddad25", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94f64a76-73e3-11ee-8907-42010a9c0042", "comment": "Malware payload (CoinMiner)", "timestamp": 1698313178, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313178, "uuid": "55a7cfbc-b654-4e2e-941f-ae928e75b3b8", "comment": "Malware payload (CoinMiner)", "value": "8a22c4b4e8b911a51322dfd78fe799c4", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313178, "uuid": "4062e081-ce4a-43cc-b5d3-0eed4657a901", "comment": "Malware payload (CoinMiner)", "value": "5337415a9069931bb4b3c68559d2ed226afa5e64e9d66165d6a9f65400f259d9", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313178, "uuid": "a635fb8d-dcbb-4e95-a429-90fd6d91fce9", "comment": "Malware payload (CoinMiner)", "value": "65a15134c02657e6079c84e2f7902f3d8ee6f8da", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313178, "uuid": "5ad27b88-0a71-4c14-b8d1-f802acc78b7c", "comment": "Malware payload (CoinMiner)", "value": "773a3b2cb41025a83c9263068ffc97a0688e4e23a3be380a5912ee49bbbfdf776808666ea2548e861cd5573223779b5f", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313178, "uuid": "67e63b28-e570-48be-a6ef-497e76ba6984", "value": "T11FA6336932508FC0EA96A477D40E99026FAFF327AD10F5D0479F69C1321E1B2752F27A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313178, "uuid": "61a71a48-f96b-4f1d-b7e2-3aaabaa30e59", "value": "35a81d16af9f2ba6d515f11152d0364b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313178, "uuid": "03690164-f445-4a7f-8505-f626fcf6933e", "value": "196608:qj3WTTMoCZ632bpr3FGRrOoIXWMLwtxAIu2buwO8+VQfMy2W1Wc3W4aJX:KGTMfZU2FrVGRrOoIXWMLIxAR2bI8jU9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698313178, "uuid": "0b785b4b-760f-4802-bd90-3cbe3c855286", "value": 10177592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698313178, "uuid": "f155594d-7717-4c03-9da7-ce70e1b904ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313178, "uuid": "d1526b06-00b9-441f-92dc-9300a3f79917", "value": "SecuriteInfo.com.Trojan.Siggen21.47132.26419.10329", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e79a246a-73df-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698311599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311599, "uuid": "c2a1768f-f47e-480c-88be-5d0614fa2cd5", "comment": "Malware payload", "value": "e0169da484f61f503b267fccc495f231", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311599, "uuid": "ad39a8de-30e7-41f2-ada1-789ec87f9591", "comment": "Malware payload", "value": "536afb71116eaec51f3542b82de36fdea39666f5221e6a3af17ca1d0d5b52557", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311599, "uuid": "333172c1-c625-44b6-a2f1-ae79a310dc34", "comment": "Malware payload", "value": "5f0ed8e605184ddc95c9ad58b4deb7137fea55a2", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311599, "uuid": "11da98bd-bbd4-4911-b65b-eef91ae8da88", "comment": "Malware payload", "value": "27d623209f7daa1ab9f73da4bf02e0ce555d978d6fac955124cb2e542d5d70b8bef95156abec372489ac01ae06a7f5ed", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311599, "uuid": "5ace9f25-b1dc-4e72-ad32-4b6b6eafed88", "value": "T1BA442B113AEF500C76B37F621FE8BDE94E5FFB72262A64AE2104435A4A53E44CD51B32", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311599, "uuid": "c96a8056-6d85-47dd-9746-3948cb483c65", "value": "3072:xHE8d2d2xcBh9Ladf/ywnyjCHVYaPyk9DkaHkJ/HTqyaAXbMmQ/Xim/2Y+74/Wgy:xmaSNiXiW2ijANAYQw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311599, "uuid": "017324fb-20cb-4a15-bccb-78ea791ad3bc", "value": 265920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311599, "uuid": "9aa21169-9c50-437c-b73a-f262ecc02257", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311599, "uuid": "cc8f1aac-3926-4296-b1ab-57e6493968a8", "value": "Orden de Compra.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f0b2428-7449-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698356843, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356843, "uuid": "52d2ddb4-7359-4087-853c-861f45010bf6", "comment": "Malware payload", "value": "48b17d9acc8f9dfdd0c09c1b914c20ec", "object_relation": "md5", "Tag": [ { "name": "graphicon-hu", "colour": "#F9BA84", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "phishing", "colour": "#6D4B87", "exportable": true, "hide_tag": false }, { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356843, "uuid": "fa3e95b2-cb08-4346-b5e7-3f90763b036a", "comment": "Malware payload", "value": "538b1716ce1990a5b6fe0b458b856bd26ba58629776ea7e14f8593c26eed3b34", "object_relation": "sha256", "Tag": [ { "name": "graphicon-hu", "colour": "#F9BA84", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "phishing", "colour": "#6D4B87", "exportable": true, "hide_tag": false }, { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356843, "uuid": "134ae460-36bb-4a84-8cbc-ce542d55aa36", "comment": "Malware payload", "value": "5db846b52e75a6d1528bbb8b23b76f88dde2477d", "object_relation": "sha1", "Tag": [ { "name": "graphicon-hu", "colour": "#F9BA84", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "phishing", "colour": "#6D4B87", "exportable": true, "hide_tag": false }, { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356843, "uuid": "8cb00a70-7e13-4b1b-8b87-1d4053eaa7fe", "comment": "Malware payload", "value": "68a4d5f2451f7201c63a94bf6af6372ea00c5385c748d051084325db20a11552d66260a896d2129e7d58cfba74c66aae", "object_relation": "sha3-384", "Tag": [ { "name": "graphicon-hu", "colour": "#F9BA84", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "phishing", "colour": "#6D4B87", "exportable": true, "hide_tag": false }, { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356843, "uuid": "a1220451-27d5-443f-921b-ce25fa0514ad", "value": "T1B9E3F176FA4A1CDCF4EBCB869036B4CE582EB1469BC6B5C135A00E07FC455B04E927E6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356843, "uuid": "7161cb8c-2468-4d0a-9a9c-febcff003965", "value": "3072:4/ZKRYY3NrthxqAb+osc7Zl9/Ij64a5HhTQ0K8AiuW7+LZXT8CgQK:sQ3lnbsc7ZIj64yK0MRCO4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356843, "uuid": "93b21c71-e159-47a5-a05e-d5823020ec57", "value": 150014, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356843, "uuid": "3010234a-8a8b-4084-be8f-097f0a1da272", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356843, "uuid": "e7994fb4-c598-40b2-880b-29850b63660e", "value": "160cb2299c33f5---zetinikojugirepopirujexo.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "306452a1-7422-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698340068, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340068, "uuid": "dbd5dfbd-2bca-4f8e-8c34-852273cf3686", "comment": "Malware payload (Stealc)", "value": "555b5b941485801baec85945db27bb86", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340068, "uuid": "44de921b-28b0-4d35-97b8-de225b52e0d3", "comment": "Malware payload (Stealc)", "value": "53dc29187191f04860a12fcec1d810f8c2e6b827dfc1d3c06471c6b865b96897", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340068, "uuid": "bc6abe7d-e797-4448-a648-d6cde4e5eeda", "comment": "Malware payload (Stealc)", "value": "81d4ef040c2474c5658686b2e67abf2485ae29db", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340068, "uuid": "838a5880-a263-4cb8-bb03-9ee71bb8e31c", "comment": "Malware payload (Stealc)", "value": "575a069bd2f130f64cd90f9abab0ebc8f67efd062557ac4a4f85e2633bc49aef0d16efb21868dbf6ed044358535deb79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340068, "uuid": "15e7fe73-0fd3-47d5-93a7-2074807bd814", "value": "T19A04D021B3E09032E5A3593059B0C7B21E7B78326BB5488F77581E3E5E707D0AB75792", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340068, "uuid": "b7d0ea06-d086-4aef-af6e-5afecb78dffa", "value": "4231872410651d8504d1d45976ad591d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340068, "uuid": "d829f713-5bdc-4778-8da7-c42c00ed1bfe", "value": "3072:+HBNL7gtWE0kH40RFG2RklPJc5E/nwtiOPP/rMrZ7eE68u3vH9W4/Bn:WZ7sPH40S2Rk05EP7eZ8ufHU4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698340068, "uuid": "4be0f2ae-7406-4d4e-98fe-ddc0c978c15b", "value": 185344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698340068, "uuid": "7c330ca7-105a-425a-b904-d5a902689ccb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340068, "uuid": "6babe42f-912c-4064-bd01-207497b61f3a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da2644f3-7456-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698362687, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362687, "uuid": "8cf10e9a-7b52-442c-8292-6099a5ddf3bb", "comment": "Malware payload (Mirai)", "value": "e2d814f48b96b288318ec54c257dc2c0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362687, "uuid": "f096c6ed-07f0-4d9f-ae49-8c3d8b07dd95", "comment": "Malware payload (Mirai)", "value": "54b7a53419262d553f4ab771d0472b278f23b1eee831497b218049be54513e31", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362687, "uuid": "9a66d189-ca2e-4343-9f98-ad206b9cbf2b", "comment": "Malware payload (Mirai)", "value": "0b1c0d4c87ac64bf9161cfc9d27f9843cf49e574", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362687, "uuid": "800b63e0-63a9-4e62-be13-8b25941a19cc", "comment": "Malware payload (Mirai)", "value": "81190982c9156b96e6c4b9ee9bc376329430ace5507f1a129f531bee2646aa4bda17f61f1cc505455de5b7c87d7c4536", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362687, "uuid": "a3694785-d0d2-40ef-9c2a-fd185af772be", "value": "T15C834BD7F800DDBDF849D73A84934909B130E3A10A921B3273637D6BFD761A45826F8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362687, "uuid": "47426832-ab35-463e-8b5f-34538776095a", "value": "1536:jBE1FUU6nfCnDWw2LHEHsiq8twbR8tMJvnyrSv/1lLEdjLX5GjmF:jy1+nqniH4RtgDJvnyrS3zL8imF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698362687, "uuid": "f29f8638-26d6-4a41-87a4-545a4e36560c", "value": 82796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698362687, "uuid": "2e28f740-23b2-43f7-8984-92a142924f0a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362687, "uuid": "dcfa2e30-51ae-47da-b555-ce92a362643f", "value": "e2d814f48b96b288318ec54c257dc2c0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f6a187d-741f-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698338832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338832, "uuid": "302d5c39-ef1d-4a16-b5f8-e732869a988c", "comment": "Malware payload (Stealc)", "value": "d426f4636979fdd11d74242f9df94c44", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338832, "uuid": "4cba8440-34ef-4cfa-8cd7-ff5cf8af4dfc", "comment": "Malware payload (Stealc)", "value": "54cbdd7ff4d1839f292e7cde1d17cb42d3a7d375993db9538f2cd9f6c0c68004", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338832, "uuid": "350ac443-0f4f-450f-ab5f-9ffa18f08642", "comment": "Malware payload (Stealc)", "value": "4580b8cf94802e8ee95b558c733db1e8e819cb1b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698338832, "uuid": "4967b1dd-190b-4fbf-abdc-9c5e1f15e24c", "comment": "Malware payload (Stealc)", "value": "9ba1231ba1248763bb21e5cebfabd231f10f0d4324fd0fcdfa36e4715b501a2e6167f4e591e8a4d43617de80807129e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698338832, "uuid": "78ca709d-4409-496d-a5ae-e5be7e8926b4", "value": "T13604D02276E1D032E1A356305570C6612E3BB832ABB545CF37980E7E5E703E1ABB6356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698338832, "uuid": "fa4b81a6-288a-410e-95ea-d88b52f63c04", "value": "4231872410651d8504d1d45976ad591d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698338832, "uuid": "50bbf5ab-89d2-446d-9a84-a9595e5f8c0e", "value": "3072:rHBNLcK8tUcsH4CxxDYVTnr0CSGM0UP80vsfek3abVZxssD+pGQex:t5cz4H4CDYVTrI3wnqbV3sM+pG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698338832, "uuid": "5cc3bb90-9bd0-41bf-850b-5855c2c819d8", "value": 184320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698338832, "uuid": "eca3c5b5-26ae-455d-b315-a59db11153f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698338832, "uuid": "f0f4fd7c-32d2-44a9-8ef9-d1ffbbec04d4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3dfad5a5-73e6-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698314321, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314321, "uuid": "40165cfe-4c3c-490b-8829-658938029e30", "comment": "Malware payload (AgentTesla)", "value": "6a3faac7e4ebaf9ef614dc02ce6bd7ae", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314321, "uuid": "1e4c5549-6532-4037-a485-c341d24d18a9", "comment": "Malware payload (AgentTesla)", "value": "54ee9620dc5688468f6cebb591db292a0fde4c36b3b2574675edfb0dabc1da08", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314321, "uuid": "14907dce-4dad-49fc-ba3c-34942e8921cc", "comment": "Malware payload (AgentTesla)", "value": "b7448c3a04acdaa40ef0dd0099789784fe6f390c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314321, "uuid": "ecceb09e-916c-4154-b460-6c8421e1e563", "comment": "Malware payload (AgentTesla)", "value": "eadd53b253dde559ae5b81e7735bf6aa0022085f90e07056a02e96df51fa57368797545b0d7c6f42b4a074a8bac0890d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314321, "uuid": "ae8a4699-a74c-466a-99b2-bcdb6a8d826b", "value": "T123D4333D37558B2B708F80E99DD2BA8D7052B9140F7D49BE0A276CC1860D9C28E6F937", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314321, "uuid": "f1ac4982-9512-4003-a439-2c374284bf35", "value": "12288:LexQ476ApDMhJVcXcGk1XsaZ+ehhlBe1TtY5RDjF2hiF6TV/GRsxTNvhe:LemRWQ3VmTOZnlmTYdFIiF6xr1N4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698314321, "uuid": "4630ec58-d85e-411d-8ad6-02299c860945", "value": 644117, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698314321, "uuid": "fc4f6d04-e798-47d8-b396-1324c9ab11d2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314321, "uuid": "adace785-d733-463e-96b8-3bb02a0cec57", "value": "revised order.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bbaba3d-7427-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698342208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342208, "uuid": "b24b7d82-d9e9-4e5c-95de-09b18b4d7501", "comment": "Malware payload (Amadey)", "value": "a3cc316f0e464d71d9b8ea3ada586667", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342208, "uuid": "c11ab186-919c-44f0-b972-88e8110aeeff", "comment": "Malware payload (Amadey)", "value": "552da442720d14329715eec59889e6ff52a3208ebc1adc51f6fc6027ff556c77", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342208, "uuid": "612ae08b-9c81-463f-960f-fda509096b70", "comment": "Malware payload (Amadey)", "value": "68bb33abadaf7967458d31cd332db00e4af970e6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342208, "uuid": "9ee53e5b-f64d-4f76-8462-9460ee5592a9", "comment": "Malware payload (Amadey)", "value": "0abdae57cf17857b0f8a1fe52b734a6328ab69ec74e525e449fbf295f13fbe72c2bbae8a1a657c55752e9529661c67dd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342208, "uuid": "a38f83fc-a296-49a3-971e-4164b8fec568", "value": "T1A1752393E7D442A6D1F2877068FA81C306797C729978929B3E5EE84D5C73680FA70732", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342208, "uuid": "54ac19d0-5cc4-46d9-8187-f4a5b4032b7f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342208, "uuid": "1a41ad08-ffa3-4a88-b783-f541cb6dcead", "value": "49152:PFg5bbRA4bKUgpbw3jBcuHColo8fV3Rl5Uxoe50nNk:9IU9Uj+Mo83leNa2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698342208, "uuid": "338e6480-aa39-44bb-be7a-ca1d0db82daf", "value": 1628160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698342208, "uuid": "5d1cd287-a2e7-403d-b6db-d69e1f4e0c88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342208, "uuid": "ff8fa8e6-13c3-46a7-a28a-fd5becc0189d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d91c2ab-7447-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698355901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355901, "uuid": "64afe1f3-f18e-4eba-98db-3db775498f8d", "comment": "Malware payload", "value": "a9b8dc707284bdaa02e020766876051e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355901, "uuid": "b757e434-1cea-45e0-befe-e7ab8310cd68", "comment": "Malware payload", "value": "55f84ed4f6871f56d7ffbe282e9253f2ee84c6a9cd6c0b6977126de2cb341d5d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355901, "uuid": "cfd80e54-0495-4b64-a19a-62fc30002ede", "comment": "Malware payload", "value": "c537b394245a2e50e49582749032dcd5a5ec6e7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355901, "uuid": "fe64b20f-c6c1-4640-bb14-84284f41ff38", "comment": "Malware payload", "value": "6da600e64ab98d38eb816d544e6cdc577aecf952db0762a23dea1173e31b492146163cff96414d4701854eae0723a2df", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355901, "uuid": "e182d939-64b2-4757-8a62-8fe4016fb7db", "value": "T17F27E84977E52524E5BF56F79871F2004E34B48B1602E39D48F219AA1B33AC44F89FEB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355901, "uuid": "498bda85-5be9-4da0-a704-676bdd290901", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355901, "uuid": "899b04c6-aad0-4cdd-b52b-31a98fba343f", "value": "768:2Y3/yBD9O/pBcxYsbae6GIXb9pDX2b9zPL0OXLeuXxrjEtCdnl2pi1Rz4Rk3usGF:lyzOx6baIa9RIj00ljEwzGi1dDqDhgS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698355901, "uuid": "a9d7b252-05a5-47b9-ac83-cced8cfcfc13", "value": 22020096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698355901, "uuid": "ec9c8c87-263c-4ea2-aa55-c6143af58f92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355901, "uuid": "663dbdf2-e46f-4d74-bc76-590c45666abd", "value": "Notepad.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "884f98ee-73d8-11ee-8907-42010a9c0042", "comment": "Malware payload (RevengeRAT)", "timestamp": 1698308433, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308433, "uuid": "3e7f73b9-35ee-418f-9ac3-24ed326e0409", "comment": "Malware payload (RevengeRAT)", "value": "e41099316a6272c73e80c90972c3203e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308433, "uuid": "b9c4e170-d246-45eb-b7b4-38ca84d8746e", "comment": "Malware payload (RevengeRAT)", "value": "562362c52e398b4d28dd90a6b5b127311ff2fd8ae3029ef68ccdccbe63215c9d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308433, "uuid": "4b63fa58-435e-40db-9fed-ae7e6734d484", "comment": "Malware payload (RevengeRAT)", "value": "81fe95e788ec844740b1e3fa59a66fd81e766c62", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308433, "uuid": "72d9542f-d174-4e75-bc4e-bbe76740b899", "comment": "Malware payload (RevengeRAT)", "value": "b8a361cad14ac6ad40900d95c1d2a77f3c71f99e579a0fb567713882157d5af52b980f153870a77c3e96a2390bee16e1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308433, "uuid": "46fb167d-c253-4d58-91c1-79c93bf4e88a", "value": "T12D85F1947BC4467DD13CFE7A9AE5808A67B6B8D72317F01A5FC6FDD8423290A0B41D28", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308433, "uuid": "bb666701-a285-4f74-adc5-899cbe31c35f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308433, "uuid": "10da47a7-0015-483e-8912-c9d4a84e976c", "value": "24576:7BFSahVA/W2E/PDi6+rHmN9jRkQfcQUKDp/eSTZZ9tRccrVhmb:9sag+B/8aDjrBUIQS3PFrq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698308433, "uuid": "20bcec9e-6f13-4b5d-9d28-29a301cd7d46", "value": 1817088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698308433, "uuid": "b8823b01-fdac-4874-ab4d-7feeac8c8765", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308433, "uuid": "28c47510-0c41-4a72-a1e1-c6a0b6272c9c", "value": "e41099316a6272c73e80c90972c3203e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1353a35b-7445-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698355052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355052, "uuid": "fdc3d628-3f97-4b2e-b741-d4d463aa6787", "comment": "Malware payload", "value": "0e2abca3aa7f79135ded618c2358029a", "object_relation": "md5", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355052, "uuid": "685d43fc-0b43-4a33-b964-6d147e0c5085", "comment": "Malware payload", "value": "57faa930bc2a51ee2b9af287a91662ebabfd4218d0afeb4ee52cccc89a4991a8", "object_relation": "sha256", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355052, "uuid": "456a2359-1e35-485d-96a7-235bd8a4bc53", "comment": "Malware payload", "value": "eb26d0e6037842454f6ae1460a155dc3dcf5cd08", "object_relation": "sha1", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355052, "uuid": "81a9f97e-f258-41c6-a922-219d52020432", "comment": "Malware payload", "value": "07a84af78f0c7c9705ec7149f96d57c33819c7a6ef9fba8d40a6e70b29d63ebf2e14f355e312da6125e1f8e1d3d72089", "object_relation": "sha3-384", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355052, "uuid": "6f909042-9d71-42ff-9160-688315cd8af3", "value": "T157A633CB399E1A6108B9B38CCB4FE4148961754F8BFE8E7C5D44AD5BB941C80CF46B98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355052, "uuid": "29dccfde-d235-448b-9007-1b1ee84550e8", "value": "196608:mQw+ctpG9mZEmzQZGZRGqkclEaFP9l6OxECVmClZsSBdEOIECwEzHi:mQk/BZ9QZeRgcKe9NZFlGSa/EkW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698355052, "uuid": "ea421158-cff2-488e-9835-cc816f2ec359", "value": 10302905, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698355052, "uuid": "0d52547d-ba03-4059-85d8-46f648f1a30f", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355052, "uuid": "b074981e-9c6d-4654-80e6-583e05e6ec65", "value": "GoogleUpdate.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "165eaf53-7445-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698355057, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355057, "uuid": "7902a7e9-52fa-4ac2-936a-6e759fca6023", "comment": "Malware payload", "value": "b86f4b0a67ab1e4f9f7063af257d0eb3", "object_relation": "md5", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355057, "uuid": "d7c28363-2304-4988-8427-2d1d4aafb547", "comment": "Malware payload", "value": "593f5252d4146ee0b06895da11f9454c8326d19b73008ee7f03850636d5d801d", "object_relation": "sha256", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355057, "uuid": "d56a1164-d173-4d0e-b6a7-b683d4d9353d", "comment": "Malware payload", "value": "aca1052c65a0c378095227366e03d0dff4cf45b6", "object_relation": "sha1", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355057, "uuid": "ed06d1e6-78f5-4df8-abbf-133cfa14cc8e", "comment": "Malware payload", "value": "b556d510215e7a8521947e727c3f95c6baf5916f832b4a50afa8590e883ed3792fc70033ff166ea17d041ea336991ac5", "object_relation": "sha3-384", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355057, "uuid": "af3d2359-f84d-48b2-80eb-1adfc2d72713", "value": "T1FFB633443A512DD2E8A72436D8624012D672F5AB47A3DCCAC7F0A9810F77BF16E36F91", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355057, "uuid": "96e96ead-1189-4c75-8fb2-52d95a4bee3e", "value": "a6cec5b1a631d592d80900ab7e1de8df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355057, "uuid": "6b274856-fa66-4630-875b-4fadea89fc86", "value": "196608:0G8a4BD95K3tEFDUpQ5/ISGL2Vmd6+DTJVAzDaku99lEOSE4Gm3R:lUy9dM/ISGL2Vmd6mTJVAzDakAii+B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698355057, "uuid": "518226d2-7c28-44fb-86ba-f3d700cdabc2", "value": 10632243, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698355057, "uuid": "0566bad5-278e-423d-97d5-1bcba4d6b109", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355057, "uuid": "e21d77ee-3bee-49d0-8401-241a5c78b89c", "value": "GoogleUpdate.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "674d4cb2-73fb-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698323410, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323410, "uuid": "986aa3f1-337b-451c-9347-2badcf24bd96", "comment": "Malware payload (AgentTesla)", "value": "1712fc8e11670d4dbbb420b385b0db30", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323410, "uuid": "9c251d80-34a2-4831-9851-d39435c93826", "comment": "Malware payload (AgentTesla)", "value": "5a434a4d1ccc5536bde2dccfd7b0f794a71ce61ad07ac5e6515997c5677a8f53", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323410, "uuid": "1a8de0d5-d4e6-4aec-9eb1-2aec87c94c83", "comment": "Malware payload (AgentTesla)", "value": "b441a0fc9db13d4b913f07882f78e2e363e8dcb8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323410, "uuid": "b3bea72e-90a1-4016-8419-0a4c787925b3", "comment": "Malware payload (AgentTesla)", "value": "884506ca1889c5460a0efe0960d1aefc69d14d7bf6e76fd62f7995789413300c1fb5990af3eb6f62fb859722be80ab54", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323410, "uuid": "ec5a348a-021f-4044-b161-30d41a19c65d", "value": "T11B340F037E88EB15E1A87D3782EF6C2413B2B4C70633C60B6F49AF6518516929D7E72D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323410, "uuid": "62934250-f940-4cd0-bd3a-682b2caf309b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323410, "uuid": "0904e691-40fe-4d74-9e4b-44fdc156be6f", "value": "3072:figyuyGC+e6jxkBaQbUnnIU1Bg/7RslpvE5S5k0p6R:figyuyGCP6jxaaQbYIIe/7RslpvPk86", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698323410, "uuid": "f8e38b8c-3605-4cea-b6e3-7e7359b95bd1", "value": 239104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698323410, "uuid": "87280281-40b4-4ec1-84a0-ffe49bc81fdf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323410, "uuid": "13bfb2ec-acc5-4f57-a8d0-14d590c053ea", "value": "1698323408071e26871f3113cbc7687d851e5b7ee6c0ae147470e426164cf65f537839d5b1154.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1600a092-73ec-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698316831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316831, "uuid": "4705701a-8d03-404b-b0ff-5931f5d87ead", "comment": "Malware payload (Amadey)", "value": "46d61c42071876c40c9ee157bb4e63d7", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316831, "uuid": "edccc582-000c-46b3-a581-95cb8675b49f", "comment": "Malware payload (Amadey)", "value": "5cf7d540ab1d74645dd1847289db718c53b76ba487011cb86b6d2d12c50587bb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316831, "uuid": "47e693a0-7067-4b80-b7c7-ff5603dcaeef", "comment": "Malware payload (Amadey)", "value": "76c2ab760fe100e864b07eb7974a74f8f1a7badd", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316831, "uuid": "52e40a6f-ee10-48b0-ba85-dcc0191ad5d7", "comment": "Malware payload (Amadey)", "value": "1dcf93fdf8491c4f1295cd6ce6597a91469153f2467ce5ba960fec23a6e672e388488515b02bc3bf9b394560ffe75a61", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316831, "uuid": "b820cb3d-4467-460d-8745-6bd5d6799b07", "value": "T15E159D2178C09276EDF320B787ECBA3582ADE4B4071915DF16D85BEED7646C13B32682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316831, "uuid": "61b79005-ebb9-48a4-b4aa-97c16cc680cb", "value": "0827946c9a1e10fe2b73e3062ee67b37", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316831, "uuid": "ace3988a-e5c8-49d9-8af2-c5090cc36631", "value": "12288:XgGdoZW829AM9cpSOkCmmIvU4oEEICB4SFfCp1uZfrk6+6cIqYTxR:XgI829AocpSOkb3oP9xSMgIq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698316831, "uuid": "8244d49d-010c-4b2e-9946-e6876b7495a9", "value": 935936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698316831, "uuid": "0373933d-3dd2-44c7-a377-38d44f979978", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316831, "uuid": "bd1cf810-815a-4b66-9ea4-488f333453df", "value": "46d61c42071876c40c9ee157bb4e63d7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e63dbaee-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698311597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311597, "uuid": "702a4cfd-114e-48af-b600-80807f61fdb3", "comment": "Malware payload (AgentTesla)", "value": "00d54a0903c3162c8cb581163239c716", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311597, "uuid": "5d0db249-ce2c-4100-8d6a-0d9c09ddbe34", "comment": "Malware payload (AgentTesla)", "value": "5d049dbc7e8ad334c40c3308834169a4042aeb32b3a6a5058ea76d401028fcb8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311597, "uuid": "028acf87-7cdc-4243-a5eb-2a5efd130b32", "comment": "Malware payload (AgentTesla)", "value": "c164c5e89998334a2504e4a0df29886dceb42611", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311597, "uuid": "2034fdb7-648a-4565-b121-bfec8201208d", "comment": "Malware payload (AgentTesla)", "value": "86168df2744a5afb328244e38a16cd32ea09c70a4bf1df91332a27fe4b593d03b1d47768ac4465e739b4c70aa87bb52f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311597, "uuid": "94312e7d-807f-4527-aede-cded5a67c7fc", "value": "T1E6344C1129EF604CB1B37F561BE976E88F6BFBE51A2A60AE1004170B8B53E40DED1771", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311597, "uuid": "04000c5e-405a-433a-a52a-486f2e6662af", "value": "768:Lt/Zi6xxxxxf+ucu6uducu/DuJtunuNu5uWumucuyuC0uUunWludu+u5udtu9u+Y:R/ZitpDi7ol9UTBA8Pg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311597, "uuid": "326bea2a-a9a4-4d73-b861-9f59e10d4054", "value": 243812, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311597, "uuid": "7623e28e-3e49-47f8-a85e-3db6980ea9c7", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311597, "uuid": "3c4ea529-5926-4b2b-a6fb-46acaed3bad8", "value": "DHL007967897.PDF____________________.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b227e5a-73e7-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698314746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314746, "uuid": "fe2fbb91-6c9f-4d51-8ddc-3359f0d4e82d", "comment": "Malware payload (RedLineStealer)", "value": "e9de084a9a4dbf6db9bba542c36a1f0d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314746, "uuid": "dc17ec3e-1087-44f4-90e9-4f3730392bc7", "comment": "Malware payload (RedLineStealer)", "value": "5f6fa4e0c24db73f81b5452397048174f0e779fc928b501aa288582a2472313c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314746, "uuid": "628d606e-62f3-4e07-9dc6-9b745e14e220", "comment": "Malware payload (RedLineStealer)", "value": "9279eb572a6c87c6738f1ccb96a6234e2dfda250", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314746, "uuid": "7dc921b0-ff50-42f7-95a0-ea7434fdcec7", "comment": "Malware payload (RedLineStealer)", "value": "77068a3e3654b58754901f947ad58b8778c32311e491930c6cd7ac46a88efcce81b88e91b2e6e890da17e42a43833706", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314746, "uuid": "5630205d-4fc0-4083-9c12-380d1580348a", "value": "T115052A3D19BD223BC1A9C6B9CFE5D827F004D9AF3412AD6598D397A64353A4634C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314746, "uuid": "07433f46-a035-4210-b646-a71a95ba5c47", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314746, "uuid": "13fbb008-bafe-4392-af5b-ef8a4bd1640b", "value": "6144:C3ljrhnwGIz8MiDATnJx6CZAxDzKPo4zNZNICWb/cRl0YeCTKeIkuZm:CddnwGIzXiDUTLIHwXICK2Heah", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698314746, "uuid": "c44bf685-db98-43c1-a69c-4742b4bf04b3", "value": 844288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698314746, "uuid": "e7c182ea-7268-48c8-a646-93ac55de3a30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314746, "uuid": "fa847da8-9881-4e51-a3e5-2514cdbf4d9d", "value": "E9DE084A9A4DBF6DB9BBA542C36A1F0D.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81a8793b-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698311428, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311428, "uuid": "f1860ae4-5ad1-4828-a565-bd6018b7aac6", "comment": "Malware payload (RedLineStealer)", "value": "f6710f9142e284c505d11e014bc167ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311428, "uuid": "e245e0c9-7757-444c-a13d-c551c8912496", "comment": "Malware payload (RedLineStealer)", "value": "6245c8aa527cb966be4a9790a68bcfab47a11fc18e8873d695acc390597c9b39", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311428, "uuid": "42762c52-335c-4587-9890-d8d0df0d2873", "comment": "Malware payload (RedLineStealer)", "value": "4977b0893db7c7e4c746b10fbec93002fd64ff73", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311428, "uuid": "e0a334ae-4049-41df-b592-71f8e6e7bc1d", "comment": "Malware payload (RedLineStealer)", "value": "b96619b0eb83d85e45e3d85f18989533b4bf4a23a22ae2f6ca23ea0c81979d6a51c2f791e1b4201bac8f0ccba0d41e97", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311428, "uuid": "daea3e9c-622f-4cab-bfc0-2ef68bd505af", "value": "T13E157C2178C09276EDF320B787ECBA2586ADE4B0071915DF16D85BEED7606C17B33682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311428, "uuid": "26604674-cde0-46f0-9b7e-99c1f86ce474", "value": "0827946c9a1e10fe2b73e3062ee67b37", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311428, "uuid": "4e8f34f9-5ee8-4f1d-a361-d5145da485f4", "value": "12288:wu6taZ29AzVvWD+wVrJhDgbjFahvix4dDvuZfwW61xwNqYLR:wy29AzVvWD+wVbgbjeKx6Uq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311428, "uuid": "0e586252-d8f2-49c2-bcf7-c059485104ff", "value": 935936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311428, "uuid": "cbe3a597-af0a-4f6a-a5ac-a1cab2f2016d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311428, "uuid": "316b4d08-43ee-4bc0-b37b-cbbcaf455607", "value": "f6710f9142e284c505d11e014bc167ea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db4c0308-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698322316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322316, "uuid": "17b15545-a2c4-4262-83eb-dcdf1babb40a", "comment": "Malware payload (AgentTesla)", "value": "7053c3d159c1b213e7ec09ff46caa5cf", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322316, "uuid": "341f05e0-4c4d-4835-9a36-19f609299acb", "comment": "Malware payload (AgentTesla)", "value": "6269f7a48488a80d19b4f0f8559b1e2dd8015a378d677f61f704ead000f9fdbe", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322316, "uuid": "d165ffbb-eb09-44e5-955f-17638b3b4dde", "comment": "Malware payload (AgentTesla)", "value": "e183754b08d26d44e70bb2f1d6775cf0191b9c66", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322316, "uuid": "04b6e2e5-59b5-434b-b0fa-97574147341d", "comment": "Malware payload (AgentTesla)", "value": "61721cb87ca7957c1291ea868a3b41f1af0f0d6d7863ce2fa03845cc3acc9a92e5608adff016a251056b17f19274b37e", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322316, "uuid": "beead5d8-0856-480c-8668-4b1fe24e7275", "value": "T1F2B4236D7417AF77A8BB883E97FC484905831CC5A2D5FAAEAF21682307049B11B5DD38", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322316, "uuid": "5670ea17-08e7-4342-a020-039890f3e3f8", "value": "12288:hVcgIq5nL/U4dQHraTkhW2vks9HwZsxBPk0AJ0H:hVcgzdtyC6ks5nFy2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322316, "uuid": "dc2373dc-672c-4e49-8cc6-f6164e4da061", "value": 540373, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322316, "uuid": "1865f17e-7b6b-4f6c-9399-12b020421b03", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322316, "uuid": "ac225dbc-110a-494d-a9d6-229eff96015d", "value": "Image001_1.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d4c2c08-7449-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698357001, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357001, "uuid": "83efafa2-1571-4a74-83b6-dd779f8cda66", "comment": "Malware payload", "value": "6951cfdfd7f696adc74536255376d3f0", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357001, "uuid": "d51dbd46-f848-434c-86f0-61627519ba80", "comment": "Malware payload", "value": "62d9e53f053fa2997f670391b0993f25da7a988413414833264299770d828ba4", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357001, "uuid": "f1ceea40-d7da-4ce2-adbd-a4ff7187d264", "comment": "Malware payload", "value": "ae59a79dc9c8e68cb9a1af9ebbaed3c818ca8329", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357001, "uuid": "3c074981-f8b8-444b-8c9f-b1ce9b53a055", "comment": "Malware payload", "value": "f29bd869a8c61c3cf321b6094aa40d91dce5c88ec5c31cf214e2d4c7fa8b7f8c22a31eb4d4457d5c0abc0112471ed8e1", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357001, "uuid": "c253a46d-379b-4867-a069-704ba77d781f", "value": "T144344C0BB2D4CCFBC4C28B7426DBA5929933F47D077AA107B394BD641F0DD88699DA81", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357001, "uuid": "d9ff28f7-d99e-44e3-b978-e9eb3cb4f0b5", "value": "6144:0ik5NQNXhwutJ8a8b3bcA/uJmLzGMz8ZPu5rr8Byd5:U5NQ3wutJ8aHvJmLzGMz8ZPu5rr8Byd5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698357001, "uuid": "5637d9d5-2fce-488e-b9bb-047d93a29549", "value": 242937, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698357001, "uuid": "59fa817e-544c-46b2-aaa2-e02ff3b235a9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357001, "uuid": "93eeb2f8-4515-4d61-8e55-52209f1265dd", "value": "6951cfdfd7f696adc74536255376d3f0.elf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37589d2b-7410-11ee-8907-42010a9c0042", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1698332349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332349, "uuid": "d575a990-3b7c-488e-91e2-7baae1a5b011", "comment": "Malware payload (ArkeiStealer)", "value": "cfd30dc5cd455c5e7e2f4a3e799848e1", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-123456", "colour": "#E2C0E8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332349, "uuid": "a86bde16-f232-4b11-9fb7-411f4f8471a5", "comment": "Malware payload (ArkeiStealer)", "value": "64f91dfee660e357014afa2447f69fcca5802960904d3093e7a581e17b99342d", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-123456", "colour": "#E2C0E8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332349, "uuid": "fb130802-4b17-4f2f-bcb1-76b8ecee91ef", "comment": "Malware payload (ArkeiStealer)", "value": "5e447f268ba99f1f54fb686d66ec7a9a89db1942", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-123456", "colour": "#E2C0E8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332349, "uuid": "260130ed-197d-43a2-b37d-af3235790671", "comment": "Malware payload (ArkeiStealer)", "value": "fd80d48996d743d8ad83762d782edc1a812a1715c702da416183e1e35ed731c9fb7065141505beeaeb587b2d1c74ab4b", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-123456", "colour": "#E2C0E8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332349, "uuid": "422d217e-604a-435e-982a-1ff9464db06a", "value": "T1B767338F0DBB5832FAA249F057F47317179FB009859535D3EE4813E3E96849978E283A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332349, "uuid": "9506321e-8c0b-4e84-bd16-0dbda7ba3fde", "value": "786432:9+dp1cfNc4IfxWhn7ry1TvB5H1qjCOhBuGh1oP5Tg0OtrUQ:9ap1cW4IZGS1zHIjvrzC01UQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698332349, "uuid": "0dd85451-c336-45d7-aaea-c5319fe38071", "value": 29781136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698332349, "uuid": "64de332e-4940-41f3-a475-d25d80ccd745", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332349, "uuid": "c050d5ce-28da-41a7-8381-1f3dd5f6c2c9", "value": "photo-11-10-2023_292.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdee5748-73dc-11ee-8907-42010a9c0042", "comment": "Malware payload (Gh0stRAT)", "timestamp": 1698310241, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310241, "uuid": "635799dd-07a0-4bd7-b2e0-4cf8d998d73c", "comment": "Malware payload (Gh0stRAT)", "value": "df3f929fca979d2a32facc9f1685ea96", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310241, "uuid": "5a7dd206-1f52-4c3e-a191-4a495184999f", "comment": "Malware payload (Gh0stRAT)", "value": "65e10e35444bf302cae93bd9ece5fd3da735d911fe2052c471bf1ce32b787fdd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310241, "uuid": "d42debd4-e540-458d-a6ef-ef533e6e0274", "comment": "Malware payload (Gh0stRAT)", "value": "c8cbf7ffab5164f20ec7a5d230d9596fb1adfad1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310241, "uuid": "55c565f2-59d1-4963-bac3-76e060a16074", "comment": "Malware payload (Gh0stRAT)", "value": "7b7d1e3e170378fa3068bbe4d15871d576788ccccb0d23e1d1881e7db35c174802301cc75b120934ae0e62e777fdd432", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310241, "uuid": "37185f1d-5a7c-43bc-b9a6-d1410eb32d86", "value": "T1DAD37D01F68580F6E965107C146F7B3AEB3BAB78970C6FC37314DEA54863152EB6234A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310241, "uuid": "af6aaae1-fee8-4889-a495-7672ed7433b1", "value": "9aeccc0b468f6a5d68671c47d14b9a5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310241, "uuid": "a5448135-9b98-4a0f-b72b-b3e365c47c9b", "value": "3072:5cTWQSyf/0Mh9PZGQ0+RXmxCP0qeEo67EEJJI0V9isI21:mKQSyf8MLPQygIQEo4LJe699", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698310241, "uuid": "2790ab65-4f28-4d3e-a82a-ac2555190769", "value": 131584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698310241, "uuid": "ca60bd2c-eb94-4606-a7d0-36934236479a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310241, "uuid": "c6a471e0-2b13-43fa-8449-275248a643c1", "value": "DF3F929FCA979D2A32FACC9F1685EA96.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "efe47fe8-7413-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698333947, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333947, "uuid": "ad3477a0-1760-431f-995d-ee1765e96d92", "comment": "Malware payload (RedLineStealer)", "value": "f8822c5ad94d960211c2e263197a0ee8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333947, "uuid": "59a2f7a0-5bc5-4267-944d-48a58552b97a", "comment": "Malware payload (RedLineStealer)", "value": "66b4646d05c237615f220cd5530b776e424ef3482c08b58bbbaad413c79226bd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333947, "uuid": "87c2786e-f118-4d53-8df7-9ce987e24689", "comment": "Malware payload (RedLineStealer)", "value": "bf11061281f53044bf36b20ad8a89be7a31e1c6e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333947, "uuid": "9da54a3d-0fd5-4f0b-bce0-faa4fc3d7842", "comment": "Malware payload (RedLineStealer)", "value": "7c851c246699191c6f15752fc49738cfbafc0951c4ced2643a776d6a960ce9a295bde33d5b4361670b81e97933c458dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333947, "uuid": "5b98be7a-0de2-4bb6-a1b1-d7d1bc8b126a", "value": "T10F04C558364BA97EC96F487D9C705CD0777CAC621242AB079C8EF4E83A3B7859B050F6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333947, "uuid": "ddc8ba30-e3b4-47ab-90d9-8065fc8d8595", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333947, "uuid": "c87bc57d-b278-4155-9490-2a0f1d1655fa", "value": "3072:XEVe58FI0i24iXOXCN68SOE0m3m+MCmJc8e8hE:XEHFI0i24iDSOE0CMCma", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698333947, "uuid": "0d5df9fb-d88e-4640-b423-3342ef973a31", "value": 178176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698333947, "uuid": "8ca31fdd-94f6-40e1-95df-e172fd4d2fe1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333947, "uuid": "5de3307c-9dbf-4f1e-b5a7-a3e6a6219110", "value": "66B4646D05C237615F220CD5530B776E424EF3482C08B.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6ed1b6f-73d1-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698305612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305612, "uuid": "d11068c1-e15b-4980-9327-ff308fd0f9ec", "comment": "Malware payload (Formbook)", "value": "fc8b3a3005cdc80ce19af33a57010fa8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305612, "uuid": "9de6c67d-8f71-4e52-80a9-418360984c97", "comment": "Malware payload (Formbook)", "value": "66e461f8245be149d5a3826d29c170d5960ade477be127c0fe2bc315e26067a3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305612, "uuid": "9efbf7e0-f096-4456-a977-f5d9d56e786d", "comment": "Malware payload (Formbook)", "value": "b3303ebe7263a55a61e80407706711ca0727e496", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305612, "uuid": "7c762fcb-0eaa-4686-a837-48c942eb7cbd", "comment": "Malware payload (Formbook)", "value": "676f1c3345eaab80336563f499982a7b2e8917eaf71e9d0afee0bc400e227286c3130e82e453c078a2e093054d92fac4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305612, "uuid": "bac9c0b8-6992-4db1-a145-9ddeac91bcd3", "value": "T116C4120037F8A326E6FA1FF9D8B5A0514F39762A7875D24C1E9E50EF09A2F04C451B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305612, "uuid": "078ced41-d3eb-4355-9484-b884ae584471", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305612, "uuid": "7768e00d-3bf9-4bfd-99f8-148c51e871e4", "value": "12288:yG1tsT0hAbk1Y3qHBTsyyrHJLm3nI8UB6a2Si:D10YAoKgTTyr43", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305612, "uuid": "9feb503e-9770-41a6-a88c-c6f70a33f162", "value": 582656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305612, "uuid": "30f5d1c8-1889-4b26-866a-287b6694760d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305612, "uuid": "a4ec423f-b995-4414-8455-e56d37e09bb2", "value": "fc8b3a3005cdc80ce19af33a57010fa8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "250ff238-73a3-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698285503, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285503, "uuid": "2af79609-04a9-47b1-bb29-f52b538c2388", "comment": "Malware payload (Mirai)", "value": "67c5071af5b3c2d852b9a4ede12cf26b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285503, "uuid": "3494bb34-1cec-4d0d-9cbc-6bb9a77a46b3", "comment": "Malware payload (Mirai)", "value": "672e61e36ff711b02d876c98b05d0a979f8862ba114f326237b8ba3fac241185", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285503, "uuid": "3ab1af02-8ca4-42aa-9eed-8e556ce5d9ba", "comment": "Malware payload (Mirai)", "value": "9e69d8de1f521e9bd735fbb78d4d6ed7d08ed744", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285503, "uuid": "34afde31-6523-4c69-a409-12fcfd3a62a3", "comment": "Malware payload (Mirai)", "value": "01389f847eb9e28add5816c931f0780324595eb00b569186369b7238ae321dd6fd802c911683663d172040392054ebe1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285503, "uuid": "c14e94bd-640d-44d4-8130-760531c9f67b", "value": "T1FA535C0073948F07E4AA5EF5283F17E483BEEE5016E5F184660FE74A8235E33595AF68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285503, "uuid": "174f25bc-3703-48d4-aa53-a55c3dbc044a", "value": "768:H3qgPVuEmAJZawkRS74xODerdz+AaWtGTPABaUxn69YCExIj2zGU5d+qenx56orV:tVuLLjOD/WYERTCExIj3qebk3ePVnXFl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698285503, "uuid": "f4e81237-fcb4-42ef-94e5-b1e2f7a6be90", "value": 66656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698285503, "uuid": "bf17b252-7948-4159-a8e5-b28340c6c167", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285503, "uuid": "3971a0cc-34ba-4edb-9e67-51fa169f639e", "value": "67c5071af5b3c2d852b9a4ede12cf26b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbfd406d-7456-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698362663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362663, "uuid": "eccca80d-fb43-4506-9975-db3a3f8bdb19", "comment": "Malware payload", "value": "1931fde3e9e1b2cdbb97da4204f1e115", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362663, "uuid": "070d5366-84f3-48ca-9bfe-3c4c9c141710", "comment": "Malware payload", "value": "673f0384ee81d4d3b663a047be43ae435789c2cfdaa1d173a31b2b718fde8bb4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362663, "uuid": "96153fb7-e684-4324-b5a5-ab346f870c05", "comment": "Malware payload", "value": "71980fa6306a604d139ab57c7a0ec4c3c0a9434a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362663, "uuid": "4b0c296e-e5b0-452e-835a-a0fe43561939", "comment": "Malware payload", "value": "134efefc9ad897e5a024c23c033fb2f047e6f1d33602b84dcaef5ce66375bd6dea5c9f82dcbf89d857971b49358faf5d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362663, "uuid": "0c7d5ef3-c1ea-4d5e-b675-bd52e64d90e9", "value": "T18203F10CA2A06DAEDDACEE7561396610FE507080762EE7DC2341ED0DB07DC07BD9906E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362663, "uuid": "ca79a528-abd1-418c-b91b-9b358cb2b557", "value": "768:Fu+dhF07mTlV27WZgn0psygO54M3zadVUdG1W1WRw:F1jZlV2cc0psox3zQVxWt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698362663, "uuid": "232a469b-3794-455b-b219-c68ff6cb3c5f", "value": 39588, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698362663, "uuid": "b153cc74-e663-413d-ac88-4d5a3c809717", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362663, "uuid": "76703613-abfb-48d4-9f6b-5b0df6d4582e", "value": "1931fde3e9e1b2cdbb97da4204f1e115", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0c7e076-7409-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698329573, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329573, "uuid": "1a0493fd-552c-4138-9463-f2def957eb52", "comment": "Malware payload (AgentTesla)", "value": "b7f0b68ff69c8ea376408a86f6683b64", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329573, "uuid": "ba1d318d-571d-48fb-8f57-be82800ea26f", "comment": "Malware payload (AgentTesla)", "value": "6959e3ef6a767387f3ed86bf448fb8228a919dd36f9b046e8bc1219600540737", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329573, "uuid": "5d2ea0f3-b80e-457b-bb82-b1ccec424172", "comment": "Malware payload (AgentTesla)", "value": "83d962be87aec1961dd6e429d417f882c5c27c21", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329573, "uuid": "43fb091f-0b12-41b2-b944-8c57d62cc947", "comment": "Malware payload (AgentTesla)", "value": "24000f8e98a9f0268da828f932b2dca078dbc629bf7d7bc89feb886cf8e0bce3ff125b4b9953ae1e6e55674b1ecdf831", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329573, "uuid": "c9d39cbc-962f-4bde-b234-21881ca090dc", "value": "T19AE4F105766E6B02EAFD87F94562511407BB687A7479E3C10EEE22CE0BB3F804951B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329573, "uuid": "84ee20db-99b5-4a80-927e-9f6c33612db5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329573, "uuid": "7759c3ff-8126-4373-8874-1dfdb3e25104", "value": "12288:ZXWcw0Gu+usxfIz1icIJSGil0ME+mNoD2eeR8tJwGN7s0vSj:Z8uSzSGiSME+2+2eUeWMs0a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698329573, "uuid": "638af462-6071-4da4-9f29-9a04562ae3b0", "value": 684032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698329573, "uuid": "3a6622d5-349e-4b20-b8f4-58964e680900", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329573, "uuid": "157b7abf-a09b-42d9-b881-a458e23381be", "value": "Swift Copy,pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b85d339f-739c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698282744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282744, "uuid": "3a5e4961-d5a1-4b9e-9fe4-f1bb6d6e0514", "comment": "Malware payload (Mirai)", "value": "fa96434aa9360a80c364dc9c1df09845", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282744, "uuid": "205eeb48-27d5-4d93-8ad6-956934652f4d", "comment": "Malware payload (Mirai)", "value": "69866a1466aca20111f2a299b16b976dbe62309b2d3655bed88aafa11404eb45", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282744, "uuid": "5f71f11a-8cd0-4fe3-86e8-ae0c5807f3fd", "comment": "Malware payload (Mirai)", "value": "5f9a3d473a6dc1790d450c2dfd6dcdcfb93270b1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282744, "uuid": "74fa2612-c275-4b74-b96d-81b8f6b9472c", "comment": "Malware payload (Mirai)", "value": "62deffc5d5bb8237963c5c883ce3649f59a3783b9b9e1497f500cd9a758e9d80b7b76cd062d52eb99ddb0a594584639a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282744, "uuid": "ef79119d-8e83-4026-923a-272691b61086", "value": "T152F2E122DDE750FAD7B0417A9D344BCF3B96267CD1E7B11B00A212743A996051FADB83", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282744, "uuid": "ca6003c1-ff26-4c17-b754-f28121b60a9c", "value": "768:z6iatWxkIHgdD8kJEhbpBkEWlq9gc2LJvQnEfCs3g29q3UELb0:z5atbIHgdHERpqS/2LJqK7gbLY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698282744, "uuid": "dbeec5e2-a190-40d0-9214-bcad4aef647b", "value": 36500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698282744, "uuid": "b3dad518-8a62-4acf-a7d7-12c7481cab59", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282744, "uuid": "c49b8d02-9989-4e97-8eda-06e1fadf5b8c", "value": "fa96434aa9360a80c364dc9c1df09845", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "124701f9-73e9-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698315536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315536, "uuid": "fd2de75a-7c91-41cd-9cca-e31d0ec53dbc", "comment": "Malware payload (AgentTesla)", "value": "5ca0feda16de243d34928b893557659f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315536, "uuid": "875a3b4e-38ef-45ec-8ec9-d9c9e8aeb1c0", "comment": "Malware payload (AgentTesla)", "value": "69d687c40fc212cf5e617e6353ec91fc8056d23cc87a5c5cebea4daa9796f2f7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315536, "uuid": "471830cd-f3fe-4693-a881-bf1c51d94aaf", "comment": "Malware payload (AgentTesla)", "value": "b30076cf38d47aecea6575e64713451d4c998cc8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315536, "uuid": "47b3ffa8-0a5b-447e-aeb3-0a594c4a9bab", "comment": "Malware payload (AgentTesla)", "value": "e310ec5d7518aa32188755f968f8fc0894183d817b53f87aba5ceac1474ca1a929c21658c89ef013230c749423ceb814", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315536, "uuid": "e6d495a4-77e7-4fa0-9f55-5e96fa52d82a", "value": "T1CCE423A5BDA4F36A124F3954A5AFDD12CAF3A32B5C9742D89511308342CC86EC71F37A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315536, "uuid": "bc035f08-63c1-45fc-8764-66770bc93cb4", "value": "12288:Zr1sjVGL5fwfaqE2oInAC/LQsHpPvqu/ce6WLnVQjMzBmKulbTZwsTKjZg6MsK:FvLZ72zACUmRvqUT5nlzgKul561glsK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698315536, "uuid": "b3b7c33f-cade-4c32-adfe-81cb1c830191", "value": 659133, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698315536, "uuid": "bbcefe4b-1ae6-48bb-a6c2-1302ddfde6fe", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315536, "uuid": "dddcace0-2509-49d0-a37a-e6f320cf7008", "value": "Proforma Invoice.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "632c763a-73f5-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698320826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320826, "uuid": "8e7dc82e-8b28-46be-bd9c-d49ccdd7efc8", "comment": "Malware payload (AgentTesla)", "value": "2109d1ef2dd7fd9a97eff36186449570", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320826, "uuid": "a1499b33-3d58-4efc-ba73-96fe2ab99dea", "comment": "Malware payload (AgentTesla)", "value": "69f1ba8f7b8dbb60f8049ca7b2c8730bf921efe454dcb52651f5210cebfa37d3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320826, "uuid": "4170cfc8-1e36-4961-913f-90b0c8f71fee", "comment": "Malware payload (AgentTesla)", "value": "4762eac63d9e0b71754ea283bae5cfe720d9f487", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320826, "uuid": "52b1fa98-cfca-4582-b985-c97eaad551db", "comment": "Malware payload (AgentTesla)", "value": "08fa7bf40c3bc86a0b3cb4d6ce0c08133714df6afa6924fe5671ecd970f603c6a8eaa51262db51b4ca6eb9e93b9739ba", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320826, "uuid": "9946bb73-ebf2-40df-a51d-24df621f7f25", "value": "T1F8E47C85F0DA2190EC2AEBB1D776CF788267BEF96539B41D2CCD3E1336B75825611022", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320826, "uuid": "c2a8df75-c003-4f3c-b013-e386f6c0c868", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320826, "uuid": "f162a229-2bd6-4b24-b304-2239aaaf08f5", "value": "12288:/v13ChumFgGoQJwB1Yds6RFl3kWNJ08gDxP7r9r/+ppppppppppppppppppppppJ:3d6DCGnU1YKaFxkWj08q1q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698320826, "uuid": "2d653b8b-25e3-45ca-b852-543680c65cd1", "value": 680960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698320826, "uuid": "02b1c9e4-e638-49e6-95b3-50182f39461c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320826, "uuid": "1634836b-d69b-48c4-aba4-3041461a7ad9", "value": "112-43185133.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc6a6c51-73d0-11ee-8907-42010a9c0042", "comment": "Malware payload (RiseProStealer)", "timestamp": 1698305138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305138, "uuid": "c85a6804-25fc-44d9-a70c-db827e19cb4f", "comment": "Malware payload (RiseProStealer)", "value": "c8b828fa39e97096d1ed9b39e1201e9c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305138, "uuid": "e15856be-df15-4659-8780-e4ffbddfb24b", "comment": "Malware payload (RiseProStealer)", "value": "6a170ee71191dc63336ab8ce5da7c9001ab2197fe59e5f17f185fb16368dcb98", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305138, "uuid": "26db7c02-d5f4-480d-bf10-d0ce319d019f", "comment": "Malware payload (RiseProStealer)", "value": "5b549433af9da130d756029849d04811d021a2d1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305138, "uuid": "a606885b-1868-40fb-bceb-ed6c99476f7c", "comment": "Malware payload (RiseProStealer)", "value": "a30f56a30263a447444a5ddf074d7af93a14a76b90a06d194b54456b97d2af3cc3ee71fdd7a4edc8d03f352b486b48f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305138, "uuid": "9e3d812c-8a6b-4c9f-b085-ae05eec576c4", "value": "T153558D71B402D037E1A101F5A67E9BA611ADBA3017AB08D7B7C05E7D94F19C36236F2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305138, "uuid": "816a360d-ab69-4304-b67b-3bdae0102f67", "value": "25c8ae30cd1820a1b5b2591280c2ac98", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305138, "uuid": "b4a1bc20-e439-48ac-8089-b376cec86dac", "value": "24576:MF9uwNfSKYFODIbxDtU9jyuSmsLNvwqsbQJWBMFbSFv/XsTRYl9W54KycnnC3:qgKal12UpkbQJW2FbSFXXsTE9W54Kycm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305138, "uuid": "c4995520-fdd2-47ef-a35a-bfbbdf319a58", "value": 1315328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305138, "uuid": "aaf1f554-69be-4887-a1f7-d8b597bd122a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305138, "uuid": "83330455-0bda-42da-903e-d734d8933f3f", "value": "C8B828FA39E97096D1ED9B39E1201E9C.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8178dd8-73e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698315465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315465, "uuid": "d5c6ac41-ec3d-49de-8784-5b03eb40d585", "comment": "Malware payload (AgentTesla)", "value": "ad2fc18ee586898828d83b175f7e4164", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315465, "uuid": "0ec007ec-964f-4654-9a89-52aa994b99eb", "comment": "Malware payload (AgentTesla)", "value": "6a30bc128b311345bd8e31783099983c62905a98c251ccb935a208690388ee30", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315465, "uuid": "e179e494-9f4a-49c9-a67d-d668a2e215b7", "comment": "Malware payload (AgentTesla)", "value": "73cc6bc0fb1fd913d8643fe681e90abc153502d3", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315465, "uuid": "188ce3cc-ab28-4a1e-a183-29f674d3a436", "comment": "Malware payload (AgentTesla)", "value": "349ffcfb048cfe0d64720722dd101d7c1cbe52b01580ce40048dadf5632f004f5b78e1b924a10b2245d8094e3cbe094d", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315465, "uuid": "82989ab0-dfe2-4c5f-8a23-62456b197a70", "value": "T18C9423C5FE46901775F270335AD69D84091DFF8BFC460D598E1FAC2AEB1C9BA40A2A21", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315465, "uuid": "c97c112c-74d9-4973-8c0e-bc84e85cf0be", "value": "6144:mQRLcR5GieMsChxAjyiK6CpTebNxqkl/JrdUihwf4b5TnnEgBKsnnjxQSc1k:meIR5GieMstjyibNxJBJrSF+V0InRx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698315465, "uuid": "4fe0bba4-a059-4e5f-9c33-c293489142cb", "value": 417509, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698315465, "uuid": "2b212cf5-ddc8-4bfb-8381-94196dcb0f37", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315465, "uuid": "6ee37be4-10cc-4b03-8656-815e30a8a04e", "value": "payment confirmation.pdf.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4281fec-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698322331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322331, "uuid": "9866dece-faf2-4e7c-b45e-b34db1b43980", "comment": "Malware payload (AgentTesla)", "value": "10c635ce5831d0667eabbe8a8d630514", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322331, "uuid": "4a7c3782-b75c-4876-a257-03fa3522d1d7", "comment": "Malware payload (AgentTesla)", "value": "6a82958adc4a2a010fd4684a20633681057234917db900f3d603b80c31185c23", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322331, "uuid": "62574bd6-70e1-4a5c-860d-fb237d569873", "comment": "Malware payload (AgentTesla)", "value": "f1cc737beff147985d78327dc9e26ab58dfb7ea8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322331, "uuid": "ab3a3ac8-f5d8-46b7-819a-32cccc988dac", "comment": "Malware payload (AgentTesla)", "value": "b18fb2089dc777eaf07411c6cf108841451cf37b570ef0ec4392c7b51bc02e8d1758eb5f794ea4e161959012c80e5ba1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322331, "uuid": "3d904255-29b5-45cb-97c1-fcc1e602e110", "value": "T17AD2E1431721984640C9271BFB0B2E45EABD9C3BF4764BE287DA28BA5B013E4D5F0779", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322331, "uuid": "1f1b5e2c-ac90-43ca-8dcb-31df6865743a", "value": "768:JIbKzbTpNlnxYKNImhqdNrBY+PiU+PIju1hOH:qbKz/RxYK4dNraeiU+AjkkH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322331, "uuid": "e818d140-1bde-40e4-aaa7-423511222f25", "value": 28750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322331, "uuid": "9d9cc664-7e84-4176-b4ae-7b7d1a83f19e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322331, "uuid": "0cd30fb8-b4be-4019-9e1d-5cf61e24fd76", "value": "RFQ20231026_Commercial_List_PDF_1.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a715aa25-73b7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698294311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294311, "uuid": "5940735d-6e43-4267-b155-a3b487b59c2f", "comment": "Malware payload (Mirai)", "value": "f8027cd12c667fa293fa2cc1ce1c9ef3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294311, "uuid": "cc099d71-075d-4828-a9ca-4fc0d57efafd", "comment": "Malware payload (Mirai)", "value": "6a8bd4fcf2633fb0a1247b6c55b0eeb114ce19692e46dfd3c4c00a9e2a94186a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294311, "uuid": "711dc175-f1e1-44ac-adb5-8f70f3cb6e5d", "comment": "Malware payload (Mirai)", "value": "86e9812058ea29619c3dafeec3c4a32f3542305a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294311, "uuid": "1c5d5ae7-7f24-4619-99a3-6ab7f9987657", "comment": "Malware payload (Mirai)", "value": "d690558004792f0aadd3325c58a09522a660322ed63587817da6356bafc4921e869c7c701b512af20e48488989140141", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294311, "uuid": "f6828b5f-f4b2-48af-8286-74729b46edb4", "value": "T14D539FA5C5ACAE58CB1441B8B654CD398723F408A5A76EFBD646C796800BEFCF0187F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294311, "uuid": "e758b54a-9415-42ce-a550-f6291d650c2d", "value": "1536:PaAtVnz1/mUUNztiYmW6ihiYLTofs3wfpWIDNEJ7JC7:P/tVz1eUUfwN0T0f+whWONEJ7J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698294311, "uuid": "12b4e08b-7e9d-4710-8ab6-ab0d691c067c", "value": 63772, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698294311, "uuid": "30d199ad-c404-4e67-8dc7-4edd5238ce9e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294311, "uuid": "3038179c-1ef6-4ad2-9bbe-f7f1e5f4e708", "value": "f8027cd12c667fa293fa2cc1ce1c9ef3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cc293f4-7400-11ee-8907-42010a9c0042", "comment": "Malware payload (Glupteba)", "timestamp": 1698325405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325405, "uuid": "d54b696d-87f7-40cd-a3d9-987e0be7568c", "comment": "Malware payload (Glupteba)", "value": "7932c9b11bd7585db11c70d983d4cbaf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325405, "uuid": "1180c711-3c27-4321-aa4f-f6fe1c31af5b", "comment": "Malware payload (Glupteba)", "value": "6a9ca8cd0fe53e1036bc16b292926a413dc4aa896f4da8a29afd10c65138799f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325405, "uuid": "824adc0c-91b7-483f-a0e3-04d76aa99207", "comment": "Malware payload (Glupteba)", "value": "aedae9cc7d8718991afda5fb51ab48667a0dac36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325405, "uuid": "0555046e-3813-4f62-bb45-83672604c54b", "comment": "Malware payload (Glupteba)", "value": "09aa288c726b01bfbe83f303ccf000bc93f13118e279b4dfa80a9281bf33e3667dc318b675c38b683d5256f500d27998", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325405, "uuid": "2a4a42cf-547d-4bfd-aaee-e9cc4fc2f89f", "value": "T16AA6232DB09A8803E5F7C731DC685397929B3636B6126C7FE2B949E4B433078F974684", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325405, "uuid": "e643d001-241c-48e1-bad7-2fce2287ce81", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325405, "uuid": "f0455961-b565-4895-a246-208786d402a7", "value": "196608:KFpJ15dS860sFh2Np+yFZDLhwEfkzO4eWsfloehi:e50FhWDLh5kzOhfCs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698325405, "uuid": "1bfd1f7d-8922-42ff-9915-6f24acb371eb", "value": 10352640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698325405, "uuid": "767231ab-ad89-4110-bc55-52b5d0633752", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325405, "uuid": "9308ad51-c658-4fc9-bc1e-744ce7dd3665", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9dc2ea99-7401-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698326078, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326078, "uuid": "421879e3-6b06-4803-91a9-8a6efcd8fc59", "comment": "Malware payload (AgentTesla)", "value": "0eb1efc803996f78c4616d9984084d9d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326078, "uuid": "9f3ec80a-0d64-47c4-9680-ed93530a96f1", "comment": "Malware payload (AgentTesla)", "value": "6b57819398d3a6c1180a379d2f94f68e6074ae4a2e4275dc827465f0ab84d8b4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326078, "uuid": "7da7c866-b6f9-4685-971b-f9431fdbfd18", "comment": "Malware payload (AgentTesla)", "value": "ddf23dbf472bea5ca0df6c95e69b784dbe0432a7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326078, "uuid": "5e7b51a8-b588-4a7b-be4e-550ab08d1bc6", "comment": "Malware payload (AgentTesla)", "value": "17b3300ff6fb3c432d872e40877315f92c4b8bc160fd65dbe9c7943f2abec1f17a27528089fec8608228ad5bf4a3ee38", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326078, "uuid": "086e8014-448c-4e65-9717-53cd18d564fd", "value": "T177D51903BA87C9A2C15A1733C5E7C03487A4DF616723D61B76CF2B6B3443BA64A65327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326078, "uuid": "99afc8d0-0013-44b1-8bd6-842e576a7c9f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326078, "uuid": "f1a9c0bf-8571-45bf-b831-446de8bb9afe", "value": "49152:hPjQN0rCcBlQtoHoZPWKx17XW32gxyNUuC+eJtCI3CuZQvYjHb9ObgZ9OnMqr0xy:hPjQN0rCcBlQtoHoZPWKx17XW32gxyNG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698326078, "uuid": "aa335e56-cdfa-4cbb-855f-9bc21249807f", "value": 3003904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698326078, "uuid": "e31316e6-9b32-4421-b2a9-50aca8f11747", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326078, "uuid": "ff47f200-23ec-4b63-8a93-b73e403bfb92", "value": "PRE ALERT NOTICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "835a4805-73d0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304988, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304988, "uuid": "71c83cdd-f8f8-49eb-9534-ec53a625037e", "comment": "Malware payload (AgentTesla)", "value": "bb58bb28b01c28ba2c16e32c9dac6d73", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304988, "uuid": "54275629-3dcb-4f26-8f9d-0dabe44ae2dd", "comment": "Malware payload (AgentTesla)", "value": "6b5793f22a86e4b8793594df8c214feaad09cf964c913adc9f9a5e89a197442a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304988, "uuid": "d81599df-bd63-4177-9943-f614f223f6d0", "comment": "Malware payload (AgentTesla)", "value": "dda3a35e497cd38fd025de66dd00e7bc7dd3d056", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304988, "uuid": "33081e84-fbcf-458e-a721-ff6b78253540", "comment": "Malware payload (AgentTesla)", "value": "e7ee257ef74f22bc3671e09822dafa0974ae64491acc41a9b91abc750312cc7862ab819fa41450274af76df12369b459", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304988, "uuid": "892112ac-1b0c-474d-bb7b-7acf57f26ab5", "value": "T105251A1467A8DF11C51F51B5E2A661F9A3A3EC06DF85BBCB9980BEE03DB33516E01093", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304988, "uuid": "8f6adaae-88d0-44eb-8e5d-01fdfd4a2f17", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304988, "uuid": "a69d02f8-fb02-4427-93e8-4418defb43e5", "value": "12288:Z5sE1Uh9aXZ6JPlu1W6HkAPjKWX6uRpanqFVl91JNtLMDM51isP:y/aug1xhjKZ1koM51isP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304988, "uuid": "6b489c6c-b8d6-469d-bbaf-a3d8342a7046", "value": 1018880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304988, "uuid": "25cf5be1-60ae-45cc-a152-a387962d0645", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304988, "uuid": "dd0a5b32-8268-4f06-b21d-ae326be21e28", "value": "Payment Slip (SWIFT)\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb314149-7411-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698333026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333026, "uuid": "43cf840c-fb51-4bf0-8835-14f6952ec425", "comment": "Malware payload", "value": "fd56722366c5dbecacaf602aaa7d8b6a", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333026, "uuid": "7cad6fd6-431f-4db0-a5eb-af4b9f41c131", "comment": "Malware payload", "value": "6bc46e0cdfca9c3358a4910869b4bf251811d0958fb98eebb3124afba26a26c6", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333026, "uuid": "cc83e089-051d-4c16-9f88-d527b57130ad", "comment": "Malware payload", "value": "19e9f2be5a0d762c3223d1a5711216f477573aae", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333026, "uuid": "503a192b-4789-4aff-ae97-fdd0a95ac46b", "comment": "Malware payload", "value": "6d2b1d099774d6bd01faa6d3f1422ea0a59d3c0fee6807ca747f6bf875916ce98896ba30d7f67471fec612f2bd2467e3", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333026, "uuid": "4469c580-02cb-44f2-9237-92a38e42652f", "value": "T1A2E423ECC6BEF68BBBA0961AE79C5D16012F4A2F758CCF07855F6012FC692505890B37", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333026, "uuid": "b7ec56f7-1837-4f99-ac5b-37ae8657a522", "value": "12288:OEfFyNnDpRUxxyKHhTzGn3RpL8PTCnDaJ7xiR+3YBBpdgeVHdG+bCsqzAZUYchP1:3fwJDfU5BKnme2TiRxBTVHdGrxCU391", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698333026, "uuid": "b553a0dd-8649-4870-9f01-19b29de3d20b", "value": 698977, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698333026, "uuid": "df2d4b9c-41b9-4bd1-8e1b-35bb1ee5de12", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333026, "uuid": "96ef570e-c67b-423f-8a0d-2b33fd4bd617", "value": "AWB #150322.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f1a4377-7449-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698357004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "c380bb84-4d5c-48ed-9358-1756cf60a533", "comment": "Malware payload", "value": "3ca8f696aa9fa0c04927e3c852cfb148", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "25341de9-4aef-4e85-a4fb-570ea0a43187", "comment": "Malware payload", "value": "6cc4259ea402f9f626fdaa2ae4430fa79bd1a031910bc29ceff3fbc53e14657c", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "b2d7386e-6970-41ae-a487-7e19c4ce5a87", "comment": "Malware payload", "value": "c1392942336e0ef793b12330666bacc6e7b3f74b", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "45faebd5-ae56-4d00-ab8e-0d8a7a5540eb", "comment": "Malware payload", "value": "09ca4c7f9a5b1b2cf35781e91e3f41d6f6f6b02297d678629af417e94ece5fa4ce21bc08f3962ebf4f6e5b2bf562a495", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357004, "uuid": "b79fedcb-83b6-4f00-8826-7f8f5f6e73f4", "value": "T170D2E1BC74061568EB0EC5B567DE4A610EB74BB6C82BCC018AA6B6D3CD4319478D3F85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357004, "uuid": "549fc6be-9afc-42de-a145-381b2651119e", "value": "768:k+e+ivp8/cTuybJTGUmfd0rt0JoJgGlzDpUYsT:k+F+e2JWd0rt0uVqYg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698357004, "uuid": "67569009-fe4d-42f7-a97a-b1e4ae0070bc", "value": 30240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698357004, "uuid": "6147a9fc-3eeb-4254-b4b9-ac9d52755393", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357004, "uuid": "d82e0bc0-c28d-4d19-b57e-bf0807621ee1", "value": "doxbin.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "598c86dc-73bc-11ee-8907-42010a9c0042", "comment": "Malware payload (MarsStealer)", "timestamp": 1698296328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296328, "uuid": "40053c43-59ce-480e-9802-9928b80cb137", "comment": "Malware payload (MarsStealer)", "value": "59a01507b40a4f5e682c273ce7f8a06a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296328, "uuid": "b27a7451-c085-4f5b-b867-428fc9f64250", "comment": "Malware payload (MarsStealer)", "value": "6d2a158348cbde04534fe5c28bef8d260a3ef8f9f89c31d3e46ca6d41b194970", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296328, "uuid": "c19d0d3a-59c3-4042-8e12-e6d8f3f78edf", "comment": "Malware payload (MarsStealer)", "value": "a12fdc1aa99dacf5f709e35719877076786c3abc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296328, "uuid": "cc00929d-36dd-4c14-a6dd-85940f48b780", "comment": "Malware payload (MarsStealer)", "value": "33313cc0b5a16615405d7ab8ef16445fe126128a84818b2f97980bd27f3f369a9ac66da9f60bbfeade0772349906d6d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296328, "uuid": "0934f94e-1b52-49a1-b31a-edb653f25eb6", "value": "T1A104CF25B3D0C072E1B356301675C6B22E7BB8325BB555CF73980A3D4EB03D1AAB6356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296328, "uuid": "dfa96a80-fb07-479d-b74b-af2e7cd7b29e", "value": "3eb61bde6c067dec159cc6a0cbd631b3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296328, "uuid": "2e5118ee-7188-406a-b054-093cd060003c", "value": "3072:1HBNoP9BL/sPV0yCzdqTOu1HD5GLg1D2mRJxQNWKwPZRrDX7XG:nOPXLUN0yidqTOutUunkKPDrD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698296328, "uuid": "75126553-74ed-4a65-964b-13ed5bf5b06a", "value": 185344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698296328, "uuid": "27c2f238-4870-4c3a-bc38-1da7236f324a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296328, "uuid": "ff95ab87-1f78-40da-a7a8-5d76d93042a4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01671a0b-7452-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698360605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360605, "uuid": "22ddb52a-985d-4c4b-b19d-f37829f36d1a", "comment": "Malware payload (Mirai)", "value": "84be6d89dc50457d70909d7aa7cf9a5f", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360605, "uuid": "c682b279-9037-4665-afd9-ae0b499c2452", "comment": "Malware payload (Mirai)", "value": "6d5304c8335203137228c0fed3bc7288a5bbd78b23cf1657d5dfb149dda78672", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360605, "uuid": "eb9a07dd-20b0-4e16-9142-e3a8f44e159a", "comment": "Malware payload (Mirai)", "value": "3969bff4edb1fb90462dc9202913712f35a6f5ec", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360605, "uuid": "39586469-d1cb-4cb4-92b1-9ee0f41fc65a", "comment": "Malware payload (Mirai)", "value": "1c917fd2ce66c2cb003e4a7230fc09833903d27fcefac06f9bd5a98a68154db62b1479327803d011595174a3438579a0", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360605, "uuid": "1091bdbc-117b-44c2-8a92-1e8f0627c629", "value": "T1D1D2D007B18261C5DB6E1432DC6C3D0CAC10A70AE5BE52BEAB9C7426C835B7497EC765", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360605, "uuid": "30d40bdd-3203-4759-8a11-0fba69ce7482", "value": "768:iYicrAqMzfOwljeIqOgo7XyB8YnF2kS9nbcuyD7UryqW:1zAVf5gGmHMkS9nouy8mqW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698360605, "uuid": "e70b3417-5c44-4784-8403-53263beb7df9", "value": 29508, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698360605, "uuid": "3db0ae62-eba1-4abc-92b4-7c1741c37a83", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360605, "uuid": "765d5d43-030c-4f21-bd71-0af92eb55ca7", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8248b45-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (STRRAT)", "timestamp": 1698303869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303869, "uuid": "058a9015-9d34-488f-8dd0-64f12658cb9d", "comment": "Malware payload (STRRAT)", "value": "8b6d2e8ee9fb29b4095d861acbfa96f7", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303869, "uuid": "f1859032-624d-40a2-975a-6039bad6566f", "comment": "Malware payload (STRRAT)", "value": "6d641ee8729ed4c218ef958b79eef3729ec6317b7da31a41803407f41b68337a", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303869, "uuid": "f164071e-2efc-4885-a902-114c80698ebf", "comment": "Malware payload (STRRAT)", "value": "11189463a1f8558e688366fd47f6febfce3eb49b", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303869, "uuid": "7e2eee8f-d3c0-44d4-97ea-a578c5e4970e", "comment": "Malware payload (STRRAT)", "value": "e72b87c8befb7a516bbfb3565787a48cc21682e877c402cd09dd1cfafc9fbbab14d219e3fd189795f78c85a17ea41992", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303869, "uuid": "9e42daa0-ba81-49e9-9fe4-3c73f1e00888", "value": "T16F04F16EADA9F8EEDC1F4973514D5122C28D404EE547A02F79FC69C908B1CE90749ACF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303869, "uuid": "a862959c-dfb7-4ecf-abc3-be1af5fd1519", "value": "3072:zJjFn28eIl0XnNS87YO/YGHcTpVxjNVhp+K0dMfYDIO6LS/wxfs3Fl3ypGk04ADe:zJklXN7YAYgIpVbVhAndMf4p6LNGFl3+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303869, "uuid": "403297ea-db88-4146-8e4c-a99788fcf471", "value": 186515, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303869, "uuid": "3b8f87af-132d-4463-b4cf-f148653c9a09", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303869, "uuid": "23ba7b40-53cb-4dc9-8c9d-424407e0a19f", "value": "Delivery Information GCBAC71854_PDF.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e84f04e9-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698322338, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322338, "uuid": "080c4542-bdd4-41aa-b77c-41a65d0e78be", "comment": "Malware payload", "value": "3787ce679a83819f818c5b9577917621", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322338, "uuid": "435f3caf-cbdd-42f7-8375-d640f98c45de", "comment": "Malware payload", "value": "6ea9aa5eef5e5e8b53c3a22b2182d795504b888b29c4b108e3dcd81d27b9e12c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322338, "uuid": "e9f79252-ecbb-45f8-aa5d-f25a32c526dc", "comment": "Malware payload", "value": "9c8de84a4e934b70c469e27f18febf958e23ef7e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322338, "uuid": "b4fdd180-5718-4fba-ba6a-34f31998c228", "comment": "Malware payload", "value": "ae8d8e1f99c8b341e8a9938c927de748117b3d70aa5bc49041ea2a5798ad9dbe50de2a69b02f6673413b74c6a610c5fc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322338, "uuid": "567349a9-565c-4fb2-bce0-9e16f9281a78", "value": "T138F4121033ACAA12D9FE95B975A100ED4BF29357B272E78C8C9BA1DD0C137D6C54362B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322338, "uuid": "3fd299de-696b-4040-acb6-51475fee83bb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322338, "uuid": "4da2d97d-492e-4d74-a5cb-f87d17b3d52c", "value": "12288:Ass8wckbKvDQHhg5xFVeNvMS3LxpItTRdhGFdAYs7oDFLdz03cKdTTeV2kz4yW:p0bmX5xF4N137ItVu7dO3cbBRW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322338, "uuid": "0152c3ef-9faf-43ee-b20b-751173f596f6", "value": 726016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322338, "uuid": "2279bcb5-cd5e-4dcd-b276-85c4b1b588bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322338, "uuid": "7ee1eefc-620b-45ac-a2a4-01358e0e6d59", "value": "SOLICITUD DE OFERTA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b643eff-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698303660, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303660, "uuid": "2ed4e299-5fd0-4c66-89cf-312aaaea5d77", "comment": "Malware payload", "value": "e9aa456cfc261de9d2bec564f0d56b0b", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303660, "uuid": "8ceae1ef-4581-4501-9599-77c00c0b6e95", "comment": "Malware payload", "value": "6ec93de2251532abd2c5bb1183b8716291488105f91da64b6dcc3ae346406f5f", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303660, "uuid": "71c4ee7f-8e9d-4f3c-9516-7f513471d7ae", "comment": "Malware payload", "value": "bec4070cfa966cf7f863b8c6f4b8dd97e4a26259", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303660, "uuid": "e7d0cbe8-0607-4cc6-9e3a-e102f18d2521", "comment": "Malware payload", "value": "0414646f7d29f6641cabfd76c4286b0a10696d0f6e954dd2e086d003756f3441ea4070804fb550d0a78700f21314d0a5", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303660, "uuid": "f67d561b-f251-4423-bdd0-6bb6fcb9cafd", "value": "T1A982C9D2EAC225145E6819B7DD2346376DA3015C333B0A3573BDB26C534392866BFBE0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303660, "uuid": "e297a663-69b1-4259-bfda-e1e6a43deb90", "value": "384:BEvF/9+WX59YZvkpKlXzT71cPJZj4F9UbnOIB9GEOL3ovpn:BqF/rWMUlXz1cxaFuLpzODovF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303660, "uuid": "2b621f12-7e15-4b34-a6b8-77b9e38ef4b5", "value": 18413, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303660, "uuid": "b66568e9-2c6c-4d0a-8543-bb886e6dd4e2", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303660, "uuid": "4ce3134d-d423-4971-a6b3-b5be38bcffe2", "value": "Vita.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cc76e5b-73ca-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698302427, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698302427, "uuid": "7dd7194a-60df-454b-a73b-96e7a81e58a9", "comment": "Malware payload (RecordBreaker)", "value": "88185ebe22bf707440915c83b682f9cf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698302427, "uuid": "602b68a5-52cb-42c2-a999-1765862d8d16", "comment": "Malware payload (RecordBreaker)", "value": "6fb8cbfcc0237e85d47902eb39dcf6bd9a706e9030e8e208850fd985b5a4468d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698302427, "uuid": "012a59bf-43ba-4557-95c5-8e8122f5b265", "comment": "Malware payload (RecordBreaker)", "value": "b08c45d8d3b63ee3265c1e3bbd0d427941c0d87a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698302427, "uuid": "98db7ba4-a1c0-4312-a2ac-484df304e401", "comment": "Malware payload (RecordBreaker)", "value": "b93febc5ba80c598bbba61a46422112823032377224aeb280112a040219743f74e04e68748ccee3e228ef482097a29ea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698302427, "uuid": "03c2a871-79b0-423b-94d1-4e845b72697b", "value": "T147752352CAC84976CCA96B705CFB13E30E377D15AC7546AB2F85E94A0C73B809A3171B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698302427, "uuid": "f3041bf2-bc66-41be-99c3-2567d1c0411c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698302427, "uuid": "d0c1fc99-d6a3-4a6c-bc94-7dcaa7f188c2", "value": "49152:hDX/j0LUw7junN804z3aWUXzebT34tL8aG//:lX/J4un6bqWGibS8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698302427, "uuid": "d85109be-2734-4fe5-bb76-ef0b75c78a3a", "value": 1604096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698302427, "uuid": "b9d39e85-ad22-482e-a574-1d45565d8c7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698302427, "uuid": "b7baeae7-3f52-48c4-b968-c121e21f9f7e", "value": "88185ebe22bf707440915c83b682f9cf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83c5201f-73de-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698311002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311002, "uuid": "9dfb92d6-9267-47cd-ad8e-1ea6b653bb15", "comment": "Malware payload (AgentTesla)", "value": "c3ce4c173d21fde8208d7904df593035", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311002, "uuid": "08dcff58-cacb-4e1a-8445-d3afe1a477ba", "comment": "Malware payload (AgentTesla)", "value": "6fbe89619702cae1f9cc8e99624e3115a114ec9953d9f95c0f880d44391f09ce", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311002, "uuid": "1818deb9-a061-4487-b177-6efbcb668de1", "comment": "Malware payload (AgentTesla)", "value": "801fa5a00d3d97de7705ae7e44cfb418cd226da4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311002, "uuid": "7b661df2-66a0-4c23-9e32-8cb87bef884d", "comment": "Malware payload (AgentTesla)", "value": "67849e06abb41abfc4d3980ba9d2cd268d4cd9dea67d02e17faf8eba75bd0c9bb6965d49cdde785612a0141981024a60", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311002, "uuid": "9e074b9d-1c0d-40d5-93e5-218d61eb54db", "value": "T182E423538143C19013A743AB7AC940D4095E6CAFB668564BA5DDC0F94BEEBDAC053EFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311002, "uuid": "561f39b8-0354-439b-b671-0ba481aab7c1", "value": "12288:QL8FPBPps62hDSltfeDSbMwrkh74K5iKRTWQwq3U2PmA6LQnbgi:QLuBhs7YbmSIwKDYQwqk2PDnv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311002, "uuid": "83e71372-bc96-4e6d-8771-ffade9fbe6b4", "value": 696491, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311002, "uuid": "935ef86d-cd80-4fa4-90db-86ee3c780a99", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311002, "uuid": "eb26f1ff-c3f9-4b65-920e-4deb7b36400f", "value": "FWD-P231023.r15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "228cb795-73d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698307832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307832, "uuid": "6121c31c-09fe-4def-975d-87dd6c5457e7", "comment": "Malware payload (Mirai)", "value": "0a1b7409b4fba80cfaa5f07d251d9ce1", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307832, "uuid": "51682781-a8cc-4a67-b435-b4fe567f66ac", "comment": "Malware payload (Mirai)", "value": "707e4e902843791d84ff7087d786be054e8a2e175fdb4375089a266c507e884a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307832, "uuid": "fa5ac459-571a-4a85-9af5-6419455935f5", "comment": "Malware payload (Mirai)", "value": "4768f4a9e1702d9f57649788459914859911b29f", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307832, "uuid": "535eb898-89b2-4139-a43a-5e5e884e2425", "comment": "Malware payload (Mirai)", "value": "017e3ec06e3f2bf25fe7b50dd74b8e936e03e1616ce91b18c83eae8f1d0186b3d865d7cd93a63eceb796bec37325b39e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307832, "uuid": "db67d5cc-f64f-4b6e-b468-2b4446295855", "value": "T1D5D31A56E7408B13C4D61775B6EF42453323ABA4A3DB73069928AFF43F8279B0E63905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307832, "uuid": "30a2e860-fcff-454a-b119-e7ede4f61498", "value": "3072:lS6VGvG5uaDAFEsHYI7NSIYwxGn/R+SQkM/9iH:lS6VpuaDAFEs4mNxgn/R+SDM/9iH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307832, "uuid": "bd0930f8-8c21-46a8-b3f1-84fcc0325d63", "value": 140758, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307832, "uuid": "439e906e-d4ae-40c8-8217-dd92c4d7c8cc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307832, "uuid": "6d07514b-2ec4-42bc-a18a-011faf88ff4d", "value": "arm7.n", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf91cda0-73db-11ee-8907-42010a9c0042", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1698309814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309814, "uuid": "1f5de22e-48e1-487c-a3a4-68a2e38d380a", "comment": "Malware payload (YellowCockatoo)", "value": "b8395ba9dc89531db9bd8cf6b6a9a522", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309814, "uuid": "2d26d5f1-952d-4172-b521-3dc7e1a837f6", "comment": "Malware payload (YellowCockatoo)", "value": "70c2978f454bf649909371b631882baf3c9f3db525d342c9aed88fa0b334bf5e", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309814, "uuid": "8fe267df-ec3d-4f90-a325-220db1fa8f95", "comment": "Malware payload (YellowCockatoo)", "value": "872f6dbf812151a722e7b304b5a5778ef9c620b3", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309814, "uuid": "eea0a1de-de34-453e-948e-16668464da29", "comment": "Malware payload (YellowCockatoo)", "value": "55d5c527a321759ce2fea2d32993bf160275f3cbf41e4f08c8786b0e1400fdc67d79177c95b50e2a30bd90cece0f8d63", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309814, "uuid": "47d46d8b-de41-40c6-bdd2-68b2cc18d19d", "value": "T1D70633AAD2023F09C725D89F698C842838B940FFEE92AF1B75797593DBC590B701584F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309814, "uuid": "f03180ba-e31d-4a8f-a4f7-77a3756b1d71", "value": "49152:YhEJmjxkHipo39d84k2NjPjsVOUUnu1gi9OUfWOhU7299sVSj+30G2fKYJv82Uyy:YhEhntrdPoj1gi5L+y99sVSjroYvct0m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698309814, "uuid": "481bb6c5-07ec-4ffb-8bf6-a2b913a57182", "value": 3869649, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698309814, "uuid": "b21e2dbb-3f57-44f2-b84a-308e6f759b41", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309814, "uuid": "ae831957-cdaf-4002-9cd0-ff0fb421eae3", "value": "Appendix-C-Acceptance-of-Acknowledgement-of-Policies-and.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ccf1901-73c0-11ee-8907-42010a9c0042", "comment": "Malware payload (Smoke Loader)", "timestamp": 1698297918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297918, "uuid": "6159160e-e4a6-4fc2-9d5c-a7d2179e7702", "comment": "Malware payload (Smoke Loader)", "value": "e073756436450b1aa170023f8bbd342d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297918, "uuid": "69473c24-f0da-4392-96b3-511850cfaa8d", "comment": "Malware payload (Smoke Loader)", "value": "71e7386e8129da10222a7af399561b240b0d9ae7507f87d9ee6d57b2dda57ef9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297918, "uuid": "b373d07e-3c62-4c32-ae74-f2e42124a7ac", "comment": "Malware payload (Smoke Loader)", "value": "5f4967d9c31321bf5336a852a8d61519576fad6e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297918, "uuid": "223ffb75-b750-461d-9071-187d5bfea3b9", "comment": "Malware payload (Smoke Loader)", "value": "e385ba279334d2be26178ff17c4f73a1cef41fa21d791d7a130d3d2d009501f35907273e472a7ce01054dddcd1139ef5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297918, "uuid": "0c0b8981-dffa-475a-bbc8-2d4fbf152007", "value": "T1004533FEC434283DEBBA9E70E7B7BD35299034E5B42612394B4961D600B6362341BD5F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297918, "uuid": "ef305e90-c5c8-481d-944d-afc7f9112223", "value": "71cf2569222413220257b218ceff6838", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297918, "uuid": "fd01d9ee-8215-4896-8c8a-cb29a5cdef4c", "value": "24576:2Q7d1qIVe3sbrMjMKCAf+FQTcdwwGGW0CuZ9N:2kbVWsXmMKCAflhP5FQN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698297918, "uuid": "ad94df52-a86f-423a-8552-97203d395d96", "value": 1177312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698297918, "uuid": "5f00687f-ddce-4e1a-bb1d-e32e83aeaeb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297918, "uuid": "72c44b47-e609-4fb4-890d-0cc599a8cd3e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "242f7d8e-7419-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698336182, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336182, "uuid": "3b9d9d99-8e0f-447e-a125-5f2df73f7522", "comment": "Malware payload (Mirai)", "value": "9d3c860e219a048fe508e9d988addc24", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336182, "uuid": "ab548ee3-d754-43a8-bd5f-88989224b41f", "comment": "Malware payload (Mirai)", "value": "72252de441102dfb5dbf5a2eb635abf91af4bb44fba0d33f3938b17fffd1c6ac", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336182, "uuid": "a75d5f30-d7b0-456b-bfc3-c641ba32402c", "comment": "Malware payload (Mirai)", "value": "c896a142de19a13691768fbf42aa636ce6512c0f", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336182, "uuid": "aac09c81-afae-4088-999c-866b89ea0ff4", "comment": "Malware payload (Mirai)", "value": "48dfe04adaab6d58fe301ae8fcaa5244751671d1f6ea722a249a91a1c54a285f372ab93cfc4a53ff733939e52858aa06", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336182, "uuid": "51fa8a77-fe48-4e92-b9d8-dc0ae2828e64", "value": "T120C2E16FB2AD5A2AFA59323CE432810B0378F629575D37AB63010936E99E41D3931CCC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336182, "uuid": "c32ac659-2487-47f7-8863-89cc45815b88", "value": "384:M41DMwk8JPyGnT8WyopNEutTneSe3oECHjYlQ2NnE4+0o8tm3HWBKENAZH2zg60A:pMwxdyoEUnDz+Y8tqHWXmPSnzk9FNM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698336182, "uuid": "f70e85b0-cecd-4148-ac8e-0cd226f8d61c", "value": 28272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698336182, "uuid": "54f9446f-9d80-4377-a216-8cfa6f531bad", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336182, "uuid": "83b33d80-dc79-4ed8-b55b-ce0e657c6253", "value": "9d3c860e219a048fe508e9d988addc24.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9e514d9-741c-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698337722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698337722, "uuid": "4b1a599b-4896-4210-bb5e-66b0a9d0e000", "comment": "Malware payload", "value": "22ae72dd478b95daf3a8ac8c5216ceac", "object_relation": "md5", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698337722, "uuid": "8aab1099-3ef5-4dff-9afe-b8ae14e4a53a", "comment": "Malware payload", "value": "7257b4ccec0ceb27b6fb141ce12c8dfb8a401d3edfaeca12699561eccda5a23e", "object_relation": "sha256", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698337722, "uuid": "cc21bb0b-6dfc-400a-9299-9f885e35d927", "comment": "Malware payload", "value": "461b54ab5fcfc6f79ace57f76b9645b67bc500bb", "object_relation": "sha1", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698337722, "uuid": "c084c6f5-0659-43fc-8e96-93947fe20310", "comment": "Malware payload", "value": "0e9fbabd32a54cd3a64291a72a43abc9df84fc4a14fa6e75aeaccf0583e50bf4e2c9fdfb47ded0f480b945738849f369", "object_relation": "sha3-384", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698337722, "uuid": "fbe4cc14-5ccb-4a2d-9dd6-e2c942be69ed", "value": "T15C840272E2B2C0DCC58386709C582BD28CE7C9AE45D8197162E94BDE391FFC5E8605F9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698337722, "uuid": "056a023f-5ce8-4edb-9197-55731d050bef", "value": "6144:WgdCzTr7cXsEyvpDstcWcTe2iwPeBonZheuHHtb3LwCz9HlwUPMQxGKzjanI1vmB:z0zTr7+sZxst72xPeB8ZhVNb3Lw0FpMH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698337722, "uuid": "3387ffcf-489a-45b5-86c3-dd54ac52b0f5", "value": 373397, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698337722, "uuid": "a0455fe1-2104-4f60-873b-5300e5b4adbe", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698337722, "uuid": "52e7a947-bb47-4097-b878-4b62a0574dee", "value": "JE412OO-OCT26.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "876b15de-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304136, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304136, "uuid": "14292248-be20-40be-bb45-8afc8004101e", "comment": "Malware payload (AgentTesla)", "value": "4a578a27d7f96c0b96fe55e74b00c53e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304136, "uuid": "bbf2ea5f-0525-4cd3-ba62-2be23956ee52", "comment": "Malware payload (AgentTesla)", "value": "72b9c8fe3406ab6ec58f0d844ae7ad17f0c1a94e0a3ad164cd14bf302873ef00", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304136, "uuid": "21230da8-973d-41cd-b949-ad628c4adbf1", "comment": "Malware payload (AgentTesla)", "value": "6d4105515d4e1d0acc7ac856ea8cf8a56e87f267", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304136, "uuid": "ee427a21-2b19-43c6-829a-1d3ad0689d6c", "comment": "Malware payload (AgentTesla)", "value": "7c83f45fa366d5615ea28af73ead79a9438faf69c2d11ee00da1fbae1e14b7fc9bc67fdb7ab3517cfd164f3c8cd7c5d0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304136, "uuid": "d46d1ceb-6f68-4375-bdfc-e330fe08da48", "value": "T114C4E081B39C9F37E47A57F9A4B4222007B9357B2022F3946EC7B4DB45B1F448A41EA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304136, "uuid": "04fc415d-a6d0-4885-b074-7508c67f07c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304136, "uuid": "249a0ebd-503b-4fa9-8a25-87613e4d85fa", "value": "12288:ruYF8FPOazxvYTJzPzhkaSHS6JYrOiqo:ruvPOaztsJzPN3Sy6c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304136, "uuid": "da42852a-ccd8-4f5b-94ea-5fa67ad5472d", "value": 543744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304136, "uuid": "3b93d2f5-d823-4487-acf1-9bf6b2d14673", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304136, "uuid": "658446c6-0c5d-4815-b19a-b17131fb64d3", "value": "FIYAT TEKLIF YATA\u011eAN TERM\u0130K TEKL\u0130F NS21-42471-100KLM.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8012d4bc-73fd-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698324310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324310, "uuid": "fe4f2ae0-320c-439d-b546-e69b2c3c2386", "comment": "Malware payload", "value": "c00dda7545e32fe221c2e7ba777cfed3", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324310, "uuid": "8a1289f1-eef1-478b-a55d-cebf7e95980a", "comment": "Malware payload", "value": "730621f59682e23557fb036e392e979c77581f4f13b0d9b8c3f50faa3b83a7b8", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324310, "uuid": "69f4b33b-5ca4-48a8-b50f-1a008e575698", "comment": "Malware payload", "value": "cfa56fbf470791ebf07578c82795a3fab77c6ea2", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324310, "uuid": "0e6dc5b1-bc07-426e-9cee-e77525610f24", "comment": "Malware payload", "value": "89f722b46b269aec0fa130874e7517f63802fa41e0668bd28781061c46d1a04eeb25b16e2efdd354a474ea81b30fca52", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324310, "uuid": "d83e555f-b554-4a72-b0fd-51ae2307c059", "value": "T15F04242029DF704C71B62FA357DD75DA5FBBF6B2572A644E3008470B8A62E81CE50B72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324310, "uuid": "ac45fcde-79ee-42fe-9a2a-d34c8aac1e41", "value": "1536:uhmFhGjuqTBdore5M74GlFcTYurMMv4acT6r3:UiGj7y4WcTK+4acT6r3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324310, "uuid": "fb1963e2-f84c-456c-8cd5-a6baf7c193c3", "value": 181922, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324310, "uuid": "4f68f7d5-1505-4750-83d2-6d4cc0a52a03", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324310, "uuid": "8c530df0-01cd-4792-a1ce-355e0ee79641", "value": "New_Order (2).js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0ce0124-7426-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698342055, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342055, "uuid": "d0302ca0-f8d0-4b7e-adcc-b0e5014ffc22", "comment": "Malware payload (RedLineStealer)", "value": "977b45d15d4e32861aba1767415b2f88", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342055, "uuid": "04578afc-0c55-42d3-ac20-40e9eb054e00", "comment": "Malware payload (RedLineStealer)", "value": "73e5fee93689200a1857d8574e79d8fc3bdd4ed2317bf9944e7196c2bb5b40d6", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342055, "uuid": "9395950e-2d24-4da6-989b-61564ba4116e", "comment": "Malware payload (RedLineStealer)", "value": "da7e0db2414db0e573a6e213fb9603a863de64bb", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342055, "uuid": "25705d77-9c2f-417f-9c8a-295eeb8047c4", "comment": "Malware payload (RedLineStealer)", "value": "7052b274ab13b8ef73ece8a22bc92bc53f3c509eb50b816fcc154a60cda1558bbc9e9af24c7ea6e095565e0e6c896743", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342055, "uuid": "5b2925c6-98f2-4e49-be8b-8eb2664acbac", "value": "T15841861BD10BC2F6FBD611CAF674E908E858AA5B5501BC69F7E856C4AD120B0C36B44D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342055, "uuid": "8863a650-67e0-44a3-bb69-50398413fde0", "value": "48:fZ6RdaDwsDo+90NtVxEjCA1FcbGyMXlDm9mD5:fKKA+e7XQCecbGyMD5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698342055, "uuid": "4bfe0cbf-6e8c-4704-a887-a1db71bff2c7", "value": 1916, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698342055, "uuid": "f78ba16d-75d0-4c09-a320-65bbd5dd2e83", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342055, "uuid": "db928895-d117-4892-afe1-5f4b2c8c335e", "value": "NEWMuxi4.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5bd5b67d-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (zgRAT)", "timestamp": 1698303634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303634, "uuid": "94a65362-8637-46b0-b599-e04c2dffd7a6", "comment": "Malware payload (zgRAT)", "value": "24fc9fe4ac95bd3662708fffb53ea064", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303634, "uuid": "d185348a-5d51-4521-b3b6-691d18d4b8ea", "comment": "Malware payload (zgRAT)", "value": "7404e54f6f5eca18b5a8bcc5c542c898c46ccfc2f2c5c11951da86700a368c61", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303634, "uuid": "8317dc44-1c42-4dba-8a73-02ae956d4e98", "comment": "Malware payload (zgRAT)", "value": "c883cc4f5cc88b0a2b67efb8d8dccf756208fe71", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303634, "uuid": "275eab53-cb69-4fe6-a52f-069463520d7d", "comment": "Malware payload (zgRAT)", "value": "a60dd66a6990b05ff94660685a3714c0dc6a965fe07030ac496288a2e10593d5239b494077e536dbdd1207f23d427234", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303634, "uuid": "de90b796-da70-4aca-b077-47fef71ceca5", "value": "T140741B1039EF604C72B77F521FE8B9E99E6FFB726A29906E2444030B4663D40CE91B75", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303634, "uuid": "dc7efc68-b844-41d9-aa88-c5fcb03db286", "value": "6144:qcLwlxduxETez8qNTB6SowlixiH48NTB9uTqgNwteyyyyyayyyyy1bfyyyyyJyyj:qcLwlxduxETez8qNTB6SowlixiH48NTI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303634, "uuid": "fdff8813-d33c-460d-88d7-ba549d27f182", "value": 359640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303634, "uuid": "0fca04bf-2b71-4205-8f9c-0de238c9938d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303634, "uuid": "2f60eb68-58de-4daa-98be-7c9896e5ad53", "value": "PAGO deposito.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4c30a24-73e1-11ee-8907-42010a9c0042", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1698312373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312373, "uuid": "72a387ad-ad20-4828-841a-fee8055ff7e3", "comment": "Malware payload (ArkeiStealer)", "value": "380a81636436ccd45b7e63186573a553", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312373, "uuid": "3e68e3fa-fd5c-486c-947a-843a9ff710a2", "comment": "Malware payload (ArkeiStealer)", "value": "7409488e5fe7c7405dddd0ab296f4446f4e1179d7b7d19f3f4d5d2f470c1aba7", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312373, "uuid": "f178c185-7d46-4a23-9ab0-2a0a43065988", "comment": "Malware payload (ArkeiStealer)", "value": "708e182731f468c1e056d74f7a4d77192422759a", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312373, "uuid": "453e0341-696a-4723-bfaa-92bd0f6eb5f0", "comment": "Malware payload (ArkeiStealer)", "value": "f3a2a83e4fd58e32e4ee1b0c760e61d777cb3d3288be639e1da9cd01ab4023179f7bfae5a5105eb7af5b50f66d517d68", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312373, "uuid": "0afa8959-1df9-4987-a0c0-6f5c8e6b2b0d", "value": "T1AF35BDBC74B9BA5AF5D4433BC6852CFADB3CA540D7993C9B8E20411A7D8310E5F7A821", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312373, "uuid": "02b0f5fb-d6fd-40bd-bbaa-9751d834483d", "value": "6144:m3oM1mU1A8ZyYFL2oQG01hH/NnR9Dpfg/3IrfZfauhKJGk:m3N1mU1lPQGCH/lR9DWg7lauh6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698312373, "uuid": "e664825e-3976-44ec-b274-88fe195da900", "value": 1076244, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698312373, "uuid": "546f2f97-151c-4883-87bb-280a1c8c6adc", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312373, "uuid": "40768232-7a33-44bb-a468-8e9f08e0d2f7", "value": "photo_2023-25-10_13-21-32.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "953eb314-7435-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698348398, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698348398, "uuid": "d57ad168-9ae3-4913-bc02-4c4fae2eafcd", "comment": "Malware payload", "value": "38f6b4d5804de785b925eb46ddd86d6f", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698348398, "uuid": "bf99a8e7-8062-453d-bc26-f70a36451567", "comment": "Malware payload", "value": "74dd5df1dac36bb348452e5d084f1a10c692e1bad2b1491cc41c2980a002d8af", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698348398, "uuid": "1e51157d-959a-434c-a55f-bda959e2d1a5", "comment": "Malware payload", "value": "395f786cc490c2ca6611329ee7afbc0ad4f78997", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698348398, "uuid": "ba5498dc-297d-45a4-a9bd-90e69ccd28f9", "comment": "Malware payload", "value": "2c912219c6c6e44ca35bafb200f8156074c5b6266fa90a13394e69a3cf6c2531130a54131f91f0e35ae9fb515bd570f1", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698348398, "uuid": "63202976-e7c7-4433-96d6-aaebc9c3aa66", "value": "T13FF433205A972003C8AAD83F9562B5DA0BFF71D1A1D105B279A3C91FB4724C68F4FE5B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698348398, "uuid": "46f09dae-5ebd-42cf-8c09-dafa31b866b9", "value": "12288:rdYl6XJ7AAbXpA5ce8VoQ+2GKZd3zdOD/t2Y4P/u1/sod7RlCpUpb5:hYliTZUjQQwObt2tn9od7PZr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698348398, "uuid": "6ffe03d7-1867-430c-9d0a-8d06844156fa", "value": 734519, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698348398, "uuid": "455ec169-0906-4f4a-a468-6442cf56746c", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698348398, "uuid": "fb738fc1-d757-4eff-98f8-b141ca5b9a61", "value": "Quotation for Sogno SRL Moldova..xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0248af57-7452-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698360606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360606, "uuid": "0abca6b9-88eb-4e34-bfd5-daddc368480a", "comment": "Malware payload", "value": "9d0bdcced8f9d03885fa731faa7161fd", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360606, "uuid": "9ba6de7b-99dd-4f71-8a3a-91b8170ba2e6", "comment": "Malware payload", "value": "7630565675c562c550cf41a1f466530a1915ea01aa845ce29908c7917320c44d", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360606, "uuid": "9759d728-17b0-447f-bab8-71cba9ccb0da", "comment": "Malware payload", "value": "7763bb32bf8379d08898078108df264600872b1c", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360606, "uuid": "ca79a364-5a90-4b8c-b2c8-232cd7aae402", "comment": "Malware payload", "value": "0604e1ce2c1803a92b29736bd4bae3d727544ba2df8d3c474248042e467848505327374d23a90a18b1a3de8613f2ec8a", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360606, "uuid": "379b86e4-8220-4e3e-a9b8-cf3fd913e787", "value": "T125F2E0332689F031DAB21C76F9AC9F4B13294AF9F0D6351716D04B3CB6A36A35436653", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360606, "uuid": "ce952047-800b-4f69-be37-561083351c28", "value": "768:NnhWYMpSp93FZmZ/lDnbJBMr6Q16TrjeaUx4NP/H3UM:NnhWYMopa1nLMrXArgxSHl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698360606, "uuid": "09473c7f-0c64-4c8d-8382-044d3f761d8d", "value": 36932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698360606, "uuid": "70109925-9aef-46b2-9983-083bf3733813", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360606, "uuid": "9e2ae4a0-1fde-4654-8d9a-38eb32d1d2a1", "value": "arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff396384-73ad-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698290164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698290164, "uuid": "78a6f93d-04fc-4460-a79c-256b72448432", "comment": "Malware payload (RedLineStealer)", "value": "aac3df7e6723af9100865b3c83bdc5a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698290164, "uuid": "015ed6c0-13b3-4678-bdb4-3ce244d9f5a5", "comment": "Malware payload (RedLineStealer)", "value": "76c2a22b881431a88280e09315b4c7f90038c76357330d76bcdbcbb38a1c233b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698290164, "uuid": "4efac3e0-7ade-4641-98cc-74a736f08e79", "comment": "Malware payload (RedLineStealer)", "value": "26d93eedc629281567f1eeb4475f5fe322db4e8b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698290164, "uuid": "1f8981eb-3082-4dc1-b7f5-e114528eac10", "comment": "Malware payload (RedLineStealer)", "value": "d11a507ba894761d2162f9b07a9fc6c141304641a8a68297a8068d01dca7ce67a84c7faf79a724825e8bf76bfea0bd72", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698290164, "uuid": "465aac43-dc0b-49d9-b24f-aa035dabca76", "value": "T19844AE0074D1C472D4BA153E05E0EBB95A7EB9200BA59AEF67D41FBE4F303C19631A6E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698290164, "uuid": "922da8ba-065b-44d9-b308-a938720e8f45", "value": "e6c8a6ac2c39bf589d2a9a54b0ca583e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698290164, "uuid": "68a8161f-ac3f-4b6c-9843-07b8de4a86ba", "value": "6144:r9ECAFtfChKDdy9xf25adyWqAOWISHzW6N:rOFtfChKprY6M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698290164, "uuid": "7b02a55e-0b02-4e9f-b15c-9370be83047d", "value": 257024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698290164, "uuid": "320d9505-f523-4133-9d0a-40b2379f99bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698290164, "uuid": "af9a64a5-2541-41c9-ab49-b56a6da9faf7", "value": "aac3df7e6723af9100865b3c83bdc5a8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c694263-7395-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698279663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698279663, "uuid": "7ec2c7b4-1e08-40db-beac-b8c9ff26a753", "comment": "Malware payload (RecordBreaker)", "value": "a2d7f54f8fceda8a186169fb426670c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698279663, "uuid": "5f55c66a-90d9-41f8-81bc-e1ad04c59028", "comment": "Malware payload (RecordBreaker)", "value": "78f0f3f1b525fb795edb0574f5ae2b760767d8c836bb783ec2c6f628cb0bacfd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698279663, "uuid": "a0c8cd53-365d-405f-be4e-aaef08091a46", "comment": "Malware payload (RecordBreaker)", "value": "d549a8264684eaaac2a8cbee072197bf5f1b5bbf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698279663, "uuid": "e83829b6-376a-4042-989b-39d75a824161", "comment": "Malware payload (RecordBreaker)", "value": "14d1dfdb1728471b3b4f5da2a454115b29dad78dfa8c2b29da7dca507142abd2759f83ab8e26654bcf1ac75586e41fbc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698279663, "uuid": "bdba219b-30dc-402e-89a6-5470fc819b50", "value": "T106F41213EAD85437EC7527F198FF23930A32B9A28D7853362745644F4CB2A80A97573E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698279663, "uuid": "23b85f08-ff53-46bf-a8e5-66245f237d8b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698279663, "uuid": "87ed5adc-42f2-442b-9929-2847babf9c20", "value": "12288:yMrPy90wJ7odmDeWoV5HrAJmjqqMpKL3++5fZDBerFrWcJA7Rrq1lWS:1yX7r+3UwqRsy+/NeJ1Apq1lWS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698279663, "uuid": "09dae99b-4a76-4b18-b317-319bc1356fbe", "value": 744960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698279663, "uuid": "12f7d73f-2e6f-4d5b-ac91-05e5848c30c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698279663, "uuid": "e3455de4-8a20-424b-9e0e-50aa3d61e7f1", "value": "a2d7f54f8fceda8a186169fb426670c4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e05f48c-73dc-11ee-8907-42010a9c0042", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1698309946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309946, "uuid": "f96f14c8-39e0-4acb-9b7b-7188ea0247b9", "comment": "Malware payload (YellowCockatoo)", "value": "80cbcdc98aa7fa06d021783b0169e9ba", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309946, "uuid": "47e2f96e-bf76-407f-b1d4-07a353a5d52e", "comment": "Malware payload (YellowCockatoo)", "value": "79611ccdebf0fdafcf6844ea278314038ceda7b6f5c39ed7919cf6f7f2274c06", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309946, "uuid": "896fbff7-cfec-49e0-ae30-9017b22a0fa8", "comment": "Malware payload (YellowCockatoo)", "value": "686f8c1b4e0980dbfc3b2b68870009e8c783057c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309946, "uuid": "13f819da-0958-4528-802a-8be58396d21a", "comment": "Malware payload (YellowCockatoo)", "value": "329cb311f87548d800e329808946d6c4293d04fcff0b222e123d4976ead5f6818db1cb809a46c8987f265efb3f00b2e8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309946, "uuid": "0f08af48-300b-4218-a228-3c443d4bc08c", "value": "T19FC4DF143BA0DC509B6C16E968DB97178B2352A3EEEFFF0B06A29134191B96353513CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309946, "uuid": "16ad4838-2480-4542-a52c-5c8d9384cbdc", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309946, "uuid": "788d716c-65f0-4384-bedb-b9ab88b6e288", "value": "12288:/EZSZduv3s3J3m/4Cv9r0RZyjqQcJgGy6:t30ICyg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698309946, "uuid": "de0edc22-a8f7-4407-9262-6282f55fffa1", "value": 576512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698309946, "uuid": "0afdddcf-3b6c-4c85-8b2a-b11b2bcc29b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309946, "uuid": "73f86a45-47f2-4251-8930-5f4d756a85ff", "value": "VABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZNcOtNNDDVevUBNCN3jrIGHtGXMTIQIXsyU1zLaVMWQMJFNRFSCODDVVOWKnZI.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b902a64-7449-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698356998, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356998, "uuid": "4e314c7d-480d-460a-9e2c-d024bc91d9ee", "comment": "Malware payload (Mirai)", "value": "e3170d58a71a76038ebb440a3f309aa9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356998, "uuid": "969f2adc-f86f-4556-a858-c0f0bfff3a03", "comment": "Malware payload (Mirai)", "value": "796d3918d3c16efdd2a1debb7872483ea2a8800c30500fe7d694d14cebdd6276", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356998, "uuid": "9096c032-edec-4b02-8c78-e1e0614c5cc8", "comment": "Malware payload (Mirai)", "value": "41cb94b9d5817d940f6fd1f85d16e033ed30d5fe", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356998, "uuid": "6983256d-98ea-4d2d-a3e3-d841c5b7d86c", "comment": "Malware payload (Mirai)", "value": "4416e7c382fa47db2795f831107e1b4e4e6de531532dcc539c1d717bbba98cdfff41edac192cd8c5b25dcb433d5a1fc9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356998, "uuid": "e0d17a1d-83ac-4e0c-9838-4bfdfd2283fe", "value": "T1A4C2E278F0925C81EFE766FA5BC6ABD3B3910BE89926C67170C15F7084A331B9914CC5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356998, "uuid": "561abab9-b029-4558-b809-d0405e9be4e3", "value": "384:8UIMYLyr4h0OPbOOGiRwe73pNHT4vRc9RVYMl54JsDGA+VyqZnbjToNNjRSM4uVH:LOjP7GpgpAHVnvojz4uVcqgw0RsWXy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356998, "uuid": "28aa8c86-c74e-45b2-94e3-d5d6b9547778", "value": 27944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356998, "uuid": "565097e5-a723-4259-a70a-1128a0e2082d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356998, "uuid": "2f786d18-6205-4bae-8dc0-d30125e6dc71", "value": "e3170d58a71a76038ebb440a3f309aa9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89c48bae-73f4-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698320461, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320461, "uuid": "d9a2008f-0258-4260-a277-f9f4489f0f24", "comment": "Malware payload (AgentTesla)", "value": "c077cbb39453f82d4143d1453a30f990", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320461, "uuid": "fc243d5e-1555-4e2f-943b-04ccd1f890de", "comment": "Malware payload (AgentTesla)", "value": "7a4402b67c530192674f31331f352dd647193f4359e6b37ee49b234a93c9f4a4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320461, "uuid": "322e0b7e-468c-4b04-8bf0-3de6147ed929", "comment": "Malware payload (AgentTesla)", "value": "9df2085ca0ce0aef5c21b8905718cacbb5c5744a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320461, "uuid": "2df1e768-1cdd-41cc-b259-b8dd880169c2", "comment": "Malware payload (AgentTesla)", "value": "fff32e8f2bb11ea9d30f2e972de19288deed882725501c515346cae80807b52e204239d9170f932e60689a034fd40daf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320461, "uuid": "4fa24c9b-56d3-42e7-8847-95221a722c94", "value": "T1F1F423AAB06AFA7B8513110C125C961D1B8CFB64605FF7B7B3F134B7D1E8631096A721", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320461, "uuid": "b89086cb-e2b5-41b1-94fb-9d57edb1e15f", "value": "12288:KWm66g7Ji1XIKjicUQTt+C9mTMbHSnCTrSixUuDICiIDVKqC2R+7+3:KWm6EIIf+ImTQICTeiyiICiAKx+3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698320461, "uuid": "8d4f05cf-65bd-4546-9a30-c27d2a8025bd", "value": 750646, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698320461, "uuid": "379c9627-06e8-4253-a186-063c5f3e7fe1", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320461, "uuid": "faa7d8e6-d41e-49ae-b0f7-d49845ea07e5", "value": "INVOICE.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cecf4bae-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1698304256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304256, "uuid": "697e9b09-0d28-4a47-9983-dbb86cded6e5", "comment": "Malware payload (DBatLoader)", "value": "bb465ddb73011c5298f20553151a71a9", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304256, "uuid": "8e098898-e909-47a2-ba06-69a87d44e4c6", "comment": "Malware payload (DBatLoader)", "value": "7a79cdd88f52bd9acdbe1b312bf1583e09827d58b293f53a3d261a654dcfb1df", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304256, "uuid": "e8961936-656f-4234-b9d4-c02955c6d315", "comment": "Malware payload (DBatLoader)", "value": "8f4449641a76bdbbe3dc845bea237226c69ff04c", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304256, "uuid": "2ba906c6-5e1f-40bc-9f46-dcd90d46417b", "comment": "Malware payload (DBatLoader)", "value": "6f166b7c50697f6ea3370cdc765c6b08a2c4cfc63ac8ca236309bafeaaf1d78c0c0c4b9f574434de8c7bbf30361532d2", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304256, "uuid": "01e8273b-6b11-4125-af1e-0feece3dcedc", "value": "T14455D01BF6618871F03A06796F1B4BDDAF1D7D292DA8680A26FD3F481F31246246D0B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304256, "uuid": "337e2d81-2a85-45c1-b12a-92aa309c72c8", "value": "91a1eb4157c5e26a9ad6d8fdf398dbf8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304256, "uuid": "4032c7aa-5e1b-466f-8681-a4353fd42ec3", "value": "24576:UHQhZtDKt9N6+arvC0/hfYPzyB+4Buxrhre0QBd/0hkEBSBrTFJ:UPt1h24mwe0iMkEKFJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304256, "uuid": "7c885835-6a7e-4744-a319-8f7be05e4dc5", "value": 1296896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304256, "uuid": "1e02b988-79b5-4805-a7f3-5b9cb3e9e5b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304256, "uuid": "e58db624-20fc-4c33-8918-fda4dbf9fc85", "value": "__DOC___T\u00c0I LI\u1ec6U_01__Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b5842f5-743a-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698350475, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698350475, "uuid": "4dc2e11d-957a-45b5-b92e-bcdf163d1f46", "comment": "Malware payload", "value": "a0e0687c1f4e8f50243db910ebf2e623", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698350475, "uuid": "b9d2caf2-24ab-428f-8641-ef9b4016a116", "comment": "Malware payload", "value": "7a92489050089498d6ec05fb7bdfad37da13bb965023d126c41789c5756e4e02", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698350475, "uuid": "2b28b2bc-ea54-4222-a92c-ab7dd7ec1803", "comment": "Malware payload", "value": "72629d1d68dbfb601cc8390d642ad7a1289fb946", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698350475, "uuid": "7d802575-2d11-40c9-ac39-9b266920408f", "comment": "Malware payload", "value": "cc80b7a2d20555585758b84e3fbad47dbb483c4d0f11dcbfa0a448900e188f6b8b7c4ad472023e187b83bda4d2656816", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698350475, "uuid": "1f81c20a-ff53-4774-b755-89f3a67d7472", "value": "T16A9633523D95D73ED617207B03E796906A223E231B24E1C737A03A6C18313F59E7A7AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698350475, "uuid": "fb487f2f-0490-4844-8db9-a29e93fec456", "value": "196608:5kdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe3yt/:edAirAzqVAnTPMgd+0ogHnF3y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698350475, "uuid": "757959ea-83fb-4a39-8e8c-68c4de02a0b4", "value": 9023488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698350475, "uuid": "886bc80c-5944-49fd-84f2-7ed26e1f2440", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698350475, "uuid": "6016e2b6-2852-4305-bba0-58661cab102a", "value": "hyreszxc.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55fb62a4-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698303624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303624, "uuid": "95eb8e74-8ad6-4748-b913-c3aaf9570af5", "comment": "Malware payload (AgentTesla)", "value": "c99faf86e65b24343ffaebe5801ea155", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303624, "uuid": "8fd026fb-acd5-46d3-b3bd-ce9e6babb8ae", "comment": "Malware payload (AgentTesla)", "value": "7af3bca67a5ae075acf74bdc961e596575a2f19f5e13907b25066ff6f5929ae8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303624, "uuid": "ffa341aa-af0c-4910-9920-09c4f8fc5be2", "comment": "Malware payload (AgentTesla)", "value": "b03430d210b299e6108861b9f1f87bd6716cfeaa", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303624, "uuid": "f97d3511-1204-4b1a-913a-69509c6a2da2", "comment": "Malware payload (AgentTesla)", "value": "e6e6127d205c7cef4a1ccf00a4cb40ac4ee57e8347aa7ff1955e99653a886daee753e0575f5ed1992ffd3438dd7a6b2c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303624, "uuid": "66f1cc85-6309-432f-8c7d-e5c399e53683", "value": "T13282FCDEE58519048B6929B3CC5346378EAA019EB37B0E3577BDE14C6603D2849BF7E0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303624, "uuid": "f13fca44-5e2b-4069-a160-7bc213dd14e4", "value": "384:BEvF/9+WX59YZvkpKlXzP0cnryXPcxeDCn4MkzjfELLW:BqF/rWMUlXgcnGXzC2zYLLW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303624, "uuid": "7a5ecfea-54f9-4941-b1c5-70ed3363174b", "value": 18429, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303624, "uuid": "081e17bc-bd26-4582-b76f-d4be5b9bbb87", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303624, "uuid": "53368b82-3f1f-4a07-940f-fed2a88b9bae", "value": "Tagdk.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "182f1f32-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698303950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303950, "uuid": "aab9da46-797f-4e6b-9e80-4ac7cc50597a", "comment": "Malware payload (Formbook)", "value": "a20623e8370230e8123aec391938364a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303950, "uuid": "e1120360-f88c-4acc-854a-47678bc4f8d2", "comment": "Malware payload (Formbook)", "value": "7bdc45e83bb882e3ac9afe860e42e72d08074818350cbad3ebbe06b3f0b8a3d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303950, "uuid": "1eafa508-33d1-4fb1-9a69-776e6e88bb6c", "comment": "Malware payload (Formbook)", "value": "0d0a98abd6b248cbc90a31385e377c6681e68453", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303950, "uuid": "9270c905-190f-49e1-8452-69a7609d04c7", "comment": "Malware payload (Formbook)", "value": "4a574e90d1020df30eadaa394f26a79f4e978664e2e800f51530d16f7c5538c38ba14d11788c6a8922ed70bf337589b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303950, "uuid": "f4c4f837-9f86-4118-a7a8-7f61c061f768", "value": "T1A894CFCEE71198A5EC229371287EDE775B1B9C6E2858198A15C77D333C72093703B98B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303950, "uuid": "887c6430-83f1-45ed-ae09-ad6d77b58d80", "value": "9dda1a1d1f8a1d13ae0297b47046b26e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303950, "uuid": "d210269f-b84f-4e2a-8b92-3cd5190a9108", "value": "6144:nnPdudwDvrwdaJnllhkXklWBiRmGzmZBpB4TAz/2KUFOaOEdtqpMk+a:nnPdTrconl8U49cyx4TASKUcTsg2+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303950, "uuid": "4a6e7bc0-74c1-483a-bb7f-9a68b53d6cfb", "value": 437050, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303950, "uuid": "2e19de7f-5272-4fa4-b6d3-ce98901025b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303950, "uuid": "806c5ec6-26c9-42be-bbf8-f8612ef8ef34", "value": "AWB,CI,PL & BL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fa08f67-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698311371, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311371, "uuid": "0a3d0edf-1b19-4bd6-99bc-e873966fe0e7", "comment": "Malware payload (Mirai)", "value": "2b36195e48813612b6a614eff148857c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311371, "uuid": "138a8a2a-ea53-4c89-bfd8-838e5b33d90d", "comment": "Malware payload (Mirai)", "value": "7d2e7ab93c09ba3f1c5169ebc4176258d17949b43e6abbf23503426f0b817e6f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311371, "uuid": "10a46c5d-8704-4909-a25a-9260c52f9f67", "comment": "Malware payload (Mirai)", "value": "0f064c27ff5f0c23194407051369fdb555a05bca", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311371, "uuid": "b1d1538a-5190-4969-86b6-29363475a68b", "comment": "Malware payload (Mirai)", "value": "eeb965031c8974a604642959335cef8ab4ee587b9119c691e2954928e24a5ec9f7830d9a8a21517292053874540c951d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311371, "uuid": "7bd7ad2c-cc46-42d8-98b8-d18571a0b8ed", "value": "T1EC434C966100DF3CF98BD7BA80564A45F53822606A931F3BB27BFC535E3316C1E1AD89", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311371, "uuid": "8fde84fe-a442-4542-91f9-8372cdc7984f", "value": "768:LeV0et7ePQfh6ySH1zbUGy75VQVxMOwdFc8O+PJUkuwtrqL21zCImRgeMuo8tZ:L20eoQf41zbMNO8XUtwtrrzCIkghj8r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311371, "uuid": "6e710d2f-7706-4cc7-9414-2e6683436920", "value": 59820, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311371, "uuid": "76d70264-ebd2-431e-80ec-4e12192825e7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311371, "uuid": "633ebacd-0e7e-41c3-80db-802db8d877ea", "value": "2b36195e48813612b6a614eff148857c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "769d8a0c-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698303679, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303679, "uuid": "a32db323-7cf9-41d4-851f-c0d569933ac7", "comment": "Malware payload (GuLoader)", "value": "dc1067a6ada02721fe783a98000e819b", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303679, "uuid": "dddfa049-b67e-484a-a476-de0e9687031b", "comment": "Malware payload (GuLoader)", "value": "7d92109236f6e190dbb45bd17041ed1b3e0a85add7b62b58f66397256e41c490", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303679, "uuid": "3602d7f9-e355-48f9-b2fb-f29c57bb9389", "comment": "Malware payload (GuLoader)", "value": "395b2f53abf479c6ed6334c90bed164e7086feec", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303679, "uuid": "10f09b0e-b96e-4445-bed9-99554891bbec", "comment": "Malware payload (GuLoader)", "value": "bc013f58e8744d78fe5cd51ccd49badac6631b8a91618e63a0eefba5dce2483ac5e19dfc09519960f9237fd6cd34c077", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303679, "uuid": "00cc6bc2-a9f8-4b41-8f27-deeefddf31c8", "value": "T1BA335CA1EA991A1B8D4F27D9DC414981C2BDC01909375166FFE903CD920B9BCD3BEB1E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303679, "uuid": "2bdb5c74-386a-4910-9e41-0e33eb3e2302", "value": "1536:FSMX43qFG4awIpMIykEa6yQ0zGJwABFj0:FqSUwI+IykEa6yQYlYFj0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303679, "uuid": "c5bda591-3777-4937-8543-bcc68b9244af", "value": 53368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303679, "uuid": "57d82912-cef8-4bc9-8386-5a247866f606", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303679, "uuid": "5c00bd0c-5d6b-4231-82b6-a3c2826e352c", "value": "mapa quantidades_7200_pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ef5c6b6-73e1-11ee-8907-42010a9c0042", "comment": "Malware payload (STRRAT)", "timestamp": 1698312202, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312202, "uuid": "f51e8d86-f85f-4d2a-8360-a192e057f798", "comment": "Malware payload (STRRAT)", "value": "3ae567e887504b8fed78d53bd5e5fb52", "object_relation": "md5", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312202, "uuid": "af2427a6-ffc4-4593-b81b-ecfcd60030b9", "comment": "Malware payload (STRRAT)", "value": "7e14eb0d8ffd572c51067f4d3d3706251ab6631e38a8536db71891d3902997ce", "object_relation": "sha256", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312202, "uuid": "2970e2e9-c060-4d6c-8118-c9cc5e390612", "comment": "Malware payload (STRRAT)", "value": "98c3870e875a4550ef1a2c96e5d067592c6022c9", "object_relation": "sha1", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312202, "uuid": "33c00aad-5789-457f-8c93-b92cb8b3cf24", "comment": "Malware payload (STRRAT)", "value": "1384021be4c0620e0456bff18c15b16f3ceb0e9eee1d4df5f83ecebb7cc1f2b806e437992cddb7d2cef7a6fb1592f723", "object_relation": "sha3-384", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312202, "uuid": "335dbdb5-7a54-4941-822a-a1dd9830e148", "value": "T145860177F0DA2071F8731A36B8A25432393E088CE48729A929B4ABD7F572D4C5F47791", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312202, "uuid": "680e56d0-24fe-462e-a596-36464bf889a4", "value": "6011984d7c1f1b97a34d7517a498bff8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312202, "uuid": "fb99c420-d23b-4d5d-8a52-dd16040c3b58", "value": "98304:ZJ9mB2Nqp+Iujh8VTBrHJWGs2NyqeoNE/7SRYY2VymGu/m6zHAlA64TRRbCvL:nqpfuGVTVHJack+YlGlSRRbCvL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698312202, "uuid": "9c3691f4-0d28-4da6-ae92-846506fcdd2c", "value": 7899000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698312202, "uuid": "7a55c526-294a-4f18-a507-473d12f876b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312202, "uuid": "bf9ecc35-80c1-49f1-99a8-3dcf9c9875a3", "value": "Engine_Install.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24c4d094-73d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698307836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307836, "uuid": "4fc3c190-4ea2-463e-94bb-aa407ea3b311", "comment": "Malware payload (Mirai)", "value": "13e163aa1714168370ca13f924382af6", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307836, "uuid": "23f7149f-9ccf-456a-9be6-8b587dd18798", "comment": "Malware payload (Mirai)", "value": "800ac5a3fed23038116566706d286587cb71306cb92224157b07b7bf9e3d519e", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307836, "uuid": "4b4313ad-bef6-4cfe-a725-cb93de1ce284", "comment": "Malware payload (Mirai)", "value": "722d7be3a06309808b5050d5dde06d728301e38f", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307836, "uuid": "34a7def1-2060-483a-979e-a4e9100b9bb4", "comment": "Malware payload (Mirai)", "value": "400d80b589faa7df6f3015a9d1a27e47d623ac36a617b78ea4712d6c0114dc113c0ce2f29cb3b46cb581ca2122c47cd1", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307836, "uuid": "49a051cd-9022-491f-af15-9dd7a01ec7c5", "value": "T105F2E751F8854727C1E41379B6AE5A8E377073EC82CBB62BD8224B207AC591F1D63F45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307836, "uuid": "cbe83227-dd7c-4be6-9331-75a935b456e6", "value": "768:TjbUR4xPEXqqoG5M1ICBHGadwq3iFtKV5/a9tuF753Ref3pocStdYwn:TjbUmQqRG5MNxGaqRie8NBG385n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307836, "uuid": "8ba81a95-c95f-4591-b24d-111e179f5e3d", "value": 34868, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307836, "uuid": "ae432c33-34d5-4c38-b69a-57a71855a5ec", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307836, "uuid": "13c50b57-45a4-4f98-8cf6-335d85691075", "value": "arm5.n", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bd29716-73d2-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698305754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305754, "uuid": "6de5c36f-15e0-4e55-84d7-e59063dfee2d", "comment": "Malware payload (AgentTesla)", "value": "3b797d62679ee342bba1ae090b7fd8f8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305754, "uuid": "e57073b5-6337-4271-bdbf-b67517ad18d5", "comment": "Malware payload (AgentTesla)", "value": "8011fd0a104d73ed3f9036a6acac255aa344e8d3a650c82bfc920914a479b8b8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305754, "uuid": "3ceb908e-201d-41d8-a2ca-ffdb5b74cf93", "comment": "Malware payload (AgentTesla)", "value": "45c933c2636ba90c595e10e5662e5eb11e4139a1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305754, "uuid": "2b42f18d-fa08-4531-9ee6-9107b7573168", "comment": "Malware payload (AgentTesla)", "value": "79a42344bdf87bac9a033e7f6cf28c3d9b645f3d1f04ee3613219259a2b5153111c993a697fc49665b8972235cda7c5f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305754, "uuid": "a72c91d3-b4f2-49f2-9633-c6a0f7fa1fce", "value": "T120F412213A7C5B91D23C73F790CAA45017B28B3E9793D7982DE2B0C627A5719CA90F17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305754, "uuid": "1c41cbf6-f9d8-4d26-9596-70906a65f26d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305754, "uuid": "47f3fce0-9b4d-4553-a973-e72dcd35d18f", "value": "12288:rMY9MwgR/mZRM+BxOqw63o8U9XSyqDlGY04BNI6dv/DxIxoHgqivE3:5gkZR5zO163ZmqxGwBuu/DxJHUvk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305754, "uuid": "366d1177-9aee-4528-a733-f59edf09c1ca", "value": 734720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305754, "uuid": "8322820b-b764-4817-a9b2-a6a058fb5a54", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305754, "uuid": "fe9807b9-6db4-491e-8bac-44da552e9991", "value": "RFQ_23102023,pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "710231aa-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698303669, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303669, "uuid": "590b2534-ad4f-448a-9cd2-359f7b761517", "comment": "Malware payload (GuLoader)", "value": "425c2afb03c14bfbabb3be19f47eae98", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303669, "uuid": "8b948993-ddef-4c91-9796-55857f131410", "comment": "Malware payload (GuLoader)", "value": "828676500cb570e14f6a0bbe72b3a736366c6084033414c1378ed2bd95ed5e3b", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303669, "uuid": "c60ec663-5114-4b1d-8c8a-17ed4a8000e2", "comment": "Malware payload (GuLoader)", "value": "0c5b4b35fbcf0e8a4363a3a05951f12bf74245d1", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303669, "uuid": "86e07107-ae9f-44e5-876c-fd7726726ce3", "comment": "Malware payload (GuLoader)", "value": "e6dee937051526ab09863ce373d7d66c7a017129c9de38e686c05c10c5d2ed24daf3338fc284106e86b417c02539cadf", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303669, "uuid": "02a0c2be-3a1e-4b89-a932-fb8b2de4690b", "value": "T1C5336CA1EA94061B1C4B37CDEC424991C6BE901D05365125FFEF13EDA20B59CE3BEB1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303669, "uuid": "e0b2088a-ee23-4e95-a46e-f5facb55c605", "value": "768:rVGvEe41iys8D1FAWDgnfXKD41HUenMTdpMF840tN+zjzwTpEW29+Dx2t6AiFj0:hROX83A8gnfXI4nszMitu0pN2cTFj0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303669, "uuid": "12922306-1b2b-40a9-bd60-c428c0295c28", "value": 53785, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303669, "uuid": "108e758a-0f7f-45d3-b82a-9a7d85751635", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303669, "uuid": "ce71f987-36db-4e70-9e71-1b6999bae141", "value": "Driftsuhelds.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d126754-7449-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698357001, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357001, "uuid": "2dd6fff2-209f-459a-a676-f48694bf6c48", "comment": "Malware payload", "value": "13646a6b8bd739cd7c2f3e9a99b4553d", "object_relation": "md5", "Tag": [ { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357001, "uuid": "0e4eac02-ec6e-4935-ab2a-1bdf8405ccde", "comment": "Malware payload", "value": "82933dff91876f7458e1bec02089dbecfcc6cffbb8f59938b0e9050349390f5a", "object_relation": "sha256", "Tag": [ { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357001, "uuid": "c345d7e7-a2a2-4cb5-b380-a39999ad1f1b", "comment": "Malware payload", "value": "4de8ea36d305d71c5a030c102c0d289aee8e27cf", "object_relation": "sha1", "Tag": [ { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357001, "uuid": "e8729b68-bd09-4df4-8908-2ea77ac0a0f1", "comment": "Malware payload", "value": "468355778d934cdf401b9b218ddfadde12904afb91af35e4f0884a909e066417cb2b142644a1b3502036afb90b353760", "object_relation": "sha3-384", "Tag": [ { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357001, "uuid": "e73e145f-1626-4942-b22b-2231cb5c00bb", "value": "T1C4D4BF57F6D3B679E6FFC2BAC6B1D92C61B3349603B0938E774125892912391493CB0E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357001, "uuid": "1ee8454d-d517-4d74-ad83-f7d3991374b4", "value": "d4c9759f791ea559bbad095fb49820d9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357001, "uuid": "64dfe65f-17ea-4254-bf1b-cf68519161fd", "value": "12288:aG1N4HkcgMsiOd58bzbBSreSQ0uqZzD1reWabd/:aoOOMX1C+QHT+d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698357001, "uuid": "da7c95ed-cd07-4f59-8986-0b641996a9f2", "value": 633856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698357001, "uuid": "70a3e593-ec79-43c7-b6a2-b2023d45a8e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357001, "uuid": "3b9f1cff-6b4f-4424-9976-0609d92277e6", "value": "ExcelDna.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eaa97113-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1698311604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311604, "uuid": "76a3c12f-d977-4ce4-abcb-497b674c06b6", "comment": "Malware payload (Loki)", "value": "0b999d74c954405ff53c78b08f889699", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311604, "uuid": "70325f6a-5790-4ff1-a44a-ad3611af217e", "comment": "Malware payload (Loki)", "value": "82b914e13fb5e0178dd4543b0c41205d3991c6ad50e9316129ec69ee58f8da9a", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311604, "uuid": "a550c08e-57ca-456a-8600-3aab44f857c9", "comment": "Malware payload (Loki)", "value": "143f0ce95339fadcf619a3bcd7fcd58cfe256c1a", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311604, "uuid": "2349e191-30f7-4c9a-8c21-7e9285e60b27", "comment": "Malware payload (Loki)", "value": "ea47438abdde66f52dd73edc0eab19a83884711a07bb0508ce0dda15e0a80d6a68d8253c345d48d0a019c83dceefcdb8", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311604, "uuid": "3a34490d-20ea-41e1-9b6c-cefac14db023", "value": "T1A9736DB2DB64161E4D4B37DADC408841C9BDC22A5A274119FFEE039E520B59CD3BEB1E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311604, "uuid": "642ee4b1-e725-44eb-bb01-c0c23c07e787", "value": "1536:PabOuc9BA7bmtvumJarvTsEOCzlxS+aNq92Lh39kxhO:ibJAAfmtATsE1XS+0lLh39kxhO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311604, "uuid": "de64c409-f0bb-46e1-94ed-d01604099c66", "value": 74552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311604, "uuid": "0edce3d9-17a6-4d2a-862d-05dfaac29157", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311604, "uuid": "0a4b0ac8-6d2d-4305-b5a5-ff70ddefe574", "value": "Urgent Quote Request (202310_26432NUM)\u00b7pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6f15b23-7404-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698327489, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327489, "uuid": "6b2ca2cc-805e-4e0d-9c4e-7d1349cb0ed2", "comment": "Malware payload", "value": "f2f88e62a4e0a1d808ebd8a67d13f3c4", "object_relation": "md5", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327489, "uuid": "61d931ca-9944-4e66-8feb-ea907912064e", "comment": "Malware payload", "value": "832dcf10325bc6a35f7fe0454a352541abd16dfe2f8f0007518f29bec24930cb", "object_relation": "sha256", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327489, "uuid": "b99bfde0-eb22-499f-8d54-5127d6230bd8", "comment": "Malware payload", "value": "2db35e48d5367165826094f5ad4f379b45f874a5", "object_relation": "sha1", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327489, "uuid": "7e71d330-6a91-442f-9473-13c1047f19d0", "comment": "Malware payload", "value": "76c3ef9eb4b4804ade6a810d7bd590656466943f3954ef34628b92af155ab52fd6d6fefd8186faa05c441f1b374d166b", "object_relation": "sha3-384", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327489, "uuid": "588504b7-83a3-4790-a55f-a9de3b892b56", "value": "T1DFD4232BBF73A5E25AE8C060B4997C8C72A3065C377CB039F2070694D5A2699F31C57B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327489, "uuid": "5c26a5a5-2a67-4b52-bc69-c516b0560fd2", "value": "12288:o+c586T81pMJ6hDDpj5xvQjBTZhQ12CP34JSiNLJwWzlfkCwvu1xFDaNNQG7ar4:oz831+UlMjxZhQwCP34BzxzlfcExFDa3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698327489, "uuid": "6b3410b3-0e5e-4d4b-8836-a26bb76264a2", "value": 654987, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698327489, "uuid": "20a92c2a-11a5-4d11-9c55-980ec02759b5", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327489, "uuid": "2541cf11-ffa7-4a2b-935d-1274cd9de1c6", "value": "Quotation.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4761061-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1698304212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304212, "uuid": "27e13e48-fa56-4942-b1e1-a42b0bb29904", "comment": "Malware payload (DBatLoader)", "value": "87671db8ebc4df3aed89b189fb21d824", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304212, "uuid": "24a1ccc0-57da-4eb2-a46b-ee927178f728", "comment": "Malware payload (DBatLoader)", "value": "85ca618bef7b97885f9f8c83a5abcb5afcafe9b6ffc3db6893a0dcdd61f6a891", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304212, "uuid": "39d64584-39cd-48ce-b268-5461cccc4694", "comment": "Malware payload (DBatLoader)", "value": "1cd2d9b957d0844b4187fd5fdd445b94940c5a68", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304212, "uuid": "b96bd96d-4a38-4c7d-aaf6-712b7ac0c7b9", "comment": "Malware payload (DBatLoader)", "value": "05cbcd5a22625a98d9a49ef5139677c4ade69acfd1c92f08a5a41b622516c82cc85f6bc924778bb3880b80e9e23c4d9e", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304212, "uuid": "0710e028-6a76-409d-b66f-902969578f3c", "value": "T1BF55E01AE2918872F0770A3ABC26672EAF196D2919B4291B27FD7E440F36347345D1F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304212, "uuid": "e540b7e5-8098-4560-b284-c982cea57432", "value": "b4498ed238a5d5d6510e036e3bb29986", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304212, "uuid": "0277124f-2e81-46e1-b565-0bdef6111f23", "value": "24576:bKuO345cRv/kabphVsJhfYPzyB+4Buxrhre0QDd/0hkEBS/:bLysS24mwe0QMkEe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304212, "uuid": "7e6d34f6-b300-4140-b633-bc261d2c47aa", "value": 1315328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304212, "uuid": "d0a04541-0f4f-4e91-9f51-7a1fce5719cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304212, "uuid": "4858da23-e6f3-4653-bed6-b8c7517c6e53", "value": "depositf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c74f4c1-73d5-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698307151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307151, "uuid": "32912682-fa01-4a95-aa83-dd3baa5c118d", "comment": "Malware payload", "value": "b271ee6ebdeb7239dbec1b74bb68fe04", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-2023", "colour": "#C041A2", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307151, "uuid": "b3654471-b3d1-4cba-b3a5-fe01463a2865", "comment": "Malware payload", "value": "873159e89474011e7dd64612d19da4f97cc5833f90fe8b9ba7b16f67d444488b", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-2023", "colour": "#C041A2", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307151, "uuid": "c155d473-da40-485e-977a-5a832767cb7e", "comment": "Malware payload", "value": "db774daa0d782e17b5c29c81b004d530639a6dce", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-2023", "colour": "#C041A2", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307151, "uuid": "d7cc6853-b7c6-4f03-b5e0-cd60d30aafbc", "comment": "Malware payload", "value": "ebfe19bb4266b4a93cbe63f76ba4df8d5bc34c3c885d9219b1be69921c57f19ce695d36d80476b8dc3a69a3bcbd4c559", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-2023", "colour": "#C041A2", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307151, "uuid": "65ae5c18-ff35-4420-bd81-bd3729006bcf", "value": "T148A533D72FB4439FBFF91B1B2BAC26144919DDFE4D4866F99832828103C4625C64BA1F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307151, "uuid": "12a7a37e-3c88-42d2-a87c-68d68c39c333", "value": "49152:Kjh8JeU4ohMZ19iCaUMAe0xMfRJBY9zLxFSWxp7Z+o:KjeJeU4ohMZ1UrYe0xsRJBYVLxk8pIo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307151, "uuid": "bf6420be-6098-4b06-a13f-4183cf603d97", "value": 2218174, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307151, "uuid": "adadc562-7317-4f2f-9089-228fe51a8b84", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307151, "uuid": "30729c72-9682-42de-a904-8853802a6ceb", "value": "Midnight.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bd36eeb-740c-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698330799, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330799, "uuid": "76777530-e049-4f86-a65b-7cf47714428a", "comment": "Malware payload (AgentTesla)", "value": "9d906108c8b31a4e915c2821423f0aac", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330799, "uuid": "1fbbde85-0cb3-431c-abbe-c091815d5ad1", "comment": "Malware payload (AgentTesla)", "value": "87692e184218d923bd726a643196f0d4fa843db247c135be2184de0575f4df59", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330799, "uuid": "2888fb48-a804-4703-9f21-6b1452caab7b", "comment": "Malware payload (AgentTesla)", "value": "be0ee1c8c1373ec043ef43b953b4971ccdb6bea8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330799, "uuid": "bea45d14-4cbf-4269-803c-d24f1fdc0657", "comment": "Malware payload (AgentTesla)", "value": "3bc9f35622015f086dcc0e620690fed2b7d70bb791c253593eee3c293e990a821566f19aedec0ae125765ae39a6103a6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330799, "uuid": "0888217f-a893-4fb0-a3ea-1fc17686e432", "value": "T133B4BE5530EFD196F176EBF203A92888D79AF3F6A62FF8DD2C8216478061941DF42835", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330799, "uuid": "07645f4c-9b5b-4c27-a366-0c4313038c15", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330799, "uuid": "5f106c82-d6ba-4016-81d0-04bfa8087792", "value": "12288:6mn2hNhPSTumFgGw6OJ+68JdqVtJZaG66rkkOhwD7fjDTvFUX:6mn2hNpoDCGwDJt9aG66rkkOOPjvvw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698330799, "uuid": "c059b7ab-8bbc-4360-9cc2-033a307e6bcb", "value": 540160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698330799, "uuid": "e897e2b2-ad5a-4b26-85cc-dc602a47e729", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330799, "uuid": "47592e25-e39a-4d7a-90d3-9317f67302cb", "value": "NEW PO (YST2310-1010).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fae7d52b-7405-11ee-8907-42010a9c0042", "comment": "Malware payload (AZORult)", "timestamp": 1698327952, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327952, "uuid": "6766960f-03b4-402b-bad1-8be08ee5522d", "comment": "Malware payload (AZORult)", "value": "12bbf4f967f6f38e5e9f3c3df7f89db8", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327952, "uuid": "ddf8bb33-d7e5-482d-bf74-326536f8c21c", "comment": "Malware payload (AZORult)", "value": "8868ea6af3214fc758c93c1cb909231a76e22e718a4917aae5f2a60cf12af094", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327952, "uuid": "9ea2e03d-2b6c-4352-9dd5-eb3a589c2223", "comment": "Malware payload (AZORult)", "value": "4d32a409a1d4445bc7a00abe3e2dc0ceffb9123c", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327952, "uuid": "79cd3be6-5d61-4515-8af5-6054d4ac45dd", "comment": "Malware payload (AZORult)", "value": "e4af035d862af9a567df3a6c0e5209594f1ace0d27b9a79dab4318ca7a33986089e0b86d1a4a54eb35fcadd9fe24e857", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327952, "uuid": "c3a8f940-5471-438a-b013-4653143b0cb1", "value": "T12B568C23BE4FD9A3C54E1736C1BBC4740762EE817313E62B29CA2B677443BA7594520B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327952, "uuid": "60cbf954-bd9b-47d2-b7b4-cfdf8153c724", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327952, "uuid": "a3f92139-8b4e-4377-ad64-5835d8e4a035", "value": "196608:HJrWE5N84P+Q9kU7g5Up1npCa8bwXbAPiqHWw0iyLBHU/O2BRlSGdxCUXEA1gCqj:prWE5N84P+Q9kU7g5Up1npCa8bwXbAPm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698327952, "uuid": "dd8b18e8-4547-42ee-8f7c-ffbf926bf77b", "value": 6421504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698327952, "uuid": "edecd367-c63b-4baf-9091-19de90c5afa4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327952, "uuid": "a794b933-5e7e-405b-a533-cb1118cfc6d5", "value": "12bbf4f967f6f38e5e9f3c3df7f89db8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf3857ae-73d5-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698307236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307236, "uuid": "3cf0acfc-49e5-4065-bff3-9b95e04c6f3b", "comment": "Malware payload (RecordBreaker)", "value": "a8bbb4e2783f92619d38b72a117c5b68", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307236, "uuid": "e95b6ea5-dc28-4aee-bf2d-7e8613464ace", "comment": "Malware payload (RecordBreaker)", "value": "88b3a11a5d9fb5684a89fdd5608cee1751ef49c9a1ed19bb03bf950b2c9a8fd1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307236, "uuid": "00856c56-02e4-4f78-9680-d104f7f78976", "comment": "Malware payload (RecordBreaker)", "value": "7e1f2325e87884c28fd90d61ec185bd4f2848365", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307236, "uuid": "1b48f5b6-3ec9-4f16-b5dd-981fbba876fc", "comment": "Malware payload (RecordBreaker)", "value": "c9a9b49fe7a430c92c93e2ad9fdaba78e5e431c752c6f4588420ee069a271eba975adbb3aa23b52ad1d9f709396dd62d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307236, "uuid": "262385d7-cd4c-42a1-9513-027ea39037f3", "value": "T16075232172D95433DEB6077014F64A831E38FCA1ACB857AF2358AE1F1CA2AD17572772", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307236, "uuid": "204d1192-92f9-4dc0-a643-23b984de7e01", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307236, "uuid": "e6e7d8c0-2e81-4778-8ccb-acc4cc624966", "value": "24576:PyBFbqJsbsTzu282aIGTJLoWXyrdlbQXPTWr53p5wO9VYhwsLJKp+DqqlZi:aSksm2WIsJrXedRQil57fp8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307236, "uuid": "f50e2d2d-30a4-4ff8-bfe6-0852ed4d03c0", "value": 1652736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307236, "uuid": "9498ffa5-22db-4bcd-89b4-55c573fbb16d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307236, "uuid": "ee2afe48-ca13-4e1a-91d2-8c962c551c75", "value": "a8bbb4e2783f92619d38b72a117c5b68.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f4c3043-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304096, "uuid": "513a02a4-ebff-435a-83ab-09a0fb7887e6", "comment": "Malware payload (AgentTesla)", "value": "491c16b1458f7d68b5677fadc1709886", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304096, "uuid": "1031671e-03e1-4af9-8814-635f492b1168", "comment": "Malware payload (AgentTesla)", "value": "88b8d6f030dec1230b2ab2aa8dfa86c5d1477d30860bf3a9e2f4eb8a37fb4a15", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304096, "uuid": "19b61b8c-9c3a-4533-8ebf-33eb1fbc8cfc", "comment": "Malware payload (AgentTesla)", "value": "6c3a16b91b5a1cc730c2dc7642074bd3888de616", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304096, "uuid": "50acd947-e38f-4ebf-b875-7be3ff100153", "comment": "Malware payload (AgentTesla)", "value": "8568fac9342a558948751e8800ccba3346de4cc492a46b7c67533ebd3f7c6bf6d1958a0b0033b7c8966c9c5f8750e750", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304096, "uuid": "87fdb1a6-04ef-461a-81be-de23b3707541", "value": "T1E3227C9C8A754458E73AA13ED440AA507F2474E30A0B2F5636B0DF9E0A776D7172922D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304096, "uuid": "5ff2b099-44ae-456b-91c4-fb4d37a572d7", "value": "192:W5uC1cRhOV8vdQjm1Pp8JZUYvcS69L5YuLb3xtHKSi723SPzqdm:W5uC1cC8qm1PSZrcZQuLbhtHKSXS79", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304096, "uuid": "bbbc3643-d280-4587-936f-31ede1a06138", "value": 10230, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304096, "uuid": "5961ab18-2644-4c8e-9268-8631cf5236d6", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304096, "uuid": "8c9fbcbb-bbad-4603-a5be-df44a745baa3", "value": "PO-AM45013.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7bead3dc-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698303687, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303687, "uuid": "43633d09-2a61-4333-bfc2-80c9d8393c72", "comment": "Malware payload (AgentTesla)", "value": "317d498520499df866d1fb1f6564125f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303687, "uuid": "b5671537-40f9-463d-8d8a-e8431f7bf0f1", "comment": "Malware payload (AgentTesla)", "value": "89a8ccb4d73a02229bd820fa4b289867b15d907b6b8ebd7f50143a11b1df09ff", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303687, "uuid": "393a3741-56e9-4209-8856-f49f2c749e32", "comment": "Malware payload (AgentTesla)", "value": "6da2ae841b4f70c791d8e85c3c019c79a3a80a60", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303687, "uuid": "cea61b29-9d15-4c7c-876a-f19fc58ebbe8", "comment": "Malware payload (AgentTesla)", "value": "85b7215f8a1b82503ae256ad30079acf0e5a64993dfe5db7425a544144072df102fb13829a6183257849c487b56183ce", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303687, "uuid": "40bdf864-145a-410f-8366-ad3890e03863", "value": "T18A341B502AEF504CB2B3BF631FD879E94E6FF7663A5B50596050034B8A52F44CFA2A31", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303687, "uuid": "79965c26-5885-4c0a-b3d9-18e615d377fb", "value": "6144:klyLLLLLRLLLLLZ8FAFIF6LLLLL5FpFDF2LLLLL5FTFULLLLL5FLFPFtF7LLLLL1:kl8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303687, "uuid": "ba99f7be-6be7-4625-bbbc-fce8703cfcaf", "value": 236566, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303687, "uuid": "4a8d5364-7873-4f60-b7fc-b9a2dc38eb50", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303687, "uuid": "56024c69-6228-4c85-8073-8cd0ea96bcb9", "value": "comprobante##.pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "456d5dab-73d2-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698305744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305744, "uuid": "d1357442-bdf8-4b7b-bbe4-781116da99af", "comment": "Malware payload (AgentTesla)", "value": "422112857a5f1522a7e87d2ea555315e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305744, "uuid": "0844f50a-d8d1-40a3-91fa-c2463cdaf683", "comment": "Malware payload (AgentTesla)", "value": "89c534bfbb1b12984c62895f9b156e021e11fe39eca81916dcbebb5e472d259b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305744, "uuid": "e04df130-f224-4a0d-936a-5408bc695491", "comment": "Malware payload (AgentTesla)", "value": "406efbf2097a8d5e7acf8b9d22ebd23078d1d326", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305744, "uuid": "1164c465-b207-4675-a286-120cdfcda170", "comment": "Malware payload (AgentTesla)", "value": "b37bb37c55ede0af49b7ad637966c6dae5a3f64561faa3713c632e5d97a95724db868baffd7150ee95baada4ff6cfe24", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305744, "uuid": "a22f0ccd-adcf-44ba-b451-75c656a84444", "value": "T190D423A59D1532E0F4A6B57732C4BAC1062E13399E50D1320139A69BEBCEF8FFD52E11", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305744, "uuid": "48eea51f-6608-4a00-9237-52db02df6175", "value": "12288:AaJhGdyJ0sHT93+CrdgbaQ1YJ6xaAUXSsGlJ0OBNI2pv/DxY/c/EgoLnU:ThNJ99OCBgm3JwlBBu4/DxXEgeU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305744, "uuid": "00ca8a40-aeb7-4403-a095-7568be175f7e", "value": 654100, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305744, "uuid": "44390aa0-fdf2-4186-8854-0b14c74f2193", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305744, "uuid": "adc8c0d8-033d-4062-a3c9-0a3930820dd9", "value": "RFQ_23102023,pdf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b49c9fc-73e4-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698313538, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313538, "uuid": "9932b1ee-106a-4927-b64e-932db5334c61", "comment": "Malware payload (RedLineStealer)", "value": "1205233ab3a5e04478d22c8557e47d4b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313538, "uuid": "83291cde-129e-4448-a0ef-952cb40c5913", "comment": "Malware payload (RedLineStealer)", "value": "8a794ce2b6a72d61679233eb991a3e0be11adf6553e09706fc4f3b6a4b071b49", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313538, "uuid": "b1311295-082f-402e-9ec3-9099f3a497f6", "comment": "Malware payload (RedLineStealer)", "value": "ce37d2f30d3615eb4f9e441f645400ff744cc6d0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313538, "uuid": "01874357-d921-498d-bc75-391f112aa9c8", "comment": "Malware payload (RedLineStealer)", "value": "1d70c261e5dc139e80277bcd86d2a7d87419aea9079f5c6c1508f933d4419c4226197046ecdbe15fe26d9b6c6edd0a5e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313538, "uuid": "206c2589-d55a-4ed0-85ff-4c71bb4b4027", "value": "T1097523836AD84933FA7607F418F60387192ABCE0DC388A9A6351666E1D73DD8493177F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313538, "uuid": "0ae55f45-8d87-4108-96e8-049d777fb467", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313538, "uuid": "23748cec-0dc2-4ac0-b034-0d9d29a1138a", "value": "24576:pykJR23bPuNUnwf8c6SVqzwzbhkzwG0Iv73d7zb0MQcWdD5JRcgvsVbKgNW:c0R23GRvVksG0IzNwWG/ytN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698313538, "uuid": "d4f9a1ae-b863-42a8-9503-c2fbbc84bff3", "value": 1631232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698313538, "uuid": "3abc2a69-3263-416e-b4e1-8d18c86d6503", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313538, "uuid": "0b533233-4cae-4556-8cda-d51770b6939b", "value": "1205233ab3a5e04478d22c8557e47d4b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "625a44d2-7446-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698355614, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355614, "uuid": "c0c5e1c7-4643-450f-818b-2d45957a9a60", "comment": "Malware payload", "value": "92ebf9ad78bc38722f519e67cc067528", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355614, "uuid": "9ae4c2b8-0221-4f25-9bf1-fcb3ebfe2ead", "comment": "Malware payload", "value": "8c3829f349598dc37abc0e36286dda33fbba89689b07a92c6ea82d95be3ac567", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355614, "uuid": "487d5584-ed30-4cec-91f5-16de324d3011", "comment": "Malware payload", "value": "db60680dc09c3b6e265e2f62ca6a081ba5d0f3f0", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355614, "uuid": "7b2c9d04-9771-469c-8b0e-0417a00a69a9", "comment": "Malware payload", "value": "792aa689395796fd203545d538ae03f15ac294c96b29b9f3718a295456f47589c93b2971eef0e07290e35ea3503caa7a", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "UKR", "colour": "#5E818E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355614, "uuid": "2456f5bb-0088-47bb-a3d2-546f5d109c4a", "value": "T14E7423E19AA0FBB3D1D980F14230F86FE6415EB10279225CB35DD7489B7A7CE3496A13", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355614, "uuid": "dff4c0f1-3430-48dc-9535-f9e9fb116bd3", "value": "6144:ZiTDX6W17EJkIqbRjweQBMz0Alscz77Id3jMeH8TAPxe6iX0wMmlcV+h:ZiT+5kZjwYZgzMs8UpkflcS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698355614, "uuid": "947fe817-172f-4cfa-90d9-c57dff4e5889", "value": 358958, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698355614, "uuid": "d04c56fe-e228-4110-b4ad-c699680d6214", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355614, "uuid": "fa364876-247a-4e2c-943e-669e398e9276", "value": "SWIFT MSG0102623.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bf7db9f-73de-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698310828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310828, "uuid": "914eb5bc-faef-4b55-9ef2-b24588d6a16f", "comment": "Malware payload (AgentTesla)", "value": "26ca5b7a27d8525a777795e6a12a0bd6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310828, "uuid": "ecc8ae65-014a-4183-8a4e-6bcb7f0d874c", "comment": "Malware payload (AgentTesla)", "value": "8c487780fb265b5b2eeea6d5a9127ee4a728e51775c6ad1db864a297d0afeaff", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310828, "uuid": "27e8cb33-4053-4754-9f94-4de2bec92b82", "comment": "Malware payload (AgentTesla)", "value": "1db3eb623bae9d71671a1a4f35ac51eecba4850c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310828, "uuid": "1540f33a-fa80-425c-9a17-c1d750554026", "comment": "Malware payload (AgentTesla)", "value": "76b8f61c71b029282186061849b9fd391c5bfe1e1574dfe31904dfdac31aa7c0b614230778ac8f723eba8682ec4ed320", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310828, "uuid": "baaeffe7-8459-4d42-9a6a-45aeab284f9a", "value": "T143D433CF4A51C58CC1AE2CDB66B0510501369AAD301EBB71C0F370BB52EE7ADFAA7509", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310828, "uuid": "dab92023-cd64-4198-bd6f-aaa64ca652de", "value": "12288:v3ObBSNp0qxhtDPmzdcPxg2pCPO+Hn5wUxvibY3tTkLLvzc17qAh:velOtxhtqePx5dunmMtjZRh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698310828, "uuid": "99e8a3ec-ad05-446e-ba01-c68301ac87a4", "value": 649223, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698310828, "uuid": "630aaf04-a498-466c-a37e-624667a10a66", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310828, "uuid": "3a073a57-8359-43a4-a2ac-354f4224f050", "value": "SOA pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "239bb1ef-743f-11ee-8907-42010a9c0042", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1698352502, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352502, "uuid": "1fa314f7-01dc-4aae-bb65-8cb4fb78e387", "comment": "Malware payload (Adware.Neoreklami)", "value": "4254aa4166825123e0cc3b0d2de1510e", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352502, "uuid": "7fc2d9c7-0ce0-4d11-90ce-cc547dffb547", "comment": "Malware payload (Adware.Neoreklami)", "value": "8d4d4d7adc64bc5996740c9c4ad058961fe49185459184922b2bbc2bdb204968", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352502, "uuid": "62176bfc-8ef8-45c8-9bea-eeda559bccb0", "comment": "Malware payload (Adware.Neoreklami)", "value": "5ab70b3f7156651ee1dbd3d2cbc67510ce9e858d", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352502, "uuid": "22a576cd-5e88-49f1-9371-e36383bf15ea", "comment": "Malware payload (Adware.Neoreklami)", "value": "f31860dcb49d2d666d60a72984e4eeefebae6f528d5f9e0dd7f9100fb96aaf0e2e4786e7a0c171498b739140c99b0d62", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352502, "uuid": "0e6da175-c93c-42e5-b65b-4ebed9b31c53", "value": "T1257633B03DF188B1D1A21434CE886AD4F7F9E5659F289C2B17D4C9065EBCAC9C173E29", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352502, "uuid": "4700e16f-a57a-4f72-821b-e753d3981c47", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352502, "uuid": "731720fd-6f20-4cbe-8ab6-fcb81a8176e7", "value": "196608:91Os9AAxypz4UoKQ4Ztgw//euws1z/kpfKH+qcIUD:3OsmHoKQ4ZeFk7gfOa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698352502, "uuid": "9dda4b85-cf72-46fc-a7d7-354bc3237c61", "value": 7509651, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698352502, "uuid": "89df6323-3a30-46e3-96fd-f3fac307e060", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352502, "uuid": "c825501e-6b61-4d2c-957e-e29b76f265a7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35dea362-7428-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698342654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342654, "uuid": "1168af9b-8e7c-4c69-9ec0-a9d11bbeaafb", "comment": "Malware payload (RedLineStealer)", "value": "365102d0ae74f5f2547daa874ab90d51", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342654, "uuid": "ec63591d-54a4-441a-85bc-2ed45598f6b3", "comment": "Malware payload (RedLineStealer)", "value": "8eb048ba849736f97ef851288a9a577f41933f647790f9e22a09eb61e4d246c9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342654, "uuid": "5a1cd3e8-20e3-4fd1-89df-19f20fa24cd0", "comment": "Malware payload (RedLineStealer)", "value": "b82c4a36dbc9dd8dd07249f825012fc101949084", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342654, "uuid": "0fb6287c-9fad-49bd-b660-606d22f5cff0", "comment": "Malware payload (RedLineStealer)", "value": "a37a3d038059b49f6b71699c57983732d73107acb493e02f5ff99191ba523658ee88ae054a4cb002d0a160007ac1734e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342654, "uuid": "d7fec0ce-fed3-459a-9dfb-92504662c757", "value": "T10E559E1074868276EDD6A976CFDCB93C83AD95E00BBC21CF32C867ED43516C27639A46", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342654, "uuid": "bf9f184b-c04e-4bac-97e2-c7b2a16987d4", "value": "067ff6f0af98324c9e25b1e575727bdd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342654, "uuid": "3f2ca19e-dd95-4bcd-8257-f3884cacc297", "value": "24576:J1pPeneGZihaqpefvenJXDTwWmk96cVi03L8AGLPQ91Z7hJ9W:r5GZihaqp8MJXvD6Z03L8AGLPQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698342654, "uuid": "fa007cd6-ae83-49df-b388-009b8c5ea1d1", "value": 1302528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698342654, "uuid": "bfeba3fe-d033-44ee-a284-123d7453cf60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342654, "uuid": "f65f38eb-e0bc-4dad-aa57-fdeabe56d1c4", "value": "365102D0AE74F5F2547DAA874AB90D51.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da09b801-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698322314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322314, "uuid": "6f704874-40c8-4901-8b47-741fbef0ccab", "comment": "Malware payload (AgentTesla)", "value": "14d7f24a2531f8313c17df6ce1fa85f4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322314, "uuid": "4c087922-8234-4db5-91f8-6880a317ed70", "comment": "Malware payload (AgentTesla)", "value": "8eb38d624e8b9031c6efd674377b62459b2b2b8b9deaa96d10087b40cfc086fe", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322314, "uuid": "c572a50b-2f4e-421b-b207-74dcb833f0ed", "comment": "Malware payload (AgentTesla)", "value": "92a44267802c1ec048a4cc3e1dd1aaed989ecd9b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322314, "uuid": "9a5e0b4b-08c7-47d3-92b8-3e96cb588008", "comment": "Malware payload (AgentTesla)", "value": "11341353ab046ea3004865908dc2134c7bad0c06bcbd40f5efddec63e2c7d9bc5fcc2ff7c0b2dd2cbf9cdf0b4f8e7ee6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322314, "uuid": "d166533b-afd5-458e-a104-60ee96318e9c", "value": "T15032BFC6D4928F61ED28363330FBA60DC405E238E715B4615B662B7339669FC2F025BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322314, "uuid": "7900cf68-cadd-4ce1-b1b3-f219f81a2a56", "value": "192:7BEHXbQ1zBKxDbkVTBbwRh4U8APEgdPNa/Nw0Ny3zVU6dLQU68FeYaxLUh:t5z+NR2XAcg5Nqa0+Vw78FefG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322314, "uuid": "abff371a-ae2b-4392-8a8b-4a8c996dfa9f", "value": 11057, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322314, "uuid": "e7f20bf2-950f-45e3-8548-93f20436007d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322314, "uuid": "0dda661e-a2bc-4bd4-ae27-b00798aa91f7", "value": "DHL0966779898.pdf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76ada3da-73f1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698319141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319141, "uuid": "d607a15d-cce1-413c-84f1-0a28707fa0e1", "comment": "Malware payload (AgentTesla)", "value": "0de4b74c71263cd0cf955e6d57e9a9ea", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319141, "uuid": "b479372a-6a4e-45f8-94f0-324523b598ad", "comment": "Malware payload (AgentTesla)", "value": "8fb11adf4e0c471da99cfb20ae8a238acc9bc941c7aec658be426246c5e85e8a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319141, "uuid": "f29823fb-7530-4dbb-b4e8-5f7656b80679", "comment": "Malware payload (AgentTesla)", "value": "3ca2096a36be9877cdeefa846f4fcd8ff5b790b5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319141, "uuid": "a6b97eec-4788-4aa7-b24b-c77f04a46297", "comment": "Malware payload (AgentTesla)", "value": "c5a073f056dc53b9b3f0175884690de38ea06caa4fb9170eaef8b426d0a48bcc60853fe59278db681e5f6ac1e9a9cd22", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319141, "uuid": "1951fa61-1aff-45a7-bae5-b0d49eb48bfb", "value": "T1C0D42326403E95F264AF3F62B3A740C85A3E6C9D9269ED1781357BEC14244F32B18F72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319141, "uuid": "74cb9583-57ca-4cb8-9f1f-9f41f2017f4c", "value": "12288:gsRYnFZNv2YDQVpNCdLua4Ye8BTFFMEJi8QmZxLkhWyFHSavhqwHb6VI94:gsmnFZt2FVHCd6eFWx8Qm3IhWy0avhD0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698319141, "uuid": "23f19923-757c-4a29-916a-319580913f27", "value": 650843, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698319141, "uuid": "e777bf3e-3110-4952-a7a6-a7ca19d75b24", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319141, "uuid": "768b5b57-735f-4125-9bca-678ae467b3a6", "value": "Updated Quote.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2c6756d-73d7-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698308128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308128, "uuid": "4d2631cb-8ca3-480d-86b3-edd021b6f8db", "comment": "Malware payload (RecordBreaker)", "value": "465a4fc83e3d108d9d82f27068f95144", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308128, "uuid": "67245fc1-a368-4518-8b12-1cadaade7744", "comment": "Malware payload (RecordBreaker)", "value": "90115f4a93ae665032878093eeed162b21d636201bf102cbb160720b8e28609e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308128, "uuid": "75120efa-cc3d-4bc3-9326-d0cc52c0080c", "comment": "Malware payload (RecordBreaker)", "value": "6fe5bc20666579afb9bc966fe7625385d3ba8dd3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698308128, "uuid": "a626d4c1-e474-45fd-9f66-f4a967810fcb", "comment": "Malware payload (RecordBreaker)", "value": "aadea301fb25d32c6125a0c4c95203a2dc795f22ecd782a47e968785bd3cddc33369dd29366e6507937459507915b127", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308128, "uuid": "9362f5d2-939c-4a0f-aed9-e1febac1a6ae", "value": "T100159D2178C09276EDF320B787ECBA3586ADE4B4071915DF16D85BEED7606C13B32682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308128, "uuid": "e1751c34-b72b-4db6-96d4-d28d7eaa6324", "value": "0827946c9a1e10fe2b73e3062ee67b37", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308128, "uuid": "7fbde28b-7e55-4804-b49e-1418f5c486d4", "value": "12288:hgGpoZW829AM9cpSOkCmuIvU4oEEICB4SFfCp1uZfrk63gG6qYqxR:hg4829AocpSOkb/oP9xSMEpq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698308128, "uuid": "56b5ead4-06d8-4787-ad51-6a45b805d0ce", "value": 935936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698308128, "uuid": "6a6184d0-2f22-4e7c-b86b-9bab02e93546", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698308128, "uuid": "b0680793-ea30-4686-9c51-e745343ca7aa", "value": "465a4fc83e3d108d9d82f27068f95144.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d888b42f-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload (Loki)", "timestamp": 1698322311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322311, "uuid": "bd22eb1b-57a3-40d0-9c9a-b65e62250acc", "comment": "Malware payload (Loki)", "value": "41d824696159c569f2a933a4cf92e4c5", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322311, "uuid": "3f61d41d-b783-4a5d-985b-efd0b9cd2b79", "comment": "Malware payload (Loki)", "value": "90f34fc79504e58a540bc8cf777d2e4fce079f1d486c1dea1558d9383d18c428", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322311, "uuid": "0e29784a-5651-45cd-8f42-b638343986a1", "comment": "Malware payload (Loki)", "value": "beb03ec9a0edc99f6460ab1f720483b3a3557242", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322311, "uuid": "e1c3bec5-9a6f-45d4-b9e8-07bba7536f6c", "comment": "Malware payload (Loki)", "value": "3fb21eb0a8bf837d4d23686db6969b698013fe2fe479a763f990e6a316d7f7ba186429c2ec655ce327402eef6de82d05", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322311, "uuid": "26b04cb3-5283-42bd-9a43-f8700242fbd1", "value": "T1CAC4230AA782FB2E84CE4BDBACE56F14330AB60977C0F10655AB522576BDD1FC5448F8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322311, "uuid": "b50bb583-aaec-4479-ad40-0b185f0883cd", "value": "12288:KxR4g66xJclPephpyUjY7x0MsALr0AGpdZEDEPStLQ54WCMNjt:Jgfx2lPephsFt0/auXuUSR5MNh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322311, "uuid": "ff6efc9e-cff7-4a9b-8d45-dbcb3f7ab6a5", "value": 552517, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322311, "uuid": "7a396d21-846f-40b2-9331-995c0c710767", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322311, "uuid": "35551ac8-69d4-44fc-a133-6531920a487b", "value": "Comprobante.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a2d837d-7419-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698336380, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336380, "uuid": "f8e6bc0f-b5cd-4bd3-a208-ef24b081cb15", "comment": "Malware payload (GuLoader)", "value": "b3d9364f55be3c17f33a68480e1a6547", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336380, "uuid": "f7edc17b-f741-48de-812c-9cfaec941de1", "comment": "Malware payload (GuLoader)", "value": "90f4f826353051e2f4d26f43553e77312a00e6f4b05f1fa60b0d514d5d2fe895", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336380, "uuid": "85c382c0-9ba5-4e4a-863f-7577e30500ee", "comment": "Malware payload (GuLoader)", "value": "8deb6c132454ea8c96d22f7084c53666ea8a00f3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336380, "uuid": "7303eeaa-51d6-4ea6-80ae-b0485dc42465", "comment": "Malware payload (GuLoader)", "value": "59be6d8c617e1741f7516d6c5479d813647b308e67a96de8273fddbc2f130c42f26a3ac561a68c5e9c87f35e8273d750", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336380, "uuid": "8f448f89-aab4-40fb-a496-dfb6a81e001d", "value": "T13A453325FBD4CCC6E16704B061F87D2EAAA6BC005036D757BB5C78DA6C703AE0A1B749", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336380, "uuid": "04d53aac-9fcf-4220-8ba9-021412b1c725", "value": "66fcdd6338ffed276966867e7cf86116", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336380, "uuid": "e3b84613-2cdb-4fdc-b394-eee6be192aa0", "value": "24576:4NBKovR2t6WTPNgGhBYC1Lm7tYZOqjTtgZDTENIHacheumD:ME2RglgGdcihj5gh6I6oeumD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698336380, "uuid": "4cae8e73-40df-4fef-afca-92ca60b9ddec", "value": 1200800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698336380, "uuid": "54ce09ee-91c7-4004-b65b-0f083b188826", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336380, "uuid": "db391008-6122-41a1-8350-299663e42783", "value": "Purchase Order 1021234.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ada306be-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (Phobos)", "timestamp": 1698311502, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311502, "uuid": "6c346e00-77a5-42fe-bfbb-a48082b9179e", "comment": "Malware payload (Phobos)", "value": "2519f369f426e4d2cdd88290d1c25d3c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311502, "uuid": "b46a818f-6d0d-476d-bc8c-1cf59ee50f83", "comment": "Malware payload (Phobos)", "value": "91abe280381d0faf55b521f51d16d8aa022f0cc14b1310334d4fffc3474459d4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311502, "uuid": "667bd3f0-a072-49e3-9e76-f09aa23a5932", "comment": "Malware payload (Phobos)", "value": "e464001902893ab6aea89b8ccfc66f9eb1d45988", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311502, "uuid": "4bac27d7-4f12-425c-afd7-50673bcbfa29", "comment": "Malware payload (Phobos)", "value": "a596ee34f75ff4182ca68750270c0e568fc0e8f4c9a2d1dec7974c050873a12fd8c4e7bc4d6e399a34a360107ae4b3dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311502, "uuid": "17c1703a-8f19-4bee-852a-b4de783202cf", "value": "T1F185E03027D89B21DB5F577AF174A90992F1E4099AF6BFA74AC4BEF128833506D81073", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311502, "uuid": "4c7d6d08-7a85-4b91-b5f1-a4c1210d0e9a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311502, "uuid": "e9e0a77a-9e4c-4d2c-9181-d180421f8d63", "value": "24576:4E6seIAzWNS0LSaN9EBrx+dbsOCK/91/oc1EDnbLmVrkfvDUdhu3z7L/40NM+Sf2:tKpCSrEdbsOn/4sEDnB3z7E0CzzK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311502, "uuid": "6984f88c-18f5-4e27-8229-2af9e398a43c", "value": 1815552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311502, "uuid": "c1c2a6ef-fe13-46a1-b653-b359896d1bee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311502, "uuid": "57894274-10eb-4f88-95e9-496c5af794cd", "value": "2519f369f426e4d2cdd88290d1c25d3c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a07b0976-744a-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698357436, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357436, "uuid": "5beec9ae-7c0e-4a42-8345-75987c23dd80", "comment": "Malware payload", "value": "f6aeab899f4cec07adca74994dd0b255", "object_relation": "md5", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357436, "uuid": "be55fd20-eb03-4eee-8ef6-ee873027f297", "comment": "Malware payload", "value": "920b3af7fb46c3a55141434587d0febbbfc57bebba7f52e9f85dabd5c0c70307", "object_relation": "sha256", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357436, "uuid": "650b441e-113f-40c0-9b50-eec98bad1ae4", "comment": "Malware payload", "value": "156456c7a491754b1e11f279881f10c886f064b0", "object_relation": "sha1", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357436, "uuid": "62d10a69-584b-4c31-be42-915b80798961", "comment": "Malware payload", "value": "95b09824ab2279ac0bae9e6e03896e6b2332b8cd2a6e756d58b78d203eecc280b13441790e0a1cf6178428a9fb68fcd3", "object_relation": "sha3-384", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357436, "uuid": "e3f9f211-def5-48b4-949d-632efb4e5e9f", "value": "T14B65220172E08074E4F21E3068B4D9B55B7EFD7469319A4B23990E3D6F38A81EA39777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357436, "uuid": "78dbae77-6c2f-41c1-b104-ba258c6d52a3", "value": "d6d33cfa83489bf5ba9c5b52261af2b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357436, "uuid": "d8342c45-2efa-4cb6-9f0e-20d070f56e74", "value": "24576:Jw8KjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+LT:PKjKWQc2b1FVgbjrjxPe1pbPSQm1FloS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698357436, "uuid": "ce44d44a-1790-4e72-ad04-743286ca3a96", "value": 1427176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698357436, "uuid": "2d46202f-2878-4388-a0b8-a419d13ec321", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357436, "uuid": "830cc604-af0f-4a1a-9f3c-6614159be1e3", "value": "ChromeSetup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50e949e7-742a-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1698343558, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343558, "uuid": "f1d23039-154b-4cd1-9bdb-8d133735e3a1", "comment": "Malware payload (LummaStealer)", "value": "1b7aa87d8f63e1322f8f8128a22d8d50", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343558, "uuid": "6be8523f-ef64-4980-9656-9f1cbe706613", "comment": "Malware payload (LummaStealer)", "value": "927ccc49bbb500e978691155c7dbb256597a3d14b1b5ec988800e95f60da2241", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343558, "uuid": "98b61eb1-dda3-49c3-aa16-e12048ae8f5f", "comment": "Malware payload (LummaStealer)", "value": "c690afae5f7e02a32fa27c23a8f0a157815b2fa2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343558, "uuid": "8df76366-c16e-4fd9-9a10-4dffe3b07405", "comment": "Malware payload (LummaStealer)", "value": "3107e5d2c68f70fb38e2e29355d5f556e68fc4c004dc4f8d1be48b25fee0d66233f2eda0fc685d9ff8738d2a03d0df06", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343558, "uuid": "6cbc4f1d-c13f-4bcd-b443-b46458c839a6", "value": "T10AA67D31EB0012E6DF8356BB9D17D7D2E92CD1106312119AA29E035E9A874EC8377F7E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343558, "uuid": "ceaa6799-783d-400b-8868-469f1c0d7743", "value": "413704d931dd90675c12a0afcdbdaa34", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343558, "uuid": "5deeccc5-4d58-4724-aabc-4b6fad126b57", "value": "196608:NrBhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh7:NTnwpVraofeEQAdxC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698343558, "uuid": "e801b5c7-20f1-4334-babf-3377ced735e3", "value": 9812680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698343558, "uuid": "857ae81c-c3db-491a-bc62-8e67bf20f18a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343558, "uuid": "ea45cab1-e59c-4f61-9384-0d500509c57b", "value": "1B7AA87D8F63E1322F8F8128A22D8D50.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3244292-73ea-11ee-8907-42010a9c0042", "comment": "Malware payload (Stop)", "timestamp": 1698316316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316316, "uuid": "535c720e-b6e7-4e11-8525-e6dfaa31ab65", "comment": "Malware payload (Stop)", "value": "63ba6c124b825c4ce68df30e30aeea23", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316316, "uuid": "5aa20e2f-9ff5-43b7-9c9f-bc50f21a8564", "comment": "Malware payload (Stop)", "value": "92ff907d823740d5bc0263eccb4ddf72ad290f26032d8835b8682a3d75a1f14e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316316, "uuid": "25b2e068-8edb-4e46-9ad7-f05541a7b395", "comment": "Malware payload (Stop)", "value": "b1644bf1604a505e8a4750f2e6800378b31662c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316316, "uuid": "a1cdea6b-5e06-491c-b2bd-2c24f43dd0e9", "comment": "Malware payload (Stop)", "value": "8b569bb2f74ee651fd90fe6a12c39765681fc4bb662d7df610fe794faaf6ac60cc1a58d23eae7037d0742b4b14d93f17", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316316, "uuid": "6700fe04-cec9-4faf-a8df-dfcaebf6afc5", "value": "T1E1E41234B3D09072D1A74A305AB4DAB24B7BB9332776E88777245B394D701E08EAA753", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316316, "uuid": "2bf92641-c8d5-4ac1-886e-90b08f09c563", "value": "3eb61bde6c067dec159cc6a0cbd631b3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316316, "uuid": "5b3a65eb-e7a2-4e64-97b9-3f4b7aa13841", "value": "12288:Dti/+udoW7vC5A1ZxnkWLc8RxsfcFk237TYz2HxjD5iEHlTnxhD2FdDvB:D0/NoW+QZBkyxccFJ7TYQUEFTXs9vB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698316316, "uuid": "9eab3edc-6bab-4616-8b8b-c55820cace99", "value": 705536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698316316, "uuid": "7b209f5e-2465-4834-a6e0-327031a9b6be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316316, "uuid": "97e50ea8-30ae-4ab7-af01-fdfebc4eebbd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78b16b3d-73f9-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698322580, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322580, "uuid": "c9daba1b-33b6-41cb-a41c-fe4f86b5782a", "comment": "Malware payload (AgentTesla)", "value": "0b30d3b31544e8ffa779c845761c58a2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322580, "uuid": "7fcc07ba-d525-437b-a20d-63ae9b4c1c4f", "comment": "Malware payload (AgentTesla)", "value": "936755e8327c278c397e4700bc0d4871217b3464553dd6ab1ea497365077f5f6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322580, "uuid": "c809543e-5a00-4235-9f63-87df6b845112", "comment": "Malware payload (AgentTesla)", "value": "8f1a751391adaf66818a2fecb088358687914de2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322580, "uuid": "45348521-606f-43dc-82f9-3e3d50af5761", "comment": "Malware payload (AgentTesla)", "value": "a13fed6e5baabef9e4ef69335bd464d31e1646ce483c36637bfe92bfe83e9be8602f64c21c119a32d35d5b2034e5c790", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322580, "uuid": "d31809f8-e39f-4c65-a50a-1aa2a5fa713c", "value": "T1C2258C44E5D95948F83A9770C339CF3443B67EEA953AE11C3DCA3D973A7B6C24A12212", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322580, "uuid": "b2e6a660-1d44-4854-88ca-f9db2dfb48cf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322580, "uuid": "ce7fd5d3-c248-4d6b-9607-986b3db21522", "value": "12288:9tn03CXBumFgGoiV1xsdPqzausz+IUTWoaDmc9pzfIxquP7r9r/+pppppppppppP:9tnmWDCGoiVcJqzuZoqfffIcu1q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322580, "uuid": "60134906-20bc-47fe-9afa-370e6cb410b8", "value": 979456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322580, "uuid": "efc466ca-15bc-4b0d-bae7-78e08e6cf58b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322580, "uuid": "361b2e5c-4d72-4c8c-9023-bc6f724a1827", "value": "PO#303229.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71db66d6-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698303671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303671, "uuid": "4b8c3f59-0fcd-4c9f-9a65-1d9e99a373bf", "comment": "Malware payload (GuLoader)", "value": "432aae6ba4d05a55451d5475200a6a4e", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303671, "uuid": "898504a7-81be-491f-a1cb-8e36845a1b0a", "comment": "Malware payload (GuLoader)", "value": "950cae4b1cc75540bf8e6f7f31d9b46231a3cdfb5aded5d85b2cfedc9e524e54", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303671, "uuid": "8af985f5-fd31-44be-9fda-471666852340", "comment": "Malware payload (GuLoader)", "value": "b6dfe4b9b6f410a0118fe1a1615f234a07ff8289", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303671, "uuid": "2f60d16f-7d74-4c09-b862-bd8f0b036054", "comment": "Malware payload (GuLoader)", "value": "710764e81fe2ad2afaf340034dd101670972da5f1038eb0f08519a4196a00eb8c287368279ced0be3d6b2c830f314732", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303671, "uuid": "e38ea3c8-782a-4307-b2b6-460b82c3798c", "value": "T121736EA6DBA4151E0D4B37DAEC808C51C9BCC12A5527411AFEED078E620B59CD3FEB1E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303671, "uuid": "591172ed-759a-4256-bbf6-175d28bfcba0", "value": "1536:pabOwodBADHItRJyrnT/NOCzg6l4+RePnygkLhO:Mb9sADIt8T/N1TlXQPygkLhO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303671, "uuid": "3e2e73fa-bd72-4ddc-86bb-90f09f514399", "value": 74730, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303671, "uuid": "4e6f2569-c9fa-490e-aa5a-a2dcf8a3ca88", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303671, "uuid": "675c224a-8df7-408a-b91a-01b792b74a56", "value": "SOLICITUD DE PRESUPUESTOS PEDIDO 19600.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d07a9e68-7411-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698333035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333035, "uuid": "ccd53202-ad1a-4587-9a9f-962726f7152f", "comment": "Malware payload", "value": "a3b8f226e3b19e99d2a37586f67bd370", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333035, "uuid": "84947d42-2080-401a-a68a-a2136145c7fc", "comment": "Malware payload", "value": "954313a3ab9cfe879a1937e6f24fcb3bc21a69e32011287e1720d4961a375e44", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333035, "uuid": "30fd2ec0-5472-4fe3-a688-ca96dd234142", "comment": "Malware payload", "value": "1fa14ef8966a02551d962e4f4895bf399bafdb24", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333035, "uuid": "9107c039-bd33-4617-a66d-03374be5b6de", "comment": "Malware payload", "value": "74f0209df45a8b529e0688d23f833d227b8aa1ab98207da6a1d777e579649f01cfed4281e2af09d15c8c0cfbb004ec16", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333035, "uuid": "202ab0eb-04cc-492a-aa96-4058dcb704e5", "value": "T16C05121436C5DE12C66A4F7B49A201412FB0E95BAA97F78B7DC873AC0C9B3DC0957623", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333035, "uuid": "7ffcde74-6df3-4474-a360-92dcbed9657b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333035, "uuid": "564c2059-370f-43f7-9eb0-1d3f282e5044", "value": "24576:fLQdWAFp09iyjFOn+seDsqxlM6LLmldXMv:DaFOwyJO+lDsw3YXs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698333035, "uuid": "0a5a18f0-9d6d-4509-b99f-e1ad1c277fa0", "value": 807936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698333035, "uuid": "c6fc1401-8765-4b31-8163-7dc29c0f0f67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333035, "uuid": "4511cd47-09e6-4701-ba43-114d22e8115b", "value": "AWB #150322.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "644ad0e7-73a3-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698285609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285609, "uuid": "4160cbe9-e5cc-41f2-8721-b9c2af1c0823", "comment": "Malware payload (Mirai)", "value": "62a47d7bb763a254627a8996af9528e3", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285609, "uuid": "d348a0bf-68e5-4506-a90e-a1c1a7fc06cd", "comment": "Malware payload (Mirai)", "value": "969e3fbadef0250e5faeb80fafa44e921d56447c77a8c55f5b62b7820bfe030a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285609, "uuid": "b2785b87-ff24-4c69-ae19-21e8741520c8", "comment": "Malware payload (Mirai)", "value": "5821cf814efdfe4e212a467c026ca2a102c0747c", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285609, "uuid": "4d7189a7-fc50-4bc9-b5e2-9effb0c489da", "comment": "Malware payload (Mirai)", "value": "b4814d2ca1399d0454f628370030eda9bf93e250b4ddf5ce1fc380ef868d6d0fb85fc75264af4450ccef3da7a91b22f3", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285609, "uuid": "bc05bcbc-768c-4997-8009-dbf415abadab", "value": "T14EA2E12573A32D56F3ED1C3CC86A8357F9A20BFC90F6327579005620C94D24A3E38A4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285609, "uuid": "2c848912-390d-4d2e-8956-d3bb928bab82", "value": "384:TvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjxwhymdGUop5h9:TvQn4j+ZO5fKAlxtws3Uozv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698285609, "uuid": "af2f452b-3dea-440f-9312-8060d6c50f94", "value": 22168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698285609, "uuid": "5bcac62c-b1d4-40e3-a3a8-834e2adbdc76", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285609, "uuid": "67b670c3-bab8-4d3d-9e1e-f353b57df5d3", "value": "boatnet.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e6461ee-73d2-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698305785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305785, "uuid": "aa6fd669-d978-4f8f-9305-719282779b12", "comment": "Malware payload (AgentTesla)", "value": "ee9467558ac782c58ee98b49049cabd6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305785, "uuid": "bbd88cc1-7c35-4edb-b637-3e9d6469a474", "comment": "Malware payload (AgentTesla)", "value": "98850837371c2fef98480cb45bc98f131bbd0d57445d12093e4c02439def84c9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305785, "uuid": "9cfcfbd3-04bb-4659-bf77-df9460ed2839", "comment": "Malware payload (AgentTesla)", "value": "9246a736093e66485f0501d49bc22b31c51a6f50", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305785, "uuid": "1063d6c6-2522-4f3e-851d-648bf18565fc", "comment": "Malware payload (AgentTesla)", "value": "4f4b9ae3017919096037b90d2f809194b7be56c37ac3dcd4046edd85b503b52cf2792a3ea32586c8d067a9a3bccf0a7b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305785, "uuid": "978098a1-92d2-4c44-b8b0-1a427b451c66", "value": "T1E9A423F0B649A9660BE581ED65B06754BFB41F23CB926E5C12137311B49A0F9F47CF08", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305785, "uuid": "76af6887-1c31-4b56-9515-7d80e84dc624", "value": "12288:VZH7yjB1OoPtS9dB6raNOg2O33S0QXFsLcTPrPybeLh:ne14AtSeaNOJO3CfFyc7Dyb+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305785, "uuid": "e01b4b30-e744-4ca4-8b4f-9c6d8cd24cc9", "value": 476212, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305785, "uuid": "62f08d3c-ee6f-4334-b4a3-154d202d5344", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305785, "uuid": "d6435aca-f8c6-4582-b4f6-515df286aff9", "value": "Shipment _N08925.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "451b5c72-739d-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698282980, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282980, "uuid": "0917727c-233c-4a69-9037-ef556160e66b", "comment": "Malware payload (RecordBreaker)", "value": "a5b305c8f38074a15a2afd0943cf7a09", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282980, "uuid": "4f199fd1-36a0-424b-8d20-1616ca64aaf8", "comment": "Malware payload (RecordBreaker)", "value": "989b66a7c1343efd861e4b0a8af096de07351157ac315b2786276dfb9182e848", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282980, "uuid": "ca24d478-509e-4f1c-99af-1e0c2ad104c2", "comment": "Malware payload (RecordBreaker)", "value": "66f00db98ec57c3cc0bf1ce373a7a9bce4131880", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282980, "uuid": "da5ee26c-49c7-46a2-94c8-3614416dc817", "comment": "Malware payload (RecordBreaker)", "value": "834a2112ffc15a0c108b05fb827e2972d366b6bbcd43e414d2f2308225b5c6040aef5cf098d1169c535fb18ff993bde6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282980, "uuid": "96713479-33eb-4253-9a56-04cda1dabe6d", "value": "T1A1452362F7F958B3C4BA2BF059F916D706353CAA5A7442233286AC4E4DF3984B4B4313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282980, "uuid": "db3de241-7abc-42bc-b1e0-f8f3e9b3cc1b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282980, "uuid": "8a8d7779-c2cc-48c7-9634-49e23f4d2fdb", "value": "24576:zyZzlPL6LKaxXAeeco9YNh2Bgh1K6UUCecLyZX5:GxlDKK07e79ah2BPUay", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698282980, "uuid": "dae049ac-e46e-4443-aaf4-d4d6336c8b95", "value": 1166336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698282980, "uuid": "24acdf5f-d2c3-41d1-86b4-2ce6a46ce6ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282980, "uuid": "0c856167-f459-4a87-bce4-a6f90f734cb3", "value": "a5b305c8f38074a15a2afd0943cf7a09.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae301c46-739c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698282726, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282726, "uuid": "43279cf8-90d6-491c-b352-3714b762f634", "comment": "Malware payload (Mirai)", "value": "2262c15e3372f65e361163b23196a896", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282726, "uuid": "06dd835b-7f71-43e1-af08-c655f0ed10f1", "comment": "Malware payload (Mirai)", "value": "98bce6cf1a140afc0f44c23c22c2fecd2f3fc38d389c4fb74bd376d3bd8c089f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282726, "uuid": "04b85458-538e-42a4-9c40-9f8060f8b430", "comment": "Malware payload (Mirai)", "value": "34c08fabfd356263cb5b8fde9d94a7ec9b0b58df", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282726, "uuid": "5aabaa17-dc7c-4e65-adce-ab5edaaf49f8", "comment": "Malware payload (Mirai)", "value": "8cb95a1f39d0d30e722059be3087babad0c3af7460a0d4fdca8677df6bb15fe35bf92e5757c083210f6130e1925601d7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282726, "uuid": "7abd4a09-f599-4d41-8d4c-339884be04c0", "value": "T14E739DB2C128EEE8E011067CA59188794F13F10456673EF6CA85858AA647DF8FB0D7FD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282726, "uuid": "3f21cd52-bd91-4809-8fae-5f773dccf820", "value": "1536:uaL/4OBmRJrYmU/7bMihvncwtJ/6/yBrzdVfs3T20x81AitYCGR:uqAOanU/7bMii6kofDf+TJaAitYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698282726, "uuid": "82c5907b-3288-4136-836d-07e09472ad99", "value": 79284, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698282726, "uuid": "52bc1edd-6c63-4eab-a3e5-a441e3d245c6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282726, "uuid": "bd62ec2d-95c5-48d8-9c7c-278f71ac9aaa", "value": "2262c15e3372f65e361163b23196a896", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "206082c6-73d1-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698305252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305252, "uuid": "608accf5-4cfa-4970-a20f-2534e3b8a8b5", "comment": "Malware payload", "value": "a239a27c2169af388d4f5be6b52f272c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "urls-haus-scrapping", "colour": "#6E6C04", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305252, "uuid": "a2275414-3ee3-4b33-b98a-a01cf8137624", "comment": "Malware payload", "value": "98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "urls-haus-scrapping", "colour": "#6E6C04", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305252, "uuid": "e9473f68-6ee8-4b5e-8fd1-bcfcbb0d1f1c", "comment": "Malware payload", "value": "0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "urls-haus-scrapping", "colour": "#6E6C04", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305252, "uuid": "6d07cd30-b77c-4c93-95d5-0cfde3ed68ac", "comment": "Malware payload", "value": "06feed6b5b3c54d888cf0f9f58936b977b858c4ae5bafa18fe059bf6646ec8841c08f809788499fbd618b85f5cc57d7b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "urls-haus-scrapping", "colour": "#6E6C04", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305252, "uuid": "4562097f-afe2-4686-a5fe-3ed7a65704a7", "value": "T16991A705B3E84639D1B64B342DB3C3106A76F5459D77838EBCC4131E6D21B645A22FB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305252, "uuid": "82d4a97b-1ebd-40d5-95c9-587cd2ee7817", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305252, "uuid": "0a91e34a-3c92-46f8-b53e-792a15a15403", "value": "48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305252, "uuid": "092c24a0-da7e-437b-83d8-91b4a8d253d4", "value": 4608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305252, "uuid": "f7202198-1f60-4479-a20d-0ef872075385", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305252, "uuid": "6c11ab5e-6894-4db9-8f99-a82bb994b741", "value": "New Text Document.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf869d1d-740a-11ee-8907-42010a9c0042", "comment": "Malware payload (AsyncRAT)", "timestamp": 1698330027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330027, "uuid": "6e401b1e-31eb-4e7c-9eba-42aff1b26f82", "comment": "Malware payload (AsyncRAT)", "value": "a303a2d627cb8588f3c30ac8b353674c", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330027, "uuid": "8257121a-aa86-44e9-866e-b34459af7a2c", "comment": "Malware payload (AsyncRAT)", "value": "9906536e261362180e3b4c087a6e5941afd3766d077dfcfc3efbeb0ca91c9201", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330027, "uuid": "e08f16a4-28a3-47db-b665-a51dca5d80db", "comment": "Malware payload (AsyncRAT)", "value": "b9bc36f39d00378644e7bf4ab22e64f0a738c014", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330027, "uuid": "b8bf9251-6a38-4d2c-a21b-089ad048ea62", "comment": "Malware payload (AsyncRAT)", "value": "b7ed88086332226d13692833585be1d6cd71bbb18a45413c2c122b56206c3dc208fad93a3a6cecf1a2815e24915a64e3", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330027, "uuid": "e26e6fb8-ae22-45ee-94ba-666e4b6df69c", "value": "T174236E003798C136E6FD47B4ACF2A1458675D66B6A03DB597CC814AE1B03FC696036FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330027, "uuid": "12a0dd05-2e1e-4050-bc13-e3ffb4581bb8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330027, "uuid": "f8dfde07-d43f-4504-a6d2-e88e3bcecd55", "value": "768:Eq+s3pUtDILNCCa+DiPQtLddR56LVuTqQijL8YbSgeTWKpBTlmcw6vEgK/JDZVcD:Eq+AGtQOYxvyLPPLzbVupPJPw6nkJDZI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698330027, "uuid": "c16eb018-7486-46d2-82b0-26f8df0a9d4c", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698330027, "uuid": "99f3cd2d-2314-4a61-99e2-a7d067f77a5d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330027, "uuid": "3597e755-77c2-4219-b55e-b424760adcca", "value": "bxsdhvfnrn.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9d00e57-73bd-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698297027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297027, "uuid": "9bf60ece-0f56-46d7-8e5f-212f3e65d868", "comment": "Malware payload (Amadey)", "value": "fa06f985b45f28d69aad8c55ab17d371", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297027, "uuid": "38e9f2be-885c-4135-a381-909a6fee26bb", "comment": "Malware payload (Amadey)", "value": "9af1db58b2b87d35f47215272d5cd2f3b64551b7280b3f7541dcf01ec5d63fdb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297027, "uuid": "33cffe48-5cf9-42b5-b9a8-7760788309c5", "comment": "Malware payload (Amadey)", "value": "5c2c0a7bf4ef431ab0df93cda4c876882af7e352", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698297027, "uuid": "1a66e8f4-4913-48e5-9e37-ed07d6773aa7", "comment": "Malware payload (Amadey)", "value": "03ba90b60b10319b514759bd1a215ccdcd2280e215a4006f6396e27458c4c8196944a1721b26e2aa580fcc83ef8c08ef", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297027, "uuid": "c163d86f-e2a2-4fac-a76a-b51df8cd7db1", "value": "T14D157C2178C09276EDF320B787ECBA2587ADE4B0071915DF16D85BEED7606C17B32682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297027, "uuid": "ce78fdef-ff55-4f5d-bc9c-e250164da313", "value": "0827946c9a1e10fe2b73e3062ee67b37", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297027, "uuid": "1c789288-17be-43fc-8357-ed8b287b49eb", "value": "12288:PgG8oRW829AM9cpSOkCmWQnU4oE0gCB4SFA9xVuZfTm6dQoqqY7xR:Pgp829AocpSOkbHof1xm0iq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698297027, "uuid": "cfdaeb2a-bd8d-4fd1-912d-43c5a82b9fd3", "value": 935936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698297027, "uuid": "9e4b328b-e8da-42b7-952c-817190cb1d75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698297027, "uuid": "2cb58d38-b667-40d3-b656-ee066350265e", "value": "fa06f985b45f28d69aad8c55ab17d371.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d6530c5-73bd-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698296737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296737, "uuid": "d089bc3c-8603-4383-a594-d9d5d45b7142", "comment": "Malware payload (RemcosRAT)", "value": "af5da819f434aff5a7f7f73bf87c348f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296737, "uuid": "5d76347b-f538-475a-aea2-164ca035c973", "comment": "Malware payload (RemcosRAT)", "value": "9b5e50292aacd6de4d058a7bbf72dd3d0c09dad48c52eb6e43c0fef8259383a1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296737, "uuid": "2b650062-02a6-4c3f-85ff-104166a08b76", "comment": "Malware payload (RemcosRAT)", "value": "6d0bc26fb60f8bb32fbbe93fada74e6131821908", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296737, "uuid": "757178e9-88aa-4c19-992a-6148da1029ef", "comment": "Malware payload (RemcosRAT)", "value": "fde25ce10dc40fc25698394e0d65371e9422e21161117d4064ca561f17756b46e8a7343560dacd85a07358920d6f0182", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296737, "uuid": "97aa1338-87f6-430e-9a47-68cb9f3df4dd", "value": "T1E5B49E01BAD2C072D57514300D36F776EABCBD202826497BB3DA1D5BFE31190B62A6B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296737, "uuid": "f5ca0bf8-be88-4423-9c6f-4b94978084e7", "value": "8d5087ff5de35c3fbb9f212b47d63cad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296737, "uuid": "ceded38e-721e-4435-af01-8ca6a17db34b", "value": "6144:Y/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZuAXec7t7ov:Y/uPq3AfK496Gw0lwGXN3pvs/ZuA8v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698296737, "uuid": "490ae192-b7c4-4df6-b4b3-159b1e4b1ffe", "value": 494080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698296737, "uuid": "cd0c955c-abde-4f43-bcbf-3af5b7e7b717", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296737, "uuid": "fa089e3a-40f0-4861-a72e-990ba1ba346e", "value": "AF5DA819F434AFF5A7F7F73BF87C348F.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "451dd09e-73aa-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698288563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288563, "uuid": "d5fa7b18-e025-4d1b-be07-d613ce33a027", "comment": "Malware payload (Mirai)", "value": "9b1a7028d268ddaa0e120093ef67ab47", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288563, "uuid": "ccc25ba0-9290-4493-aea4-173af4c14638", "comment": "Malware payload (Mirai)", "value": "9b71eedb9a4e674ef213f9d428bd264f8e9e7c8b3e6a37400d8bd83fc7c99908", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288563, "uuid": "3c3b95b3-c299-4813-ad45-1df2815bf3f2", "comment": "Malware payload (Mirai)", "value": "447cf8ccde545ff35febe803f68e1d0699a83639", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288563, "uuid": "0644a2b7-125c-4cb9-93c5-1cf774397b53", "comment": "Malware payload (Mirai)", "value": "53c825442833ad2a79635e99c563162927ba1c0f3e1454a34cd38e213f5f8c7e73c7e5647338f39faa686954e9d7703b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288563, "uuid": "db3d4feb-64e0-49bc-8ae2-e9af59904f74", "value": "T193B2D0CC64543184C98D7C7C178D4B664F6CA1C0BAED9B2AE350CD99B3BAA8F385D078", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288563, "uuid": "605af590-cb9c-4412-b729-e1bd22591ca4", "value": "768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpHZqSWvo:4QlS07FUXqIYSXQKqu5qA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698288563, "uuid": "844a13ac-59d1-40e4-b33c-770582d3b5e7", "value": 24912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698288563, "uuid": "b4284665-2408-448a-bf43-be9e87d1a1b6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288563, "uuid": "c057fdb1-e63d-40cb-9c6d-dc4488af03e9", "value": "9b1a7028d268ddaa0e120093ef67ab47", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "893ba1fa-7449-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698356967, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356967, "uuid": "1d2c014f-65d4-4410-ac9d-63bc18f511ce", "comment": "Malware payload (Mirai)", "value": "85831fe9ce7ca50004ebbd8f3bf4d19b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356967, "uuid": "f648164f-63a4-4507-8d17-90f58c045a02", "comment": "Malware payload (Mirai)", "value": "9c616d7423c33d0eab9d64fe68d6109603f3ee369f41584ea5154350a7cbda64", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356967, "uuid": "2691503f-0765-4fc6-a0eb-e8a22dea7083", "comment": "Malware payload (Mirai)", "value": "2d6919faff3607a973fd7d7e417f966db49d73a9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356967, "uuid": "cf944d45-5088-4f1f-acc2-283fef77f7c0", "comment": "Malware payload (Mirai)", "value": "a65c89410d197201a8ddb92aedad71838310ff860071db210a191e771a3b9e2aad3a12be34e4be15548fb819cfbdf69b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356967, "uuid": "2934370f-a94c-4475-914e-9db1718edea4", "value": "T1A1D2E0B48488F070C5612DF5D8EA42C09A594798E4EF193A7EB22B4A93C75A3FCE4193", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356967, "uuid": "a54fb2a6-87cd-4715-9f20-ab6d0f903625", "value": "768:MR9p3dHjKqNF0qOi2cYL6YcQ6cA483UX/B:6nHuMTQcYL6jx4R/B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356967, "uuid": "f7bd6481-698f-46c0-a1d5-b4aee84b93a5", "value": 29012, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356967, "uuid": "715cc468-04f2-4607-b8dd-68dd65e1b77f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356967, "uuid": "fd4e8911-2c58-4e75-93fd-63c7fcb1f59a", "value": "85831fe9ce7ca50004ebbd8f3bf4d19b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9e4c1b3-7419-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698336406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336406, "uuid": "2b492f87-5b85-4796-85f1-71517b1d2f1a", "comment": "Malware payload (AgentTesla)", "value": "04ee58cfc7b58f6bf7bb60f8ddf2a8e1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336406, "uuid": "35cef34e-3b69-4087-8641-d2f53cbf9689", "comment": "Malware payload (AgentTesla)", "value": "9cd45c2dec3640ea0a345bbe5f21987485e91a2ab5cb605b0f30a741d2cb7b38", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336406, "uuid": "f8d6333e-d047-4aeb-bb50-f8866d237ca3", "comment": "Malware payload (AgentTesla)", "value": "55c4f559c6cbcbcace30078df9f69202c8031a8c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336406, "uuid": "5e7e7a14-9be3-4b34-809a-965cc101005e", "comment": "Malware payload (AgentTesla)", "value": "8385837164b079e9a8b12c4aa18cdc3311c5b1defac04aabb237c7bf9f2244737efdcf1b2da7bbd45129118baf54f511", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336406, "uuid": "2bc0a9b0-0302-4b77-8777-4f931464402e", "value": "T16705F160F2F6F90ED4DA857BAE6067E0A33260237713D756CC44EA1A7C1D6D78EC0A91", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336406, "uuid": "a7955928-87c0-4461-848c-d2e55b188302", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336406, "uuid": "81353993-f91f-4adc-8a1a-b74221dc7bf8", "value": "12288:OUWPT97Yw3rbzLuvOKJvv/Awcx5psdPeIIgVRUo2vpBjVRTaks38q93My7lIkxhG:k1xXm/MDsdVupBLHs3z3f7prxs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698336406, "uuid": "eaade53f-b48d-4898-8246-1052a0176bf1", "value": 859648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698336406, "uuid": "a22dc289-5a8f-4065-812c-a3be832e31d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336406, "uuid": "c9dff080-39f9-4060-bb1e-c66e14bdaca2", "value": "pre-alert 2320102740.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b2385c2-7407-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698328409, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328409, "uuid": "32613eac-85b8-4e19-9a1b-55c8069af98a", "comment": "Malware payload", "value": "3d0ed16f54dcfceb6b33cedc080da8c8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328409, "uuid": "397f8aba-1e5e-431e-a783-0982c37ad5fc", "comment": "Malware payload", "value": "9d1c9d9ffb606fa8576a222b311c43416611a88378073636def168e27fb8e865", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328409, "uuid": "509978a8-b024-4b01-940d-b75779812c73", "comment": "Malware payload", "value": "7d42909e3f88cfde084bee20be95b3bd219e12b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328409, "uuid": "c7fb252f-fcfb-4070-be4c-b23c00ed68ed", "comment": "Malware payload", "value": "4c3bccf456971d4a7a651a05a6dfdcc4312a081c18458648f01ed5628ace412fb280a6075bdc320626cbf5b08d54fa3a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328409, "uuid": "7260542c-673e-4c9b-826a-fae6420856b3", "value": "T15F46CE07BA4789F1C1491B37C5DB05140BA4DBB17213E60A7B8F23EA19437BA7A4D3A7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328409, "uuid": "1f624d95-076f-4eb7-ad07-7007f4967a13", "value": "98304:d+8zNdiBQtu78Nw19iSbvrBmZuffgegs4VuVBL4Nn:d+KLi+te8m1rzrPQjssMF4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698328409, "uuid": "91f31274-23a9-4c9b-9596-b410fff8d545", "value": 5880320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698328409, "uuid": "a72314bc-4f90-438d-befa-cc9cb3c007f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328409, "uuid": "62e55425-1afe-485b-b678-fb959af1c22f", "value": "rpayment-swift-.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b80a5d8d-741f-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698339007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339007, "uuid": "d1c7ac0b-9c96-48ad-9eca-2e7b9496777b", "comment": "Malware payload (Mirai)", "value": "22b7bf66ec4a138337b73097609fe2c0", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339007, "uuid": "b100da5b-0a6b-41c1-ac79-220875535b37", "comment": "Malware payload (Mirai)", "value": "9dc6ec764a6a9800167a2935c25e79cdce324fbd6f339472f31bdb0d43ff5470", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339007, "uuid": "4d3d5c75-789d-46a1-b9ac-da84e31d42d8", "comment": "Malware payload (Mirai)", "value": "57735d98be197bdc51a1e329f96f4235e58d590d", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339007, "uuid": "1e6a4ec7-1c16-47d6-88a3-e1a790176ccf", "comment": "Malware payload (Mirai)", "value": "14bbda64726b6e0a76f51f4ad64a1d43617edec04e869cca6e1e2ed6e3c37b6ed577bcf4425b92192c3e4e92362a6c4a", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339007, "uuid": "4a66260f-4e54-4dc0-b84d-fb8df1809ea5", "value": "T130E2F184A08B94B6F6E4093D88FD218313750711F3D7766D3444264CFEE08EB6E7A69E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339007, "uuid": "fb6d8432-86d8-4856-aec9-f65db05e8558", "value": "768:P4KlgGu6+NqoKOpvpkNfeBHKfl+zmJjgGUH3Um:PJaH67IyW0qB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698339007, "uuid": "2005a4db-a31d-4588-b52c-dad9d459d3ce", "value": 31896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698339007, "uuid": "bfe9f439-dbbc-4b79-abc5-c03779e29c2b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339007, "uuid": "764cac2d-0017-48dd-9ce7-01832be82acf", "value": "z0r0.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3be33524-7406-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698328061, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328061, "uuid": "80635fde-30dd-4f88-8bd9-c8849670c14a", "comment": "Malware payload (Formbook)", "value": "7c719e9f0ac2aa430841a5c53a13e5c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328061, "uuid": "86527703-4057-45c1-b5ea-8209dfc455e5", "comment": "Malware payload (Formbook)", "value": "9fefd5cbebe1a5c768a46b5615f116e03d2ae863049720fb4e32bf2cd253dc62", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328061, "uuid": "02e4d4cc-56fc-4725-8174-dfaf1d7e0ee4", "comment": "Malware payload (Formbook)", "value": "9e908a8634e3ad3e98fb2b92921b13fa07ade434", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328061, "uuid": "f6f3f5c8-1925-446f-9c0f-b50983a46ee4", "comment": "Malware payload (Formbook)", "value": "2eae6f558dc56775cd14ae35c4645a1133b94304926dc617b70f966718a26252591b3fbdd52e01906fec9151b503a1a2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328061, "uuid": "e9fc76f9-6681-48db-9cf3-6058dfe9ab6f", "value": "T1C4D4F103B750DDC2D403873E989AD7A62A212E4294926BDB6534BE77FC74CA30E4D9DC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328061, "uuid": "26c5675a-526e-424e-8605-efa63688dabf", "value": "003a54a0fe3c2a4dbf64143004ff22d3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328061, "uuid": "865839b9-56e8-4d45-bd84-d55197bcec05", "value": "12288:s1nnUt8ih8xaobFBTl5L8cMZnPsepuOgO6WAcopzgalClA74:+nUtvh8xvbFBTPL8c8P5ph1AxpzgaY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698328061, "uuid": "c04ed3ba-6818-491f-b963-d35ddc8a09fc", "value": 649736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698328061, "uuid": "9dd80c73-2206-46ab-bbc1-fff569af799c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328061, "uuid": "655e328b-bcbb-40a6-b4a7-a522773b68a7", "value": "New Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8ee09d4-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698311601, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311601, "uuid": "960e1e27-6b31-4ce5-be6b-22a3c2fa2244", "comment": "Malware payload (AgentTesla)", "value": "37db7fefcb384a62ea88aa4196b7b9e9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311601, "uuid": "3d1905d6-430d-4930-9b44-735e5c3a7ca4", "comment": "Malware payload (AgentTesla)", "value": "a11a607bcc8d3649e32a9a12d163e5dc3f529d5fc6a819333968d80266e1e441", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311601, "uuid": "55546a9b-434d-4845-96f0-7029f3ebbdd1", "comment": "Malware payload (AgentTesla)", "value": "268635f8a23197ffdaf56aac273826fe750f6dcd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311601, "uuid": "de793d01-b730-4001-bf9d-e76c24866e2c", "comment": "Malware payload (AgentTesla)", "value": "54866c503d8634c5565ddf8c2a014467984e137610b2a70184f0ea5501792dd1c05c90cf0ecad6d61fef24b6a5fcb57f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311601, "uuid": "86991338-11b2-4063-b988-868713864234", "value": "T1E5336CE1EEA91A1F0D0F27DDDC81598281BC801A0536116BFEED03CE925B75C937EB59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311601, "uuid": "0901cc2e-cb94-4812-903c-565b87bd249f", "value": "1536:mxvXs+3XzgWWbYbZUTX1Z4Yk5k4MJBFj0:mjTJIYbyTXtFj0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311601, "uuid": "5a0e2ddd-c4df-4a8f-8b91-d5192d51c78d", "value": 52994, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311601, "uuid": "92acdb42-b38e-433c-b447-4dbf7293ce5c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311601, "uuid": "d83ede4d-c884-4166-b9a1-edfe8ee8c767", "value": "RFQ20231026_Commercial_List_PDF.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7552396d-7402-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698326440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326440, "uuid": "48ff6207-d0f8-44fd-9bfc-fc8792a492f3", "comment": "Malware payload", "value": "8c802e3a42c21b7ffba64189576f752f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326440, "uuid": "3917d93d-90f7-427a-9002-95ccce3585e5", "comment": "Malware payload", "value": "a1a8c8e6fffb85902b585ba7c26c088e10fa44ae28089081a2ee1ede72d0e1ab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326440, "uuid": "bcd88187-edc6-4fca-8a28-9f385650e4c6", "comment": "Malware payload", "value": "1269b9152ab0b4e427d6e4052565906aa86726b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326440, "uuid": "c733e358-55ad-4635-a67c-36b8fd54eb59", "comment": "Malware payload", "value": "d0fdc6a11a0ef3bf665017ca5c19592ef9d29d5a315d3c69caaa872a66046a2576ac9f848599de35d3d2f3029e973221", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326440, "uuid": "158fd561-1090-4adf-af87-7a0715be9834", "value": "T152F41215376E9B67C97D69F8B0B500C84BF1924BE772E7094C9632DC1C63B828923277", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326440, "uuid": "3574e4ba-f5e0-4d63-bed2-5b1ebe2edff2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326440, "uuid": "6efc49a5-e114-4eed-bcf3-fd9513d7c500", "value": "12288:sss8P7c5bIf4tw5QSBsCF0/0ZVTWcMKBdxHexzQ54dvx+tTF7Say4A:9PKbI2w5T/i0XWcDDiQ5MQtBdy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698326440, "uuid": "add30c61-e88c-40ed-a905-5e7777fbbdce", "value": 727552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698326440, "uuid": "52dbbda3-d86a-43ba-9f11-0444ce014636", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326440, "uuid": "1eb37cc4-b89f-4ab9-a15f-ccf9fe68cce3", "value": "qkmWsrGuKXzGMJJ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8c2b326-739c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698282717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282717, "uuid": "8113bbc5-1da5-41cd-8089-dc341bc64c19", "comment": "Malware payload (Mirai)", "value": "9ca9fb796c2b251960ce41e43a2da9ed", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282717, "uuid": "236a8b62-8bc7-4630-9871-a79cbc92a82f", "comment": "Malware payload (Mirai)", "value": "a2264d6bf774810470cb296245e718c18933052e37b8505d19267220f68ea922", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282717, "uuid": "52b658a2-300f-4886-9669-4ec65784c351", "comment": "Malware payload (Mirai)", "value": "ab0b23b50080f02c96b96b2195923a2ec23b1fa7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282717, "uuid": "d66b09a7-8270-4371-b7d1-1f6dd3bb5753", "comment": "Malware payload (Mirai)", "value": "287790e3a7e5d4b2a024310464601094f721cbd5f114f4ca098a9f174bffb3bc7115dc1c3f47ae1727a685f0d1e7eda1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282717, "uuid": "2cae00e9-de2d-4400-9696-dcab6940c819", "value": "T19CD2D0A869429DB1C770A832D7BED1953B5E53B893FA30671A14D124FEC220F09FC687", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282717, "uuid": "82e1d7c5-f6d3-47fd-85da-cf0b18127637", "value": "768:woJd2FKCUjBtBtnveJ7kj8P3yEjKoJVqfCgs3UozM4:wMd2FKCSTnv47lJkKVzj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698282717, "uuid": "fd9d5ee8-f2a3-46d9-a632-0bf00a952f11", "value": 28704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698282717, "uuid": "bacc2323-5b13-4714-8362-d044a65f429f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282717, "uuid": "61580182-531b-4d14-b8bd-ef7f175f777f", "value": "9ca9fb796c2b251960ce41e43a2da9ed", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a232fe77-73b7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698294303, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294303, "uuid": "27a19b2f-768b-49ad-83a8-05cfe2459d4f", "comment": "Malware payload (Mirai)", "value": "3ac4e9cdb78e1f40ec7a1576e3c874eb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294303, "uuid": "1359a3b0-6f4c-48a8-b3f7-123b408eed1b", "comment": "Malware payload (Mirai)", "value": "a34da3030cf1312481c1b9efcfc93fd7839785a937167a617e781453970b3376", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294303, "uuid": "48f4a164-280e-42fd-ab9e-13ecbbf51908", "comment": "Malware payload (Mirai)", "value": "0785c23789340cf4a4d6b2c70dcb0577dc308f12", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294303, "uuid": "cb52ef94-65d3-4be5-b250-466b38a95df4", "comment": "Malware payload (Mirai)", "value": "9a51c059ae7e84576edd1a8062e11bdbd2b77bbaf0fb860b89e739b480d422f785207c51001353df513458b3df1cc960", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294303, "uuid": "60676b58-5868-44e2-98ca-94abcfc2b009", "value": "T1DAE202939371A052DE7417F2F969CACB6B7C4BACC63B70B3160057281E5B0435E2D883", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294303, "uuid": "58c6a6d3-966d-4d74-be41-f4c19726145f", "value": "768:PoiWiO031vpAPbrVWZK3XVGxm9XIQ9q3UEL5Il:Porm1vpALgUJMLS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698294303, "uuid": "0d3a9d11-6d5d-4684-b5d0-d23414ef00b6", "value": 33028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698294303, "uuid": "73582d4a-0388-4146-adb0-406d5d69a144", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294303, "uuid": "0e54a8b9-1ab9-4acd-ab76-b6a29a4fb425", "value": "3ac4e9cdb78e1f40ec7a1576e3c874eb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2126a06-73f5-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698321066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698321066, "uuid": "7246fe24-deb3-4a8a-9c33-d5e73db34011", "comment": "Malware payload (AgentTesla)", "value": "3f624d66d034cc0b47e1cc90f620293e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698321066, "uuid": "d909d3dc-b91f-473a-be33-ded98bed3e59", "comment": "Malware payload (AgentTesla)", "value": "a36f044f83511535a62d1187b10d5c92bf557cd07bf85f36519330c04712bb66", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698321066, "uuid": "ea7c531c-4b7d-4bb6-9061-27dd74b1aa65", "comment": "Malware payload (AgentTesla)", "value": "6dd1e425054ab1471676cee7860288cae2248507", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698321066, "uuid": "793d108f-4a9a-465b-8c05-e05a7423cc17", "comment": "Malware payload (AgentTesla)", "value": "adf8aff3145df8a97f51cdceca5a80bb458d8070a7841a1ecb202c285f692537eea52fdecdec81efda504e5c8d0e266b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698321066, "uuid": "2721db72-21ee-41d6-a6fe-e8ab27a343e6", "value": "T16D55F19536BDAF0BD63AB7F60950508507F5A0792272D70E6EEA70DB0E94B118F40F2B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698321066, "uuid": "cbbc1b24-69df-4f70-896b-8f83a1a18bfd", "value": "12288:tsxTA6q+YIItbIqt8qedaQ5ZmAhXRwIY2NKJGCkui1iDjUqO24XhvMsK6Ed3:yxs66btEM8d42Y+6/kKjGhEsgd3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698321066, "uuid": "26ecdbc5-e41e-46fb-b178-f8bd6d6972c5", "value": 1310720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698321066, "uuid": "d3dfdf54-464c-4140-af62-d6bbe377866d", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698321066, "uuid": "04d10a3f-5645-4120-af74-a7db995df4c8", "value": "SOA pdf.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90c3e466-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304152, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304152, "uuid": "47f97451-ec36-4650-80be-298f5a2c7c5e", "comment": "Malware payload (AgentTesla)", "value": "896114d835aaddc627cf851447ee9a0f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304152, "uuid": "a0b60dd5-bb98-41fa-be5b-935c1fc697cb", "comment": "Malware payload (AgentTesla)", "value": "a381014c0f854acf709f4d42ddaaeb88011059f961a0a999ea5ad538a3952739", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304152, "uuid": "d8483d40-6e6c-42fe-bb35-13b46bddd6a4", "comment": "Malware payload (AgentTesla)", "value": "7d8b7eff65623fd3297f9b2b501e0f9db39cd5a5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304152, "uuid": "3fb96604-2a81-43b7-8a46-1f9dc19d867f", "comment": "Malware payload (AgentTesla)", "value": "957d5905b6a73c9adb925730993bd31c284449043560f91231ba8bdf3569244d6f62e6e6d57049d4c1083fb0b4753dcf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304152, "uuid": "424e87a7-bdc4-4b50-ae32-7672998f69a6", "value": "T143D54907B64789B2C24B1737C6DB061403A6F7E17623D60A7D8F236A99033BA5A4D727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304152, "uuid": "43bb14a9-887a-49a5-9803-03136b3ed004", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304152, "uuid": "8e0c71ed-fdb3-4ae6-b050-0c1195c2daec", "value": "49152:ODkAOGC1pQ2t92dOebn4Xm2Bo0Yxp7aI9FCjcoBwO:qkd3838Xmwo0I9FDswO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304152, "uuid": "fe715bcd-df30-4fe4-8300-082b2d0dff84", "value": 2876416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304152, "uuid": "f58245cf-264f-4a60-a934-13921193298d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304152, "uuid": "397f127f-e681-462d-b831-af1bc293b783", "value": "Dekont.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4ee9285-7426-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698342035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342035, "uuid": "035bdc27-a92b-44bd-b10d-f1d979e992c8", "comment": "Malware payload (RecordBreaker)", "value": "5330d6ad632ea62b3751578adc66f069", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342035, "uuid": "42a80278-3c85-4bea-a221-fce2e2400198", "comment": "Malware payload (RecordBreaker)", "value": "a577b136f9102cec22df618b02c20adebf43bd506885c8a86caf283dfbe5b373", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342035, "uuid": "0907961a-d52e-4281-84df-e93723038e69", "comment": "Malware payload (RecordBreaker)", "value": "8818ee6f1738e2453d3da52821b6f34315e789b8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342035, "uuid": "0f4a3ec4-b8cf-4f1d-a226-6f80e3453901", "comment": "Malware payload (RecordBreaker)", "value": "71bd45a41583f19137b59935d355bb42789ffd62152dfcdf3213445d954272656158c613bf4a8b2bc05aa5c83bf6d598", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342035, "uuid": "e7d88718-7fc0-4f54-84d6-af0e0c95efa3", "value": "T1D7753301B7D5AA73D97017B009FB11830734B8A96E38C76A5264EC5E1D72381BDB27BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342035, "uuid": "fe944c1a-2c3f-481c-82f6-4bcc728cb142", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342035, "uuid": "4a13684f-b157-4340-b2f8-2defa9a788b8", "value": "49152:PEZ5seKjrSBiJh2zTKWtyd5qmj44wXgH8zk:cPlKjeBiJhUTKLR/w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698342035, "uuid": "bca8a4f5-bad6-4034-b26c-cacec04f2689", "value": 1628672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698342035, "uuid": "ed7fa16b-9bf2-43c1-a680-8d2871c96af3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342035, "uuid": "c7b4e6c0-1e5f-4563-b02c-89416ad0bc82", "value": "5330d6ad632ea62b3751578adc66f069.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91ce8f9f-73e7-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698314891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314891, "uuid": "8b4445de-dd0c-4067-b9a8-d03057276429", "comment": "Malware payload (AgentTesla)", "value": "ab81eb705416d5c34f3aec6c007d804b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314891, "uuid": "66a3c28e-606c-4209-9668-4f8fc55bc5e2", "comment": "Malware payload (AgentTesla)", "value": "a62ee1dc2a7f21028396db4832ba9ddf81a3a79773f72cbbb1c04dbb667dc67c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314891, "uuid": "ce431d69-195d-4d1c-9b9f-ea8c7fe8662c", "comment": "Malware payload (AgentTesla)", "value": "7f4d957e4363be555928fdb9f835348ac53f4316", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314891, "uuid": "d3e2ad9a-b63c-40bd-a569-7380d4a6b6e8", "comment": "Malware payload (AgentTesla)", "value": "6b43f844220ec7b386eb498a4357069b58fc575dec05e2048804ddeb4ad281768eefe0e8023e78c0d8211ec245a4bcb2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314891, "uuid": "02a6c930-6c19-4a85-adfc-0778579c10a5", "value": "T11CF433C8808D971CAD3299084B0EE4546B3D51C28048EF87A8BFDBB57B34599F9D26DF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314891, "uuid": "42eb3a29-a99b-4be7-9c3f-a64bbfdf03d1", "value": "12288:uJU8lVKo+qAL2KgF+EdprAigcbXwY3qssue1tthC43JYK7jISMVujDERX9JIvwvz:Otl83HZgcEbrAigcjBqPue17dYKvxIRT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698314891, "uuid": "7728b2de-d20a-4bbd-a4ee-8922ced709cb", "value": 783604, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698314891, "uuid": "c94d0ef4-184a-4b27-8663-6d9d626ff96d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314891, "uuid": "f8e1356e-5d3c-40f1-aa2f-6f474c3a8fc6", "value": "Euro 36280.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84bea67d-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1698304132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304132, "uuid": "fb8e52c8-256a-4bad-b75b-6f2d00445fc9", "comment": "Malware payload (SnakeKeylogger)", "value": "2c139eca98cd994f55965c4920d4e624", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304132, "uuid": "c624d18d-87a3-48a0-bc70-bc7f11c7e103", "comment": "Malware payload (SnakeKeylogger)", "value": "a6671738b34504c8d632137c698fe529f3db1f000a599675599e66ad1872f44c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304132, "uuid": "27be451b-6650-46c5-a8f9-fd1e76179f49", "comment": "Malware payload (SnakeKeylogger)", "value": "1cd3383e90581c5de61ce0ea80a882618bb18daa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304132, "uuid": "581b85d5-b97a-4278-83d3-172bebbfed6c", "comment": "Malware payload (SnakeKeylogger)", "value": "5245c757019845d8e39e21dd9baf017d80aa4779b3b8fd10d9e23239ff595316a36dec89b2e832474a02c440cd1df041", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304132, "uuid": "e87a0a4a-a6c9-444a-92c1-ce8dc39a5626", "value": "T117B412046AA85B13D4788FFD806160699BFAE35D65F1E75D5D82A2CC1C37FA8C82032F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304132, "uuid": "0679deb3-fa6b-4fbe-8b4e-878de9d633ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304132, "uuid": "9a1408b7-ce7e-4b0c-9daf-c1c4401cc350", "value": "12288:TqL9kNykyZo6RWduE6fXhsMlwrnnEK0VM04:mRkXyZcSmNX0h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304132, "uuid": "4d23fc5c-ffec-4fda-9eff-9e25ebb1149e", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304132, "uuid": "811edc56-edf5-42fe-b76e-92b0d03d0dff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304132, "uuid": "cb033e5c-41e6-41bd-80f5-2e2bca2140c8", "value": "DEKONT S_659332597_25.10.2023_25.10.2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3263c9d1-73e9-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698315590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315590, "uuid": "2621b8c8-d26e-4076-9bca-a3373d81cffb", "comment": "Malware payload (AgentTesla)", "value": "e20561072155e5bacb5b6a6910957c4d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315590, "uuid": "0da320b8-280b-4ebe-aa9a-af0fe8fe88fe", "comment": "Malware payload (AgentTesla)", "value": "a699e8053be34a65ff85609982987a379bfb3c349787b8b3c9e588f2b713eaef", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315590, "uuid": "3f5fc466-433f-48f3-a833-2642332ca7d1", "comment": "Malware payload (AgentTesla)", "value": "3b66c412a750e5c7f9261c6345dca98615c3b4d6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315590, "uuid": "0fa0c07f-5af7-49d7-bdda-d4ad733a128b", "comment": "Malware payload (AgentTesla)", "value": "6de951e24cdb9ef37b0f53cfb6f16d43de1b35032a4d33bc0b651181cbc45cf218b45c7caf0ecc421f80b39c305c9339", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315590, "uuid": "a3072080-2019-4409-974f-d1a6a1e5fa9c", "value": "T197D423E70855E8ED806D60B540AED4EF3B43D191A937E1AFB3EA766641F3D9C702E600", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315590, "uuid": "74693dae-74a5-4931-8722-745e09264e61", "value": "12288:0/mdjzLm+VYtqqf4bm4cVj8goXngukZiHYIJYwVGoImBywzsp7AkYoM0J:0+djzC+CtqqwKz18g8gukZiHYIw7mByT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698315590, "uuid": "df1f70f0-8817-47a9-9a77-797e2c511ecf", "value": 641504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698315590, "uuid": "b4ba07e0-3c36-45c1-b45b-49d260aada9a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315590, "uuid": "f7a060e3-83a3-47df-8808-e79d1a536479", "value": "SHIPPING ADVICE.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "447a90a0-742a-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698343538, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343538, "uuid": "0c0c8d65-e3a8-4dd1-af22-b2d9945914d5", "comment": "Malware payload (RedLineStealer)", "value": "bd0e1d539cf4fb629c481cc8be1672f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343538, "uuid": "cca309f4-7ac7-449f-b1d1-beb0a458c828", "comment": "Malware payload (RedLineStealer)", "value": "a75a9ded208e0de9a02823fd2d40b2163cb152869e67e5bfe08388204d7e6d6d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343538, "uuid": "420bf93f-9052-4931-8f2c-2c93d07acdf0", "comment": "Malware payload (RedLineStealer)", "value": "f79f1f705065c2659a04f4cbda422dbd261d5dd4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343538, "uuid": "cfe05490-a321-434c-be87-63cfab6446c7", "comment": "Malware payload (RedLineStealer)", "value": "8fa287d85f21e18419f821f8fe3ca720857343bbb1578886037cb0e7738d116e451f3d2b07d0c7df017a005124c5d2be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343538, "uuid": "1157a228-bafd-413a-94e6-5faaf66e5044", "value": "T159752302FFD96532E8E527327CF513C35B3A3A129E76259F2359691F88322851C6632F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343538, "uuid": "bac127e3-d4ff-491f-ab19-6a87da70148a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343538, "uuid": "fb32ec21-ed99-4b1a-baa6-fef82800f95f", "value": "24576:OyHkfO4qH0F8e8SUQVkw7r9YOWjSk0awVRcUeaVfqwzcLOGVK8dXDAMDia0:dHt50jFVkwn9pW2k0oUTAhAi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698343538, "uuid": "dd05fd90-2ed2-4bd8-b23d-95e2e9bf85ac", "value": 1620992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698343538, "uuid": "15b88b7c-75d3-44a4-80c1-94eaa8343261", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343538, "uuid": "5ca26656-0fc8-4b05-8be0-d199c32e82e0", "value": "bd0e1d539cf4fb629c481cc8be1672f5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ed6360a-73d1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698305330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305330, "uuid": "d39c574f-3c69-455f-a099-e361f0f2f141", "comment": "Malware payload (AgentTesla)", "value": "f4f539b4275b059e323c1e704908ef96", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305330, "uuid": "eee9037d-6460-47a8-930a-acf2bb703d5e", "comment": "Malware payload (AgentTesla)", "value": "a816a372413952d3ebe742e2a5be2d7f317cccd7209f1fee4ca08acff843c8c6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305330, "uuid": "b10ae989-40d6-4e73-a5db-569fa46f2cfa", "comment": "Malware payload (AgentTesla)", "value": "5dbdefc25c45c42cf2581b2163db679fbf62b11e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305330, "uuid": "8bfe8d4c-d2bc-4d7b-827b-a4f19ec0a33c", "comment": "Malware payload (AgentTesla)", "value": "20f67efd36688c8d501f3f4cd885f37bc4af37be37f8b12c0b6d170f11a1506febd4324ec9fe969169accbd824af03f7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305330, "uuid": "77b65d81-3d7c-4074-8e37-e9cbfaba16c2", "value": "T185558C50E2F1A64DE4DE9636AD70A3E462B278676732D34ACD00E655382C7D78EC07B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305330, "uuid": "6e22b132-d569-4a53-abe7-60b60a370fdf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305330, "uuid": "fae67591-da9a-4a48-b658-439f7dfcbf0a", "value": "24576:Ob+2txEbMNDFUNUe5UkrONJNK+W0jAurg/IOZrN/3LB+NLI+DPLX:fQNDFi56NjKujpKIOZJ/UDPLX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305330, "uuid": "3160fc9c-fb64-4558-beef-1534aa8b7f90", "value": 1316760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305330, "uuid": "a904c861-6db8-42dc-9766-aabf315015f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305330, "uuid": "2c1b4606-5f3b-4d76-93ac-278f4c2c35bd", "value": "Qk2hwwzOHq.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f63bf36-73f4-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698320470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320470, "uuid": "0a02d528-f7de-4212-b9af-12e0e2d220bc", "comment": "Malware payload (AgentTesla)", "value": "d02fb7bd68eeaf281c0627cdef653a2b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320470, "uuid": "6e38f512-5d2d-47c0-85d0-19e641552377", "comment": "Malware payload (AgentTesla)", "value": "a82089975707db44560ed2654b5686350cc59b1b4b81d40bb3c84105de1d7408", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320470, "uuid": "3b342e9e-0804-4455-b0e1-1f64a7ac385c", "comment": "Malware payload (AgentTesla)", "value": "f7afd2d1fc2e6f5f93687a4620849d644632ca68", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320470, "uuid": "1ce8f6e3-2175-4592-b606-3223805f3607", "comment": "Malware payload (AgentTesla)", "value": "4111ef78326c7c1c477d95e0ad608e1b7b6f317406b2f94f4a3f8222fb02591ac9fb769e2a94c1ec467046fd8b4206d4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320470, "uuid": "1dc89e23-0619-45a2-b7ce-58cecb641b8b", "value": "T171259DC0F259FC1FDD260D7248FA9C60C5A6EE6DE464C25E2C897A9920F6341109EF6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320470, "uuid": "7d7f0eac-5aea-413b-b5f6-a034b46c3830", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320470, "uuid": "9c87e371-ba3e-42fb-8d64-f5524486b855", "value": "24576:wakw44BUdvTG9hPiwMRtl3DHnQH8Ckm9Wo0l:watUdvC9hPiDtlzH88Czj0l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698320470, "uuid": "0a29bd3b-2c10-44a5-aede-a7bee63b364c", "value": 1008128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698320470, "uuid": "938ed123-8879-412c-859f-23c9e0d240df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320470, "uuid": "1f430d4c-b59a-43ba-9d7b-462c68939524", "value": "INVOICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18445376-73fc-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698323707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323707, "uuid": "d13f58d7-4ad7-45c6-8439-94538274ef37", "comment": "Malware payload (AgentTesla)", "value": "ca0cd4786f1dcce3d47fe242fb7addf2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323707, "uuid": "43a7bba4-7e47-44df-bb40-89ef9cf6782e", "comment": "Malware payload (AgentTesla)", "value": "a84cb115ccbfd1070da0d52da1f311f0e5bacfdab3df9b2568f13844aa04a8c4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323707, "uuid": "93c67da4-1e81-4cfc-b574-0191e78eef13", "comment": "Malware payload (AgentTesla)", "value": "53fcc23aed4aeb6f967c8c3909690c1bc511d5aa", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323707, "uuid": "d33c8fbe-c147-46f2-84e9-c9cdfbe39da7", "comment": "Malware payload (AgentTesla)", "value": "21ad7159b1760f4e967db96dfc7eb8ce35507d12fc350c1d41125ba6baa43639689a838fc1e3dfb4a23c8bcb7b6a51fc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323707, "uuid": "eaf64f55-a8e9-4c40-9582-3c929af59950", "value": "T19EF4334C4983829FC5E93CCEE1ED72066BC501E4B98D46FE3902DA81E9CCBB54ED56B4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323707, "uuid": "e12914f5-844c-4e87-a64e-e140afb40951", "value": "12288:GxzH/9MdisRQSZtMACmlPLugDDvy80N3WE0NQh8ZP5pocTIdLlpQx1umTqYpV7y2:Uj1MgXfZmljTDzy8m3WEKB5SBlpnAqYD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698323707, "uuid": "8db2f997-e5ea-4369-b028-64604ff91242", "value": 784077, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698323707, "uuid": "8c5b0cd4-c4ab-4e83-bca2-1c0a245b32f2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323707, "uuid": "651d8061-169c-49a5-ae9d-53a205c385c2", "value": "SOA SEP UPDATED.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e94931de-7422-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698340378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340378, "uuid": "d0a9186f-967a-4cc3-a049-8a41f0e379d1", "comment": "Malware payload (Amadey)", "value": "0cb304d875c0433a5ec674425ef46cc9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340378, "uuid": "d1de208d-623a-4082-b046-a3edbc07a78e", "comment": "Malware payload (Amadey)", "value": "a86d6cd6cba4a3dce4ad3fa2948f623831b181714dd945bbdde831f39229412d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340378, "uuid": "2e90dfb4-7808-4d94-b6cc-15b72543bc0b", "comment": "Malware payload (Amadey)", "value": "2507e6d30ea76e03c6457e58f90c609e00526e7b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340378, "uuid": "d53ce372-44c2-4c7b-aaf2-37cf835b40eb", "comment": "Malware payload (Amadey)", "value": "3c9774e5d5ce812e3194b03b4052605a9910951e77d6a4709e0834689216beb35e9f9f4057a3a1d7f8ee7e3aecb558e9", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340378, "uuid": "4d4c7d5c-e8fd-4d6c-a91b-393010406579", "value": "T14E752313A7E18432E4B26BB06CFA46838B3670F519B4579E3715314D1EB39C9A4B03AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340378, "uuid": "f3942b68-bae0-463d-9ec2-ee5c54d8630d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340378, "uuid": "620a358c-1bae-42a5-a247-a736fde61d17", "value": "24576:syfNFqLVnigFr8i+1D038q1B3d+8ogOerxe32cc29l0+zuMWVoVAQN7PDg5eoeHJ:bfqLVnv4D0jrQmK9lLzu9oPP84oe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698340378, "uuid": "d023428a-113f-4393-8f4b-d49ecfef073b", "value": 1631232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698340378, "uuid": "ddcf9be5-dd62-454c-b12f-845a1a3f5def", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340378, "uuid": "42764663-5614-465e-8261-a1c338ce5138", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73f77141-73d2-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698305822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305822, "uuid": "7eab6aec-d126-43e5-841a-84b13190a11a", "comment": "Malware payload (AgentTesla)", "value": "45a907732b4519deb6936f28abf5f094", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305822, "uuid": "7326ef3c-23d6-4d25-b39c-7caa4b64e6c0", "comment": "Malware payload (AgentTesla)", "value": "a9b613bd939be1d785b4b528ead8d92df9354c4dfa092022c3bca4094d76f5ba", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305822, "uuid": "f0e2cb12-f9e5-414d-98be-cd1feb804587", "comment": "Malware payload (AgentTesla)", "value": "4592d91cccc384562c30f9cc982338ca2db0994b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305822, "uuid": "0a61320b-dbaa-4ac7-a487-b8ce593ff7f2", "comment": "Malware payload (AgentTesla)", "value": "1ce39aef192bbe68fc7398d6088acad98f6c8c4c94fdf6605fcafc21629472d8be46fa6722733c4369e30fe3cbabde82", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305822, "uuid": "a87c108b-f87c-4ca3-971e-5aeeed5d8047", "value": "T18AD4230AF42587B3CC45E476EB3447D13BEA242147CD73D5AB9E3B418D7AA5430AB34A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305822, "uuid": "a307ff2f-1104-4f34-b024-43f233c2da41", "value": "12288:KZ4Ck3Scv6Gqn3WyukqrBRm2oVkKpnJyHFtCPv6vwTngivjP/Q/:k4KjV3gprB8HRuCnqw1Lo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305822, "uuid": "d8cd873d-4c15-4fc7-9fd3-d04810ef8a46", "value": 653996, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305822, "uuid": "ad5fe58d-8e68-4fc1-a025-bf90d7d24f5e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305822, "uuid": "6f7b2b3a-1760-4708-a5a6-9c271206e842", "value": "RFQ,xlsx.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "767c8545-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304108, "uuid": "5bff309f-37ad-4899-a5ef-ba61b5411b5a", "comment": "Malware payload (AgentTesla)", "value": "f368721b6608296f712a848fd9b12feb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304108, "uuid": "8d70b8c0-1faf-4d2d-affd-3c12a9735bce", "comment": "Malware payload (AgentTesla)", "value": "aa207b7d5be6d9709f7dca6aab3e191c13441828ae57288250e5ffcb9b5d679f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304108, "uuid": "54b9c750-ad93-439c-ab47-5249d9bfc340", "comment": "Malware payload (AgentTesla)", "value": "6d4fc4eabf6f2385eeecc2f56d9b441eded484e5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304108, "uuid": "721d104c-fd44-422a-b014-ea8c990e4ede", "comment": "Malware payload (AgentTesla)", "value": "0a17d08df1b64f6ee316a1f975c3471f72460e2bb8f6bc530fba493dc6f27e9ae32dca234173c4c2e74bb5761df69fb3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304108, "uuid": "ffd23b5a-0c1d-4deb-8a65-3d91cdd66f21", "value": "T1E8E4231759C5EEEAF74352F2700C5654DE703AB4A9C8A18D9C2FB491EC08EEE7D5E088", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304108, "uuid": "044b3902-bc26-43fb-8747-1a8d525f2816", "value": "12288:h4fnWV5tBa03Arb+T7BQmAMaCSFbxl+V3BQe9nKCvtNIsWTnwgPnE/PPY7BffuOh:mfeH5p7rAPp3l+R9XNfuEfafuOqUVf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304108, "uuid": "8203d49b-3b07-4391-8f41-1a8d9fd8898c", "value": 679902, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304108, "uuid": "1a66ac9c-cd24-4584-ad29-f385dd12393f", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304108, "uuid": "1ebb52aa-259a-477a-b429-0c52b2a72fbd", "value": "PR_241023.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f53e592a-73d9-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698309045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309045, "uuid": "0cd393d7-b02c-463f-ab19-874dd52ffb9a", "comment": "Malware payload (RedLineStealer)", "value": "d86816e976e8938f119f3ff64554846e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309045, "uuid": "25fbd32e-f4b4-45e5-819f-c00cebeef71d", "comment": "Malware payload (RedLineStealer)", "value": "aa23c8b6468593d23f9e186b7d377a6136a2cd6cf6ebe7e927101b36fe9bf22b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309045, "uuid": "95b7285f-dbe9-4ef5-a965-56a67a48d514", "comment": "Malware payload (RedLineStealer)", "value": "163270d239a2020c062a5628536d84f78f95e981", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309045, "uuid": "23c2c8d5-415c-4e32-9b09-0d2a201acd9b", "comment": "Malware payload (RedLineStealer)", "value": "e9c63d9022c5fc0d8d597051d7e98f77a3057451a6f800f14103b3b8180d74b7dda5c3a58f9233f1c18d5e2ef2824cd8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309045, "uuid": "32a9228e-e556-4ac2-b37f-e8b64a87080c", "value": "T11C648D15E9C3B431E7AA54B58058F6D06156BC6C0F4642B3E7CC02379B98FF6A235E8B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309045, "uuid": "436f74d3-8491-4cc5-a994-dfbe2a3c47a0", "value": "42dc4b97f00c0e49be924a48eec20081", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309045, "uuid": "893995e9-c981-4de4-9d8a-39aaef343009", "value": "3072:kbxlFS03aYxynslteuBD4XJLtZRe9Kx14m1ZDyluyGgWe:+3KnWteE4X51H1DFyGgWe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698309045, "uuid": "fb1172eb-f04d-475f-bdfa-ffe34ff321cb", "value": 325477, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698309045, "uuid": "29ab1f84-927c-48c5-85d2-c906dbb27685", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309045, "uuid": "f06ca2e6-4353-43b2-ac09-3a9e40e77cac", "value": "D86816E976E8938F119F3FF64554846E.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07357a8f-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698303921, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303921, "uuid": "0e6e2b3a-64f1-436f-bdcd-0123635dda29", "comment": "Malware payload (Formbook)", "value": "dcac0f0d4d21703b6a9a331da8c01e96", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303921, "uuid": "7a8bdff7-1847-423d-9df2-e1c07c07da63", "comment": "Malware payload (Formbook)", "value": "aac65be361846da8dcffed72adc62c23fa81ffb6b140862fe3bd24dbb0b5bada", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303921, "uuid": "cf618936-92c2-438e-ae51-7747103cfc0c", "comment": "Malware payload (Formbook)", "value": "aaa45053fb960e3b2d2b745709a21b6b7bf4e16c", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303921, "uuid": "2a2b6c05-4cc3-4b11-8e9a-52adcd88c4b1", "comment": "Malware payload (Formbook)", "value": "e5f996e4e6aec96d3dec6058ea3c5a88d858d160b36f0a9ce82bf0d35da23441002d411191a9b2117de4963a89d7d43a", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303921, "uuid": "59ffb35f-8ca3-45bd-9d49-2ba89b9a3e17", "value": "T170A4E1DDE75294E5EC2652B0283EDE77672B9C6E6858188519CB7E333C7208320369DF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303921, "uuid": "0259a4bd-148a-46ac-b11b-118a1113d9c7", "value": "b76363e9cb88bf9390860da8e50999d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303921, "uuid": "aac3fe3c-2afb-4461-be1a-99e53fec81f5", "value": "12288:PrcoMTI16yA0tEfaS5LvuaiyE6B87C+P6n:a01vEH5LmaZwC+P6n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303921, "uuid": "51431093-dbde-46e6-bcdf-39e20729d8fd", "value": 486086, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303921, "uuid": "50a1e2ff-1a08-4033-badc-93d19823cdd6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303921, "uuid": "ee5cb9ab-750a-44d4-8e88-7babca4e946a", "value": "DHL Expess Shipping Documents_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de4322cb-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698322321, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322321, "uuid": "c96bb28a-202b-42c1-92e5-c64c955ba8cb", "comment": "Malware payload", "value": "13d3b469cb8ddcf42adf266f2ad59f41", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322321, "uuid": "de0547d1-c442-4069-9ab8-0c4681495a3d", "comment": "Malware payload", "value": "ab59c7b993f0f742f47eeeda84d3b57d843ef78d7e92f8eca61c1f517623d9e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322321, "uuid": "a383be9e-9a54-4136-ab77-b691803cf448", "comment": "Malware payload", "value": "517e5970c7e3bcaf0b982a7bd8fff9e5178a6136", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322321, "uuid": "ae92cf79-3f86-496d-9a10-82dae6c46e5b", "comment": "Malware payload", "value": "430cca594106a7da768a1f2a91e4009a7881b4d2c67d96799a123a4b8eef9929d70634aa146439e74bb843cecf70890f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322321, "uuid": "83814b97-7d3a-4485-bd2f-1124011c541d", "value": "T18205F11132584A12C7E972759FA5C0B80BB08E1EA572E75D4CF9BC9F3AFEB830412657", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322321, "uuid": "c78b02e4-3ee8-409a-9e66-7706a6ba4e97", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322321, "uuid": "78ca1c5a-5178-413f-af7d-c8fb685a7b6f", "value": "12288:Gss8Yfc0cozdWAiRC7LIk1MU2+wXKaWU9twz20Rfxd02l0RVRTg4Snc:nYVFiKLB1MUO9SbxTlOV+9c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322321, "uuid": "35d79fa5-d856-4d18-a988-fa6492d55390", "value": 801792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322321, "uuid": "05406021-2b3a-44d4-a673-c7475362f3a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322321, "uuid": "192eb2f0-a0ee-439d-8f17-2aed73167f38", "value": "image001..exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a781520a-740c-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698330819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330819, "uuid": "93bd67a7-3db5-49c4-9b35-9abfa8e9ae0e", "comment": "Malware payload (AgentTesla)", "value": "3d8f07174d8d6a6ff3f6b1127edc185a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330819, "uuid": "d4e28d97-c363-4004-946e-abc405685359", "comment": "Malware payload (AgentTesla)", "value": "abb97eff12d659ac385103bc762dc25cf56c3dafee67fd6f1a4a5c2f2415218f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330819, "uuid": "560aaf39-3132-41f6-872c-b921a8c6e6e6", "comment": "Malware payload (AgentTesla)", "value": "ba57880b066b8ba28de1c4bf468b17da920d5a95", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698330819, "uuid": "6105b1d9-8989-4e7e-8a2c-caf5c3c38b66", "comment": "Malware payload (AgentTesla)", "value": "ca5cf00cb1b06f1cf965b120a8c41f5fac227bee0c5880cf9f6b34a2b0803292e376eac4be3989094d88e267002881ec", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330819, "uuid": "8b9bc24e-4a79-463b-8d4a-1cb3322bf2e9", "value": "T120A4239ADC7E4426B272A3F507C2158EF96031ACDD5B209ED9CAE175C1288CCD4B7C6B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330819, "uuid": "4495beb6-d95e-4b95-8e37-7167fdcd3abb", "value": "12288:TQv+imBMGwM6DoE8Dd4VBJZqG46bkMOhwR7DNDTHFUwn:TLXOGwfD75qG46bkMOORNXHvn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698330819, "uuid": "d6495271-38f4-4841-bdb3-7d11a7233dbb", "value": 465944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698330819, "uuid": "99781031-24f2-4af2-922d-865797c63e91", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698330819, "uuid": "b6c43145-b385-485c-9e51-072b94f7eff7", "value": "SOA SEP 2023.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1650f70a-73e9-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698315543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315543, "uuid": "3529af25-b00c-46b9-850d-1a115d2e0628", "comment": "Malware payload (AgentTesla)", "value": "fcb485c9d53c83cb17a6a8c5c88f0fc9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315543, "uuid": "b7495ea9-2eaa-464b-b730-cf2285f76769", "comment": "Malware payload (AgentTesla)", "value": "aec062a76f698f944b379f9ef7b38d6a08c93b048ac8b1849d8d8c22d1f76b76", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315543, "uuid": "57504c5e-282b-4408-bfb1-9ff9ea956e77", "comment": "Malware payload (AgentTesla)", "value": "4b8fe400148de44db0e529dacfed77f63d5b65b9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315543, "uuid": "2772a246-ca1a-43f4-ae48-9d396d001060", "comment": "Malware payload (AgentTesla)", "value": "eee494a07609df6edfef8940832afcd31d3764bba890146b37efec2f4f1f7d1ec5d91105bd3b27b914aa0a099afafbbc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315543, "uuid": "86d8f112-7a69-4e75-99a5-4546f26fbd23", "value": "T1D2F4F156363D2EA7CE3CA8F50851A98147FE993DA46AE3CC1DD260CF51DFBD24A40A07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315543, "uuid": "75739075-a968-4f68-aed5-ac85192963ca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315543, "uuid": "22fb707f-3a71-4c70-92ad-056ee58461ff", "value": "12288:U2ujsxTA6qDa8pLrHjBMdxoKy1uy1VmS15j:U8xs6pYLXBoOnVmS1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698315543, "uuid": "8259ec91-9b32-4a33-b251-4c71572c4340", "value": 752640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698315543, "uuid": "2fea3aab-ba9d-4b02-9ad5-3b0555ba1a3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315543, "uuid": "49d4f3e2-faed-4916-a0d1-81b8692461f0", "value": "Proforma Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2e44568-73bb-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698296129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296129, "uuid": "63f8cff2-34be-4b4d-9e73-ea5012a41447", "comment": "Malware payload (Stealc)", "value": "3d5435c4f051e447cfe96c0815876d66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296129, "uuid": "f948ca5b-a901-4e8a-98e0-3f02b5503185", "comment": "Malware payload (Stealc)", "value": "af63001bfd4ed850fb3bf50862ef7265a6822ffc20f6b24ed741975918c56f2c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296129, "uuid": "44a50289-ce91-4358-9a00-5312105b2728", "comment": "Malware payload (Stealc)", "value": "08efa1e45c564077b2a6d0871cb56f77a5c41418", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296129, "uuid": "e4eed6db-6a8d-456a-912a-e59d12b9ca59", "comment": "Malware payload (Stealc)", "value": "4c4994b9fcbfe682fd03b8777e237808d36ff34b28bb776e362ad44d2432400274f64d5b06dd6965b973647a3505522e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296129, "uuid": "4e21d894-ae69-4e58-8f92-b53313d972a5", "value": "T12404D022B7E0D072E1B785305A71C7B11E7B78325B66548F37882A7E0E707D06B7A366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296129, "uuid": "1cf087e9-612e-45c6-ab06-aa22cb43f5f1", "value": "3eb61bde6c067dec159cc6a0cbd631b3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296129, "uuid": "eba533dd-2587-4dc7-a5d5-a46d694bdacc", "value": "3072:3HBNIPZ+4nnN08i6fAwtKcUVhbW30WzS/XxKJosa61UnU/lBfG:xOPY6N08DfAwtKc8akWMzr61gU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698296129, "uuid": "ad0d0b79-585f-47d8-8eed-54272f2ff87a", "value": 184832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698296129, "uuid": "07e73b44-b807-4f65-835f-2b540b0f9248", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296129, "uuid": "78de3cb1-c375-4ba4-b600-74d85e5b3a38", "value": "3d5435c4f051e447cfe96c0815876d66.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe1c6b88-73ad-11ee-8907-42010a9c0042", "comment": "Malware payload (N-W0rm)", "timestamp": 1698290162, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698290162, "uuid": "36733028-e693-4e2c-a6be-bd29bd3bc82b", "comment": "Malware payload (N-W0rm)", "value": "4c3fc417059f4ddf02e1e101e3733772", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698290162, "uuid": "29e6f78a-e4e4-467c-950d-773569554d8e", "comment": "Malware payload (N-W0rm)", "value": "af7e762987ce1981eecaa9bdc73fb9941b34634c7e7d1ea0d9dc1f1b5b792413", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698290162, "uuid": "ecf9606e-d9ae-4463-b8b9-967f59cd0cbe", "comment": "Malware payload (N-W0rm)", "value": "b692b0973c272503cec2cb9ea64fb57d1b85e637", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698290162, "uuid": "d0b2c93b-f308-4ef5-976e-1e892c74a3c2", "comment": "Malware payload (N-W0rm)", "value": "53b71b5e30f990e633ca7dbb22420c08eb1ac0d46b1efff88bd8c6e690c8651eccb92e15fbf72595e1a1811d40a5f630", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698290162, "uuid": "a1e8d4b1-09ff-47ff-8016-1ca0ed8daaf7", "value": "T196158D2178C09176EDF320B787ECBA3586ADE4B0072915DF16D85BEED7616C13B32682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698290162, "uuid": "91f97468-382a-4a04-ade4-33f2bf3b6a2a", "value": "0827946c9a1e10fe2b73e3062ee67b37", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698290162, "uuid": "c979eb99-5145-485f-a3cc-bfadf642a2cb", "value": "12288:EgGRoRW829AM9cpSOkCmWQnU4oE0gCB4SFA9xVuZfTm6ZBsqYTxR:Egw829AocpSOkbHof1xm0DBsq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698290162, "uuid": "3301c999-63de-48d7-8c1c-6a21f86b5160", "value": 935936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698290162, "uuid": "f6a283e2-8f12-4af8-9907-fa05a91f1e6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698290162, "uuid": "0c7ead1b-d770-4db1-9651-1d596a625b93", "value": "4c3fc417059f4ddf02e1e101e3733772.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f6907f9-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698303962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303962, "uuid": "b99f8157-f6ef-4991-905c-548666cf73e9", "comment": "Malware payload (Formbook)", "value": "3749aa4d4ed598f83349135770589277", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303962, "uuid": "f2611444-e301-449a-a820-d8cb194dc43b", "comment": "Malware payload (Formbook)", "value": "b0366d707c7cf75499484fd1a09dc90b10742aa64b74925ce231366fbc12e866", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303962, "uuid": "e4e79ce2-c004-44d0-a4df-2801b6cfa323", "comment": "Malware payload (Formbook)", "value": "dcda76b9ea468534d0d96572a9da057c54325c16", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303962, "uuid": "eae0b5be-143d-4e74-980d-2f5559ac8e66", "comment": "Malware payload (Formbook)", "value": "36152780e39247b9641878c76c29337917f9023a2c7778b0c2d1e2ea642e2bfb02bcec1b3921cedc713a2c77e93be8f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303962, "uuid": "6b241f21-2c45-456f-af2c-ebf155842318", "value": "T14994CFDDE71194F5EC225271287DDE735A6BAC2E2858288925C77E333C72193703B98B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303962, "uuid": "377f7fc8-add2-4fb9-9ff4-9224f898dc5f", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303962, "uuid": "6a738404-09eb-44c7-90b2-3f72673f8dab", "value": "12288:hYGrcoShoElN87bfcdKFtX640OBs4mdEmgVO:hYzhdl+XfCYt7W44/7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303962, "uuid": "7950c292-433c-4fa1-88cf-77597bf48c4e", "value": 445951, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303962, "uuid": "4c6a0692-7996-44a5-b55b-a309f636b63c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303962, "uuid": "e11ba436-7a21-407b-a9ed-ef401ba5a24f", "value": "BL, AWB, CL,PL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d9841d6-73da-11ee-8907-42010a9c0042", "comment": "Malware payload (DarkGate)", "timestamp": 1698309274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309274, "uuid": "00974e6b-99f2-4cf6-9daa-c56df719d350", "comment": "Malware payload (DarkGate)", "value": "618eb8f17aad6b95e5989bc1e376406a", "object_relation": "md5", "Tag": [ { "name": "au3", "colour": "#BF8C9E", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309274, "uuid": "c935d360-5b0f-461a-9e97-11c2254f4693", "comment": "Malware payload (DarkGate)", "value": "b049b7e03749e7f0819f551ef809e63f8a69e38a0a70b697f8a5a82a792a1df9", "object_relation": "sha256", "Tag": [ { "name": "au3", "colour": "#BF8C9E", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309274, "uuid": "07c59a35-b75f-43e6-846d-15fd05ec16c6", "comment": "Malware payload (DarkGate)", "value": "23f005b38c089e7afbc01591d9e0780e2170a913", "object_relation": "sha1", "Tag": [ { "name": "au3", "colour": "#BF8C9E", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309274, "uuid": "599d9ade-050a-4b88-8cb6-9f5ac6426253", "comment": "Malware payload (DarkGate)", "value": "b3cadc183df5a34674d5386e7d21622949655171822025b50c70598e49eb67d8b6e2891f8e9e3bf15e52ddd86943ae67", "object_relation": "sha3-384", "Tag": [ { "name": "au3", "colour": "#BF8C9E", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309274, "uuid": "d56aaa43-5bcd-4a6c-8a52-4a88b0dc8a9f", "value": "T1ECF4B077EF81BA6FEEE2E8444645A7EA63D1B4D99B420D0F45702B4BC27CD4A1B4340E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309274, "uuid": "afa6713d-0c7e-4e9d-aa87-cf69d5410f67", "value": "12288:0lb99SEM9gA3BVVTvXuB0RyiDhDh4JAqt9AFwsUxw5TaTOge+:0BlM9gARNy4TWMywwu+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698309274, "uuid": "d843d6dd-092d-4811-bea6-b62e502a39a1", "value": 774502, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698309274, "uuid": "bfa63e78-073b-4f3b-a75d-ab34273b25a7", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309274, "uuid": "86b76809-1a84-4e25-acb2-2bc50a21b4d1", "value": "gDIeYy.au3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1b093ef-73a9-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698288289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288289, "uuid": "643d70f8-67a7-4fb7-b0ab-0a2c36cded87", "comment": "Malware payload (Mirai)", "value": "eff3fd02cca5e84f4de9e993eb0d1d97", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288289, "uuid": "d3d0d284-5665-4a7b-9b92-5cb50e7b9499", "comment": "Malware payload (Mirai)", "value": "b04bfe3a024b08e522b1eb368d3df25f66b674ea822c7552fde4fb90b9f6f3e1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288289, "uuid": "e531fb48-ec7e-49c6-b3e6-1d32aaec7de1", "comment": "Malware payload (Mirai)", "value": "66646ee79d7cef86ba203b7bf371e6577a5fd5c9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288289, "uuid": "26f7eb1f-d585-4ece-967a-8cce419aa69c", "comment": "Malware payload (Mirai)", "value": "7a8d49dd34e429b0c113de1dbfd405253e25f4d859f8c77499ae3711835edd9af52654decff26a05b21bc5d7f273a877", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288289, "uuid": "4c7ffd5f-c8de-48b9-89db-ebbc2711e883", "value": "T16B336C36E029DED0C6560234A4E88F751F03F1C883536EBB2AE546B2645396CFA19FF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288289, "uuid": "2318cfbb-c121-4679-8032-48445b429c22", "value": "768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698288289, "uuid": "d508d434-69c0-4eeb-9ce1-a82de832748c", "value": 50168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698288289, "uuid": "41a0b122-a840-44e8-b7b2-84e7026ef5a7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288289, "uuid": "53cb384b-5364-4afb-b686-c4aa7b216a6d", "value": "eff3fd02cca5e84f4de9e993eb0d1d97", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58f4e701-73f1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698319091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319091, "uuid": "41d5f7a5-6a07-448d-b46d-06087ad66d8f", "comment": "Malware payload (AgentTesla)", "value": "e03f37fd453c306541b6e0ef62aba1b9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319091, "uuid": "9828ca25-2776-400f-be31-e7dad9b90ed4", "comment": "Malware payload (AgentTesla)", "value": "b07eb87291fcde2b6c1aa482d49320cf45bdd9d80f8e5180665a95b693833c91", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319091, "uuid": "fe99fded-7959-475b-9bf6-c37b236396c7", "comment": "Malware payload (AgentTesla)", "value": "a05358e6d0c34456ffa366c5b93593e58b8855bc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319091, "uuid": "9741238b-250d-4d26-8d37-40ae42af03a0", "comment": "Malware payload (AgentTesla)", "value": "159a411e991f6580c58811e6323c72c3098406c11544b230c20ea3c4b731c33e65894124d177f5624e8ec70dc97a71be", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319091, "uuid": "9efeeabc-7670-44af-8f03-e392b298d033", "value": "T18DD42326413E95F264AF3F62B7A740C85A3E6C9D9269ED1781317BEC14244F32B18F72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319091, "uuid": "2b93991a-d9e0-45df-9550-4a59feed7072", "value": "12288:rsRYnFZNv2YDQVpNCdLua4Ye8BTFFMEJi8QmZxLkhWyFHSavhqwHb6VI91:rsmnFZt2FVHCd6eFWx8Qm3IhWy0avhDR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698319091, "uuid": "909cc97f-57d6-4b9d-8842-80ecc12e485d", "value": 650843, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698319091, "uuid": "0ba454b6-be96-4e02-aeda-8638222489f0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319091, "uuid": "1e9f2cd1-2944-4fc9-bc5c-413d04aae88e", "value": "revised order.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04f50668-73d1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698305206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305206, "uuid": "797aec2a-ac8c-4995-a7ce-a5e4fc8e480b", "comment": "Malware payload (AgentTesla)", "value": "3b866efe74ae6582f8de5efe07b5d522", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305206, "uuid": "9601b0e5-2a12-4480-b558-8d4946e1062f", "comment": "Malware payload (AgentTesla)", "value": "b0c69a6b44a363cf71a072e3519a0aac5bcc5e94ac56ba1a909c11bd8848b97f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305206, "uuid": "6b835227-a501-4698-81d0-24ad66fd5972", "comment": "Malware payload (AgentTesla)", "value": "6d87fb38639c7bcb7a3df73bef78c72c9a37db10", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305206, "uuid": "cc9688b5-ed49-46ad-b7b4-e4130782f137", "comment": "Malware payload (AgentTesla)", "value": "cea338850b89e2a164746e8e3907d7199504bb91690271a238b2ad1335b8619f1ef0afb04dcb21234053de3cdb9b6c86", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305206, "uuid": "bfd3b624-cf33-4d38-a363-d1b8ef405f83", "value": "T15A337CE1EA95161B0C4F27C9DC428D85C1BEA029163A5165FEE903CDA30B95CD3BEF1E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305206, "uuid": "4fdc867a-177a-42e3-98ac-9263ca5b855b", "value": "768:JVmvssOUiysED1FpWrMH/AKpBlUOgB8XU9406DCORIlEm9+mC3t6AiFj0:717XE3poMH/AKpBtgCUL6HSl5gmBFj0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305206, "uuid": "3b7d744c-64ca-4bbd-aa4d-d5d87b49c71e", "value": 53257, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305206, "uuid": "dc776a53-ecc5-484a-a905-285cba6bd8a5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305206, "uuid": "9d0d68ba-3f2b-4a00-a668-c776b15ecd89", "value": "RFQ20231026_Commercial list_pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2afefd8a-73de-11ee-8907-42010a9c0042", "comment": "Malware payload (LummaStealer)", "timestamp": 1698310853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310853, "uuid": "0ac775aa-6517-4ade-b766-8ae3c2b2b21c", "comment": "Malware payload (LummaStealer)", "value": "e28be07fcdb0f544539640b53723a2c8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310853, "uuid": "26d53170-aa10-4517-be66-ce2cbf0fd8eb", "comment": "Malware payload (LummaStealer)", "value": "b13aeb1c1ae1e1b9e7eb4df10398a9b703dd87ee73bfe6f3d2062f47c8f86b1f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310853, "uuid": "121664f9-ff04-4a62-ae0c-7cd94489deaf", "comment": "Malware payload (LummaStealer)", "value": "146404510e874dd17381464030dbf0c982dd264f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310853, "uuid": "3a3bd60c-d048-4640-a9fa-4f81f2043c30", "comment": "Malware payload (LummaStealer)", "value": "d50179ccbc3f7a989fd02775c4a27326f4e639e04e7b52c6be8dfa705c62d2e2103bd7463bf6390d91fd04b0b2f9be03", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310853, "uuid": "6e165218-1b34-4ab7-bad3-b68492802c92", "value": "T11FF62222B3819526E66250713A3CC67B69687C345B2491CBA3D87F5F3CB69C30672F1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310853, "uuid": "2b6ae3a1-eb41-4cc0-964f-3cfa0ebe7f84", "value": "413704d931dd90675c12a0afcdbdaa34", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310853, "uuid": "6692b2e8-0cba-43fb-ab37-1e6b4b49d684", "value": "393216:ppA6j3sruCcD1JugAbWHV1wgLVVFLXm7WH:ppA6MuCc/PAb2V6gRrf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698310853, "uuid": "25ede06d-09b8-4b73-9b4d-df1a0a60ff39", "value": 15394680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698310853, "uuid": "250a0fa2-1603-4e3c-855f-b5d8e9b33f91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310853, "uuid": "ceb1033e-ae60-4685-afeb-9badfd429d12", "value": "E28BE07FCDB0F544539640B53723A2C8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61ccfae1-73a3-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698285605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285605, "uuid": "b3ed8ba9-a53f-4c1d-9553-3588c0eddbab", "comment": "Malware payload (Mirai)", "value": "bdc468bdfe0b94b0b3c1e825c24e3289", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285605, "uuid": "fee64956-1993-4771-8742-1b690c78494a", "comment": "Malware payload (Mirai)", "value": "b2508c488abdf7c138bc4d7aacc3ba3b74e4dcc914b852dac9a4be3e985e57fa", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285605, "uuid": "7fe488a1-3aae-4d8e-86ad-7b92022ea553", "comment": "Malware payload (Mirai)", "value": "dfed2def136f6e3276087da329355051ca10f6a0", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285605, "uuid": "8271ad7f-e905-4012-9cea-52fca33c1049", "comment": "Malware payload (Mirai)", "value": "adacee9d97406ac3a77017014e63dbdb66999e1b181738ab168c278ab0bb62104463db4a9659f03adfb68f8649e7b3cb", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285605, "uuid": "baeed480-6adf-4a16-b405-9db11b5b7d4a", "value": "T141230271890ADEB124703C72DB95E383BAE11AB1C6673013D6290A382F757631E5BE4E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285605, "uuid": "0d9da77a-ab40-4c01-a7b9-23213690492f", "value": "768:D/TYCoIxdEk+AxoTZAZHFeq8b3KM9q3UELbUXfi6nVMQHI4vcGpvx:DECFd+A6YHAxKVLRQZx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698285605, "uuid": "d6e3cb1c-0b77-484f-b188-f26cc6f33955", "value": 46624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698285605, "uuid": "a9f344d9-0945-413b-9eea-5d0d4a3c1e1f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285605, "uuid": "0ea30c22-9fb0-4911-9d73-cdcaa4528fe9", "value": "boatnet.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d2eed08-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698303663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303663, "uuid": "7306e54e-682c-4a41-9556-2c9f005234c8", "comment": "Malware payload (GuLoader)", "value": "546ed7b13c6a5b77c3d8624729274677", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303663, "uuid": "52d1f862-3472-4c1d-a32b-77d68e739d53", "comment": "Malware payload (GuLoader)", "value": "b2541a66700257dce083e62d0a1910b1b673c70db7895c992f9d3f99f3d5c391", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303663, "uuid": "414105fb-2199-41c4-8c95-4cbe2afbf1b1", "comment": "Malware payload (GuLoader)", "value": "5db3ae08867063578d4571477da69cfa8b96467b", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303663, "uuid": "d18907b4-631f-409d-ae4f-86420fe0e172", "comment": "Malware payload (GuLoader)", "value": "ffe4e2f37d0fc87ac07dc85f16636ca3438a34e220d2b4576ec9a391dc0a935a8a3a4e9bb62a7bfe938493d45ca65387", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303663, "uuid": "19ff6234-f3fd-4fb0-a954-ced1468ea75f", "value": "T164737DB2DB64161E0D4F37EAED408C51C9BDC16A5926411AFEEE038E520B49CD3BFB19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303663, "uuid": "23cf0813-4b64-4fd3-9023-428c6f9bdbea", "value": "1536:FabOw8tBAH7itxJkrcTWSOCzu0sd336xxwjm8QkYhO:Yb34AbitDTWS1u0G3qxxwjm8QkYhO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303663, "uuid": "75a2b2ed-08af-412d-bfdb-91540d7e6d0b", "value": 75114, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303663, "uuid": "66bdfa9c-e6f2-408e-be26-aa56d1674822", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303663, "uuid": "45ed301c-a9c9-44e1-8ff3-44ee37adf7b4", "value": "TAS \u63a1\u8cfc\u8a02\u55ae.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30d2bb65-73d7-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698307856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307856, "uuid": "d0181e10-61e3-4d71-98e8-18b2e5cefc80", "comment": "Malware payload (RedLineStealer)", "value": "d7e32f7f2a9e9f6b2b131498eab9464c", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-hack123", "colour": "#1E39B7", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307856, "uuid": "ca638506-2096-4ea5-a3b1-4e10dc74f234", "comment": "Malware payload (RedLineStealer)", "value": "b26ab92f43815f8d10f634791d9052fbed62c4392629aeee0a65910dfd4c428f", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-hack123", "colour": "#1E39B7", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307856, "uuid": "cdeb7048-a628-41ff-8cc3-e7358c7bee53", "comment": "Malware payload (RedLineStealer)", "value": "44859f7ab36007c3949d1c9a6efe1424dc85d2bb", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-hack123", "colour": "#1E39B7", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307856, "uuid": "8feda0ad-0b09-4d2b-b454-e262d7e6c972", "comment": "Malware payload (RedLineStealer)", "value": "10119d6930c5f6a57296bd7cdc22b428ed7fe9e608009f083d2579b4d73eabf594e15257ac0d04e7a6e4b4398506f14f", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-hack123", "colour": "#1E39B7", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307856, "uuid": "7648e6a1-7ae8-4fca-a8a4-b084642f914a", "value": "T14DD4238E7CA5ED2E33F94A34D35F42DA65766583C47639629C64820023E5FFEC2DA027", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307856, "uuid": "2d1caa33-d4ca-4906-9c0c-84daa2d98505", "value": "12288:nlx5ogvikcZerG008VlTOQ8lWI9orMGgrrV7ztFaeGyk7E+w4gJ2XC5UOP:VDC//aIbWmeMGglnVbko4y5UE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307856, "uuid": "d9a5a7dc-3393-4c52-9dd1-fd75ab397eeb", "value": 625758, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307856, "uuid": "a008f226-c8bd-4c90-a270-9c495108ca83", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307856, "uuid": "42ff33d1-10b1-4a17-bdb9-c9cb2295bdee", "value": "Hack setup injector.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bfb9857-7449-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698356972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356972, "uuid": "24045e8d-e010-4d94-9166-a1b9822350b6", "comment": "Malware payload (Mirai)", "value": "78409b4f2122dc3a3262660a48cf12aa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356972, "uuid": "d3a362c9-6ffa-45d9-b5c5-93a32e6a43f4", "comment": "Malware payload (Mirai)", "value": "b2b385fe319ae3a2f61f6c2eeed090d19bd6df791dba7e9622bd23b3c7710fe5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356972, "uuid": "52f64571-07f2-4da8-82d7-acdff59483a1", "comment": "Malware payload (Mirai)", "value": "c2db0cd77f8be306622258a3216e7267bd21bf8e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356972, "uuid": "74c47c89-29f3-443e-bf2b-d84ca8e9284b", "comment": "Malware payload (Mirai)", "value": "a1f5deb3ca3a3983dcbe676299800a7b4ebe23752497080555e3d27f802805259f24d6a8951712973b6342060a8d2bdb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356972, "uuid": "e85f3b78-a0c4-4fd3-8320-a0cf86390ab6", "value": "T111535D95B400AE7CF85BEEBA81924E09FA21336055630F27B767FD83AC720979C16D46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356972, "uuid": "3f1956a9-2a15-4d02-951f-49354644613d", "value": "1536:8/TrjtY7Z5trXOJGaVG++t+YlQaYf+ByTVj8e7:8O5tabVZ+QGzyRR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356972, "uuid": "3f86cc59-5972-4dea-b92d-56bdd1ded113", "value": 63284, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356972, "uuid": "8e00b9cd-efaf-44d9-ae41-a3acf3a88f8a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356972, "uuid": "d2311931-28f5-4a31-a23c-ed777bcb1ab2", "value": "78409b4f2122dc3a3262660a48cf12aa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93803bf8-7449-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698356985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356985, "uuid": "5ab52aa6-3944-4d71-9f76-fc74cf5bfc74", "comment": "Malware payload", "value": "4e5c5afc49ac189b0dc7fbf68a6bfe0d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356985, "uuid": "88eb67f8-ba54-43e6-aa99-6284f735603b", "comment": "Malware payload", "value": "b316456316da0635d45dd6380c9c9f4eb7f665109dbcd506223e692c3412ab2a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356985, "uuid": "d6bd65e6-36d0-4c7a-ab26-79f9e6826a24", "comment": "Malware payload", "value": "04d373823dec4c0d046238ba094e467a530eefe2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356985, "uuid": "90749d87-0c99-420e-abc9-ecc0a9995d29", "comment": "Malware payload", "value": "380d2dcd65e13a2858069b59644d62868e6f2eaaac08fb4d1fbb8dd0365ceddfb525eaacac4bca600af0bd66d95363fa", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356985, "uuid": "7f298682-88db-4aef-901f-a557e2c6c3fc", "value": "T17AE2E14DE59DF199EFEE2C71941B27086847A0D032774F8E8B2A4C549337E9B38D8CA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356985, "uuid": "b38140b1-af5f-4380-970a-5b172bc02f69", "value": "384:sfbRSztpRq9zl1LlTXMGy6LxRXmzE7KV9A88pMTfhqvbLGPUMprTvPQsxLRWGVCb:GkzjY9zlXrxfwYmf8pDvbOTpPQ+WMG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356985, "uuid": "270700a4-f78d-4cd2-8404-fa7639674101", "value": 31344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356985, "uuid": "5a1c39d0-4408-4f69-8a37-6c57a018104c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356985, "uuid": "18d7ef1b-89b9-4ba3-8b03-c99e2ca2a32e", "value": "4e5c5afc49ac189b0dc7fbf68a6bfe0d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23265c83-73e1-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698312128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312128, "uuid": "a992513e-ed5d-49d3-ad38-660200fdb00d", "comment": "Malware payload", "value": "d6edb62a6a398afda242f96834d0e199", "object_relation": "md5", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312128, "uuid": "c2cbca82-8162-47fa-bd6a-1c1409d75c36", "comment": "Malware payload", "value": "b33b594b66841e5852e2806741af2952539af5f54b3f92473ee3743db000b37f", "object_relation": "sha256", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312128, "uuid": "12099ed7-97e3-45e0-8090-3fbcd2277272", "comment": "Malware payload", "value": "4dbdb737978388c8a9b466ee61f4401fa7f55107", "object_relation": "sha1", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698312128, "uuid": "cd9fb482-ca8a-4a12-bf1f-603d1a051c46", "comment": "Malware payload", "value": "35e161ba25509dd5f0ce1cb1b32509aaf76f4255ab58ae486232a0c2615d977223e3298946a86f145e812ae6221cb358", "object_relation": "sha3-384", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312128, "uuid": "cde7e602-d85f-402c-a9b8-2f2a035c7e35", "value": "T14E96F103B69789FAC149173BC5DB043407A4D7A1632BD61A398F336A4943FBA9F48727", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312128, "uuid": "062a9f25-ecee-4bee-a385-a1b2ccf16a3b", "value": "196608:7Vsp3C2Khm/rzMBkhmE10FVH0m3Y+aZ6jF0t15Xy:xsp3Cj2JQf3Ts6By7y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698312128, "uuid": "2be88dc5-2d88-4343-82ab-9b13f80a0649", "value": 8891904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698312128, "uuid": "4ed2055a-3884-489e-bec4-ac1a6e965a41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698312128, "uuid": "4b47eb91-c0b1-4981-95d7-6760790763ff", "value": "smallscientist.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f6c84b1-7402-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698326322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326322, "uuid": "23aecb76-ed44-459b-8ff3-6bba03702a45", "comment": "Malware payload (RemcosRAT)", "value": "b2fe2833b916d968ac2bf08e955e0ceb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326322, "uuid": "26259f95-3c61-4dab-9e29-db4abda14ef6", "comment": "Malware payload (RemcosRAT)", "value": "b33f1430088ad3c77a02a36d407b8928b2dfe9ffb03a6c62e43845e086926eb9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326322, "uuid": "1873bffa-b1d0-4d01-9d58-9add09e25431", "comment": "Malware payload (RemcosRAT)", "value": "5f390ab63a23dcd12ae36646a873987ecde576ef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326322, "uuid": "e5ca7338-e389-4003-9864-c8f0c83b8238", "comment": "Malware payload (RemcosRAT)", "value": "289bf2cff588ca9bf7aaaaa081314931881bc04ba8ec569f1832b3968c437297cca5593b8c2833d13d816319cbd936d6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326322, "uuid": "5a3bf3d2-b9e1-4722-a726-21dc2b22c96e", "value": "T1DB652340B1E8C1E3E5764AB2EC939BF218E5FC1CD096499F37693F19B871382142FA56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326322, "uuid": "8b79afc8-4e19-4846-aced-cd966f55966b", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326322, "uuid": "64048b21-82f0-4860-a920-35c1d62cbb72", "value": "24576:1Mmsez9ybZSzQkmJMG7erO+VGxWCQ2VScaOyA2GOxtefI7CC4Q9L7YR011f5OpA9:1MmYLdor+xQvJzAWeg94mBSgZGaD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698326322, "uuid": "acbd4061-ddb0-4ee6-b877-9e210e0a2884", "value": 1535414, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698326322, "uuid": "5858e2f1-ce4d-482f-872d-af24fc79a5fe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326322, "uuid": "7c895874-e951-41b0-a63a-97fc3921a5d6", "value": "qoute_pdf.com.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd1a2bc0-7392-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698278483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698278483, "uuid": "9abf7d02-9f4a-42f5-903b-dadbc6632f75", "comment": "Malware payload (Stealc)", "value": "c75984f447ad4549ea21ead79445613f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698278483, "uuid": "f51cc791-6676-416c-b34e-b377e9b3a985", "comment": "Malware payload (Stealc)", "value": "b3c7f502503d3102ecfa6f2145573ab851947dd3f2bdfd42fefab38947837dcd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698278483, "uuid": "214f25bc-7d89-405f-b108-0a3fba660e48", "comment": "Malware payload (Stealc)", "value": "aac5f1d27ae395ffa041be5fcde218259a3d7588", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698278483, "uuid": "13db5174-da66-4b82-b565-3b786cb3852b", "comment": "Malware payload (Stealc)", "value": "be78475f6125a6f64a1fc4086c0a259c8dbbc1df559b666a9ebb6b3c27c86eb064f21d07bb246be8a63bc70a94f1adc6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698278483, "uuid": "0e8f5f84-36e5-4f67-bac9-1fe43a128675", "value": "T1D8548E839AF1BC95D9264A728E2EE6F8371DF5608F197766221ADB1F04F1072C273B11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698278483, "uuid": "7a20f420-f007-42c0-8713-8995296e2ef5", "value": "72431b3d5f73f874ee133ab82d8797d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698278483, "uuid": "4c29f3ce-5fd1-4d0d-ae22-efcb94540838", "value": "3072:mVXH8c4u6anKy/LUjesYjKcx82nuJwN75aDRFtz5QoOb0R:uH8c4zaKy/LceLWcx8tO21P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698278483, "uuid": "f1d6ba41-8a66-4b0b-8c8b-69f6f5ef5ec1", "value": 291328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698278483, "uuid": "9817c3ff-eebf-4dd1-bb65-1a00d56b2569", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698278483, "uuid": "85189a52-4bda-4323-b17a-e4a7f428d48a", "value": "c75984f447ad4549ea21ead79445613f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89fbb209-7402-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698326474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326474, "uuid": "43d35483-b8f8-41c3-84d3-f78c9b4b122a", "comment": "Malware payload (AgentTesla)", "value": "04e115cda9bdfc7e4f9a740cadb75efe", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326474, "uuid": "16f1da46-cfb1-4f60-8921-c5dc63500355", "comment": "Malware payload (AgentTesla)", "value": "b44bca9b588cf27840935c35b0154ac96aa6276a2c155447e963209175b03c54", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326474, "uuid": "6a482c8f-5584-4303-a72b-eab27f908310", "comment": "Malware payload (AgentTesla)", "value": "ee214e64e150edf0cd86aae3c5d014806f1252c0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326474, "uuid": "c55ca9b2-eb85-4ddc-a0e7-3e3524c98eaf", "comment": "Malware payload (AgentTesla)", "value": "5dde6ed22d6f06bd8bb0c1c2ed5e0694d3bf902374efe61db9aa5d4e87c86036e4f429fde7d468c4b7bf4c43c66ad8f0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326474, "uuid": "a8dbafc6-287b-4d68-910c-8203b4c664e8", "value": "T176251202BAC1C8B2C06218365B7A7B25593DBD206F65CEDF7394191EEE716C1C732762", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326474, "uuid": "7acf0575-49bc-4d1f-94b8-dcea9b5fde65", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326474, "uuid": "9ec1ba8d-ce34-414e-9a29-d1a4373f82ea", "value": "24576:zTbBv5rUJR1kYDn6+ezOdF8eyojUZfpaOKUSdQYvY:tBMRSswOdyhochKzPvY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698326474, "uuid": "f50a752b-9615-402d-9908-0ed3044ffbb1", "value": 1023090, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698326474, "uuid": "1a1c4c64-96be-4bbc-97ff-bfc2e59e0b6d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326474, "uuid": "677b8556-edc2-48ef-8fdf-4fd4eddcd8d1", "value": "image004.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2a78c1f-73f4-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698320557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320557, "uuid": "d4540ff3-dae9-4097-a6ec-4c2a01ae4ebf", "comment": "Malware payload (AgentTesla)", "value": "8f37442ca994a4c67df8ee32dff6b23c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320557, "uuid": "672f1f1f-339f-4dcd-a5b2-68e5187cafa6", "comment": "Malware payload (AgentTesla)", "value": "b4767cd4df0a02cd80c4a2ee02aab7ba8f397b7b4ab82be6b9a7da018057e65e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320557, "uuid": "b5f79040-f993-4e95-9d4d-d760e0118d3a", "comment": "Malware payload (AgentTesla)", "value": "acfc9e5728a8343f5b7854dddfe95634caafb1df", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698320557, "uuid": "adc86361-2638-4c74-bbca-50a598e5ba1c", "comment": "Malware payload (AgentTesla)", "value": "ba3d90306f626882a9a417f0b83571ab4e452d61de9f2e7e46eb2dadf13f19c4eda26c4c2ddfa3b3842f91b4e0e61963", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320557, "uuid": "1af76953-d9d0-4f4b-896d-373faff402b2", "value": "T1DE05F15075AAAE09C33B6EB3494351448BF1953AB931E3C72DC534DA64AEFC84B81B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320557, "uuid": "220d0963-81aa-45ee-b04e-555ea5a3c64d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320557, "uuid": "1332267c-58cc-47f4-9594-acdd8d06d736", "value": "24576:txWTLmV5L4BcADAtkTFxXjvIy/nq8wmDnqLqDTNc38H55Xqfq7/r9zJpQ:txWTLmV5L4KADAKTFxXjvIy/nHDqLiCl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698320557, "uuid": "5d6a33b7-a511-465c-88c5-28025bdb3d2c", "value": 850432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698320557, "uuid": "41c21d5d-6f7c-477c-ab49-a77b25ddfa38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698320557, "uuid": "d2c7add6-6e8d-40ae-9837-caf1fcc68e1f", "value": "Shipping Documents,xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "784e09bf-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698303681, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303681, "uuid": "89351a11-95c2-4e89-9c2b-6e7cda018beb", "comment": "Malware payload (AgentTesla)", "value": "323b78ff1109841524174881f53b4da5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303681, "uuid": "b96db4f0-f33d-499f-8b76-84cc67921da4", "comment": "Malware payload (AgentTesla)", "value": "b48c5567541f43fca98fec09eac1bf9bbd9abb6a3e26bf1e127cab9795e8ab8a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303681, "uuid": "6363cb29-da99-4a73-8df2-c9bdfd5a3770", "comment": "Malware payload (AgentTesla)", "value": "2da6a1a4c7a7010ca4a76db0a5978adc3bf5e3e0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303681, "uuid": "97beaad2-7ce4-48ab-a22f-788396f9a333", "comment": "Malware payload (AgentTesla)", "value": "bca50fb4e52e651ced77e0195d771d220a8db583097a49ed1cbcb1dc90607e9347be80103903ec86dd4cb0c77892b22c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303681, "uuid": "7c6811ac-dbb7-41a9-9bbf-e7223b30b4c8", "value": "T1D9336BA1FA94061B4D4B2BD9ED424D81C2BDC0191A3651A5FEED43CD920BEDC83BFB19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303681, "uuid": "86f3b2b1-3888-4760-80cc-0fd5c4bb8109", "value": "768:GVOvkbWViysmD1F0Wu2rUiwE99J/gUAK65WF401i0cA6EgjC3t6AiFj0:8ZjXm30h2rUi19J/0hWT1j6NjBFj0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303681, "uuid": "97933876-1a75-408f-9d5e-6a4a30c691d8", "value": 53438, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303681, "uuid": "c5289c99-286f-4ca0-9e88-c754e4953809", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303681, "uuid": "6366a9eb-513c-405f-b089-ce98641746c8", "value": "PEDIDO ORSA.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2985e445-73a3-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698285510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285510, "uuid": "32043643-02d1-4a96-a132-12e4a4eb81c5", "comment": "Malware payload (Mirai)", "value": "1e31dea93844a45b8f3ad255b54ff2cc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285510, "uuid": "04a8e442-3bd4-4fd4-b409-667e65a89dc5", "comment": "Malware payload (Mirai)", "value": "b51a5dc9ed9794e9720f82af84545d356587f92c615ce5cb07f65c2c4e5de970", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285510, "uuid": "25c303fa-2906-4624-910b-9ae597fda534", "comment": "Malware payload (Mirai)", "value": "33695ceabf3ae155f43ad79cd16eacbc350d607e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285510, "uuid": "8410fb94-2307-406f-9d57-15cfbb7fde66", "comment": "Malware payload (Mirai)", "value": "5ecc323eb37b8b36611e358a5dab2abc5e8536147d15661a9d2a52fb74eb8296f44ccbef79e6cc10668fb9b9fc41b784", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285510, "uuid": "9f657932-39fc-448c-9941-1f56f4e5b639", "value": "T11C732915B87A2E17C0E4927E12FB8615F2F6330E1470862D3D790F8EFF64684A90A277", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285510, "uuid": "c1408e2d-c54b-497f-bc78-5e07df77107e", "value": "768:Z7ROahnu+oRA44ju9dTHZsZTWYGtSFIO0ZLBXRW4W53dP58iPRunXYLt1rpz/xmT:pcku+M4i9ZarQEVD4prLJTEu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698285510, "uuid": "5ce49ae7-fb58-4529-b367-437be52d5d9f", "value": 75104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698285510, "uuid": "3bb47b6f-6427-4959-9f7d-63ed380041d8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285510, "uuid": "5fcc0f28-dc5b-4773-a379-6817369ffb86", "value": "1e31dea93844a45b8f3ad255b54ff2cc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2bc96a8-740d-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698331240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331240, "uuid": "d97c6081-b14c-4262-9f15-4fb5e775f4c0", "comment": "Malware payload (AgentTesla)", "value": "9393246478b418b4b6469be344db6bf9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331240, "uuid": "407ce84b-aa56-4f96-94e8-ab9f3692343e", "comment": "Malware payload (AgentTesla)", "value": "b52b7112d865eff7a8b7620b5b735b356f9eb8a789b14afcd66be1760e4270db", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331240, "uuid": "91a3f841-9268-4134-b387-033922eaec8c", "comment": "Malware payload (AgentTesla)", "value": "fd73315bc61a4ef951922a3042be3824de7be17b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331240, "uuid": "79253b22-737c-4aca-b9da-05813efd9060", "comment": "Malware payload (AgentTesla)", "value": "4ac99dd0b0b7d45ba9b80b5ff8b22a04eb85e7e2749938d70cac231531c4b4653740e9fd7b6f0089e422bc792ffde471", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698331240, "uuid": "5fe156ef-3696-409f-94b1-6cc788317e54", "value": "T16FD4126032B92725E2BA4FF8D8F8115097B67519BE71D28C4DDE20DE02A3F15C762B1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698331240, "uuid": "e415a5c1-eeea-430d-9150-3cc850a1310f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698331240, "uuid": "8496efe0-083d-4b77-93e6-082281dc4d24", "value": "12288:RGkNcC4zYvbdmBnDpeTNn/mzPrdwlEuEYsexPCk/:0kNcCqYvbdiDp+nYOEu0cag", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698331240, "uuid": "6d223257-f60c-479c-815d-a5151b2ea549", "value": 642560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698331240, "uuid": "6915e46a-58c5-48af-bd0d-9e7e97087ab4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698331240, "uuid": "ec71556f-8080-4df7-ad53-505372a4352c", "value": "Purchase Order,pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ae6caf8-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698303686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303686, "uuid": "4474e148-ab50-445e-825b-4c11a9b1c646", "comment": "Malware payload (RemcosRAT)", "value": "91192904788702d6692ef01f9a6d8989", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303686, "uuid": "e7607d0f-74c1-4d2c-8993-7ba63789d5b4", "comment": "Malware payload (RemcosRAT)", "value": "b632a2ab492dbe0f71c18cab99b61bded82cbb66696f2d30c9bc354605ebb136", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303686, "uuid": "7c92c3a3-53f3-4e25-9775-e953124fda47", "comment": "Malware payload (RemcosRAT)", "value": "14f1f98a04b6eb9c3d22a522dc72cbf3221d00d6", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303686, "uuid": "e35c202e-b7fb-4ee2-8163-548c56f102e1", "comment": "Malware payload (RemcosRAT)", "value": "0624a9438eac2e18d6b0f729aa672662a2129ab03479fe204dc260d551a08ae9983e4572d856e7730094eb1afca75cf7", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303686, "uuid": "f6b1e818-a90d-428e-805a-795a7f9e0a04", "value": "T18D736DA2DB69161E0D4F37DAEC408941C9BCC12A5A274119FEEE078E520B59CD3FE71E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303686, "uuid": "2d535e50-dcb6-4217-af5b-839d397cbe2f", "value": "1536:fabO/mdBAdZ1tuJErgT2nOCzFx7zDiPWBvkkhO:Sbi2A31tAT2n1Fx3DOWBvkkhO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303686, "uuid": "d15dc38f-370a-4f17-a9cb-f28fc4b0063c", "value": 74548, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303686, "uuid": "385a7876-dc55-408d-b177-4ee5b9539400", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303686, "uuid": "5bff4995-7ea6-45af-b1cb-d7836a41cdbe", "value": "BTSR000166442.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0bc5e17-73b2-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698292207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292207, "uuid": "7113a1f3-981f-421b-aa9b-ca03730f411d", "comment": "Malware payload (Mirai)", "value": "058c79abbd70fce6b1b441edb3e079b1", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292207, "uuid": "dd7041dd-d432-4a22-a217-e4f4472d86cd", "comment": "Malware payload (Mirai)", "value": "b6a5f4cc6e65ea5bd482cf7877757be9bcd4e6491710c64111ea3bdfe8d619fd", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292207, "uuid": "88ff81bc-484a-4426-997b-0f8cbfc56b09", "comment": "Malware payload (Mirai)", "value": "396a287b50949cff1af75c880ec7079eb887b3f0", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292207, "uuid": "ffc83687-414a-438d-bc56-89b4d43e7d83", "comment": "Malware payload (Mirai)", "value": "34a38f45182ef743d5be41037ce22d8fc76e2f8df2804e19d463636c78f6cf5a2a4fe6184ca0691ecb47c892a9d874ea", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292207, "uuid": "47c621ed-8fbe-45c5-a233-26547a7e6b4f", "value": "T137C2E1E53E7B799BDE35003D3899CE329670E026C7ABA6539240920C20071BDB7328ED", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292207, "uuid": "4724621f-817e-4197-bec6-b66f470c7501", "value": "384:MG1DMwk8JPyG3GDZaEXVZVBy6HInRiWLRYh4Sw4cGJYeRzOFGBzd8Qec4w8EeRIt:HMwoDZLFbBy6HQHRYfeAxdd81c4L0Nv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698292207, "uuid": "b11c116f-bcdb-4e9c-8be2-44a8e6d62aad", "value": 28056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698292207, "uuid": "61ca3e24-585c-4e4b-bb86-caf5538f7ab6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292207, "uuid": "13a6bde7-4c55-4c91-9ff2-ea9c66eab354", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69e5671e-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304087, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304087, "uuid": "4b953a5a-92ad-4bb3-a44f-77499c5aa011", "comment": "Malware payload (AgentTesla)", "value": "fe424ece0f7b342fd752044f85f3e792", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304087, "uuid": "4700ecba-bbc0-45a9-b0fb-1991e6bf1e18", "comment": "Malware payload (AgentTesla)", "value": "b6ef73630806c65abf0ae430283ffe47dd528d4b9a56a3bef869b6cc18d2d920", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304087, "uuid": "c26d84ad-aefd-4e21-9556-dd1f15fbe2e5", "comment": "Malware payload (AgentTesla)", "value": "531eee8fc3c84e69fe9d3fb2ea196ff74b78c2cf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304087, "uuid": "405e291f-68bc-4400-9268-1d50aa321245", "comment": "Malware payload (AgentTesla)", "value": "f43859f8b941823594795c444ddb298e24cf10fbb6a75f6b11832241494db836a03a055ae7a611a1e4fd36bd70d60e18", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304087, "uuid": "9fb99845-4f53-4a81-8c18-32c451bf6d3c", "value": "T124D4238AD86B54EB9EB01135F0D96E97C09C9AC0C7C3220B19768C5CC67BEC965A770F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304087, "uuid": "c52c5b20-ec2a-42f3-927a-00754015c890", "value": "12288:nUIS7tw4IHonMP4sa61OmSnAZuz7hMxyBs5WitOAt5RXSmBb2sfD:X4IHqMP3jOLW8VMx1HVtXXSy2sfD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304087, "uuid": "251a9d11-146a-4c27-860c-cb800fafbbb0", "value": 606348, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304087, "uuid": "cfcd4b5d-dc23-4467-a65f-44d50d47ab5c", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304087, "uuid": "22f9ba7b-b9b9-4a4c-8513-dd32ab6eaa9c", "value": "Orden de Compra...xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa256f2c-7424-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698341131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341131, "uuid": "c5619b0b-207a-46f7-bb52-7cb445191add", "comment": "Malware payload (RecordBreaker)", "value": "a929de25b0a2f7c4d2833cf1caa9b269", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341131, "uuid": "c4a98cf0-4ffb-46fb-99ba-65525277aa75", "comment": "Malware payload (RecordBreaker)", "value": "b8b11519c16b53afd85061d74baef7f8809644639d75845a196eaf7522415b93", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341131, "uuid": "5e70f9d2-933a-4449-acd7-9c516e890d8c", "comment": "Malware payload (RecordBreaker)", "value": "13c57b1c6a62cf2579ec7d8ba68efcea51805600", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341131, "uuid": "267e9009-456f-4e6a-863c-dc322b7ea303", "comment": "Malware payload (RecordBreaker)", "value": "8fb849884d5c5a4f3c2f606763a47cfc7b564b8cafaadb8aad6e06faf046c9c41e6c15fbadec6e57f4842f614c13d336", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341131, "uuid": "a865622c-a66b-4318-8b8b-ee2c3a5cfbd6", "value": "T1E07523527AF49076D8BA53F004F34BDB1A36BCB199B9178B3249A80F48F3590B53275B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341131, "uuid": "980a749e-41d8-4a1c-b1d9-a2361293ec86", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341131, "uuid": "79f07599-9bdf-454c-a778-04922bf8fb7d", "value": "49152:tRLky8gmkLKjAz1e8vs73x7lGGEkgXUUbSqzxGAm:/zEAMHB7lVqXJmDA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698341131, "uuid": "00d42515-3406-4771-8d53-a01b402c4c62", "value": 1624576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698341131, "uuid": "5294ea3c-5857-4b95-b085-f03aafffe3e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341131, "uuid": "233c0920-1a4e-4d11-9434-5d80c65c25bb", "value": "a929de25b0a2f7c4d2833cf1caa9b269.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31c4b5a0-73e5-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698313871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313871, "uuid": "90f37a0f-17d4-4eb8-a10d-21313cbe6154", "comment": "Malware payload (RedLineStealer)", "value": "143e0c432d21e68e432920bafbaf9ef1", "object_relation": "md5", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mega", "colour": "#8369D2", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313871, "uuid": "574f9dc6-9160-46cf-8f1d-f901502cf031", "comment": "Malware payload (RedLineStealer)", "value": "b8d8001e18750ed7f174bcaba4621fe847c1db132af6771c89a45d216c818b10", "object_relation": "sha256", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mega", "colour": "#8369D2", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313871, "uuid": "08c28279-4220-4214-bb16-07e27007d78f", "comment": "Malware payload (RedLineStealer)", "value": "fccfb701c81e924e4314eb60b79a8cacc0a0aedb", "object_relation": "sha1", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mega", "colour": "#8369D2", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313871, "uuid": "dcf3105d-f2a8-4a81-8f74-fdb0d64d52cd", "comment": "Malware payload (RedLineStealer)", "value": "988d92b6e6291f62d75b4b94f88edfd12a5146df632d6af32e322111d33d869e6cd73502f640b98640e31ba0c3aff2e8", "object_relation": "sha3-384", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "mega", "colour": "#8369D2", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313871, "uuid": "cfa1a540-3dc0-4b10-9f1d-b1995536c785", "value": "T1D6F5F14A31B900E0D0E6D0788A16894BE9F27C09433DEBEF4911B6561F776D7AD3AB43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313871, "uuid": "13fca318-50b4-4cf8-b8da-195701d76d15", "value": "6c9bebd08856a277acffb640c2f3c2fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313871, "uuid": "5b655931-8d25-452f-bd2c-7b49e9e09030", "value": "98304:VINZ6iz9UDv5sDomXAiDgCxDUpkyi9T5VRFv:VIH64Uj5cXwwUpRCLn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698313871, "uuid": "d601966d-08cf-4f4a-9bca-7bf662f7a890", "value": 3636448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698313871, "uuid": "baacae63-376b-4b73-90a6-6bbec45890c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313871, "uuid": "2b0c5daa-d373-4309-83b3-73e009b5e727", "value": "video_hotel2023.mp4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fce543f-73d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698307828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307828, "uuid": "48900df7-18e7-4e4e-b9a4-a354403a0ec4", "comment": "Malware payload (Mirai)", "value": "07e0e06c9d37c5369dedf05777e7f3b0", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307828, "uuid": "00fae550-ba0f-4f1e-a7ee-0ee546d2e600", "comment": "Malware payload (Mirai)", "value": "b8f5f856392d4e8bed75a08a94937bfe0b59c13e4e3ac3298dda404c1354697a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307828, "uuid": "e059608f-deb0-4253-96d9-ffe0f9f07f40", "comment": "Malware payload (Mirai)", "value": "50d63718ed966eb607b0cb6a2b3c6ff766b178b3", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307828, "uuid": "f70659df-e552-4552-bf0c-d2a19b253ee0", "comment": "Malware payload (Mirai)", "value": "1a85b33fa0697ad0284f2bc664c0c616055295096540456eb49cad7ddc281fd57645032f01815f042f241da16313a9af", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307828, "uuid": "cba19c2c-120a-4c78-a22d-244fbdd64cbe", "value": "T180334AC4F643DAF9EC5705701177FB339A32F5E51229E743C3A99A32AC52602A906EDC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307828, "uuid": "8048e716-1fbd-4903-a5cc-d8aefcb9b4d6", "value": "1536:GWa2d5sf1Gg+ya+nlQw8cffDRTfwVsp3MSfCYx:Gt2d5sf1GCammncndjMW3dCYx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307828, "uuid": "5cd7b951-7e6c-43a3-b139-233611d1670e", "value": 50256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307828, "uuid": "2b948075-6cf1-4707-9e54-1586e3043c98", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307828, "uuid": "4bf72fd5-efd5-40d5-895c-4d7a3233bc8c", "value": "x86.n", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab33a08d-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1698304196, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304196, "uuid": "039a7240-d1ba-48a9-ad2d-e71bfd48e225", "comment": "Malware payload (DBatLoader)", "value": "2a45d8e8d66c9a11ce2c51df8c0425ba", "object_relation": "md5", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304196, "uuid": "d0d32f5d-2187-4cbb-9686-f54a70108f74", "comment": "Malware payload (DBatLoader)", "value": "b8fc78826fabd9eabf03716ec20f3d37cac8df761278108b3ef8af4e5d353c6f", "object_relation": "sha256", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304196, "uuid": "e72e5cb5-719d-44cc-a8ce-670b50ff89b2", "comment": "Malware payload (DBatLoader)", "value": "f2b1f769e30e7d9660816d246eef31dc22542069", "object_relation": "sha1", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304196, "uuid": "4d035b6a-6883-451b-a536-56235d3bd0aa", "comment": "Malware payload (DBatLoader)", "value": "c488fd6518541025980bcee49a870b450fcf0a1f17bbb4c66692bbd1f0bf13579125ef11fa6e46165565b6a475ba3c46", "object_relation": "sha3-384", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304196, "uuid": "ad376c17-9d15-4193-a6b6-5da7b83750ac", "value": "T1BD55E026F21548B5F03A0A3A6C2B572E9F1DAD693A98290B17FC7F581F31243356D1B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304196, "uuid": "2fa7cfe7-a836-4e5b-9f0e-83eace63a263", "value": "b4498ed238a5d5d6510e036e3bb29986", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304196, "uuid": "edf6f643-921e-4a0a-b0d0-c764900f8521", "value": "24576:bKuO345cRv/kabphVsJhfYPzyB+4Buxrhre0QZd/0hkEBS/:bLysS24mwe0CMkEe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304196, "uuid": "ba93581a-cd60-41f3-b7f0-80385a4a8c22", "value": 1314816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304196, "uuid": "0878960f-ca12-4622-bdec-59e022b7a88b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304196, "uuid": "6c9a1e67-7975-4a3f-b137-75385931cf4c", "value": "GHP98656789909876.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f901f1b-73b7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698294298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294298, "uuid": "2d50ef0b-e81c-4a58-98db-af387a538f76", "comment": "Malware payload (Mirai)", "value": "99890f267db97e6ca8b561250fc55666", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294298, "uuid": "55940001-b9e0-4a33-9eda-d38300d972a3", "comment": "Malware payload (Mirai)", "value": "bbf0e34c98d4b24165ba2667b9a1eb6d25a5db607592d32bb8f601c71f7a92cd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294298, "uuid": "a3aae30a-45b8-473d-8660-c53a6e1c868f", "comment": "Malware payload (Mirai)", "value": "99ad45f90a1ac7234a0abd4189f4fafc7927913a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294298, "uuid": "fb9f01b3-f8ef-41bd-b1f8-633a4ffe9dc1", "comment": "Malware payload (Mirai)", "value": "c1f28fdbe5a6d0cad792e6e0e028e8c29892a0e3428253ed3621ecf767bf6ce1846bc2f283040ab0cd7f202f8b321431", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294298, "uuid": "87969413-69d9-4d46-ad91-4711b865eaba", "value": "T141D2E02CD55D7D05CAAD3EBE55CE95B5388CB0C0635DFACE1B268448B71BA47EC070A8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294298, "uuid": "92803040-caa8-4adc-9233-bd4f5ccf611d", "value": "768:D1uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KN/7JbKWUS:DbDs06t4BEub4sU/MbUj+S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698294298, "uuid": "06b6d110-4194-46b9-a8f2-5e2fe67456ff", "value": 30324, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698294298, "uuid": "b252c7e1-a528-4c61-8826-7b429795a7a7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294298, "uuid": "38d049bb-da4d-43e0-b6fa-21ef72f19068", "value": "99890f267db97e6ca8b561250fc55666", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8efa82b8-73c3-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698299424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299424, "uuid": "91bb242f-5dfc-4142-904b-01ddf2eed186", "comment": "Malware payload (RecordBreaker)", "value": "9a165bb098f40b7d7761dd39f4df18ca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299424, "uuid": "dfda849b-c7dc-49fa-bcb6-bb3bcdad1203", "comment": "Malware payload (RecordBreaker)", "value": "bc417d0bfee132ac3aa7372021b29f32889d3610030f3b21135205bb46745762", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299424, "uuid": "e5d518b8-67af-49b9-a774-b6645d5a6b6a", "comment": "Malware payload (RecordBreaker)", "value": "50a70a67f4f589b83e0e321a2d32ce285779338f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299424, "uuid": "d72280a3-2df9-4f52-9df7-219525bc27b8", "comment": "Malware payload (RecordBreaker)", "value": "7917aa23dd6145628f314be1a15726714f143e603b69b64f90fa397688f943ed85f05d3203d765548ad83758ea96cfa8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299424, "uuid": "aa4a351e-5192-4c52-8768-aa6a320dee0f", "value": "T188752382E1D8CEB6F8F58BB040B707C70A353CE64978539B26D6A6D60863451DA7273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299424, "uuid": "6fd2ea56-0622-4553-9ce5-710cc21eba14", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299424, "uuid": "71ac7ffe-6da5-49a6-99d9-122d488e37df", "value": "49152:iEca5hLnqqdcauUcgBy801D+BoltRylH9O:/DhLq9w0s+lelH9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698299424, "uuid": "77abd351-2665-4355-85b3-0bb29332052b", "value": 1651712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698299424, "uuid": "04d157ab-58e9-400f-99fc-6b53ded998c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299424, "uuid": "dbdb7243-35a8-4a33-a7fb-92a53d5d753d", "value": "9a165bb098f40b7d7761dd39f4df18ca.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c7c5e66-73e4-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698313540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313540, "uuid": "f029b193-0b14-4192-b01a-954ca0fff9ba", "comment": "Malware payload (RecordBreaker)", "value": "5c0dee3c4d10a8dd80e088670335d124", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313540, "uuid": "a7b9a8e7-78e7-4f0d-a4eb-affc1bad39bf", "comment": "Malware payload (RecordBreaker)", "value": "bc70fd921cb99f3cd89f9485b33d7e585c1232dd6f1da0a78fd8846966e17cbf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313540, "uuid": "1b023501-b334-4fb9-8180-8ebcfc46e63d", "comment": "Malware payload (RecordBreaker)", "value": "2a3660d72c0684074b62d6d9df593f9dae21fce9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313540, "uuid": "35bfbc36-000f-4c7d-97e0-0d606eceba57", "comment": "Malware payload (RecordBreaker)", "value": "6f38d9fe3ac8946ee7f96143a9ec5a5c91f98b838312caddae32c531c7c251d6eacea8135138b1ec36d13c611c9ab340", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313540, "uuid": "cc3047e4-918f-42b0-b952-9946cb124355", "value": "T1CB753387E7E94027C1F427B029F7239B2B74BC658E749A5A5FA6DA1D0C723C08833756", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313540, "uuid": "fc1be99c-dc60-4297-a74a-5b0325b69121", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313540, "uuid": "cc92af79-d383-4e33-b8ee-4e89aab93e6f", "value": "49152:A2ZKRWFjNwapIA7DGowIErCB4eHagX8AHzUMN7Q:VZrNhOYGXIEO2FgsUUk7Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698313540, "uuid": "116b7a18-61d2-43c8-a484-5230ea158b2f", "value": 1632256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698313540, "uuid": "d8297e60-bc9e-44fa-bd72-03d678ebd823", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313540, "uuid": "0bb82925-f645-4e5a-8a28-1c72c21b4f8d", "value": "5c0dee3c4d10a8dd80e088670335d124.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03de5106-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698303916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303916, "uuid": "64e9d6e1-a7f4-4738-adda-f606932093f9", "comment": "Malware payload", "value": "4acadcc34557ce858e8292eadff82e74", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303916, "uuid": "fae9b285-54ca-4af7-ba93-2d6d6194ac23", "comment": "Malware payload", "value": "bd7c04f4d7adc34f0a476040483f347fc0afd600824329f78b4c3680a8deb929", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303916, "uuid": "3a110bc9-d2b7-40ee-b361-d22ae140828a", "comment": "Malware payload", "value": "3dec6f1f92d525f03e8c7d624111e356d119ba63", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303916, "uuid": "2d2dd58d-5e75-4ea4-b845-06b5776bea57", "comment": "Malware payload", "value": "f88b6b1c457c190f358c577984a011fc3c18d82f7d54047e299100334789d4ef9aac1db8b9871226a07b9a5311d08a36", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303916, "uuid": "19f0f067-a4f1-41c2-9626-dd84e539c083", "value": "T1EDE41225776C5A62C47E85B9B4B240D807F08217F5B3DB9D4C8662EE1C63FC2862376B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303916, "uuid": "26993d46-b694-4e5c-a1dd-75963bb9a1c7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303916, "uuid": "a8e0e6cc-8afd-49af-917a-4b62e79c650d", "value": "12288:wss8FscgS/2CmnjSxTiUeylrtqTqv2DP1clq0ngp107M04:5FB7mnoi2BtD2DPX0AGM0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303916, "uuid": "5e39fe5d-ca3a-4f0d-a88c-c219a5c961e0", "value": 718336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303916, "uuid": "2566eaac-0c46-4d04-b75a-9df1cc8bac3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303916, "uuid": "c79e510e-d6a1-4882-b2a4-f019aac08074", "value": "ziraat swift bankassi 00032108799.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f20b951-7449-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698357004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "93b9fe43-f9a7-4252-990d-c9868cc7b8f2", "comment": "Malware payload (Mirai)", "value": "876ec91f4fc39165f7668eacbbc33cdd", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "2c2f1b77-9667-4fd6-ae22-f3f46a0cbca0", "comment": "Malware payload (Mirai)", "value": "bdd92f57abedadb8d5128c110a12725f49115d0897772e3c852b7972c3326f82", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "54c93c86-7279-4bbb-8b4c-8000819ca9df", "comment": "Malware payload (Mirai)", "value": "af5509e3cbcf0b28904662f8913b03b76a779e8e", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357004, "uuid": "4d61b816-f62a-4c4f-9031-db1507249790", "comment": "Malware payload (Mirai)", "value": "289f543149080d640be90fcdfd611a83b327478879b82c3e0097a969edbd10b766b748ccab6aee0102f091bb626461f0", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357004, "uuid": "54248c62-c992-43a9-a97f-125db2b254c6", "value": "T17033F153E7A25D21F7F04F32D4A486DAA7CF9E9482D839602245DD4EBEC37C085F6829", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357004, "uuid": "18234357-ab28-4edf-8a57-b2318f0cfea7", "value": "768:BPjjK+P5DpwpYbLQ9I4d5S4VsvKdDzBsHNSYGXjq3UIzDTYFbGeZU8ZKARuV7XLt:BPZP5VvwR5SuUHeXEXMlH2ObkfhT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698357004, "uuid": "06aeaa4a-8e92-4e70-ae5e-d714dfbc7421", "value": 52784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698357004, "uuid": "98813489-88f5-45fe-8e00-62ddc4617966", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357004, "uuid": "22b0ff7b-9116-4fc7-aa84-d71705e5ac47", "value": "doxbin.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecac2342-73e8-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698315473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315473, "uuid": "7146d449-f82e-4dca-9e8e-de42c4c29a61", "comment": "Malware payload (AgentTesla)", "value": "505c96d98649414e578b1f7fccfcae74", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315473, "uuid": "bd261a70-f52d-4a41-ae39-0a6a3a389385", "comment": "Malware payload (AgentTesla)", "value": "bf2aec486729f5fe447f86b473d0d185a276c0119ef421ddc53eb3c08dc87cd5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315473, "uuid": "8e31c46c-7774-4fe5-a253-f3ec146a3e42", "comment": "Malware payload (AgentTesla)", "value": "281dbe2d4944251fc6a56857cc507340c82209d3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698315473, "uuid": "8c1ee737-8503-4e9c-8580-22029f242ba9", "comment": "Malware payload (AgentTesla)", "value": "7295b5024bdbefd12f3762006a05de4a37305b7f3bd15ff4aa3dfb0ebc78d2623fa6952a523670eaf8ce5621bbbd78b4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315473, "uuid": "5c429280-f8df-4116-acdb-583612fa72ea", "value": "T194B4CE5935EB219AF036EBF2C7992FCC8BEAF7F6622FF9597D8506424021C41DB12421", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315473, "uuid": "4c28648f-5055-43b1-b6f4-95c35d57f654", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315473, "uuid": "74267167-43f3-46f2-9817-a314445420f1", "value": "12288:3Cj+3CjumFgGieMsijyiPtXJoNrF/n/0Snm:owcDCGi7siRlGNR/Zm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698315473, "uuid": "04ac4c63-f958-4ee5-b051-d38f3687ce3d", "value": 504320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698315473, "uuid": "c53822e8-0b82-41f2-87ff-48631114c5db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698315473, "uuid": "aaf56e4a-4332-422d-ba45-8cd361be5912", "value": "payment confirmation.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df243903-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698322322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322322, "uuid": "f290c811-e722-4baf-9a5c-85a58ff9f497", "comment": "Malware payload", "value": "f809a1316e72d46036e149f7f3d2f883", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322322, "uuid": "0119c64e-63d0-4a3a-aad1-314ed6da2f58", "comment": "Malware payload", "value": "bf8eb21bbe5a55f22c00943dbfa5730ab20bc1856d9bbd720efe007a48668f30", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322322, "uuid": "b469d72c-c9b2-43c1-b4f1-a0c143e2ec37", "comment": "Malware payload", "value": "e6120e44df9e3a8304b7ef4cf99a0ab34fd5ba3f", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322322, "uuid": "bc500ea9-708f-42a7-8946-4e797f6f5531", "comment": "Malware payload", "value": "b788c5a9156750de0d1dd3c6d8a14cc02c654fa78a33534c2e8b1532d2c9b4834f15ea6aefcb6806fb0bc35afee89fbb", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322322, "uuid": "f3e8e044-83ba-4d61-acf6-d7947e00d955", "value": "T1A9C4230B1D666B91E7A2E80959480A4CDE3C96470347EBFDAB0E5E4DB10ECA72437FC5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322322, "uuid": "72d269af-1bec-4e62-96f5-94de8806b4ca", "value": "12288:6bTMcoIz/XiRibLIc6MU2+wXgmWU92wzaZZ0xC0yl0RTZ6dYNUGhrOoL:6/MyjiyL96MU691jxGlOTpOo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322322, "uuid": "204e643e-f936-44a7-adda-74cfa78170b4", "value": 580352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322322, "uuid": "4b0a96b5-2e4c-468c-958f-f2990c3a4f9a", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322322, "uuid": "606772b3-5c78-48b8-8211-1e8040f0c11d", "value": "image001..exe_1.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ca6bc8a-740a-11ee-8907-42010a9c0042", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1698329807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329807, "uuid": "52dab264-3d93-4cf1-9748-60f122e7b51b", "comment": "Malware payload (Adware.Neoreklami)", "value": "9f20866d268a57a7fd021798b014425b", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329807, "uuid": "66d4e162-102f-4646-aee8-0f772c67e445", "comment": "Malware payload (Adware.Neoreklami)", "value": "c077bc8f4a5d14ea61e59f852487bbc80c1cedc35f8a317d6ba22fbe09b26ed2", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329807, "uuid": "90921bb0-2788-4d23-9609-4c74471db0d2", "comment": "Malware payload (Adware.Neoreklami)", "value": "31839f737991f08cb916db1e9fb30557310ca591", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698329807, "uuid": "9437a82a-65e8-403d-a8f1-f8a3b4a1f3c2", "comment": "Malware payload (Adware.Neoreklami)", "value": "582576bd3365c1cced066d9232897b70163bc84f1a1b4ad4aa67f8d541353daf0886c294b9bab0c2c036f318b93c5b4e", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329807, "uuid": "1006cedb-c13e-4031-95bf-0d466550b81a", "value": "T13476331C75C8CCF9D1454439ECEA7FCA2238E70A9A7150435BE49E2D857CACC923E6B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329807, "uuid": "83950b7b-efc6-495d-a094-b7011ed1243b", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329807, "uuid": "860c1dc9-fd46-4a99-bf75-9713e481dafb", "value": "196608:91OwatPmsDftUQJiAs695Q/43KeCLl2rKJzXDXaek:3OPPX1U6iT695QWKIKN7k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698329807, "uuid": "60940c47-1649-48b5-b11d-8f97b079f999", "value": 7520739, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698329807, "uuid": "932bf3b9-65bf-42d4-ad76-c40576d518d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698329807, "uuid": "763bf53e-7265-4238-8044-78fb6ef7c2cb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc57f0ca-73de-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698311097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311097, "uuid": "29ec8591-1946-4956-9c1a-cf67ee5c7673", "comment": "Malware payload (Mirai)", "value": "ff4dc8bfed21377a259dd3d1462dc3ea", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311097, "uuid": "d12fc8ac-7406-4a91-87da-cc3ca881f542", "comment": "Malware payload (Mirai)", "value": "c3b6369463f73af47f58f4319ee6ed5b03a1ec84154b3aefae3fe51cb22111e6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311097, "uuid": "8b65cab6-5cb0-440d-81bd-2e8442409acc", "comment": "Malware payload (Mirai)", "value": "07157675e3144012524033be51d92a528beab070", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311097, "uuid": "b58dca25-2966-436d-b204-25c07b3f636c", "comment": "Malware payload (Mirai)", "value": "6359a08ee369dc5c162f0772c5c31be66dcec0fe19d78212d3bac8671c91e2615cbcd878fd45ff4ac24771c54f0cd282", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311097, "uuid": "99c6d0a1-19d0-4d2c-a2f7-053f0faa5486", "value": "T15E532C9AF801CE7DF81BD77B44570906B632B3D112821F3613A7B9A7BC721A91D23E45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311097, "uuid": "85194317-e796-43ab-8ee8-855469895d50", "value": "1536:KEQoKjcK+vCU8PCLi+vSZf7DnLS9OEa4R8YJZ:KEdKglvCR0voffqH8YJZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311097, "uuid": "518c446e-0daa-40fe-9d11-3583eaf9bc9c", "value": 61708, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311097, "uuid": "1682a3d6-188c-4d4b-be9e-c94a2a6896c3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311097, "uuid": "aa899a15-63be-421e-8aeb-5a423a854b9e", "value": "ff4dc8bfed21377a259dd3d1462dc3ea", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5857bfa5-7410-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698332404, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332404, "uuid": "39e25b78-c727-4245-83d0-279d777bd288", "comment": "Malware payload (Mirai)", "value": "752aeb38d2f1b8449ba1ab033b6c946d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332404, "uuid": "824ea4ea-1d2e-4cfe-aabd-3a6f4297fea6", "comment": "Malware payload (Mirai)", "value": "c43abd2c2dfe2768f6ae0245a6dec401218302dd5423576a32b337afd7200f1d", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332404, "uuid": "06d3a609-973b-44e4-acb1-1d07913aed59", "comment": "Malware payload (Mirai)", "value": "e65237705cf656f2460885a84b7fa9a5d26c5b9f", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332404, "uuid": "691d383e-a90c-4f34-855c-6d090817e957", "comment": "Malware payload (Mirai)", "value": "df59cb09214087a082e8e0c3ff4b163f460fece0060c159368964ff88caa7b0d28da0f51ba31d64001b4c3b6f933104f", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332404, "uuid": "2ab70ab9-055c-4f0c-b336-38f8c6ab0ab6", "value": "T1B523021320E7E913D421847BE8115C597A445AF9B99D7BB728011694CC20B22FEF5ABF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332404, "uuid": "58516cc6-66d2-4ca7-827b-1433331569b9", "value": "768:/K7y1XGO1LCNgukEkvwtqPnH7u83nc0iFe9q3UELv1Q06pMBwAA3i5J:312O1LCNguovDPH7TcrhLtQ/pSAy5J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698332404, "uuid": "67a9953a-bb39-45df-8157-c58dd612433e", "value": 48716, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698332404, "uuid": "f5345a33-d063-4983-bc4a-ac099cadd1ea", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332404, "uuid": "853943fa-eafc-48da-8d37-18eb09a58676", "value": "phantom.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0820b4da-7452-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698360616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360616, "uuid": "f1fd8fbc-93ea-46ca-97ce-ca632a41734a", "comment": "Malware payload (Stealc)", "value": "0b35c37c63f63f7a1dc7ba0795ebbd37", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360616, "uuid": "f17e4060-bf02-4cb2-8a34-4563b589ec60", "comment": "Malware payload (Stealc)", "value": "c5283d37a5ec65e128ce0b7ccbba56d5b65bd7fa401c91edc485eafc9d3fdb81", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360616, "uuid": "4c7cc9f9-8afc-4dab-b97c-cf94fbf1c09a", "comment": "Malware payload (Stealc)", "value": "170557ebb5a7155d688d9c89332f10fe0b3cc94d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698360616, "uuid": "ff5ce375-48ab-48c8-bc14-7e1b88fe5711", "comment": "Malware payload (Stealc)", "value": "1821fa60f9e84a0c3f576f2c5364a5efebdeb5a9d9feef270b4d1afa00da3cee274f9e8f8f2692f7b06678c517a03fae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360616, "uuid": "22cdbe89-bba0-4f9f-a656-4ddb0e54ab23", "value": "T156159E2138C48172EEF220B743EDFA2643ADE0B4071556EF06D857EED7606C27B36696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360616, "uuid": "b39faa5a-2355-49f5-ab4a-a0708ef1145d", "value": "f030c1fd78181b976a79f24c5afc47f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360616, "uuid": "e8f90a38-f38c-4e3b-9472-5173e4b51b03", "value": "12288:Nm4zcClaHhNmNwTOHKzE0E5GkDy/2yRoYhdZpau4NN19gupDZjxpEUtFDAM:hRlazmNwTuKzE0E5nD3yJrZpeBxpE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698360616, "uuid": "98e108eb-9a54-4029-b412-8725bbf04467", "value": 930304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698360616, "uuid": "9727193e-17d7-4fdb-8fbe-73421bbf746b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698360616, "uuid": "bd530edb-9ca9-4d1a-9396-c8cb31d0d72f", "value": "0b35c37c63f63f7a1dc7ba0795ebbd37.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12645fac-73bd-11ee-8907-42010a9c0042", "comment": "Malware payload (Healer)", "timestamp": 1698296638, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296638, "uuid": "f1ee6ec1-b237-463a-8162-b191a96f6598", "comment": "Malware payload (Healer)", "value": "d7ac39bafca00876be0923660c93e691", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296638, "uuid": "372db6d9-f9c8-405d-b811-8a8a1373ac86", "comment": "Malware payload (Healer)", "value": "c56936ed9bcb76fe8ee2069618cf3b509fe6cf4c73c1fb53723596077ab1f5fa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296638, "uuid": "7329d6ea-71b7-4c4c-a1ab-616a9b02dffb", "comment": "Malware payload (Healer)", "value": "3c9ef605a454e34dd9a9fd62e9b6708264845bd4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296638, "uuid": "99b037b4-b77a-437b-874d-d1c990f45738", "comment": "Malware payload (Healer)", "value": "79f7bccccb9f7f470efb1e959b33c5845a784ec156fafdb1a6cecd9714523eca460a9cbc2196f91770bad1a343e3cca1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296638, "uuid": "4d3c91d4-eec5-4ae1-880d-9511b201ff94", "value": "T10375238217E18533F7BA53B048FB0347167ABC700EBB42FB568DD1A24E639589972327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296638, "uuid": "d6c3f464-332e-4be2-ae6f-6b8b1ae99431", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296638, "uuid": "16455ac5-b4c0-4b67-a649-d88d36f0fc8f", "value": "49152:CVxCYUkZjoWq8qAE7Gqp+LsIwq5C5SEaJ7:oA1YjV2F7pq5CdaJ7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698296638, "uuid": "c1f7bb09-d953-40fe-a455-c7128c5f0dbd", "value": 1634304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698296638, "uuid": "4d46242a-8caa-43bd-8ddc-10db78dbb341", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296638, "uuid": "cc925c31-a232-4b65-950d-3747e0bf9d4e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce8de5b1-7456-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698362667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362667, "uuid": "f4ebe2ce-2bb9-45ef-86dd-a272d538bdf0", "comment": "Malware payload", "value": "f0a59fb55b3c43b3d184d811c893a10b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362667, "uuid": "8a9f83ad-cea7-4678-9a93-be1eeff0bde1", "comment": "Malware payload", "value": "c6a991ca9b2653f1cf107f13c2bece17e4c1c43ab079bb7c52c93c57792fdf50", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362667, "uuid": "323580e1-c222-4d32-b76d-5ee6f5f28911", "comment": "Malware payload", "value": "ac24cf16958523ebda91a24fe78839072f186981", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362667, "uuid": "dce3e5cc-afee-4430-b8dd-6ebb8226d73e", "comment": "Malware payload", "value": "d1f722aec8e6b27b1bc4f2fc4a884acb286ed9469ca80761ee0d81b72a3a03c2d6b62d3de79950d4df71922bd035edc7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362667, "uuid": "7533b721-950f-4b1b-abf1-38496c67f785", "value": "T12703F15E99C115D2CCF045B0EF2FC283A1A5F5B4DCA296BB6ECF14926A624203CFD0E1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362667, "uuid": "935a2ae9-910a-48a3-8777-0e60dc75a0ab", "value": "768:JkJ56p6b4LMXOP1f8MLcVoRBjlmeWzxOrantlC3bdpfHfUu9AYRneOFQTq3U7VI:44p6b4Q+P+mTwxOmub/H8u9RnNQne", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698362667, "uuid": "ca5c73fe-502f-432a-b220-952a3ac3a982", "value": 40876, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698362667, "uuid": "3e897807-80e7-4461-9423-a8205ccb486a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362667, "uuid": "e1837f94-83cd-4d2a-8b58-e9c2ca563b88", "value": "f0a59fb55b3c43b3d184d811c893a10b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eaa87066-73fd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698324489, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324489, "uuid": "d8eb20e1-a3b8-40a1-b36f-446b43ad660c", "comment": "Malware payload (AgentTesla)", "value": "a665baea2fbd44555e71420623ec8937", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324489, "uuid": "2fceffdf-f86f-417a-8efc-5e3e987d105d", "comment": "Malware payload (AgentTesla)", "value": "c702106469fe02b5fc883ce8faaa5da458cc87b95b33a4c7d8bb95ce77daeb6d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324489, "uuid": "0f6f3356-48ba-45c5-b9d8-f4b0493fd125", "comment": "Malware payload (AgentTesla)", "value": "7702a9aa4a2eceb89cf968752b862bcc78a92025", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324489, "uuid": "ecc596d2-43af-4ef0-bbcc-68df0de8f9c9", "comment": "Malware payload (AgentTesla)", "value": "cde59d4b5b93c0af364c25d4684183bc762df1dfae9c9c7ab510edc9a48833ae9d52d0464fd2867dcbc6f33dc647bb26", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324489, "uuid": "c723a3fb-ee52-4650-a66c-16679f9ae415", "value": "T161D43322F2FE5E235D72A908B2DB87D710B4B3D679B344F557BA95F0E398062A445033", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324489, "uuid": "ca6ec688-0a0a-49c7-9bf7-29df85619755", "value": "12288:y48dNdBc4oHkmmNxGiTbwDROTqVzRLqgBcqiYFHdwQrJgRr3akYJHkLtePFEs:WdNdBB7TnkETUz9fBcqikdpdgROkwHkU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324489, "uuid": "0754657e-cb67-4eed-ab98-cbf83d5d7678", "value": 619053, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324489, "uuid": "e5539eda-3fb6-454d-bbf9-293c15cbc8df", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324489, "uuid": "003dc9af-9890-4fb5-a654-355a801f2407", "value": "golden-wing pdf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b32ad40b-743c-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698351454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698351454, "uuid": "1e295519-f79a-42ad-9ba9-b3dae8329501", "comment": "Malware payload", "value": "94729e2f3839b40af5d038286ca722c4", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698351454, "uuid": "48388f2e-d8d3-435d-8150-2b0d8a9d40b4", "comment": "Malware payload", "value": "c73d7b6c2df6f9004307cf888b4c636c07dc3accb0eef34f5b0827fcc715bf42", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698351454, "uuid": "519fd158-85d2-4f6d-8e31-0bf685c95783", "comment": "Malware payload", "value": "84537f8c2167e995b8446d8c735611e38fae7996", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698351454, "uuid": "a386533c-48e7-4b5f-8b0f-7091459d3a60", "comment": "Malware payload", "value": "307ae4e67d329811ceddc0d4323145abe0c8aa0475d79da92fc80ba07a13ba7a687f3413e48f3fd96ef3e7b9cf6bfe03", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698351454, "uuid": "e34e07f7-7810-468d-a87a-a385a7a7080f", "value": "T198A5337D2807BF0569BFEC089F9B5D550B290DE8148031514EEEF2EAF57C04AA1D8AED", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698351454, "uuid": "fe27c3bc-81e8-4cd3-b500-f96288855f17", "value": "49152:oF5TGnufHW/N4ZyuzlJat08U1p/DwIDWKjZ50qvmF/c+kNk:oLTGn1KyIW41p/DtDWKhvmF/c+kq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698351454, "uuid": "b7a18f8b-572f-46c6-aab8-06d1539ff3d2", "value": 2163629, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698351454, "uuid": "6de7bf39-4f9d-4b6e-a4aa-6c24742bcfa2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698351454, "uuid": "a089b6fd-69bd-4349-a72f-bedee236bbca", "value": "94729e2f3839b40af5d038286ca722c4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "119a2ae9-742a-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698343452, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343452, "uuid": "4e94538b-5cc6-4b52-8d95-a52c388f8737", "comment": "Malware payload", "value": "e8a66e19edefccac211e99a04e24f444", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343452, "uuid": "c3b26140-6fac-405f-9c67-cbefe3574a78", "comment": "Malware payload", "value": "c74d5431652335b87cb43b65b44892c3385299dbf5fe239eb8befbb534c551a5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343452, "uuid": "7a10f668-fe35-43fd-9126-2d647ac9a061", "comment": "Malware payload", "value": "ba551514133d82ae7fc8c9d3524880da86e6f23c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698343452, "uuid": "bfe2cc06-cc78-45ee-9174-ab90392a02b6", "comment": "Malware payload", "value": "d927d666292ccf2d996478bde5b0f9e1cca4436b98cd1dcfa42f0f29a57efb30dfb62da7424d170ef75e5ff6c15e18cf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343452, "uuid": "9d63d0ad-41b5-4c3f-aad7-32e2bf08c898", "value": "T1CC0501147A95DE22C56E0F7B19A2110017B1E847EA52F78F3DC96B9C1DAB3DC0A23763", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343452, "uuid": "72657b90-90cf-42fc-b557-ac442037df15", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343452, "uuid": "2999e5bc-1fc5-4fdf-aed5-3de9acb2c06b", "value": "12288:5WV1Qyi7EFFpvSWfvLMOgExE9tBxwUVgofKjNtysDRaOooqHJ9OL/wwm5f/k4i4:5uQy3FpnvxgOEz/1dCJt32dWLdq0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698343452, "uuid": "18a13c77-9103-477b-9653-d79bc29ca408", "value": 805376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698343452, "uuid": "12b0af2e-aa12-4eb2-90a1-aaccab8cd713", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698343452, "uuid": "2c49a2b3-38a2-4c07-8a57-7ec26c179f4d", "value": "SecuriteInfo.com.Win32.PWSX-gen.10880.4852", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d888d5d6-73c9-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698302125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698302125, "uuid": "b860794f-7711-4b5f-8bb2-5cf739b29f5f", "comment": "Malware payload (RecordBreaker)", "value": "f66b2258a70968303673ee418b5d5307", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698302125, "uuid": "37fa11e4-8913-4a36-9942-c005ceb9bcd6", "comment": "Malware payload (RecordBreaker)", "value": "c79258569f98eb2be24996d902fcf73bc6aef9d50600591c2b9a818107cfd3e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698302125, "uuid": "ce9ad1db-2713-4f63-a10b-10cb9b348c4c", "comment": "Malware payload (RecordBreaker)", "value": "8e62bf0d0abf78be0b580c66f26b4e5a5e3abd37", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698302125, "uuid": "b8468d52-7edd-4fef-8d48-02e6683afeb5", "comment": "Malware payload (RecordBreaker)", "value": "bc6ffa923260f43efffc3d848f4800e3f10190b1c2bc261794c1305a252a803a29854599be12b3e66a85ca9f8cdc7d52", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698302125, "uuid": "e6fce214-0b2a-4f8b-ab02-9e38e675a076", "value": "T1CE158D2178C09275EDF320B787EDBA3586ADE4B00B1915DF16D85BEED7606C13B32682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698302125, "uuid": "2e72a07d-4fba-4665-ab34-14f2e8320df3", "value": "0827946c9a1e10fe2b73e3062ee67b37", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698302125, "uuid": "14f86f1a-5571-4c37-a701-a71132a98d5d", "value": "12288:D56tSZ29AzVvWD+wVLZ5D4bzdKhvixnC7vuZf/65h6uaqYzR:Dt29AzVvWD+wVT4bzWKxGzaq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698302125, "uuid": "34c79b2b-8635-4278-8b31-16e89a0d9c05", "value": 935936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698302125, "uuid": "eae7a89f-baff-4a8d-b90c-03e15235ba63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698302125, "uuid": "27cbfc76-9b2b-4ce6-afad-5ca7492078d9", "value": "f66b2258a70968303673ee418b5d5307.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c34a4808-73fc-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698323994, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323994, "uuid": "4c426f47-47a3-4f63-abb8-b14275203752", "comment": "Malware payload (AgentTesla)", "value": "f0d704e11c70e1b9dee8e1f8ceae309d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323994, "uuid": "7fe22a9d-28a1-4dde-8162-249d8b04208f", "comment": "Malware payload (AgentTesla)", "value": "c8d81baba4d22733ad73630b4a908b8eff601187bdadbf9c71d5c958f0b3dc50", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323994, "uuid": "251e4140-da0a-479a-9f22-72687fa074aa", "comment": "Malware payload (AgentTesla)", "value": "523a3564e63ac42324dfb39a00db9064d01d0769", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323994, "uuid": "8a955068-5711-4ff3-89d0-c4e75878813a", "comment": "Malware payload (AgentTesla)", "value": "07ab40b03adc1a0084e7b876a488c252387d4dba7c583a73e30f3de02337d54c7877afc71d14e66f3b073684d8b59139", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323994, "uuid": "3f9f3a63-2a90-445e-a358-a52e58fc3250", "value": "T1B0E41289725EDF65DABF4BB688A6211223B3650B2521D34C0DCF51FA4E33B878509F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323994, "uuid": "482ba6b7-f6ed-4eb1-bc1e-15c589fc4e0d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323994, "uuid": "01465458-a8c2-41a0-8f03-fb24afb169d4", "value": "12288:vwmIYbueklNCrkF4DnhvWcht9uxXVHVIAExd1kmmzM3:vwAbu1rCzDhvxht9uBJV8kmmo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698323994, "uuid": "c131a78c-484d-423f-8ec2-1530d2208e70", "value": 679936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698323994, "uuid": "19e4a307-03d8-4e2d-8699-d88db8b19c5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323994, "uuid": "26105822-852e-4a57-b658-5baf3ba2ea2a", "value": "PURCHASE ORDER_INQUIRY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a64983e-7410-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698332407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332407, "uuid": "a42d0efc-b027-4705-bda2-929e31291f06", "comment": "Malware payload (Mirai)", "value": "132b709963ef0f0955bc05228f600c3d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332407, "uuid": "693da74b-6d05-48c9-8cf4-f473145debec", "comment": "Malware payload (Mirai)", "value": "c9032b4d6e4b03d90737694a953c27c9c0a9088fbb247f8ccaec88b50ca88000", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332407, "uuid": "ac199052-8c9e-41eb-a41c-e3aeb6694009", "comment": "Malware payload (Mirai)", "value": "2b78f7c0a139298fb900c163eb9eb21992a5eb75", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332407, "uuid": "ce41f0b2-46e3-4227-809d-b18829087d4f", "comment": "Malware payload (Mirai)", "value": "aa3ea3fae9c840af80be8ab731671d4f10755550148dd06fee9ec4baf6633058cb11748bd048e2c935ca67541a5f55a2", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332407, "uuid": "6399b1de-aad7-47ac-8e62-fb8b18f60a40", "value": "T1D1B2D0717015F8B2C7E200B76AE9DB43FB810EF8D0E8B3295465199DEAD4C42BAF1147", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332407, "uuid": "15c99843-cdfe-41a2-a8a7-8ae56a919b69", "value": "384:cZ0X9nxn8o9ir/nSdoijsN2e4JQkCD2EjKb3pYbhymdGUop5h9:5X9nxn8o9wnBoWzEQf2EjKb3pGs3Uozv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698332407, "uuid": "41cef3d1-564b-4cb7-b97d-de1f01711323", "value": 25004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698332407, "uuid": "09ab2d20-d63e-4831-a23e-87b406e2fcee", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332407, "uuid": "70ef3bdb-c908-48e9-8474-470c987002dc", "value": "phantom.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b2c5e04-73c2-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698299015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299015, "uuid": "dbbd3624-e84c-41a6-8019-57ada3c55029", "comment": "Malware payload (AgentTesla)", "value": "a68f46d2e1604628f1bc6862f7c4e90d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299015, "uuid": "9cdc7af8-3274-41b6-bc8d-46a2feed6d56", "comment": "Malware payload (AgentTesla)", "value": "c96f6dd4e937896bfb14ec68bca64b3981e9109d3d9ce182bd42f3cb18e9726d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299015, "uuid": "2a6d08e5-d6a8-4752-b864-502618e60bf4", "comment": "Malware payload (AgentTesla)", "value": "013c89c44bd01d59410d07595727e722e780b12e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698299015, "uuid": "95d84745-5202-43b2-b272-a713a5ee3c56", "comment": "Malware payload (AgentTesla)", "value": "674a496b3a4f3ededf5842ac892fb107f5a3936081d8f13cd6c0c5ac46ce71179dc7b93b1d0db13b27b65fc2eabac75e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299015, "uuid": "d18b47cf-fce7-40f4-8280-e15b2953b2e2", "value": "T172F4121336149FB3EAAD1AF898C244151BF70B765B25F3C51ECAE1DB06E878CC852A47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299015, "uuid": "714808ae-fa8c-4ea3-bdcb-3fd1c7292b11", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299015, "uuid": "73138c6b-3b06-405e-beb5-1ad41b9d8062", "value": "12288:scfgR/mZRM+Bz64Yvv2i3duT7+5BLH/2Ntl1b9GKy6bYNsiU8JB6QFQl1:s6gkZR5QIQG7CBLf2NBys8J7Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698299015, "uuid": "c408eb50-754c-4765-b134-8e93e41dfec9", "value": 733696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698299015, "uuid": "a7a2eedd-b60c-4d5a-858a-2c20d8b2b7a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698299015, "uuid": "c0bb9557-922d-4eba-913d-4905efa82069", "value": "Advance Payment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb1032d7-7404-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698327496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327496, "uuid": "8e49379a-18ea-4b2b-870f-5d0b5c7bc6d8", "comment": "Malware payload", "value": "3df719aa424535fcaa2b6476a03889e3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327496, "uuid": "52cd65c4-cc24-4f17-aa8e-a4ea2a9b096b", "comment": "Malware payload", "value": "c9f2e3e87bb17b5cd2c03d697fc1261052c65f1d436d44769c8331e7907af2c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327496, "uuid": "7a29ef70-0e54-4782-ad2c-f8a7380e36bb", "comment": "Malware payload", "value": "7217c006719b69247db48558119e26777671418a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327496, "uuid": "b7965aa3-ee9e-4308-8341-d9c4537823f4", "comment": "Malware payload", "value": "4285b25cb9831a5ec92076e000e4eb4cdb709c29a151e7f032fbf91654dd7080727d22bae976349adf30b51dace6d9d7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327496, "uuid": "9feb9766-ccb8-4b70-a83c-f74717d5f1f3", "value": "T143F4126536AE8A17C9BD46F8A0F540C91FF0A727F172E78C4C8E66DE0893B86D513217", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327496, "uuid": "dd835172-bf38-4baf-b757-165ad5966b42", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327496, "uuid": "7728402b-f122-46f3-89a6-79dfd30f5239", "value": "12288:3ss81GRmcjnKcfa0NsvOUcMwULKL7BXRTwHW/xWRnwvViZA+Pp3hoQfTZ+41:y1+Kcfa0AOUcMhqtitnwvVQDPLfU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698327496, "uuid": "d63f72de-110e-402d-8a91-67b6c6678e7e", "value": 726016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698327496, "uuid": "0fe9df40-cf64-4c69-8d19-aa0e1fe382ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327496, "uuid": "761b1c60-e7cd-4fc8-af63-b9d907772e5f", "value": "Quotation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25bd6b4d-73d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698307838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307838, "uuid": "0b6f4182-e377-41b8-918d-7b564737c116", "comment": "Malware payload (Mirai)", "value": "22ee7ec13f032286390d887adfa7477d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307838, "uuid": "524301f3-9d35-40ce-bf1f-201094861f20", "comment": "Malware payload (Mirai)", "value": "ca2b8e1656d4534ce8b776739f666fd3e2e008e7f590b0463e712f7151ea5156", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307838, "uuid": "680cd8c6-11e2-41cf-bce3-7214bbf197cf", "comment": "Malware payload (Mirai)", "value": "15ce27e0ef82470cda97a2dc790b5c5de2482074", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307838, "uuid": "e7985dba-4fb9-42a1-8d50-0b36a87bb3e2", "comment": "Malware payload (Mirai)", "value": "a1cc71029b259bc7f2ffb18c30eb36d6475de934b0e96f4e9910f47ebbd851752124038784257524997584f9cde0709c", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307838, "uuid": "a625f3f5-6d13-4bdb-9295-0631d55c5919", "value": "T1F2330907F681C0FDC49AC174476BBA3AE93771ED0238F2A67BE4EA223D95E611D19C44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307838, "uuid": "dde81bb6-c521-4e8d-8193-4c92dbd41a2d", "value": "1536:Ru31CxXVpHlCrxsNnVfvj5Laf2r4DaEXzd0OCUjCYl:Y1sXV5lCKNVfvj5E0GaEDOVUjCYl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307838, "uuid": "957cef5d-da24-44d0-a96b-53cef288856a", "value": 55104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307838, "uuid": "2a5ab3ae-bb4e-48e8-89f5-99d78c584751", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307838, "uuid": "ddc61561-22e6-444d-a940-2472c9c190ea", "value": "x8.n", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7873a31f-73d2-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698305829, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305829, "uuid": "342b2bcf-4d07-4cc4-bb09-1393899c94a0", "comment": "Malware payload (AgentTesla)", "value": "1a79ec4a26af056ff88aa5625b5d0268", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305829, "uuid": "9799f11a-5ef9-41ac-94d8-a1a497e5d657", "comment": "Malware payload (AgentTesla)", "value": "ca31477651e5f566affdc7426300bbdfecef8ca2c38803fce93337ec84b11037", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305829, "uuid": "65cf73c7-674a-4399-9c46-bc2bc2126f62", "comment": "Malware payload (AgentTesla)", "value": "54c17124f43caec674e0af7607a40f058c3d6864", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305829, "uuid": "f1868f47-225b-43d6-8d1b-80d683ab3416", "comment": "Malware payload (AgentTesla)", "value": "b756dbbc219e321a2b75931093a430bf3d033f3d1452c23d3c9cbdc7ce3df031ef8d7e763a75b1b0898eeab0dd5f7f6a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305829, "uuid": "6ff1a74d-f959-4362-a0e5-a33831f74665", "value": "T1D0F412103B68AB51D87DA3FA99C5811417FAD72A279BC74C3CC271D5266970CCEA2F0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305829, "uuid": "00c29c34-1106-4b40-8d2d-24435317e1dc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305829, "uuid": "5c4a02d2-f32d-43f7-aff9-23a450a23880", "value": "12288:HMQHMjgR/mZRM+Bfqp3WyuKqr7u0jTCud5ecyA7o1PCvv6vwTH0CK0wW:CgkZR5wlKrr7Fm36o1PCHqwxD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305829, "uuid": "c2b035c7-243a-4547-a917-06f017c3b58c", "value": 734720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305829, "uuid": "75f6b3fd-ef9c-46a9-8a81-35ccce241231", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305829, "uuid": "6c1cf746-783d-4941-b211-aa8d4ff8096a", "value": "RFQ,xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eea925eb-73fd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698324496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324496, "uuid": "de08572e-dcbb-44f4-b192-446751e834d8", "comment": "Malware payload (AgentTesla)", "value": "dcd3000818581e260d7b9917c8f17b16", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324496, "uuid": "288163c0-b539-4154-9905-40149812fc6a", "comment": "Malware payload (AgentTesla)", "value": "cab72bb12ebebf2ea413f76234f75ba43b2792f8bf0489eb6a63a6aef2f9ac54", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324496, "uuid": "22ab4b83-1c76-4563-bb07-3f902d28b8e6", "comment": "Malware payload (AgentTesla)", "value": "49d8853275454c003bc97f97d8fa7ecb071ec108", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324496, "uuid": "efe51060-0b23-4ce3-9402-555f9fcc8424", "comment": "Malware payload (AgentTesla)", "value": "07ac6e30aa0975f03f43e5ed7be16e8b1fd40cd23c9c16d9a53a0da9bff61dac77337b88835419b261c7402b9c40bc21", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324496, "uuid": "b3c01f0b-f609-49b1-b0fb-a3473092cacd", "value": "T10FD42244F2AC5B23D8BC0FF6D132429527F5A35A3972D7DC1EA221DD7962F908C1162B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324496, "uuid": "a27ef5c0-90d5-4b91-aaa3-7ebd6a5a26c6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324496, "uuid": "425e93de-1ceb-4a75-b0fe-707818bc245c", "value": "12288:7ju1ItJxz0wDTODuFzRLQsBisiGFHd2MNJgZrLakYJdALabQY4:W1W/AkCDQz9zBisieddrgZykwdfQY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324496, "uuid": "ff8ebab6-fb1e-4a6c-ae23-4b98dea53e8c", "value": 650752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324496, "uuid": "4b68f84e-c25a-4023-85ee-c74b97812c6d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324496, "uuid": "749e4e12-5192-4f93-8e00-60d9a80d0dff", "value": "golden-wing pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0250153-7423-11ee-8907-42010a9c0042", "comment": "Malware payload (RiseProStealer)", "timestamp": 1698340739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340739, "uuid": "90e7e7ce-a06b-4d38-a060-82fed81abdc0", "comment": "Malware payload (RiseProStealer)", "value": "d034cda104945d32665f751138123d38", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340739, "uuid": "5a8d7086-95d9-4f82-bfb4-32159e646062", "comment": "Malware payload (RiseProStealer)", "value": "cc408445bd7856d4a94e8e70d6dd3952e45f43b3fba07b254af15f948138c9c5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340739, "uuid": "ac491ce3-4a1b-41d2-b6f0-40e725b542c7", "comment": "Malware payload (RiseProStealer)", "value": "3848604a63ca3fa660e4a77986e908f7ea311e33", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340739, "uuid": "9f266cef-6fce-4b38-9fa3-218d66478e28", "comment": "Malware payload (RiseProStealer)", "value": "d7d5307e91ca9a6229b61674850a71648a01232ecaaa7b52af04c9bd455062d16c322f4a5693722ccfa3a4dac8b2f6b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340739, "uuid": "2a741638-c736-4ad6-9471-3ddf09e64467", "value": "T1305623133D489AC8C9ED00308A6B99BD35B63D718891C993B2B97F8F5DF3564B43790A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340739, "uuid": "7a3951c0-3d88-47d1-8811-a1cb3f926800", "value": "0d0546185239791e3ac977a371dfba41", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340739, "uuid": "bd77649b-fa8b-490f-ab5d-1055480a4b33", "value": "98304:DcL91EZwbzxn1NP9CpGACfLk+hpu/chDPgE/2Ns8xL/Wmip/K/PN9+X6rUEMMRH2:DcB1EZwft1N4+DJpu/cu1s8xriK3s6rW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698340739, "uuid": "5f0fb57d-3ec7-46c9-a427-80cb57263f7f", "value": 6281992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698340739, "uuid": "38989362-8627-4b0c-b13f-f19990d7f657", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340739, "uuid": "8fdc7f9e-e48c-447e-b2f9-33e11226d0e2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7eeeca5d-73f9-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698322590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322590, "uuid": "b5cc7e72-d4c7-4483-b3f7-de6f7fa2dd46", "comment": "Malware payload (AgentTesla)", "value": "076c8adfea18e96a076020f584e1326e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322590, "uuid": "11e9d133-a34e-4dea-b67f-2f505f29b4a8", "comment": "Malware payload (AgentTesla)", "value": "cc546a73f7baa2fa41b789d6e5e3ca8c6abf3a574f9ef5ef0d186675f437da19", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322590, "uuid": "c0e312f4-452b-4a25-b8f0-29e04137a73c", "comment": "Malware payload (AgentTesla)", "value": "0318e2c510ed5bf5acf9d8bd09fa2c494ed1866a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322590, "uuid": "72e81c8c-580b-4f6a-8f58-f8902a3d6dea", "comment": "Malware payload (AgentTesla)", "value": "313a43c1793c3e6701be843f3a7ffdde136344686dad7736a2bc53b66c688f8f3e066ebffef1105cb15aa74fbee80feb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322590, "uuid": "706ccd34-3e22-44e6-9c48-d3f1c1dce264", "value": "T1EA258D44E2C95A48F8399770D735CF3443B67EEA953AE11C2DCA3DD73A7B6C24A12212", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322590, "uuid": "5a79cbca-3f67-46eb-992b-8ee59e66222c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322590, "uuid": "edc58781-25e3-444f-a12a-ed2a9ef417f8", "value": "12288:LM/3CJA2OdzCkqxtVJHMOaqJerRM6VFisHZfvuumFgG//P7r9r/+pppppppppppP:LMvpdzIXN4VM6VFibDCGH1q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322590, "uuid": "643877fc-ded3-4668-90a7-8aa1178f6822", "value": 1006080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322590, "uuid": "fbedd15a-6460-41a0-91b0-933aa96cb757", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322590, "uuid": "54b7cc2f-eccc-4bea-bb0c-7fa799e16550", "value": "PO#303227.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "418799ea-73aa-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698288557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288557, "uuid": "1ce4527b-eac3-459c-a854-57fdce53ff88", "comment": "Malware payload (Mirai)", "value": "01cbbad5d431d5004d66c111dfd9409e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288557, "uuid": "ca47256b-8a0b-45a2-823b-ffe7a3e44575", "comment": "Malware payload (Mirai)", "value": "cc66b8cacc9961de93307dffbd9b27a0b801e89cb16d2822f891ffa56f1865af", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288557, "uuid": "45b9f642-d622-420b-9322-3c8705f0c169", "comment": "Malware payload (Mirai)", "value": "74a27b5b48d714adb24ed57f6d3e82c632388e91", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288557, "uuid": "0566c4bc-aae3-45e8-9b87-e22a67068f1e", "comment": "Malware payload (Mirai)", "value": "8fc8edb2cae99b2a880b54f2df54e4f0d9500f417a2a87cc61a9da567014bd9e192f83fe89fc391a95ec9328e2b5a604", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288557, "uuid": "ce36a4c8-7a52-4eea-a9ee-3819dd2bf88a", "value": "T1CF330A8EB8029D3CF91BE6BE54164E0DB93177C152830B2757BBFDA36C721A45E02E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288557, "uuid": "2fbe7ed4-95a5-4f77-bd2b-400aa198e15d", "value": "768:gduPBFnHooqR8qOCKq2cH4Fje+TK806MMUVjzMfQXOtHud2oGv:r/hqaJMcjeqK806MHdMfQXoHuCv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698288557, "uuid": "9f8dc128-eefa-4f94-b571-a736270d8607", "value": 54932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698288557, "uuid": "02942bc3-4f9b-42df-8446-c0237390e7d9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288557, "uuid": "ac688365-e0a8-460b-b627-9b6e9b019323", "value": "01cbbad5d431d5004d66c111dfd9409e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b99b4d55-7445-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698355331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355331, "uuid": "79381419-5e37-4a2c-a892-9d16ebf5d359", "comment": "Malware payload", "value": "36ecb8c5b8a7cf7237439957f9dd8eea", "object_relation": "md5", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355331, "uuid": "1bdacb8a-5844-47d8-aea6-5fd30b60b73b", "comment": "Malware payload", "value": "cdf5edfedf05c89bda9d38434786b1ba6f7a3816a046b61a0fc2462956938059", "object_relation": "sha256", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355331, "uuid": "258ccc08-56c3-477d-ac65-ee5255f60cc8", "comment": "Malware payload", "value": "b47fba9d08686e342d62e19f793b019041103c29", "object_relation": "sha1", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355331, "uuid": "d2edbecf-df5b-408a-bfae-e35eed1310cb", "comment": "Malware payload", "value": "34eb82abaadedf77da725714d604143f1cbff1d853030e2aad70dad1baf38cd6844fb6756f633acbcaa8e4b716e7aa87", "object_relation": "sha3-384", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355331, "uuid": "b936fadb-bc28-4b21-8e13-a747c6329641", "value": "T16C852301FFD184B2C2601D35677AAB91A13DBD640F549B9F73D00D6AAE341D0BB32A6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355331, "uuid": "6e9e9031-001c-4682-8869-a74feacd1ab1", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355331, "uuid": "9c004cef-cf19-46ff-a07a-e9239dd01cd6", "value": "49152:7bA3INV31KJKxGrVT/Ci4MGpFw1peID9XEgdKS50aP+Ve8:7bpoJKg1/CiQpFwSa+u5IJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698355331, "uuid": "2c26bc6d-c9cc-437e-962e-393b2a301f38", "value": 1851785, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698355331, "uuid": "90027441-8990-4b00-91b2-e0201dd537e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355331, "uuid": "003a6b3b-549a-428b-ad3f-6f68b26b2446", "value": "GoChrome.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ac4083c-73d4-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698306585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698306585, "uuid": "2fdcc9f0-28be-4910-a6a4-2e90ea368326", "comment": "Malware payload (AgentTesla)", "value": "15cdd60e9f96ca6b6f4ed56336f7c19a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698306585, "uuid": "9f18438a-76d6-4f26-91a0-644bcbfe6b63", "comment": "Malware payload (AgentTesla)", "value": "cdfca25234191f831a66bce781e56bea3ab40df9cdda377b89352526c3349fa7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698306585, "uuid": "09a01266-65c2-43b4-b917-07c273fd29d1", "comment": "Malware payload (AgentTesla)", "value": "96304025f573a79a8c85594a9ecc1b89a17e093f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698306585, "uuid": "6141cc4e-b052-47d9-acf3-0243bc192995", "comment": "Malware payload (AgentTesla)", "value": "f20e1b5b3f39736c32796ed4867fb23ea5481b749eae2b9829edc39fdb600780a9a61fc680e245a3e612160675b44ba6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698306585, "uuid": "0843e67f-b5b9-4a48-8b8c-909cdb279e16", "value": "T124D433B9C97B88F7F482639CE36F20A54C8DFF04AA22514CD62755A1C47C37863A674B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698306585, "uuid": "d1a104ab-f206-48da-858b-cbb3d19e0eb7", "value": "12288:Z9SSdZaIQ2vcpUWGhXI+FMSRVNNWA6l2uh5+DgqabIjnSlSCXd:Z9SN86ULXI+FBcgjMqa8DmS8d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698306585, "uuid": "6e37705f-de97-4161-ae7a-33950f89fb14", "value": 643817, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698306585, "uuid": "7463885d-8ab6-4864-9f32-15f46fa0ede0", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698306585, "uuid": "a124b269-c056-4f25-ae5d-6d39a70f1f8b", "value": "RFQ.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a7d6dbf-73fd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698324247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324247, "uuid": "cfe52624-341f-4979-9cc1-597dda6fe116", "comment": "Malware payload (AgentTesla)", "value": "1ab3c78a34e9aa03caf79ae01964bffa", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324247, "uuid": "46aedb8e-7aeb-483f-bd42-39bce1e7ee1a", "comment": "Malware payload (AgentTesla)", "value": "ce18bb7bb092cdccaea5f46b90d8e6b2c4e433a9c86c529e576cbcc5f34d7710", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324247, "uuid": "ec4fecf0-abc2-4bc2-b5a9-40abf1fa1826", "comment": "Malware payload (AgentTesla)", "value": "8518661b1e59566b13b764e39854feaaeb9c3298", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324247, "uuid": "b648c332-2ca9-44e2-97ef-f76568da87c6", "comment": "Malware payload (AgentTesla)", "value": "76b7b800142fd61139aae08b96c89311d2ca4edd24981b6f5ce1d9252f71ab5005eff8272bca8af62ff0d33b72b5551c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324247, "uuid": "26839e4d-6f1e-4cdb-b3d7-2ba02a86874c", "value": "T1CFD4239657B02632F3EC6D41AC13953AAB8456DB14521B4B30830DEB35701FB5EFEA2E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324247, "uuid": "e466076c-b3b5-4d15-ae0f-ec88c6ae57fb", "value": "12288:ZW8/KBgfTerqhu9rJqEczOezDujo0u8gtzoI1bY7Vmcpy5Ek68RP+O1FXJOXF:0v4yOhykEcSezDujo7Y5mcuv9P+h1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324247, "uuid": "87d3424b-9552-4a54-9107-7e70335d4900", "value": 625991, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324247, "uuid": "12dd177f-66f4-4798-a847-8c9bbefb995a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324247, "uuid": "d47ced38-45c2-49f8-9db4-1ac6fb703094", "value": "payment copy,pdf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5a16479-7404-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698327407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327407, "uuid": "f308b9a4-7353-4fca-be60-78de62909131", "comment": "Malware payload (AgentTesla)", "value": "3e76486605219fafb8bf07b0f7c41353", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327407, "uuid": "59e0b6c6-e707-4289-a1a7-6093ced2a85a", "comment": "Malware payload (AgentTesla)", "value": "ce406fa021419a10d431fe95306cab7db08b2f82b8eb57092da255f15b264688", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327407, "uuid": "5387ad9d-7250-419a-b0a7-2cdf2c252e64", "comment": "Malware payload (AgentTesla)", "value": "411531698ffcaa86bdf59f98213b46623111eccc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698327407, "uuid": "29b6fb32-ed2d-4a02-b961-1351a13ec2e8", "comment": "Malware payload (AgentTesla)", "value": "4dd00bd4f9cc37e2c83f16e790558908c8b0aaee11088874ead83d9d7e729c63a37415bc188f9fa0909970111b34c23b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327407, "uuid": "40098fca-2a14-4377-bf5f-5e8b42af8fac", "value": "T1FDD43344E496910E98B983F9FE1E49A07975F4D37F710196CBADA1FFEE060CDA12012D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327407, "uuid": "688a3cab-a822-48fc-ae28-36f656d72281", "value": "12288:+PV5YtrFVqinpwVt+MxeXZRi2d4FcK7kTTpdm9aLyKDTbttH7Ca9rNlnz8iZswbx:JzqybJEom3YTT29vKnBtbCODbx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698327407, "uuid": "1825a22c-b07c-40f0-96cf-140e6d574fe6", "value": 609880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698327407, "uuid": "ddd6fffe-e2a5-40f1-87d9-61688aa36f89", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698327407, "uuid": "2079e4ff-97f0-4ba7-bda7-b7ed5bb86db9", "value": "bank account pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ede63096-73d2-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698306026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698306026, "uuid": "5b35d8e4-145a-4f63-b038-d144a58db33b", "comment": "Malware payload (RecordBreaker)", "value": "86986fcab2c4dfd575df7f495ca102ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698306026, "uuid": "4fe4fd5d-82ae-4932-bec6-9a5a5d7ddac8", "comment": "Malware payload (RecordBreaker)", "value": "cf4107230435909193549113c845f1af955e125d62ba8f46948c19818ee9e2d4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698306026, "uuid": "df81c211-35ec-429c-b360-e1ff362b73ac", "comment": "Malware payload (RecordBreaker)", "value": "11445ae1e207efd94e50bfd62f8950e319adc750", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698306026, "uuid": "9f8dd911-0c28-4037-9413-8c214593baaf", "comment": "Malware payload (RecordBreaker)", "value": "4673aa0d0d9364273f1ec2658d829a60f764383a79ca5adc655ce83dbc37c06f72d731c3f990e25067056f287516ad42", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698306026, "uuid": "3f539db6-ece6-47b8-acfa-50a030a33c22", "value": "T1E5157B2178819276EDE320B787FCBA2582ADE4B0071915DF16D85BFED7606C13B33692", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698306026, "uuid": "d32bebf0-ba9b-4a23-a2de-5a3bd0a26515", "value": "0827946c9a1e10fe2b73e3062ee67b37", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698306026, "uuid": "0760226f-88dd-4c01-a87c-09955fae4f49", "value": "12288:bgGqoZW829AM9cpSOkCmuIvU4oEEICB4SFfCp1uZfrk6w4qYcxR:bgz829AocpSOkb/oP9xSM5q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698306026, "uuid": "65573f10-9688-4a47-b48a-cda29c30edc5", "value": 935936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698306026, "uuid": "59bef737-b169-44fd-9e29-7fce99d555a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698306026, "uuid": "eac01b5e-9423-4138-8184-59db1e814e10", "value": "86986fcab2c4dfd575df7f495ca102ae.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96c35df7-73b5-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698293425, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698293425, "uuid": "bdb622d6-a383-4ad9-9b48-a291826781a5", "comment": "Malware payload (RedLineStealer)", "value": "8b6fa36a6c7c7295f01583d6bb98b8cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698293425, "uuid": "a2adb5ab-5204-48eb-b7b6-d80459272ace", "comment": "Malware payload (RedLineStealer)", "value": "cfcf431cedf47ac61fb34db7b9c08811337cb85c856806d4ac917e1a550d625a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698293425, "uuid": "b38d9289-16fc-45f2-948e-b5f9a2171c02", "comment": "Malware payload (RedLineStealer)", "value": "ca00b4180c6bf1e183871efb720b2d47a0af1b96", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698293425, "uuid": "7ab3247e-a5dc-431d-860a-fe87b7b058ef", "comment": "Malware payload (RedLineStealer)", "value": "29800d210aa4833f01cfa0d6effeaba05af8d830bad72469d7ef1215ad0b5e60a6cd686092cc08a063258eba72ff6b4e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698293425, "uuid": "49c30ae0-7c37-4ffb-9d5c-0e615280896f", "value": "T106752387F6DE1977D4B9277099FF23831E21BC625DB417673607A84A09D1280B9B0B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698293425, "uuid": "0b7eecde-4c97-483e-ba24-21c017acc3bd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698293425, "uuid": "6cb5f696-9f66-4275-8396-90b925f9a6c9", "value": "24576:ZyWnc6ei5uxoiO033BMoBhO14l0CCrlPkf/cVMOUENGVKiaqH+juSQZPXw2fOi:MWneikoiOg3B/BhwhDmO800BSQdgCO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698293425, "uuid": "9b30e674-e00b-4fb5-811c-91d4717a611e", "value": 1622528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698293425, "uuid": "5af4c3ca-0764-4261-a42a-f48e47195493", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698293425, "uuid": "7487b96e-8651-4e17-9bb9-fc9eb15b50b6", "value": "8b6fa36a6c7c7295f01583d6bb98b8cc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ae0f44f-7412-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698333294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333294, "uuid": "9b6205b7-ecdb-4bfb-be33-fe847127ccb0", "comment": "Malware payload (RedLineStealer)", "value": "ccaac761931b0ded282a2fbfc32eab40", "object_relation": "md5", "Tag": [ { "name": "Adware.InstallCore", "colour": "#35D5E5", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333294, "uuid": "e7e39f10-c3d5-46b9-847d-8baa892033f1", "comment": "Malware payload (RedLineStealer)", "value": "cff9c71e1a6e42dca36faa8176fd7c75f8f34f82e7c693579e70d3a23ea2143e", "object_relation": "sha256", "Tag": [ { "name": "Adware.InstallCore", "colour": "#35D5E5", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333294, "uuid": "c18d01a0-23e6-4edd-9aa6-f2c5ed77bc02", "comment": "Malware payload (RedLineStealer)", "value": "5d1cfb69d4fea2f8139b35facfebc604f8a54089", "object_relation": "sha1", "Tag": [ { "name": "Adware.InstallCore", "colour": "#35D5E5", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333294, "uuid": "26ca8368-d7cc-4b11-852d-d2caaf820317", "comment": "Malware payload (RedLineStealer)", "value": "9c658fe4f116a05c10ce6c427f2e62313863537bf25b31a2fced6654a1ec8358f3efc464316c0bfa8f3c43b1b1800db7", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.InstallCore", "colour": "#35D5E5", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333294, "uuid": "ac893e00-6216-47b2-ab65-d9ac218b4aa0", "value": "T12136332C51159BF6BF8C46F0E1D72732FF7CC0A7A5E105A5A4DAA431188AA0C76670FB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333294, "uuid": "36c6bcec-e3c1-440f-bd74-9bf5b281f583", "value": "98304:cLh8WU0t6xUh7rnu7exq8wRjtrM0fe5KpJXJcRtIIQx3S7W3bZzhxPGtOR3CyMW:c19U0tvnHq8w/rLe5KpJXuY3S7AbZ6Od", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698333294, "uuid": "22d840eb-7da4-4347-873e-2b3cf853f25c", "value": 5343366, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698333294, "uuid": "8caac366-7935-43cf-b78d-123b7a09c311", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333294, "uuid": "bd588d97-7626-46c5-9cdb-3d0b7cac7516", "value": "PDF2.msix", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a89d10e-7399-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698281405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281405, "uuid": "b5ce20bd-e4e5-4486-865d-48851d174103", "comment": "Malware payload (Mirai)", "value": "c490fffa9af10a97bb191898f4b97ed5", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281405, "uuid": "a107d458-6c6e-4522-bef0-4235dea81f7e", "comment": "Malware payload (Mirai)", "value": "d0567b765efe40b360414d73a7366b0d73277c22ba2387568ded89ccd77568ac", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281405, "uuid": "344bf90a-4fca-467f-b55f-34c5726fcf6d", "comment": "Malware payload (Mirai)", "value": "ce2cb2e798c7bc39f0e9540f0e501042fca48027", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281405, "uuid": "cc60e192-b2c3-434f-9fcd-bd33b9c609d0", "comment": "Malware payload (Mirai)", "value": "502f0c217d8b89f89a88ccdcbf622d60ef2cfd9bfea5aa46879600d976ab3762446abcf574ab69c2e33eae93aeb1d30c", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281405, "uuid": "b67ca0d2-2a1e-4d3a-bb72-fd58e67917c8", "value": "T17CE2E1A6D2B6784DD05EA3BA0D7F798B0840CA1F5B153B634AF03019958EF2F771C166", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281405, "uuid": "cc835c09-316d-4dc8-a280-a658da42aadf", "value": "768:C5iwBr6xr8TelyGSF3KvYObCeyoVyWTeBnbcuyD7UHQRjN:s3BWxXlM3KvP2eZy1nouy8Hyh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698281405, "uuid": "b3e2afac-e1bb-4318-9e2f-298bc579d2eb", "value": 32044, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698281405, "uuid": "b88a0026-136e-453c-9077-3897242aafbc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281405, "uuid": "b419d954-92e2-4a56-a544-22ddf3b48e88", "value": "scorp.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0ff907e-739c-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698282731, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282731, "uuid": "fb32df25-0ba0-4d3a-9ccb-afb0595fe822", "comment": "Malware payload (Mirai)", "value": "0ec6bfe34a1f4f1f8ea78b0484bb23e2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282731, "uuid": "ce011e90-b904-4637-8938-fd87ee7092a7", "comment": "Malware payload (Mirai)", "value": "d0ad250bce9f2c5f4c5917736ba7820cc736d63edbd4aacb0a265abac93354d6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282731, "uuid": "160f0d01-a656-4b34-a236-6801858e56ad", "comment": "Malware payload (Mirai)", "value": "f4f26329ea3540268746e2f81974d6c0ea07c58a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698282731, "uuid": "c5f38bd0-f6c8-463e-8a2c-2c1bb4b4be58", "comment": "Malware payload (Mirai)", "value": "95d58484f8720f3713f7eb6e790f6964a352310c0cedeab0b8d796d5b4c19adee3906317ae92d816570d13c49266f168", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282731, "uuid": "4dab203a-7a14-499d-9a34-0f2e5949ec65", "value": "T194835DC5A8014FBDF9CBD9BE44220E09F921631175931F1B96ABFC937F230659E4AC89", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282731, "uuid": "aedd0984-ee7f-42b0-909e-b64f9d4f415a", "value": "1536:7QTaez8WaIWnuz/EmQDhW5M5DXrF1itTECe/9Rvko4uqJpt8a:7Q7TqW5MtSYvPq7z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698282731, "uuid": "a7d519e5-798f-44c8-a0cf-8b9ba47c65b4", "value": 81264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698282731, "uuid": "adb21cea-c334-4e82-908c-fedeefec0033", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698282731, "uuid": "769b1afd-6d97-413b-a75d-c108f1d2cb24", "value": "0ec6bfe34a1f4f1f8ea78b0484bb23e2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42bded7a-7447-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698355990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355990, "uuid": "ad420395-c548-46fd-8a63-425aed515974", "comment": "Malware payload", "value": "1084a939dc2c4723fd4b273359b2f5fb", "object_relation": "md5", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355990, "uuid": "d6323bbc-a0ae-46e2-929c-cd3efb3314bd", "comment": "Malware payload", "value": "d119d3f69633b6f397061b2040552d901268bd9f358bc65a57a66797d4e88881", "object_relation": "sha256", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355990, "uuid": "bc8de0e0-94ab-4d40-810f-423ccffc07cd", "comment": "Malware payload", "value": "a027ee2994565ee8e0bf6fdd538d016fcbbe87df", "object_relation": "sha1", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355990, "uuid": "aa0c2fb4-bcfe-4eee-831a-b1dd7754095d", "comment": "Malware payload", "value": "28f574e5028f1d5b94c748e162140436e53b737973921dc11c126bc01a681c5aa207a6ebc1d1d24d6ac3a0731de1ee76", "object_relation": "sha3-384", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355990, "uuid": "f924d768-45c6-4d52-9367-3f1ec436913a", "value": "T1DB0633527D87CF39C4228075814F579514B8CD4827DA8EB231B96E0C3A7BA7193FA7CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355990, "uuid": "f7fc86af-d1fb-4520-aa3e-c4bd4ab11825", "value": "98304:6p0ijEKu2CZdD7j5JGzxb5PCRCPD6Z8M5kr3dce77dyY0VVdeLz:IXjne1uzx5CRZZ8ZygdT+Kz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698355990, "uuid": "02cb75c6-5b80-4558-a14f-62fe1c362f97", "value": 4018176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698355990, "uuid": "7dc7ffb0-d25b-4344-b119-2778fc5c51ad", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355990, "uuid": "2e825f9a-4a1b-485b-9dd0-39eb83041235", "value": "ChromeSetup.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a279d805-7449-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698357010, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357010, "uuid": "47f948bc-857e-4cf0-a958-0b5caad4f2e5", "comment": "Malware payload (Mirai)", "value": "b35b5eeb99c22eafd43c2ed700c1c61c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357010, "uuid": "998b5837-17f6-4a95-b234-6de77ce9fdb2", "comment": "Malware payload (Mirai)", "value": "d189b74ef3f7231564d277c0f7fe52b85e5ca57c1d6c0479d76647b7bb366ea5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357010, "uuid": "86b8640b-0d36-46c2-a355-ad7dc1b34238", "comment": "Malware payload (Mirai)", "value": "6359047796eae9eb16ffda2f1e753b999da5036d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357010, "uuid": "62fe3095-dd62-4ae0-984c-bdd69f3bdd4a", "comment": "Malware payload (Mirai)", "value": "78ea6eaef92cddcc6b5380a56c0101da5a74ce14c4bf75296563d289c3edf54bbf1ba8927bfcaf5106d6277bf6756004", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357010, "uuid": "8bbbfcf8-6323-49bc-9195-ecf41afdfe86", "value": "T136439EF2D4796CD0C21C41BC66298E785B63F1049A636EF58B494BA9A01BDECF50D3F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357010, "uuid": "f990e5fb-afa6-495b-93f2-17e028d1ec7e", "value": "1536:1/8ty6VrwFwticmxPEt4OxBiwl190F41Ck:1Utj9wFkmiiwl190Fs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698357010, "uuid": "a8464af7-4ef0-4495-8d70-34659c295df4", "value": 58180, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698357010, "uuid": "0e02907a-c6b9-4050-9e4e-96b587bb445c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357010, "uuid": "65f564e1-80e4-486d-8bf1-d2c29ae7c2d4", "value": "b35b5eeb99c22eafd43c2ed700c1c61c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59f490ce-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698303630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303630, "uuid": "7f2cc0df-97e2-4e74-afef-89dbb4192de2", "comment": "Malware payload (GuLoader)", "value": "6fa16c9cb0cfe32c9c3476dae959a8f2", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303630, "uuid": "432d8bea-3b2b-4095-9950-a47b2fe76ddc", "comment": "Malware payload (GuLoader)", "value": "d2b15b10a73f0fb695a989fc63f792e888e1f1237f36f1eb68ebb9844f13dbd8", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303630, "uuid": "1d7e4fe4-8fb4-4e85-a304-505aa36288b8", "comment": "Malware payload (GuLoader)", "value": "f33d58abbb8cc15660370e6d951989a873cd7a51", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303630, "uuid": "2400b137-67d5-4259-9075-66cdcb2bbc00", "comment": "Malware payload (GuLoader)", "value": "5539b8a93e3319118124361b0c8a73a3996df5aaffe5cad88516bb505c7d36b0d98c660a7c27a1975e7883e6c6abafc6", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303630, "uuid": "43116ff1-04d4-46aa-90a2-78f5afb2b258", "value": "T157335CE1EAA40A1A0C0B23DEFC41498189BD905906375565FFFD13CDB30796CA3BEB1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303630, "uuid": "bd1e3556-b6d7-42b3-a6b3-1029b009c04c", "value": "768:jVPvpNoFiysuD1FLW7AfO+1DibUer6ri40+oA8oF3NENXtCpkLzt6AiFj0:JpxXu3L4AfOYDiDCWUNNStCiqFj0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303630, "uuid": "b1afc191-a607-43c0-ac0a-84f0071570b0", "value": 53662, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303630, "uuid": "5d7f4759-5f15-4f26-ad5b-edca88239466", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303630, "uuid": "5a44bbfd-63d4-4ecd-a453-3d6c40bd625d", "value": "RFQ20231025_Commercial_List_PDF.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad53617c-742d-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698345002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698345002, "uuid": "85fc9855-4f92-405d-92a1-c06cbde9f060", "comment": "Malware payload", "value": "ff1a3683a5ad87f88858e92fbcf1ae57", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698345002, "uuid": "dd21763b-acdd-4276-8a84-556c29960688", "comment": "Malware payload", "value": "d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698345002, "uuid": "a6c14c4e-537f-4009-b0f5-1a8dbf4417e1", "comment": "Malware payload", "value": "ce220486f7d4723406582f8496e8483bcc546beb", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698345002, "uuid": "9c2828be-0a79-4d97-9c95-79df1f1b0c8b", "comment": "Malware payload", "value": "7cf1037dc1ae516e2e33d8a6eabf3d717e3143b6e23e808063d454e990229edee8cf4d0144d111b465e79ae968ba5394", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698345002, "uuid": "992df484-d376-47be-a7c8-c5fa45205dfb", "value": "T142D47D06F243EAF7C4970570124BF7BF4230E6318412DF8AB6889D5AB9379F52A4E356", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698345002, "uuid": "c799fa3b-851f-46e7-b0f7-bbc3d4270aaa", "value": "12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698345002, "uuid": "a81f3048-8dca-4412-b087-81ca502080d9", "value": 625867, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698345002, "uuid": "600ac908-4c35-4309-b34f-aca0f114623f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698345002, "uuid": "4c4640f6-0f34-407a-9292-c9880eabfc17", "value": "1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ecf9982-73d1-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698305276, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305276, "uuid": "79c2872a-8dbe-4430-bf03-b6c861ce0a64", "comment": "Malware payload (AgentTesla)", "value": "fb162f5500ae3564cd03ae1c851cedc7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305276, "uuid": "3cb2b779-1357-4f9a-8ac1-962aad197c2d", "comment": "Malware payload (AgentTesla)", "value": "d30aa0b1400fe6da0c7779263580a4db2338376a873baf7a0ef288b580fe8a3c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305276, "uuid": "c0682804-334a-4c75-8653-6d7a45a571bd", "comment": "Malware payload (AgentTesla)", "value": "c9f86f3754c0bec8a6e2c1f1929aeabd0380f8a6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698305276, "uuid": "043ac14c-275d-459a-a93a-3666a07c3f2e", "comment": "Malware payload (AgentTesla)", "value": "b65b82f6f0df34463c815096788ed322ade6682dfcb48b1779ab0ecda7f48b941849499ecce8da20437f321096c8a6b1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305276, "uuid": "b4659e74-ba72-4dfc-9004-c6ce0b41631b", "value": "T1EB04452CD38B02698F6253769B1B1E4442BDBA3EF74552B2345C533533EEC39A0266BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305276, "uuid": "dec7c583-dc5c-40b0-9b27-e6f820e9a8ef", "value": "768:bwAbZSibMX9gRWjnphN7wiX0BvHcsLQ/GUqR4TK5meviAYs:bwAlRquWsLQ/yFvids", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698305276, "uuid": "8add7e2c-348e-409d-a577-5c8afa797cb6", "value": 183109, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698305276, "uuid": "13e68316-c46a-4dfb-a9cd-a21a7613a639", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698305276, "uuid": "435cf0e6-e65d-4d4d-978a-6f7cf3a4bf12", "value": "00232610PO.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64978028-73de-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698310950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310950, "uuid": "6a534203-364a-4305-baf7-4386ecf1b6c1", "comment": "Malware payload (AgentTesla)", "value": "6fb0ab5e7ebd194ce35f45430b95386e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310950, "uuid": "2b2c3d93-5e66-416c-8d5a-a9919bf5166a", "comment": "Malware payload (AgentTesla)", "value": "d3ef9885b2eea0a7bbd52bdc940e3d3346464abce877011724457626ab852b24", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310950, "uuid": "3396938d-4f8d-4df7-955e-00665b8d0658", "comment": "Malware payload (AgentTesla)", "value": "ceec519fa2898bc03d6e9433c2ffe0f056fc8bd2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698310950, "uuid": "d2160e19-8d18-48b8-a303-b292a066428e", "comment": "Malware payload (AgentTesla)", "value": "ad92c16de5af00b4dd4fe9f3908100f7a77ae629d5854dc06044eecdd5f71e8632add159a1d3912702492c6624a1fc0b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310950, "uuid": "7d4497eb-c9d7-48f9-bb3d-3942c64ca075", "value": "T112D423E70855E8ED806D60B540AED4EF3B43D191A937F1AFB3EA765641F3D98702E600", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310950, "uuid": "dcb0d8ed-e21a-426c-a5a7-63425b0cc254", "value": "12288:r/mdjzLm+VYtqqf4bm4cVj8goXngukZiHYIJYwVGoImBywzsp7AkYoM0g:r+djzC+CtqqwKz18g8gukZiHYIw7mByi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698310950, "uuid": "ed0c358c-c5c2-4750-ac63-8344b33fab8c", "value": 641512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698310950, "uuid": "7350c37e-05d8-4d89-b905-279098020af6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698310950, "uuid": "c7b4a5a6-ee2f-4e62-b532-b631c620b385", "value": "PO CEE INQUIRY20455.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca8c7583-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698311550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311550, "uuid": "71c90ab8-e98e-4a12-9146-dbf917c44507", "comment": "Malware payload (RemcosRAT)", "value": "c813a9e8804b2ef30228904f0a72da27", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311550, "uuid": "1219df2e-578c-4a53-af66-6fa5c82d2d42", "comment": "Malware payload (RemcosRAT)", "value": "d3ff2d6413233eceb1cd5f1953d37a62e4fd3228dc88333d0e12f88ce465fa50", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311550, "uuid": "3daf3774-e9fa-4018-aa68-53a20cfe51c1", "comment": "Malware payload (RemcosRAT)", "value": "ed1cbd51bfdf169c779c4d2e513b9c9f84280091", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311550, "uuid": "0d015280-f8e9-46eb-89f1-67f23ae23ff3", "comment": "Malware payload (RemcosRAT)", "value": "d0cfceb467d3f322069ff7fd879798565db61b9798d78ad8462407e7adf7faed84840dde4f3a8756b7c792451fb16bce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311550, "uuid": "689e566a-7e5b-454d-a4d9-20418bec817f", "value": "T15415234536F81775E6FE2FF6ACB160111BBA73AA2D75D34C1D8940DB15A3B008B21B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311550, "uuid": "5c3e6247-569e-4193-b114-746014a2b893", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311550, "uuid": "4dd16f57-ef36-471e-9e3b-7a54cd24fdc6", "value": "24576:FTvQYzyNylikP9/omIRsbAEHeVL/evf6IKEWpbJ5:dZzSW1+NL/dWA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311550, "uuid": "53ff16ec-8d49-44c4-8405-6b42db872c37", "value": 901120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311550, "uuid": "61d5052f-5564-4804-8e2f-f94b7e0490a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311550, "uuid": "cbc6e0cc-9c9e-4895-8c31-21db53bac99b", "value": "c813a9e8804b2ef30228904f0a72da27.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc2d21f3-741a-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698336920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336920, "uuid": "ae32049a-530b-41f4-b236-9ed27f43061c", "comment": "Malware payload (AgentTesla)", "value": "496d1dabed005785b04ede8ffbe6b936", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336920, "uuid": "0f635a93-a06b-41ab-8a9a-abd8309ef0ed", "comment": "Malware payload (AgentTesla)", "value": "d42262d2326cc247e651fdef4117a54fa072f08e83235d934b926fba77818a48", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336920, "uuid": "eb93e80c-77c2-4d02-9e98-a52b26dfc12d", "comment": "Malware payload (AgentTesla)", "value": "cf2b2f43ad93a1f903fec5d912b5dc655d8e87a1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336920, "uuid": "49215771-0b97-4c81-8273-5a17bf4e02b8", "comment": "Malware payload (AgentTesla)", "value": "fb510f1ec196629d5dc702fdb7f73c5ee4764418965449decd16a213d4281f6fe99b68a908dca2d61e88840dd1376382", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336920, "uuid": "995da5bc-4d2f-4254-9d5d-688dd7e3a936", "value": "T180D42393BEA580C508CE49EE3053F197B8966CC129C125BF9884A377F96E78ED763043", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336920, "uuid": "fc3cc1cc-5a67-4a2e-b5e4-1932f098ec60", "value": "12288:06g+8DOpmiFMKkbW4Zy37zfy/s5FzQSmeAfGgTM+0DeRsdYMQ:0+8DmX4oHfh5SXeAfnI8RsdYMQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698336920, "uuid": "576f785e-d9d2-4797-b64d-69a0ca3bf547", "value": 602854, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698336920, "uuid": "02cb991d-9b8f-4b93-a3ab-319397cc397a", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336920, "uuid": "a7d55332-a773-44f7-93e3-0c82a23bded3", "value": "Outstanding Payment pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52b2c96b-7414-11ee-8907-42010a9c0042", "comment": "Malware payload (DarkGate)", "timestamp": 1698334113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698334113, "uuid": "01e813b8-8eb4-4fb5-ae50-8a28018c179b", "comment": "Malware payload (DarkGate)", "value": "595527dff7c5234f4509cbbfa7047b6a", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698334113, "uuid": "b44ed506-631e-4e00-8c6a-8501ae7968f1", "comment": "Malware payload (DarkGate)", "value": "d4e766f81e567039c44ccca90ef192a7f063c1783224ee4be3e3d7786980e236", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698334113, "uuid": "01dd1c80-371e-4a9c-9191-669f072dc24e", "comment": "Malware payload (DarkGate)", "value": "de4ca2a9726c7963ebe69e7908dd265df5dc81a3", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698334113, "uuid": "f9a33fbd-5b2a-4b17-9c31-5454a222c354", "comment": "Malware payload (DarkGate)", "value": "c21c2f22cf5c69ed8a6df7a3ee2a7c2d27ad50b7b9010a0cc4eead6062a18d579d4b2389c624c1cc1fa7cffcf62d7b8e", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698334113, "uuid": "1dce5eec-6aaa-45de-82f9-ccb86c168b85", "value": "T15496339239D9DB3ED21B107B02B7666016223D360B24F1C727A13A6D54313F29B7B79E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698334113, "uuid": "51871753-9228-475e-8bc8-72609f48cdce", "value": "196608:9kdAirk9zqV8GinTPMoGkd/ROfL0uUmN4in1VAnEVYxVSe3bvPrsn:ydAirAzqVAnTPMgd+0ogHnF3zI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698334113, "uuid": "7a6dd4ce-e78d-4b33-be74-afa77fe47c04", "value": 9031680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698334113, "uuid": "96f6ce67-d56f-4843-9909-08eb61899ecc", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698334113, "uuid": "fcda2554-b75c-4a57-950f-34c8be6207ea", "value": "ac511ed680547876201d832168c80137e7f54afe38f4b588a3a8789f.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a7752ab-73fb-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698323442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323442, "uuid": "020190d5-6e55-4311-b39e-950d212ac73a", "comment": "Malware payload", "value": "7a21c9529b88a43deaf5d2c652c1fc57", "object_relation": "md5", "Tag": [ { "name": "141-98-6-124", "colour": "#B1A02F", "exportable": true, "hide_tag": false }, { "name": "irradia-com-bo", "colour": "#DC5390", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323442, "uuid": "9297c4b6-6db0-41bf-a7dc-119225664e7e", "comment": "Malware payload", "value": "d5558144bcb6eca472ca48ccc467a67a4d7206ec8431ba3db08b719fb123e16c", "object_relation": "sha256", "Tag": [ { "name": "141-98-6-124", "colour": "#B1A02F", "exportable": true, "hide_tag": false }, { "name": "irradia-com-bo", "colour": "#DC5390", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323442, "uuid": "a3a1f89d-fb6f-4097-ace0-3c9d15ea493d", "comment": "Malware payload", "value": "7a7a71fb1114afccddb8f85985ece29da332bea9", "object_relation": "sha1", "Tag": [ { "name": "141-98-6-124", "colour": "#B1A02F", "exportable": true, "hide_tag": false }, { "name": "irradia-com-bo", "colour": "#DC5390", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323442, "uuid": "54f76cc1-24a2-42f9-b575-aec6c122b0cb", "comment": "Malware payload", "value": "44f74051186e55ca2f05757734074fcab24de67ed8c2aa25b5f9a0441244f0091bacc35b19d928562252f71f6fc8a99f", "object_relation": "sha3-384", "Tag": [ { "name": "141-98-6-124", "colour": "#B1A02F", "exportable": true, "hide_tag": false }, { "name": "irradia-com-bo", "colour": "#DC5390", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323442, "uuid": "f2752d2b-e2f7-49c4-b4d3-d5ee7052b523", "value": "T15D04F4543AEF750C72F33F621BDD65EA0FAFB9A2271664AD3144134B4A51E80CE90B72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323442, "uuid": "f3209eff-080e-47a0-bbf1-81cef528495e", "value": "3072:Uf/EEEE4/EEEEO/EEEEq/EEEER/EEEEP/EEEEL/EEEEb/EEEEeZ/EEEEC/EEEEkc:r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698323442, "uuid": "79ad2446-837c-4c75-be9f-b3710397d434", "value": 181918, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698323442, "uuid": "e8a363a3-51c7-44b9-bb72-8f4c0e774917", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323442, "uuid": "73e94c26-2d6b-45de-af67-daae2d5319a2", "value": "Req_for_quote.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74f371bf-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304105, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304105, "uuid": "64c2e7f2-23fa-4717-a710-91fe9e71ff82", "comment": "Malware payload (AgentTesla)", "value": "90aa8a022467a94aeecf99157e8e419d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304105, "uuid": "845bfa81-add8-4f77-817e-539bc028fe52", "comment": "Malware payload (AgentTesla)", "value": "d5b82a28260200679d54ce37404793766ef9b94a93216219351de41755b4bbc1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304105, "uuid": "b9a34cff-e741-4e85-ba35-22020b1ed0fd", "comment": "Malware payload (AgentTesla)", "value": "4f10b7bcb19f7daa4bb9d5accf6b763abb897b44", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304105, "uuid": "65d7e392-480a-495b-8fd7-fabeb755c8c8", "comment": "Malware payload (AgentTesla)", "value": "340e6f3204a5cc0ed2d5ebcaea6d1b496875ce3e6b7ea4c978a431af2a83e49685718e36b1afddb15660c54212ac7d52", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304105, "uuid": "d63053c0-28d6-42d5-be72-b1074d187017", "value": "T155224A2E91EA049CE70DB13BF24E73404B2478A70B5B23733761D21E1A7EAD3270966D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304105, "uuid": "9fe59408-a9cb-4820-b538-c4d855cab7b6", "value": "192:45wM1iRPOV8vdQjmXFH8JZUYvuSyXHZlLTYu+fEOQP/0Sq:45wM1iQ8qmXF8ZruTXHZqu+ZqMf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304105, "uuid": "67c14894-5e84-4e04-b9fa-1d5a3f71ca53", "value": 10173, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304105, "uuid": "a43fc3fc-c24a-4fd6-87f8-d77afc83b1df", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304105, "uuid": "e520e2be-06c9-4f15-be7a-69bda474b712", "value": "NEW ORDER 41006.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5f25e06-739e-11ee-8907-42010a9c0042", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1698283572, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698283572, "uuid": "b5907f00-ff22-4e4a-a296-aa3b35ca141e", "comment": "Malware payload (AveMariaRAT)", "value": "9ed41f5754b23861745dba1de5c6cae6", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698283572, "uuid": "927bd246-3df4-4996-909e-9aadaf0153c7", "comment": "Malware payload (AveMariaRAT)", "value": "d5d458f4a27cf9399d10cbaeefa0dfe9281642a75449b328b940a4256dd95951", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698283572, "uuid": "bc5f7c8f-2378-4a05-87cf-22d776c1f4f0", "comment": "Malware payload (AveMariaRAT)", "value": "77e4c48f955f960c85697f1924f3c1e8d6ce8065", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698283572, "uuid": "3bcec3c5-0e57-4c30-91fb-25424052569d", "comment": "Malware payload (AveMariaRAT)", "value": "546e8004379230f8416149ec2d12c23f76edbc6a4449ad93027d529107b37723eacd4f1deef51201ae3087172086094e", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698283572, "uuid": "1f1029fc-5ce8-4fa6-a2fb-2a9e285d240f", "value": "T1DDD56B07BA4B8BB9C149D737C6DB061403A5C7A17723DA0A798F236A18437BB5F49327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698283572, "uuid": "47278b8b-f0d9-4517-892b-68f774d4dc6e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698283572, "uuid": "1fe2e0ee-3eb9-47d1-9a30-9d0603d0fb86", "value": "49152:amjvh1l51HEWai16QCdmLtg48wra83dkc0aW3k:tj/lfEELiwHdm0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698283572, "uuid": "83283dae-6eb9-4520-ab52-269eef5ba1c5", "value": 2862080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698283572, "uuid": "2f9dffbd-372c-44ae-86d0-6bfbdc12e5c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698283572, "uuid": "2805b314-b842-4768-8cc5-64ecc2903246", "value": "BL and Packing List.scr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19e568ff-73e5-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698313831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313831, "uuid": "06196830-91f4-492f-b5de-f4cbd44730cc", "comment": "Malware payload (RecordBreaker)", "value": "e8489e398092853a3ed71670b3859b65", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313831, "uuid": "aeb9f353-e34f-40e7-924e-ce7e45a743f8", "comment": "Malware payload (RecordBreaker)", "value": "d664c33b62c124ce866cf0a91c38dbe9ea667a4042bd849b6d7fce142c92b280", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313831, "uuid": "e9c02290-fb8a-452f-89b5-b40cde7fe890", "comment": "Malware payload (RecordBreaker)", "value": "96673eabd675dfb4548398d40c443fb7b819e371", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698313831, "uuid": "0e75390d-aa4e-4308-b95e-cee253416408", "comment": "Malware payload (RecordBreaker)", "value": "717b7b7b9adab8d8a76001dc8f3b002bee9e412fc12b89834456c4f7f8e118ba74b0cd3759af28e5f1f0c904b5d3a683", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313831, "uuid": "29696170-144a-449e-b0cd-065fcd7ea11a", "value": "T141449E00B5D2C472D47211330AA4DBB65A7DB9200BA599FF67D41FBECF702C19A31A7A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313831, "uuid": "a09fedc9-8465-4a8c-bba8-46e3e5640621", "value": "1134c477873f65e93095a249b0d63bdc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313831, "uuid": "ed4f7790-0ada-406c-9923-a524df228782", "value": "3072:LGYTMAZBEcUwB4qaX5ZStFMvv/hLCzdUBOgpM2ivvFPDt8lyww5eAg0Fuj/sHQWm:LG2r/NOS/MX/hLCJ4OgkFPhEAOYwWMQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698313831, "uuid": "9712c345-fc8d-4f6d-8390-cb65df7a91e1", "value": 268288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698313831, "uuid": "c9a25ce8-20d8-4c4c-b9e5-b896c4a8847d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698313831, "uuid": "6759c5eb-898d-4e5e-8791-c99bf756f6d9", "value": "E8489E398092853A3ED71670B3859B65.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7685a579-743a-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698350494, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698350494, "uuid": "3a28a42b-92e9-4d7e-8c03-8f0e33a7e5a9", "comment": "Malware payload", "value": "1a417226fc197eee0041bdf9a163e2d0", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698350494, "uuid": "a0838742-4831-4064-bb12-71cb13fb3f98", "comment": "Malware payload", "value": "d717f750ba071576c9643d923297b4436ec9368c5c454bf513619cc72ff70a3a", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698350494, "uuid": "d1056c75-3b0c-42e4-beba-2f7afe2fb003", "comment": "Malware payload", "value": "0071e4ae0587b0dc4c8ed8c4854f450e82318cda", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698350494, "uuid": "5ad3e202-7d4f-4fb6-9423-0c769c1531b7", "comment": "Malware payload", "value": "f0263e27f706500416657459cb0a91ce87dbb9ac30af55ca0f42da5e96f182ee7ed1c9680f6c17e132de7053ba2da144", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698350494, "uuid": "fe56132f-88d0-490d-a72f-cb277b93106d", "value": "T1A293D01E7299DC45D043987ECCCCD0CB22157C71DE859A0F3580771F0A7AA939BABA5E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698350494, "uuid": "4a32b778-5278-4347-9ef0-8d84970cab44", "value": "1536:uPP5RI4189IMpQDSv1Njj9uI8z6becf8aDb0NczO6V4EMPPnbHN:eTIqvQHEI8zOe6V2wy/PZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698350494, "uuid": "0ac2c1e2-f3c8-437c-8f2a-3540214811fd", "value": 94208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698350494, "uuid": "5745baeb-3b54-4b1f-8bab-e6bd56f166c2", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698350494, "uuid": "354ef1f1-c82f-4ddc-acd6-c53b9500b562", "value": "RFQ36901309.xla", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2770491e-73a3-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698285507, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285507, "uuid": "acc50000-dbce-4ca8-9db4-f879f2baec7a", "comment": "Malware payload (Mirai)", "value": "f0dd52867929cd3cf7c1ee997ff47277", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285507, "uuid": "65ac15c4-27ab-40e9-8623-2c59e59fedf2", "comment": "Malware payload (Mirai)", "value": "d72f90f59f8f431bceb2a7438fefdb17c511ee9f7f3b0b029c77ed7fa5bde577", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285507, "uuid": "a0309dd7-9735-4a89-a1b9-951d89d6920a", "comment": "Malware payload (Mirai)", "value": "d7b49fdd8e07a5df5219aec1d5519e8a9157e4dc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285507, "uuid": "fd1418cb-9a01-40c1-81c1-549e82200f26", "comment": "Malware payload (Mirai)", "value": "a153b048b973bbf1c07f8e1963b0b140bacc4286303843aeaec4b39dc03741bb309b3255c882e36c45f2bc95853f4a8a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285507, "uuid": "6f182023-8a0e-4d6f-974f-2f1bd655858f", "value": "T1FD53E682BC51A629C7C04777EE6F509E3311BBDDD0DA3742DC150BA47A8AD0E0D67B8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285507, "uuid": "beef8bbe-96c1-42f8-adbb-01815f7a4c22", "value": "1536:pwY/76zkSfcbSDT0y/vzfvRB8t46SvOT2S:qdFfJnT84FvC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698285507, "uuid": "8f678d5c-56b3-490e-b592-5b37d9aad649", "value": 61204, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698285507, "uuid": "ca952812-0ce1-4c46-9475-6e8f0da73330", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285507, "uuid": "ab2064e5-ce60-4ad3-bd90-270e6f4bf025", "value": "f0dd52867929cd3cf7c1ee997ff47277", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a09976fe-73f9-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698322647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322647, "uuid": "931fe28a-07ae-444f-8717-5a196fd02ad1", "comment": "Malware payload (AgentTesla)", "value": "3a928c536db0446264a4230f558ce1f4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322647, "uuid": "51f5c6e0-fd97-4590-ae98-0d7a5005feb8", "comment": "Malware payload (AgentTesla)", "value": "d9c4218b65cfc6623714bfb0c253dbc00b5fbd539ef8c23d9619b9513933e83c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322647, "uuid": "6d225b2d-aa6f-4b19-bed4-22026007be13", "comment": "Malware payload (AgentTesla)", "value": "b7a48e0727a9b5cfc7fc8459575f3a78d6b0a45e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322647, "uuid": "c6714943-1ef2-4ef5-9fc3-0054ba4a554f", "comment": "Malware payload (AgentTesla)", "value": "31ea8c3fbc691d4a6b279c40214755b4e30d05ab64875e5c1e226dcb35ed528012d712d2ae49f28fa096f8a06bda9465", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322647, "uuid": "9e33b125-9010-4243-813e-8da42377cfe0", "value": "T103A423CE5A1ABF7ED48331B7C2BC9C90076C93F66947EA8B5D0A70866D6035D3843AD4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322647, "uuid": "91f207ec-7e11-4dc7-b27f-db946b9030d3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322647, "uuid": "ce316b55-6686-4c6a-afcb-0d95f504cbf4", "value": "12288:EEy/a2ITD1rX4Rvac6jwYpF3XREYgYrOiqo/:PmPI31z4RicdYb3XRfJn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322647, "uuid": "7c646ad5-9a1a-4893-9483-8f643daf35ae", "value": 456704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322647, "uuid": "b692e531-d707-4b35-a8c0-16cf08fb3d5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322647, "uuid": "d2629922-e4cf-40cc-b534-6e5bce602fb7", "value": "FIYAT TEKLIF YATA\u011eAN TERM\u0130K TEKL\u0130F NS21-42471-100KLM.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2a1fb88-740e-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698331804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331804, "uuid": "f3bbb673-0f20-4812-b84f-1f457ceea6fc", "comment": "Malware payload (Mirai)", "value": "3082a8f2f973a2836da112de5a324a24", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331804, "uuid": "672ce3cf-98e8-4e72-ad78-439ca32a65ba", "comment": "Malware payload (Mirai)", "value": "da3e88e23ae7a0bc93d3296413483ad1d2e9f0ecae16a38bc8b8090343464544", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331804, "uuid": "2ccae1d9-e0a1-469d-80aa-982514bc9b04", "comment": "Malware payload (Mirai)", "value": "6228f08f35f5ade476944d8e9140432fc66be9ec", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698331804, "uuid": "3cee711c-9cc7-42e9-8a62-4b5596e3767c", "comment": "Malware payload (Mirai)", "value": "97ae71f09e08b86974339b36f6242e197082367fb8d7f0a4927191c7dd5113277039fb9047322828c981b093a73bd674", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698331804, "uuid": "1d5dfa83-a285-4c35-b557-895fa2d10ac9", "value": "T1E1130856BCD29B6AC6D063BABA6E418D3321A3E8D1DF3217CC142B057BCA51F0D67B41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698331804, "uuid": "7956ef24-0096-4151-83bc-58247affc880", "value": "768:b00+1zmOqamw+SBBpvdeawmp1yvbifaDU/P9aVLhrKK65UL45GapvuNRyLpPN+:bkmeN+SXmbifaDUn9aph+UOZe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698331804, "uuid": "677a68b9-d76d-4af8-b863-e5dbd5a20c49", "value": 42696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698331804, "uuid": "3820ca23-0d4e-42fc-ad48-d6af5a98dbfb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698331804, "uuid": "a77c7305-88c8-433e-946d-b40a4fc1fe57", "value": "Josho.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f6ebc23-73f2-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698319531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319531, "uuid": "1c6c4d35-136b-43f2-94e3-61f6b16f5ea6", "comment": "Malware payload (RecordBreaker)", "value": "df290e1e9fca076b36c345b15d552fca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319531, "uuid": "51eb14d1-4f8f-49df-a2cb-db83f0a5a4e4", "comment": "Malware payload (RecordBreaker)", "value": "da4257922987636a6111cc74494c147586f970050a8f757dfc41057b555c9113", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319531, "uuid": "7bb123c7-276b-46f6-bed4-c1df69a569e9", "comment": "Malware payload (RecordBreaker)", "value": "ffc595eb0d30febb4acb029fb9919438d63afe04", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698319531, "uuid": "203a06af-6573-4f34-9613-64345f6e4834", "comment": "Malware payload (RecordBreaker)", "value": "52fac49d3cd74a44a5fab8ba78d172260c1ba43795275749b18dcfdb57e234317569ceed3932c31a51baf4c3914efd1e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319531, "uuid": "04422546-a803-494c-8215-98e85ed1a68d", "value": "T11E752302D6E84877D9F9573064FD05931F2AFDB18EA0479F13E2989A04A2BC1757337A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319531, "uuid": "25c5a97f-6713-418d-b7af-5e70ac488b92", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319531, "uuid": "915d611f-7341-4acd-87d8-59fa5e2a274f", "value": "24576:hyW8IoxAwxXDa67gTwx77HaYeb2p5n9+DI/GGlsE9G7O28w78RUgk+BIOoWH5:UW8Je6WwdHa6p5nYDI/SGJw7T+BoW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698319531, "uuid": "5d3b5096-13b6-41cf-a8b8-73a90c485017", "value": 1627648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698319531, "uuid": "1101480e-f87f-4ea1-a8ad-3d5f0021f131", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698319531, "uuid": "e87d139d-9f11-4b25-9fb4-0aa5de182b90", "value": "df290e1e9fca076b36c345b15d552fca.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecd4deec-7424-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698341243, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341243, "uuid": "e5e7bcda-1c94-43cd-b570-2a6369200798", "comment": "Malware payload (Formbook)", "value": "59db7e40040a0a9029e62863536fd6e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341243, "uuid": "9c1cbfb2-4014-491f-87f1-dc941cac5b31", "comment": "Malware payload (Formbook)", "value": "da92f3184a36b6b1be15d1e93be7c31d173769241d1f3dd98bcfc22796fd9e69", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341243, "uuid": "889c82be-9d31-4d79-9960-031e28605635", "comment": "Malware payload (Formbook)", "value": "8174977f8a44520e62dd42336ddeda5507732f92", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341243, "uuid": "23f6bdd8-05b0-4f19-9b11-1f4a0dfa0c1f", "comment": "Malware payload (Formbook)", "value": "2fdd0a05b766f2517ba7200befbf76589c8ab7818114eec3987c3fff9a7c24777e2bdbba36960f5eace4c4179b564349", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341243, "uuid": "60fe0436-58e5-477b-948e-a2f5a84dee03", "value": "T179757323BB4689A1C14927BBC5DB04244B66CFA56313D60A397F336516333B7AE4D32B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341243, "uuid": "46e3ebe1-f51f-4067-9507-0ce8c76fb38c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341243, "uuid": "911d41b8-b717-42fe-b612-092acc3dfea0", "value": "24576:d0KZj/MUXySGr4ia02biOo+UPpevsV+QN:d5/eq4R9V+QN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698341243, "uuid": "a00484ae-731e-4be6-91ba-3d7629e3757c", "value": 1594880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698341243, "uuid": "181d8a81-4cd1-4019-8629-e18bc5a44d38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341243, "uuid": "8c910bc4-f90c-4961-86de-c8afa18ac0d1", "value": "ZGM113N-II.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b68b444-7399-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698281406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281406, "uuid": "40a5c8f2-726f-4780-8fde-7561f2d9fa5e", "comment": "Malware payload (Mirai)", "value": "e6813b07de9e32624047a789dd14a3e0", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281406, "uuid": "4cde273f-8e6a-4157-839f-168cbd45278f", "comment": "Malware payload (Mirai)", "value": "dc011f2f4282a297b6152bae533c8019139337cb6f3e61ef91ef059a6bff5854", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281406, "uuid": "e2872e19-1398-49b1-86a0-6829d6649a49", "comment": "Malware payload (Mirai)", "value": "f38d2a5360c4062cb35d947bad8cb9361f559070", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698281406, "uuid": "e95358bb-4829-4d28-899a-4cb1eb88585d", "comment": "Malware payload (Mirai)", "value": "1dd99bd5245e64f12145e22a7eda162cd5aed83d6820d57b60fec72185a3e2cb00091e911ff2ee5de3031b5c8dd488af", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281406, "uuid": "7defb1fe-6d30-4c4d-9ad0-e3abf8f69cd4", "value": "T143E2E17B57091A52D6205C35FE9E5E83624B5BF8C0FAE07432090564D5CB98F2ABFAC3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281406, "uuid": "26a13f8d-539c-40fc-95ea-92202e8d5d56", "value": "768:fIyefPJ1XaM2CbIA+JCa6BKcLWPsTvHcFs3UozKD:fpEWCb7gsK6dTHz0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698281406, "uuid": "8135a92f-bfe8-4922-b3ff-e315e100e87b", "value": 32384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698281406, "uuid": "d6325a5a-ca0e-4012-b1f1-5e1eadc8b460", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698281406, "uuid": "1dd29c47-a555-4bfe-91c0-08888f6b3581", "value": "scorp.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "449a8c53-7400-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698325499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325499, "uuid": "134d7456-2d8e-4dee-84f4-e557d48f6d22", "comment": "Malware payload", "value": "4b29f2dd6fa84308db523f66b556299b", "object_relation": "md5", "Tag": [ { "name": "dfsa", "colour": "#E3DB1C", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325499, "uuid": "0627b026-1786-4f6d-aaf0-d07fa6f7e305", "comment": "Malware payload", "value": "dc0a6b808c3210728d03b77170ce0093d1855a2f92b3920d6416bf7778c9f310", "object_relation": "sha256", "Tag": [ { "name": "dfsa", "colour": "#E3DB1C", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325499, "uuid": "cea9dfff-63ff-4df7-b371-dba1122ae490", "comment": "Malware payload", "value": "2fb3b719ab335ac17ed37aa5d6399035b3c2bc9d", "object_relation": "sha1", "Tag": [ { "name": "dfsa", "colour": "#E3DB1C", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325499, "uuid": "8a496aca-9623-4d78-ab78-7d6e2cc09fb0", "comment": "Malware payload", "value": "2d9afc3a724359cd5f5d307398e711ac3d1c648e856673e6c5cab5bc0cba5194a0a5e2bb21307b08eeb99ffe5c19ce41", "object_relation": "sha3-384", "Tag": [ { "name": "dfsa", "colour": "#E3DB1C", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325499, "uuid": "6e977aeb-a487-4948-821e-1e668f5d2762", "value": "T1F054E13438B9C523DC7284738ED5CB93B235FC5A7E968727B282772E5A77D60548222C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325499, "uuid": "cb41b4a4-ce21-4682-bf1e-0f6eed8c5803", "value": "6144:nEkVlixWoE2ORXu06t27Ho1MTcPK3Gip4F82hE7:EkO/yI208E8Gi7M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698325499, "uuid": "8572fff6-124b-4ebc-84f8-bddfdef039da", "value": 303104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698325499, "uuid": "0b296e91-eae1-494c-b681-b361c32cef0a", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325499, "uuid": "116625d5-627b-4580-8902-5ce2a0c3699a", "value": "Invest.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e952676-73aa-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698288660, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288660, "uuid": "919907a4-a00f-4160-9a99-c07864b9c8bc", "comment": "Malware payload (RecordBreaker)", "value": "9ed90084075a175cf9ec50097360d5fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288660, "uuid": "e8928e36-5db5-4e7e-ac64-2b93f4a02d02", "comment": "Malware payload (RecordBreaker)", "value": "dcb1e2d3d9568e8da59d7abfc683970b31773b50be050cb0a1c8f028f9077704", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288660, "uuid": "a8b3e9d3-ac2f-4560-8261-1782a8b21719", "comment": "Malware payload (RecordBreaker)", "value": "bfd731226bb06c9306c427b19b73bf2f2a6b3e64", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288660, "uuid": "83158174-58f8-44a9-bb36-aac19b8c27ab", "comment": "Malware payload (RecordBreaker)", "value": "6472924e944676e5b98a96b8efe2f8065f6cf5d8aa55531cfa1c6724bbbe26f8e6c8139292ccb72ab282c600d0482fb7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288660, "uuid": "4244e740-b5b2-442e-9aa8-df0fd8d23f86", "value": "T1F475338276D94C77D4B523B09CB612831B35FC61CF3823661F5CA88D2D7258A6A36377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288660, "uuid": "b3f6425f-4a78-4c62-91aa-6a31fc74792b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288660, "uuid": "42551d8c-565e-4550-ac91-68336e88877f", "value": "49152:5+HZVuC3q5T08+7SWjS5BXRTPjlbsH2tssHvHl4hv:I5VZf8+7SrNPmHQssH9K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698288660, "uuid": "8a23d575-e249-43c0-9d03-853792298f6d", "value": 1654784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698288660, "uuid": "74f9edf0-3dea-40d3-9eb8-123f7563b433", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288660, "uuid": "77823a2a-594a-4aed-afec-0dafcc2a644a", "value": "9ed90084075a175cf9ec50097360d5fc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d123514-7400-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698325513, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325513, "uuid": "69fa353e-67f2-48dc-b074-f9ccdd203feb", "comment": "Malware payload (Formbook)", "value": "7d399eec5f6ce2a9268522ef47581b09", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325513, "uuid": "8f3de926-339d-4ea1-b491-0927dd5e1f44", "comment": "Malware payload (Formbook)", "value": "dd072a22fcaf2b435d425335f108ddd6e5f6017293d81cf0835df77e77b60d87", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325513, "uuid": "21c6063b-4db6-4d3b-af65-7f9a502d77dc", "comment": "Malware payload (Formbook)", "value": "d84b8e634ae4e69bd9de946c8df4f60b0112463a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698325513, "uuid": "7b313ee2-7112-45ef-866d-6100a958fe7e", "comment": "Malware payload (Formbook)", "value": "7b6dd2769d52e8de6671ee79dea7821417f250acdc50b3f8d36893216d4e35d180dc9f77272bc1a1667be93a7ebed562", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325513, "uuid": "d5329b56-1ab8-4dae-b03a-5a46e6b3f647", "value": "T188D4126422BC6722F2FA57FD68F131805B76B7267976D28C1DC818EB0623B41CB60B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325513, "uuid": "85fbe1a3-c9a3-4783-ae8d-8400b3e67339", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325513, "uuid": "11ee258d-4af1-430d-888b-44f66577e443", "value": "12288:NGC1zjzNX9FasBd+hEEpRTQxCIfQGSo/f8H5zeYvfe:g89Fasv0EEc1fzSkkZz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698325513, "uuid": "b42fe8f7-ba45-4719-ae6b-888018442cce", "value": 631808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698325513, "uuid": "221cbf76-02fd-4895-93e5-09589efeec71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698325513, "uuid": "c4d09cae-8be1-4c3f-94a0-763887f47209", "value": "MRR SURCHARGE.PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62998b79-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698311376, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311376, "uuid": "1de5a02d-9ad4-4b83-b6d0-ece47c13b34c", "comment": "Malware payload (Mirai)", "value": "ff64f5f5e803d347748af00b1efd4608", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311376, "uuid": "ee1f5ed5-9139-4049-93e5-f2ba6beb3db5", "comment": "Malware payload (Mirai)", "value": "dd0983102c0f04fc2940a39bf52401e77b4f720275e60baca7f63be43535dc0f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311376, "uuid": "c5c85375-5afa-4adc-a0f4-473aae63bc7d", "comment": "Malware payload (Mirai)", "value": "5b264f6cdaf9cd4fb53694fdcc32567a1ea7466b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311376, "uuid": "67f4920c-f0af-4ce9-b34a-ec04ef715c5d", "comment": "Malware payload (Mirai)", "value": "abb747b14381a9e8442e55e808e7cee112308d9a7192f99473da3dac4898fe3e82e804a927688b39c31cee8b0a583610", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311376, "uuid": "ff1578bb-6947-49d0-8f84-bd6ade3cd37c", "value": "T1B0434A02B31C0E47C0A31A70263F5BD097BEE9D022E4F689352E979A9671E375586FCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311376, "uuid": "451f9d3e-9261-4411-87e0-dd423277c109", "value": "768:EbpJYxjEJf68CRZGRloQUEqde3DOkdUFV96mCq2Rj5GMIgglGcFRxtafS+wnLIa:q/mqzqKDJ296+2qMIgg4AxgfGnL1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311376, "uuid": "b46fb148-740c-4c02-aee7-06f97201974a", "value": 55160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311376, "uuid": "176037b2-2812-4d5e-ac40-066e10fc0ace", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311376, "uuid": "f143ca57-e579-4c1c-87af-fb6f0fa6c483", "value": "ff64f5f5e803d347748af00b1efd4608", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0686a9f-73bb-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698296125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296125, "uuid": "de63242d-3e89-444d-b956-3288c00bae2c", "comment": "Malware payload (RecordBreaker)", "value": "f18ba69a6667aed5b2dec3d10bad4df3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296125, "uuid": "39efeeed-b5ea-4a27-acb7-6d7254179a40", "comment": "Malware payload (RecordBreaker)", "value": "ddd28705ca3f0e57fd5fdd4e4d96da43e718130114b0a64a142161a18e447a4d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296125, "uuid": "e7d53b47-f400-4241-9f23-bdb8d5d4dba2", "comment": "Malware payload (RecordBreaker)", "value": "49c1caa62fe4f217fbc2e5ed45ff141669e30db5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296125, "uuid": "9680842b-467f-4e6f-a3d7-a438f2e7c53e", "comment": "Malware payload (RecordBreaker)", "value": "2745657b94569a429e9a8a4fe5e0049df62365c4b4a35aafabeca4e5d2f53b337e8e3ef0206a82f8a3998ffe5e2a3821", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296125, "uuid": "db7744a7-88d5-4142-91b0-1934fbaa20e7", "value": "T1BE157C2179809176EDF320B783ECBA3586ADE4B0072915DF16DC5BEED7646C13B32682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296125, "uuid": "13bac4e5-94ef-4e4f-9714-49367805dba3", "value": "0827946c9a1e10fe2b73e3062ee67b37", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296125, "uuid": "7d0795e4-e1ff-4213-bc00-7eb285e2d1af", "value": "12288:fgGsoZW829AM9cpSOkCmmIvU4oEEICB4SFfCp1uZfrk6rOsFUx4xKqYrxR:fg1829AocpSOkb3oP9xSMOQUxnq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698296125, "uuid": "bf2e2c23-b334-41bc-8533-a92b0740bad7", "value": 935936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698296125, "uuid": "85821ef4-5c31-4333-9e82-3cdc32dc9e10", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296125, "uuid": "adbcead1-51c5-4032-b606-006f7d2063a9", "value": "f18ba69a6667aed5b2dec3d10bad4df3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3305236f-7419-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698336207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336207, "uuid": "b525aada-485b-41dd-9911-4a0c33cf3b3e", "comment": "Malware payload (AgentTesla)", "value": "8020cd3fdae705513a0c84fecb09c077", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336207, "uuid": "97cd3567-9e9b-49d7-9917-3dbafd349a84", "comment": "Malware payload (AgentTesla)", "value": "de907b39552d170628b0e8f7abfaf1ec26aef2432debccd1bbb4b933628f139e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336207, "uuid": "e58a7cef-f5cb-4510-97bf-3412faa56f0f", "comment": "Malware payload (AgentTesla)", "value": "21749339767a51fc2e3f6732a819f6e0b360c58a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698336207, "uuid": "b3f05a62-630e-4717-adf3-045efad30f2e", "comment": "Malware payload (AgentTesla)", "value": "847646fb98632aa94901581639cc36bceeb818b39cc2d71eb4a06ff092cdebed7770a3210690363f4b8daf0d0ad9ab0b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336207, "uuid": "2d8d5e72-df10-4fb9-b68b-5c9a1ce977d0", "value": "T1E8D4120577B55B22F2BD5FF9A8B210204B767A1B6EB0D38C0DDA14DF1AA3B54C250B1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336207, "uuid": "2a3048e7-e1af-4d98-a1a7-f4718a1e59c6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336207, "uuid": "71e22108-ef85-4f3b-a5dc-7f60da7d9972", "value": "12288:NGCGNmDGw4QVJLy5wbj3xZLXgOcee5yoF11AH0bB7loUpUtwyjEHkjm6zs3tDBJM:g1Rw4gJLy5/V5r5BisHkj5A9Dj6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698336207, "uuid": "2f8ae564-fcb3-417c-abe7-457b2d851eee", "value": 644096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698336207, "uuid": "94926f1c-960f-4a9a-afb3-a6f2208a190e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698336207, "uuid": "00a2b3b7-527b-4582-bdf6-4aeb90c04fd8", "value": "Outstanding Payment pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a864cee-73fc-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698323898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323898, "uuid": "0eb0314a-531c-457c-a5f3-e8836deb9238", "comment": "Malware payload", "value": "7d0917235aca5ecf7b224a067b77d005", "object_relation": "md5", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323898, "uuid": "cd32f9e5-10ed-4756-b2ac-75f15ddf4d6a", "comment": "Malware payload", "value": "de992171d48b00b25bcb45727492b136d05894b777ee7b66001cff720dad3932", "object_relation": "sha256", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323898, "uuid": "e496f3f7-d030-4627-8e90-7a7e029fe39c", "comment": "Malware payload", "value": "107694b5870f00a8e55e86caa4eed1138b5455ab", "object_relation": "sha1", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698323898, "uuid": "822722b4-623e-46ec-94ef-63a28f2bee83", "comment": "Malware payload", "value": "845e6baea70f952976d09af32a4b4dd0a09ee1d0b009ac90f27d2fa5563aa3a38e2e9e0613820f37db21c3905960bffc", "object_relation": "sha3-384", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323898, "uuid": "26bfc984-f908-4d27-aae7-a8d5397a5ef2", "value": "T1FAC3121BB489AC0BE6F2469A6B33E7AA4C3FFD1F87B53E9532BD34035015181CB58295", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323898, "uuid": "9f06f516-b489-4ec6-ab43-0659be9577d7", "value": "3072:UZBdJhOs/ZwxeTKvSrLSpxySxaf7xaez7pau:UZBdJcshbKK4ySg7xxzVau", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698323898, "uuid": "17c2334c-f048-4487-bcd8-173831181e6a", "value": 120398, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698323898, "uuid": "8e9db7ed-02ba-4a13-b708-b2aa9559f195", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698323898, "uuid": "5a36896f-3b75-40af-b626-0fb9769902fa", "value": "RFQ# 6200046003.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8b6d88f-7394-11ee-8907-42010a9c0042", "comment": "Malware payload (Stealc)", "timestamp": 1698279362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698279362, "uuid": "bdcc2470-285e-4151-9b00-9f7507e91e1f", "comment": "Malware payload (Stealc)", "value": "a29fa4f2fb734a78521f95b580a3e98f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698279362, "uuid": "25b514ce-bdda-4ac6-b1ce-84a64d1c86a2", "comment": "Malware payload (Stealc)", "value": "df95ada3bd31ef0ca06d6ccd268784ed2433383cc65faab01e7f48c9a8cd1643", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698279362, "uuid": "75689ea1-b2ce-41ab-bdfb-1d40bddcfcec", "comment": "Malware payload (Stealc)", "value": "93ac705ad8d2f701417f2bf40daebdd0d31969cd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698279362, "uuid": "a046f072-0614-4de2-b7bc-2455860906f2", "comment": "Malware payload (Stealc)", "value": "0b48055b8530f9c462077df6f0f34a8ed309fee306a1d2ae7f40e6649672de0c299e4409a43943da837ea422dc2e58e1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698279362, "uuid": "709fa0ab-de20-4858-989d-b5e426d58420", "value": "T17075230666E160A1EDB9277004F703935A3B38E79E694B671B448D2B0CB37E498357BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698279362, "uuid": "30d97422-8c6c-4e3c-ac45-c4881b8e88dc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698279362, "uuid": "ea16ff76-3aed-4cf8-a914-e0b3df69781f", "value": "49152:c2Dja29Ga1qE7jjhWSvPAlgu7uXNAqTn:BHLX1/jj4/20uX1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698279362, "uuid": "8e8a2804-d133-4aa7-8fbd-ac17f397511a", "value": 1584640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698279362, "uuid": "c368be63-f23d-4a89-b5f2-b4ca5bd79e80", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698279362, "uuid": "c954ede3-f84a-41fd-aa07-b6820b144746", "value": "a29fa4f2fb734a78521f95b580a3e98f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9065d7f4-7449-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698356979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356979, "uuid": "1ff6d326-f12f-4928-9f7f-18806d18b98a", "comment": "Malware payload (Mirai)", "value": "684f584a581b2acba64cdf28c575612a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356979, "uuid": "10aafe45-e3ce-48e7-8358-60c6728b3ac6", "comment": "Malware payload (Mirai)", "value": "dfe17f94b71c85ed64ce55549757fd571b483356a70c495a2b389b5413f48621", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356979, "uuid": "6d562b12-8429-4dab-85fc-dc2fa00a24be", "comment": "Malware payload (Mirai)", "value": "1fddec86dde573e1da70fe11ddfeb06ad9d2bc66", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356979, "uuid": "914e65ca-f640-423c-91e7-361ce6393057", "comment": "Malware payload (Mirai)", "value": "7d923198bcf75cf21b8bfcc99a864afcfa870263299072f941716a58d3fb2fda71ef45527191ce4aa8cb64d40023846e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356979, "uuid": "91b1a796-fb1f-4783-af2d-240fe4f472ee", "value": "T1A0D2E0C02FFD766EDF157F3284AEC974096012AA54B71149E1AC284F5EF22BA0BFD584", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356979, "uuid": "b9a3fc3f-9b8a-4a0e-95bf-e56622dee914", "value": "768:3F37Ae3zlZv5VP96Y3NdmE2k7Ig1to2ui:CQz7vPPULkEg1to2n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356979, "uuid": "b287005f-c8c2-446f-91c0-ef8c91e6c977", "value": 30072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356979, "uuid": "e4fc74e9-b7a2-4f3f-b552-ba9d4bcb7ed2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356979, "uuid": "0993e88b-eb0e-4e8d-a216-7290929b8b22", "value": "684f584a581b2acba64cdf28c575612a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f22e08b-73c9-11ee-8907-42010a9c0042", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1698301841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301841, "uuid": "3f527621-38a3-48cd-8243-f0eb822bc8d6", "comment": "Malware payload (AveMariaRAT)", "value": "3ead87085267079da10bbc25398292aa", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301841, "uuid": "458192b4-d257-4f78-a0ce-5116faa442bd", "comment": "Malware payload (AveMariaRAT)", "value": "e0a2d0622a0e1d24bdbc5d3ce388cf2a9b1551c78c8fde2d444c7e7f711854d8", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301841, "uuid": "ea3c09e6-6090-435f-a1fe-f6a025d512c5", "comment": "Malware payload (AveMariaRAT)", "value": "18c527f9055aa07796b1a8b64d5663806439bae5", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698301841, "uuid": "34d6892a-f590-4b43-8c4a-c681d96b715a", "comment": "Malware payload (AveMariaRAT)", "value": "f373bf7bd2096e1606fca359f181b5678410693dd9d9153703565b2853d48d66e523141476e2051a004633ba7b816487", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301841, "uuid": "210a3517-0e87-43d3-8f74-6282e51f0496", "value": "T1CF155B6063D9A701CD0E9975B268391AA3F0E41BD697B76B9AC8BFE13C53F709C40163", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301841, "uuid": "40f0b109-e8bc-47c9-ac5d-e82c189f9905", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301841, "uuid": "568c45e3-82c6-477c-9d24-feff9a17f00e", "value": "12288:tzvzFwcl6Ys8ODCzKsGCSenqIRN/wOs8WLXQ76XcNmxOTUisULOAZxx:BzleWQenqI/wOf7zNsOx+A/x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698301841, "uuid": "dd8cc6a0-65b1-4e51-99e3-cd557a0b2062", "value": 900608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698301841, "uuid": "c95bcfcc-ed75-421e-b106-04dc0c133d9c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698301841, "uuid": "4023073d-8790-4a22-b098-5205eaa758ff", "value": "SecuriteInfo.com.Trojan.MSIL.Inject.12705.31211", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9dd775d-7448-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698356646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356646, "uuid": "fffb7831-4146-4450-8c3c-9077f958c8e8", "comment": "Malware payload", "value": "098001db3c1338ebfba956b1ffe7754c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356646, "uuid": "5413a863-ec31-46d4-906e-5c211839e487", "comment": "Malware payload", "value": "e0bb27caf89ffec7f10a4df4e62b2f8c0be5a8983f07ca2348c54e51d9517b8b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356646, "uuid": "064b33a2-a2c9-4eea-a3f0-bac6f6894a93", "comment": "Malware payload", "value": "a99c219c6ed486cd6d84cfc7f77386eb6ce54ee2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356646, "uuid": "3f06eabd-855a-4fec-a34d-cda44f23c37e", "comment": "Malware payload", "value": "6002481bfd62f061a1cc51d564b65d76d63ea7809f14ead1724f2143d6bdcb1c16428d1c1dcee106b5b0def896fe6f13", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "POL", "colour": "#244A04", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356646, "uuid": "9634acbc-f05d-43f3-8937-8467240d0459", "value": "T160B21A4E3FA9C856C4BC177486A6965043B0E1470423EE2FCDC560DBAFA3AD91D4CAF9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356646, "uuid": "9cf3fa68-06e6-4ef8-a597-522ace6d7b45", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356646, "uuid": "6ded1ac5-d999-4531-88e5-cf84e7359ce4", "value": "384:uoWtkEwn65rgjAsGipk58D16xgXakhbZD0mRvR6JZlbw8hqIusZzZI1:h7O89pbrRpcnuX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356646, "uuid": "63f15995-6050-4319-a4ab-ceb20b3a10e3", "value": 24064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356646, "uuid": "212e1406-da07-4e19-a4ac-6be37cf0a177", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356646, "uuid": "70d2689e-39ea-41bf-9d77-6e43fce97a8c", "value": "6948.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d8e3143-73d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698307824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307824, "uuid": "22cc819e-40f7-4f40-905e-62048a60afa1", "comment": "Malware payload (Mirai)", "value": "3b1ac50626520ef8abaa32856d40f5d6", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307824, "uuid": "59b24157-593a-4c75-8ba1-41e53d30ee42", "comment": "Malware payload (Mirai)", "value": "e0ea3579d0f41821cc2b4e8905e6a0bf79ef6f58a56a683358ec011394711d95", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307824, "uuid": "26090684-2206-4a60-9c03-4a75ed256b80", "comment": "Malware payload (Mirai)", "value": "b25062f8744a9e039b0efd038f8d4b9763c94267", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307824, "uuid": "ce2db5e3-8e84-44ee-a328-2e9175e97799", "comment": "Malware payload (Mirai)", "value": "d26372cb7b2a3447c18e589e359a635c5d82254bf2715515596169ac539c5805f4a281857626a127c68e036baac8a0de", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307824, "uuid": "91531984-3820-4f65-9bdd-e9a9f6f1bc8d", "value": "T14873C61AFF620FF7DC6BCD3746A8170239CC554A12A47B3A7534D828B65B24B49E3C68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307824, "uuid": "61aac7ca-605d-4139-877f-72839d28c075", "value": "768:K3sJmkqSlhWLgJ7d0xuEa5Des4ReDB2wJ2iwgugBI2ZpMIXi5Ij7+eOcIoJhwnXS:KcJmkL1l5B4RcBvC8W2ZpMe7+pcI3nX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307824, "uuid": "d9c14df8-e2bc-474b-a779-e2c0ca81d7b9", "value": 73796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307824, "uuid": "d49ef394-81fb-46a5-a6ff-52949a649e13", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307824, "uuid": "3698d775-e39a-42f1-87b4-44d6e7de8c64", "value": "mpsl.n", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b928487f-73c0-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698298207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698298207, "uuid": "9ac4395f-e47a-4c42-87e2-166e5c327d1c", "comment": "Malware payload (AgentTesla)", "value": "752add0886d7b3e86e7c705114aa46c4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698298207, "uuid": "69a36b75-2dac-48be-8bfb-eda5fc82e234", "comment": "Malware payload (AgentTesla)", "value": "e147a94da6f73a061dfa1c0c9e7cf51d62284bcfdbea761c6ac3e50891ecfdc2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698298207, "uuid": "aa43c6ef-bf37-427e-8052-b8c3ce32ab92", "comment": "Malware payload (AgentTesla)", "value": "bef7ba947d8072e68263d502153b0b13014698a3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698298207, "uuid": "c5a13cab-8343-4dc1-8f84-e6bec3a17a53", "comment": "Malware payload (AgentTesla)", "value": "96c81528e5346b9a383bc6269e3db8cb1c6818c23bbdccf763f5e45569bd5cb1dc7448d14aaf7f0aad8dcd40638b4318", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698298207, "uuid": "96d104fe-d58c-4a6a-b4ae-01fc52439c4b", "value": "T1C0D2F18543AF1C0C4071BA1BA211E3ED9E69F77C35B4D2941E8607B5BC23A34BC94AB7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698298207, "uuid": "ea365639-7a58-47db-95d7-8b833aa6d515", "value": "768:7WQQpCPoij7nUPgSbxj4RLQLlj9ZqSA+fwirO45m:7bQpYosUPFdZ8+ZO4Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698298207, "uuid": "42317058-c576-49af-8dd8-349cc917919b", "value": 30688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698298207, "uuid": "af66f733-0276-47e9-872f-1702d4ebfff0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698298207, "uuid": "ed39e057-e018-484f-90bf-071ac594d77f", "value": "Euro 36280.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee70cb00-73a4-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698286270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698286270, "uuid": "3b5bf22a-2ceb-4cbb-a544-9b8417ba4979", "comment": "Malware payload (RedLineStealer)", "value": "a7e6e7aaebdb16be60dcba25bb11aaef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698286270, "uuid": "4acf8644-7db9-40b3-b7a8-e65f23475c35", "comment": "Malware payload (RedLineStealer)", "value": "e201e3f7868a2ec461500a812c9a8f3a5f33903e532d3ee379504c6f9a529362", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698286270, "uuid": "22fd20a5-abb2-4bd0-b96e-f3205dc0e676", "comment": "Malware payload (RedLineStealer)", "value": "461ebb603c07fc04d6219d79da334e8c0b327880", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698286270, "uuid": "378f25ed-98b5-43ac-bc70-1c697e9101a6", "comment": "Malware payload (RedLineStealer)", "value": "71540c4276ad3e6729eab038b02fb56918a77d2e84d9762a56567d2089dc1801ec01746dd5dc4e33251aec7971f31126", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698286270, "uuid": "f92abbbc-d91b-4406-a124-3ea2b3035231", "value": "T11A463356351A3CECE43494B64C8F5C344BAD9EEAC086687608F1FA3F99FEF04311A599", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698286270, "uuid": "48c5c3d9-9048-4b5f-9b03-718d134f8c57", "value": "2e5467cba76f44a088d39f78c5e807b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698286270, "uuid": "97c000f6-ee3c-4ffa-8f83-cf1395d759e2", "value": "98304:L81ZnAzsYjdXj4+to6BBqUxaF7O2pB1ZS0NsCyccyc+TLqDw2C:L0ybdTQ6B7x/wzteJOqDwN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698286270, "uuid": "9fdcd078-0389-458d-b84c-e5c71603f8ad", "value": 5882792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698286270, "uuid": "764efb75-d57e-4c66-a0b2-f49d488a4c43", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698286270, "uuid": "9133165a-7bec-45eb-8e0f-14e6bc95e719", "value": "A7E6E7AAEBDB16BE60DCBA25BB11AAEF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e42daafb-744a-11ee-8907-42010a9c0042", "comment": "Malware payload (Adware.Koutodoor)", "timestamp": 1698357549, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357549, "uuid": "c146f7a5-47ea-4712-b17b-12723154435d", "comment": "Malware payload (Adware.Koutodoor)", "value": "29ffad5f4e22f3e296f4c579ce303902", "object_relation": "md5", "Tag": [ { "name": "Adware.Koutodoor", "colour": "#851353", "exportable": true, "hide_tag": false }, { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357549, "uuid": "d89baf84-d1b7-47f4-a15f-19b6bdb09a0b", "comment": "Malware payload (Adware.Koutodoor)", "value": "e34c196497e534f46dd5f2749af66e2d46e46fd8d78b71badfbe2363d27e8030", "object_relation": "sha256", "Tag": [ { "name": "Adware.Koutodoor", "colour": "#851353", "exportable": true, "hide_tag": false }, { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357549, "uuid": "bbccfdd1-4749-4a13-9dad-8568e81bf55e", "comment": "Malware payload (Adware.Koutodoor)", "value": "8a037d37c7238c6d9408fd99d50105b1cdb73f7f", "object_relation": "sha1", "Tag": [ { "name": "Adware.Koutodoor", "colour": "#851353", "exportable": true, "hide_tag": false }, { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357549, "uuid": "445edf56-b1c7-4a10-bccd-1d978e2b570b", "comment": "Malware payload (Adware.Koutodoor)", "value": "62b2111d1cc0b0578f7bf52bd7d28943ab990598be7222f87222e734e8fec6c065e914644e9871fabfdbaf24666b0440", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Koutodoor", "colour": "#851353", "exportable": true, "hide_tag": false }, { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357549, "uuid": "f1df6959-0cb1-4313-816e-aa6472945f38", "value": "T1CD26236356993CC2C0B5883D6733BFC0B3BD5A6E4991E47865C8E9C5263E0E2B111BB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357549, "uuid": "1d7f3ac9-83f8-40d7-940f-53ad050c61f7", "value": "ffbb06d2597a86c17844c6cc85e8319b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357549, "uuid": "3200a4fc-b1ed-426e-b5e8-6a1eafe272a7", "value": "98304:Sqc9m0rDSR0YljHQDiC5vgS6yi+wlS67j9:jcE0rDSljwuCZD6yTUj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698357549, "uuid": "c8b9119e-3678-494a-a655-caf543f66be0", "value": 4746752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698357549, "uuid": "0239f9ef-3220-46f4-8206-39bf0f100ec5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357549, "uuid": "fa2a784f-7732-4b66-a61a-4159af136a82", "value": "ChromeInstaller.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "015d9793-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698303911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303911, "uuid": "697e4aed-da0b-4efa-af45-de5f0694d89d", "comment": "Malware payload (AgentTesla)", "value": "de9838b539dc9d8b8b88f1333675d6bf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303911, "uuid": "70556af1-42bd-4701-baa8-4cfcbd65c898", "comment": "Malware payload (AgentTesla)", "value": "e3d87000bcc2d5b0b519c19d4d09089b89c20c61330f38cc8ea5cc3d3ad6e76f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303911, "uuid": "3865b29d-6a94-42ca-83ed-fe9f56584159", "comment": "Malware payload (AgentTesla)", "value": "ed9abf9ef730c7bcef51e1477241addcb8005dde", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303911, "uuid": "30ec4ac4-6ae2-4477-ad4c-aa9b273b6ac7", "comment": "Malware payload (AgentTesla)", "value": "e3e19184cbf73b6e5bd6509777d69786785ba8d39ee4ae95e92a691a96f04badec6e170f0ff551004a031c6f4d6086fa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303911, "uuid": "6f6873c7-390d-4dd0-b240-8d178f9d1015", "value": "T1F465E061B3B09E19F5EA87B19E20A6D0A37338177623D349DC84E4D9386DBD38EC4563", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303911, "uuid": "4202a35a-e07a-4397-9c9b-dc5e8547a2db", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303911, "uuid": "9b3648cf-27f6-4294-9089-c91a236d3162", "value": "24576:sgYwSUSfh1tVD+7AB7L+KgyrrrrPrF0BMnlE6ABxb21NX1MMrY:sgYvfhmkODyFBnK6SY72", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303911, "uuid": "dfd28dcc-94dc-4196-b1ec-4c0a2aef2de4", "value": 1483264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303911, "uuid": "8e3c865c-1215-42a3-88d3-fb0d509ee97a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303911, "uuid": "84a2bb00-3ddb-46c0-b339-9e6d5099d3c5", "value": "Halkbank MK notification for SWIFT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ab5324e-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1698304142, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304142, "uuid": "f24a4ba2-1611-4eb0-b334-9ba14f5e0e95", "comment": "Malware payload (DBatLoader)", "value": "cc6c99c8b7408701f96b5fad04cc6b79", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304142, "uuid": "96e35db3-eca5-4aaa-90ab-0e1249b3bbd2", "comment": "Malware payload (DBatLoader)", "value": "e4fbd0f46d093579c855bf711e874a5ba4e6f3ea047ae5964a08bfb1e762d4f6", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304142, "uuid": "3779487e-a165-4da9-ad2d-44fb360feec4", "comment": "Malware payload (DBatLoader)", "value": "b20b93bc9d9e133c3e87798200c4e12f803490a4", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304142, "uuid": "c8eae13a-6034-45f3-8f51-b2f7eaaf83d5", "comment": "Malware payload (DBatLoader)", "value": "b2ff5b7315fe98d86de5f3f31b2eca34bd1086365376e89c85c961e6d5e345ab4363ab31cb0e0ab89dd956658ea22f8b", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304142, "uuid": "bf83e97c-e65e-47ad-9d0b-801463497c5f", "value": "T1D455E017F25294B1F03B0A36682E571EDF287E292DA8251B27FC7E445E3624B346D0F6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304142, "uuid": "b8476a11-c3ec-4dcd-be29-1ec779b75579", "value": "b4498ed238a5d5d6510e036e3bb29986", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304142, "uuid": "e7ab442d-f035-4a4b-ae98-ccfc59fe04e0", "value": "24576:bKuO345cRv/kabphVsJhfYPzyB+4Buxrhre0Q0d/0hkEBS/:bLysS24mwe0PMkEe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304142, "uuid": "b541874c-13ea-43c1-ab5e-806d4cecfebc", "value": 1315328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304142, "uuid": "0e89f2ca-0f59-4911-9cb0-391ee4028e6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304142, "uuid": "04f3b166-a887-4138-bcbd-cf110df90430", "value": "Ekte siparis onayi bulunmaktadir.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4acd6219-7408-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698328945, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328945, "uuid": "199a1c8d-8b31-4b23-b5c2-8718e72d85bb", "comment": "Malware payload", "value": "8a91f3743fe18864ce449301ba6c7cfd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328945, "uuid": "0d115bc6-c009-4d72-b2fd-ad2a01f08b79", "comment": "Malware payload", "value": "e65a897de99384a667679ca3becc9b2258b9391418a06471517b8a58ae863d99", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328945, "uuid": "bca76a4e-f9dd-4813-a25b-7f310e8c48f2", "comment": "Malware payload", "value": "f46c555796025fce2ee3a24d23bdbe3455f44fdb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328945, "uuid": "bd4b1552-b288-4aef-9ba3-b5b5faf408ed", "comment": "Malware payload", "value": "79768ddf02839f94d1db04a517d6fd76865abbf8fe70a45225756312e4c2fe20a9b6f59a23135be5e726859957486c4b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328945, "uuid": "80ab9a67-2e8b-451e-b829-604811d022fa", "value": "T12A768C43F894A4E9C6E9D270C5359292BA30BC850B3037D33B54BABA2B77BD49E75350", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328945, "uuid": "cf0f39d4-0589-4266-a817-9706dc3b67bd", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328945, "uuid": "bfd99bfe-1b2d-4fc2-aa5f-145ad655f18d", "value": "98304:f3BYZrNCEwfTXMStYZ6aHskFiJLuj9m84MBfBn:/irNPwTMStOdHvwLp891", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698328945, "uuid": "965aa45e-77af-4f7d-b5cc-e0eaf538c7d6", "value": 7558144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698328945, "uuid": "933ec6bc-1edc-46d4-85ea-5a04f9031871", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328945, "uuid": "e4708be2-9dc5-4e35-931b-7d26c079383d", "value": "SecuriteInfo.com.Trojan-Ransom.Win32.Encoder.vbo.14538.32364", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26089dd7-73da-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698309127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309127, "uuid": "7de858ac-c9fe-4706-b2b9-66c0db342659", "comment": "Malware payload (Formbook)", "value": "73bfc63cf19235604bcbf016d65d0875", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309127, "uuid": "619c5093-9127-4421-bebb-261fb2b02b1e", "comment": "Malware payload (Formbook)", "value": "e6f485f916c146ee933d72f5c979a1e1dbcee373bbb62a1c13d14c8d4d145353", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309127, "uuid": "8e3d2718-f11f-46c5-b8d4-3f44e530e825", "comment": "Malware payload (Formbook)", "value": "f7df43bb162b0531ddfecd51daad2b6b7bc25568", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698309127, "uuid": "d841b69d-cf93-488a-a117-6bef88b2fb90", "comment": "Malware payload (Formbook)", "value": "651df5719616c400409382dcdc1dfb56fa8cdae87745fcd71eb30cde3d2d63a1cbc9144b8f664784e922be3b997b61dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309127, "uuid": "32a36819-ac3e-465c-8e55-8f20cff57be3", "value": "T171447E0170918032E9B319334EFD9569AA3DBC500B1469FFA7D81A3ECF356D1BB31A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309127, "uuid": "c8155232-9999-4bd9-be93-49e7ec3b9aa5", "value": "c1e92a5f7462fab0da64a6e1ed7da1a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309127, "uuid": "c66f09d9-73c9-4212-97b9-6c126acfe1e0", "value": "6144:kssi88j8GzfuitrzTNwn9uV+4BT0AO8hfg0i:k9i88gGzD3w9oBT0yg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698309127, "uuid": "d2ad2970-2780-4d64-8314-8c346b926b5a", "value": 263680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698309127, "uuid": "0d46d4e8-8d82-4aad-a6d5-b1748c177a7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698309127, "uuid": "85d0eb08-a29c-4ce0-ba78-99f70c741d50", "value": "SecuriteInfo.com.Win32.TrojanX-gen.14112.8044", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9bef0e2-7445-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698355384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355384, "uuid": "1c61bcb8-2144-4fa8-9822-d596ff40799d", "comment": "Malware payload", "value": "1cb52af7ee9d6a53bf1ee805420c5e35", "object_relation": "md5", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355384, "uuid": "d5b1c881-dcd7-4dc1-89ca-41cde259e267", "comment": "Malware payload", "value": "e726af0cc624e0dc3763ba907d987f017e13c95a1a27a45798b046c432c88251", "object_relation": "sha256", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355384, "uuid": "bdee6e78-2ce6-416d-86f0-9d881a430792", "comment": "Malware payload", "value": "757ff9a3ab0d964bb7733628a6f6c980b7e4d077", "object_relation": "sha1", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355384, "uuid": "1ec95dfe-cbfb-4792-a1b8-821a83a598d9", "comment": "Malware payload", "value": "2791a3d1f5802ce07fcdbbf3fb34db43e83e3a4d62003a55a8fd0137960599da0fc5572bd30048ce27aa8e05305c066d", "object_relation": "sha3-384", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355384, "uuid": "8a519519-94ae-4e06-869e-fda4f14b30e9", "value": "T1A484B55AF7B511D4E4BAC13889627166F93178998B38A7CB9B48471B4F31BE0ED3E700", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355384, "uuid": "4e056231-3f0d-4e49-83c8-4d99f22e7cbc", "value": "4722d4f69371e2394780a923598b4d34", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355384, "uuid": "d2e30fa1-fcdb-4dd1-a4ff-4b8735094b58", "value": "6144:/3ljTmabkp8l3yBbn28TiXAn5lyaCSOnzT2xa:/VTmab9RyZnX7kn2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698355384, "uuid": "8ddbed0c-9bde-444d-aea5-72ca1e883c9a", "value": 372224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698355384, "uuid": "8e350d31-5062-4f71-9320-b48cd267d03a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355384, "uuid": "ae76325c-383c-4618-916b-8539b7ec65c0", "value": "ChromePlugins.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9beac3b3-73a5-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698286561, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698286561, "uuid": "44b132dd-abfd-4d13-9cff-81b2309f2e29", "comment": "Malware payload (RecordBreaker)", "value": "1b2ddf56d9a7b869fa35afd457989a40", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698286561, "uuid": "d645b22b-6c35-410a-bb3a-d49537d3a10b", "comment": "Malware payload (RecordBreaker)", "value": "e7582d33bd902544d4d50cb40d3dab5dd211f69ca084078cfbc06a2237a6081e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698286561, "uuid": "653892ee-c17b-4bf3-a39c-5174c72fa70a", "comment": "Malware payload (RecordBreaker)", "value": "f5b4f0ff537c9e1a5e513628c1c25e8d840e3cb2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698286561, "uuid": "c21ce3db-5880-48d3-9bbc-642e2f12f7ac", "comment": "Malware payload (RecordBreaker)", "value": "9760b56cc0a020f4aa420fcccc58ef506c99663a1c4549b9b44a0700127381c2fe79b9b9d710560aeb77bd1a2ea8e850", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698286561, "uuid": "a3dbc52d-e750-4bd4-bf0b-1aa85ee0d19a", "value": "T17E75230397D8A0B2FEB25B7001FB13A30D397C715A7C176B7399DA6A5C60241E9B2367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698286561, "uuid": "674d6cc5-f9bf-4801-845b-e92464f83ea7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698286561, "uuid": "09d8ab49-96f6-4684-aab1-f6c57d772161", "value": "49152:8Ehx9APriHgf/3CQY8sRhJyWlrOb/1ziJxC+:15xAdYrhNlG1eJxC+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698286561, "uuid": "ad02787a-2b36-4d88-879c-1899f2f42505", "value": 1635328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698286561, "uuid": "462c0666-0366-4a6f-8bf4-c34ec8ffcb4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698286561, "uuid": "879d7c7d-4c23-43b2-8246-67428d76cd76", "value": "1b2ddf56d9a7b869fa35afd457989a40.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab5a866b-7424-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698341133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341133, "uuid": "a0c63c1d-6850-455f-8b09-ebb5c601c85e", "comment": "Malware payload (RecordBreaker)", "value": "03003f5ad43e4bfdf530a943fd27faf6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341133, "uuid": "d64f8c9b-634b-4c04-bb3f-5fd5cae5a304", "comment": "Malware payload (RecordBreaker)", "value": "e7ade306aef9c2756f3c15c7220b7eb7c89606cf6b413b7218d1350f36c2f795", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341133, "uuid": "1b99416b-c29f-4203-becc-ad6c5fd6a3bc", "comment": "Malware payload (RecordBreaker)", "value": "927abade9be3fbb96addc310ac27403c59d54692", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341133, "uuid": "732e2541-e55a-4cd6-881c-1088f5f02d3a", "comment": "Malware payload (RecordBreaker)", "value": "f922a18352dd4c3f5fed8cfbf1c7f9fbfc6bc60049faedb12b279b58e8396b7f4e4b7f93328b07f6f4b3a89bfe4ab95b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341133, "uuid": "a57cac87-8ec3-4208-bb96-90dac9e14bf7", "value": "T118752312AAE98837DA322B7135F353D35B7ABC942CB4936F4244699D0CB2740D83B767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341133, "uuid": "a9b367b0-07fb-4c56-ab54-a2329ec4fe69", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341133, "uuid": "a090dc5c-1155-44d7-bc1f-122a40ee9c34", "value": "24576:YyBCcqNrUSIyxljq0nVc4XTgJG+sVv78RkYBDUui00xcM7sUt/qi7n:fAjNrPvxlj3V/TgJKVvqrDU1cS75", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698341133, "uuid": "148a33dc-d6e7-40a9-b974-89685b0916e4", "value": 1629184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698341133, "uuid": "b2494a47-049f-4c13-904d-cef2023848d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341133, "uuid": "e38dd414-3b50-4523-9f1f-be07eec27d6a", "value": "03003f5ad43e4bfdf530a943fd27faf6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9986373f-73b7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698294288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294288, "uuid": "03d81438-ba69-4d3a-bdbd-882be7f489f8", "comment": "Malware payload (Mirai)", "value": "45ce9cdac1f1bd3f439e92f111b294e0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294288, "uuid": "fac24fb4-2fa2-45bc-b9ff-4f1f60484814", "comment": "Malware payload (Mirai)", "value": "e7e6539fffe226591673e6765039a613c291da82731c8120f4579d5b2c4f87a3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294288, "uuid": "be93e2c9-78fb-4c40-9736-8925b13707b1", "comment": "Malware payload (Mirai)", "value": "4fbe69c1fad1b94fd6d6f49ac7fcc9b19d21eed1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294288, "uuid": "89baee23-f888-4484-9b62-73f4d0d11988", "comment": "Malware payload (Mirai)", "value": "a238936cb1c0fd80c8d551db13b7376f76fdd881929a93dab64e98b49c97fc655314eaa7e01d5644de4111385d846b6e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294288, "uuid": "1f224927-6880-4a6b-a82d-5254fd2d4e24", "value": "T1A7D2E18876D3A3EA8C8DCB7EB64E0036309D74D9A6B29363F301D5434766180F651E8D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294288, "uuid": "c0c6b783-d7c1-4ba3-814e-b77daf4aa2d3", "value": "768:NlxKd2FLPxEnspd6IHE4RlY990DIBz/9m:gd2FTnplHEw0asS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698294288, "uuid": "c49c1726-7a8b-41ba-b358-f01bac716218", "value": 29464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698294288, "uuid": "1d4045c2-7c4a-4898-bdd8-70ab699d7421", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294288, "uuid": "d37e7589-93c0-4c95-94bf-d43179443f11", "value": "45ce9cdac1f1bd3f439e92f111b294e0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ec9b9bb-73d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698307826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307826, "uuid": "28c7a8b6-b1ba-40fb-9a37-8818cb307f8a", "comment": "Malware payload (Mirai)", "value": "75b0821483fd253888305a0822a06581", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307826, "uuid": "ed1f0a2d-fdeb-49f4-a387-8d206bee9e2c", "comment": "Malware payload (Mirai)", "value": "e817d406100d641f93a449be83790c6ff272ca2e228534d2a5deb7a44edd8f8f", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307826, "uuid": "1e783199-963d-4a40-853f-067c0a2adb99", "comment": "Malware payload (Mirai)", "value": "693670773d6dfeba1944967fc3721f018bc8af54", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307826, "uuid": "3975d960-6ae6-4cb2-9f21-4cf83f22259e", "comment": "Malware payload (Mirai)", "value": "2438a831d5592bb0cad758d066c9b2ee6fc6c49fd776fde84cea489dccf05ea20b6ba96847eea8d9782313e081fd034e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307826, "uuid": "76e10e97-6446-466e-95ac-a664f2f8b796", "value": "T16A434A91F8819623C6D1127BF66E428D3B2613E8E2DBB3079D225F2037C686B0D77E55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307826, "uuid": "f0ff5b8c-0068-458e-95f8-e8e1bfeddbb6", "value": "1536:tj7QgWzvkqAs5aXU+M1tv+VzxiCsaXvWnb:tjgQ/M3vWV9xWnb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307826, "uuid": "fe835c0f-ee38-4ced-a0e8-abd667d9c08c", "value": 59644, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307826, "uuid": "a6edf22d-799d-4748-99e6-27ee835eea3e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307826, "uuid": "3e6ebd1e-c298-40c3-b1ec-8fbceb0fa177", "value": "arm.n", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbe10ab5-73bd-11ee-8907-42010a9c0042", "comment": "Malware payload (Tofsee)", "timestamp": 1698296977, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296977, "uuid": "c85db042-7750-4a60-8ad0-dcbec60bc373", "comment": "Malware payload (Tofsee)", "value": "50f71cd9f1a0e6d8b7fd4e9c0e4e6c7a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296977, "uuid": "06a935d9-0a7a-41db-b1bb-c6bf6be48b3e", "comment": "Malware payload (Tofsee)", "value": "e8a4a40a5d06430ab9bab7a832711560635102e6259033f7035d272c8f62509a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296977, "uuid": "e6b3f491-1049-49db-9898-181dda3c4643", "comment": "Malware payload (Tofsee)", "value": "8ab8b2ae745a538e3b71d7502c7ab35e5e1c35b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698296977, "uuid": "08479557-70b3-403d-8d68-a6b1746807e3", "comment": "Malware payload (Tofsee)", "value": "dd178859f52b2fc82ddb17887937c7fa7e164cc941052d92f0fdc975ef74455ebfcdbea0c9e5c720438be85252285f00", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296977, "uuid": "2fc136b9-4b28-4ad5-a009-700e0ac84815", "value": "T10104D03176E1D073E1B386306A31C6B15D3BBC326B76948F23981A7D4E707D05ABA362", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296977, "uuid": "55f70013-837f-4c7c-9dc5-6d635464eb68", "value": "3eb61bde6c067dec159cc6a0cbd631b3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296977, "uuid": "3fd2eb09-7b78-478e-ac69-a6564c5a9ef2", "value": "3072:OHBNIPpTgniN0WiaPA4tmDBZ5wIxAm7JSDoaXnBYgzhm+7nPFpJ7BtMG:mOPxSk0WTPA4tmDB4IxAGSMaXBVzc+Lb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698296977, "uuid": "50361381-b3f9-4ca7-bb47-bd94f6016863", "value": 184320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698296977, "uuid": "a0835a30-bc84-4949-9897-14d7ba406c2e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698296977, "uuid": "f6653590-b396-4eee-b66d-e5edd82fe291", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0c616d3-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698322325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322325, "uuid": "166e66eb-d3ab-4b26-85d5-fb9217235eba", "comment": "Malware payload", "value": "35818fba6193672c3101afd9f3f6fb03", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322325, "uuid": "8e2250a3-2de8-4045-856c-1e329771748d", "comment": "Malware payload", "value": "e8e5489d9b081ba7b0fa38f0033b8dc13c4af0a3d386340712e20d77912ed4ee", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322325, "uuid": "137f9f0d-138b-4857-a126-b2cd791f46ed", "comment": "Malware payload", "value": "ba3b3cd52c4ef2bf60bf73ed5d255a926d050c74", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322325, "uuid": "e0e0e8b3-3d29-494b-accc-8a6f53735df3", "comment": "Malware payload", "value": "e2a431d074e62ee051fdbca22a8c8d1cb289c79003b4b30ff4b5b90cc81657b586bc7aa1a927506307fcc5adbd19d03d", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322325, "uuid": "430b2b9b-d150-4806-a06e-2535c8715330", "value": "T1C7C4230B1D666B91E7A2E80959480A4CDE3C96470747EBFDAB0E5E4DB00ECA72437FC5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322325, "uuid": "96349881-9533-4dea-8257-2bc8bed0755a", "value": "12288:HbTMcoIz/XiRibLIc6MU2+wXgmWU92wzaZZ0xC0yl0RTZ6dYNUGhrOol:H/MyjiyL96MU691jxGlOTpOa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322325, "uuid": "c48dca63-c1e8-4590-8f10-6ae81c5a24f2", "value": 580360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322325, "uuid": "12cf5e75-88f8-4abf-8120-9c3b6352a109", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322325, "uuid": "e522cdeb-2bd2-4eae-af4f-73ebf77c4a8b", "value": "PO45103320_1.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9644a9b6-73e7-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698314899, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314899, "uuid": "eb381ad3-7370-412e-b38d-7d76317d3d89", "comment": "Malware payload (AgentTesla)", "value": "57f3b58b0f88fadb91c6b3febe4098a1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314899, "uuid": "c9352420-b00f-491e-a761-5f1083576641", "comment": "Malware payload (AgentTesla)", "value": "e9a3a2b3229b0c1b7c3d7d9958bccec2d0d64815542d5ca35feb402e2824619a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314899, "uuid": "a854e864-e695-4f50-ba5a-a962e9ee0e1b", "comment": "Malware payload (AgentTesla)", "value": "633d08628ae7b36cc0495c5f58897c1895695d91", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698314899, "uuid": "7c695924-8e4e-4ca5-bb9c-28a0a8ca4536", "comment": "Malware payload (AgentTesla)", "value": "c163a8d677f34c194ddb53c8bd46ba9d8c70c3016efbff9fb9b7b0035b21262644c032f751708293d43fab5cfa1cc582", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314899, "uuid": "798c54ca-0d6c-4e78-b388-d1779a370d95", "value": "T1A3252320EF959EEBBA74B215A43D5D142F848FD5E09CD58F22D130D3AB8FB02166E05E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314899, "uuid": "8e71fbd6-36b8-445c-9d00-eb5ddeb6499d", "value": "24576:GpUIa15rf7FwijRN6sotYvM0in4Jv1niv2Un2:7D15rz2wN6LZ0kE82", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698314899, "uuid": "61e3defa-60d6-4dca-91d3-3054454c2920", "value": 1037114, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698314899, "uuid": "3f9f3da1-bdcd-4a0d-974b-8c1e2e7db812", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698314899, "uuid": "5b4ddbba-30f4-4827-b3db-a32ab011983b", "value": "Euro 36280.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2977704e-73ea-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698316005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316005, "uuid": "aa1203c9-199a-461c-aabf-d82abc32c690", "comment": "Malware payload (RecordBreaker)", "value": "12e7ff5fe2196b207c5070afbcacdc14", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316005, "uuid": "65665878-f370-4044-a2d6-8873cbeeee0b", "comment": "Malware payload (RecordBreaker)", "value": "eaf310d061f769ac1300067d99222f67426ea014a1f0841288504af934a318b9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316005, "uuid": "219bbf76-a527-4c4b-9bf8-774792a72388", "comment": "Malware payload (RecordBreaker)", "value": "009f7e168fc52128c9e15b4c517a90451463a03f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316005, "uuid": "9c720a12-73d2-4c5b-8b73-cbefa8225494", "comment": "Malware payload (RecordBreaker)", "value": "e4f4dbddcbf57879d1657250cf8128afde7d3cbc7ebeb262d267060eea52fa9269ed3bc3c17bebc84654740f3b226ade", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316005, "uuid": "e18969cb-301b-4c46-9ab5-503daef10ffa", "value": "T1D5752382FEE8A863E9B01BB048F643870A35BCD48D78675B1B057D760C76AD5A231737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316005, "uuid": "c377c5e2-bd70-4cd8-9507-4d5e42c708f1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316005, "uuid": "3751d115-6bdc-4ac6-8506-4d9d03867dd6", "value": "24576:fyNZ+hBElFaPJOHtMpt0LUpCJGR7WSBUZ6GXt10wwJpcNKIVAcf3vcjXEAhLh/sU:qNsLJ9T0LSEGxBUrt1dKIVDfEjrhZdd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698316005, "uuid": "1492223a-20be-410e-83f6-ac8d1248a2c2", "value": 1632768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698316005, "uuid": "53592180-ce8e-4aa0-b076-89aa89773fb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316005, "uuid": "098110a2-0aaa-43e8-b94d-bd0764c92a22", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d96822b-73b3-11ee-8907-42010a9c0042", "comment": "Malware payload (Amadey)", "timestamp": 1698292523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292523, "uuid": "79faedd2-be29-4bcb-9afd-0c2853678edf", "comment": "Malware payload (Amadey)", "value": "ac6c558cd0e6cea24819f2e7a6d02a71", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292523, "uuid": "25576ea4-4d66-47db-804b-49d77024ea47", "comment": "Malware payload (Amadey)", "value": "eb64c2bb0cd282bf96eae72b0fb22acaab970e50aa9ff8bd41aca49802d88efb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292523, "uuid": "6832dc8d-9e2a-4a51-8a1f-044eade7ea85", "comment": "Malware payload (Amadey)", "value": "0957713130e25f51d9cdce0a8d7f1222be147f3e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698292523, "uuid": "f73a5253-5028-41d1-9d99-c76be9ce4d82", "comment": "Malware payload (Amadey)", "value": "7bcf74236e69924abfffd0470cb953771db253a776687c3ea8aa8dcc54446e19de9b97c9bd02d60e6b01c02256ac1650", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292523, "uuid": "3e39c67f-9744-4ed7-b1d9-09755c9c7441", "value": "T1DE452343E7E54273CCBA5BF0A8BB4347193EB8715271D3261798AC4D6AB16C8A43133E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292523, "uuid": "98e32a70-461d-4f11-a875-368ad01ff72d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292523, "uuid": "e651f4e7-356a-444c-b292-4d8eb0722cf4", "value": "24576:YyjAN3/LUm66OoEnouBPo+7fCgrRltIBimlrrGkFw0i:fa3ITqEnlam/tGiCrr3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698292523, "uuid": "7d324368-3b6d-41aa-a40a-ea8cf4f1aa5d", "value": 1277952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698292523, "uuid": "5c1d6544-c889-43c4-8963-08e6d31e46ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698292523, "uuid": "3cbac506-d289-4037-9772-917920917df3", "value": "ac6c558cd0e6cea24819f2e7a6d02a71.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "702d1d2a-7402-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698326431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326431, "uuid": "92214d05-afed-416c-ad9d-1cb3cb2b11e6", "comment": "Malware payload", "value": "67ac8e74c3ef60dba7f4b61a2232e2be", "object_relation": "md5", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326431, "uuid": "f7fd7d7b-947e-4d4b-9b84-90d7d01a2317", "comment": "Malware payload", "value": "eb872fdd822eee511a7c4ce1f774fb6566b06d69ad38d849bd35477048c098d2", "object_relation": "sha256", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326431, "uuid": "00f37706-09ec-41d7-9029-bba8fdbbe064", "comment": "Malware payload", "value": "fe82d4deb0fa0e802d8c75096837244cf8ba400f", "object_relation": "sha1", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698326431, "uuid": "4bbc4d2c-e4ed-4bd5-86a4-ca7fbf6ec93f", "comment": "Malware payload", "value": "f1b9661ca77a3cbda2b0821c9b5e475b7a8f01693eb642e1c215169d3efc07f0726c5768634394743888087cb96cd13e", "object_relation": "sha3-384", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326431, "uuid": "d8a43216-8f3f-46db-bf82-f273f2903e17", "value": "T1EDD423A714754C122E9B25FEBE43BE57646D28534BF4310DDB36A3A8B4E90E733918C2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326431, "uuid": "d68a6b4f-0bf2-43fe-9efc-2551ed9b0c23", "value": "12288:Ky5FyqManmjCnGfhyBY5QuCdsbV8+TgxD/hR3SBWer4Zpn2FZXDhcax9OyYw9j:KyGqMamjMG5yuaFdyG+U9j3SgIF1Dhc2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698326431, "uuid": "1afbb129-6956-4928-8d99-3836738e4cdd", "value": 655886, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698326431, "uuid": "ddb385fe-5e97-417a-b58f-f3b9a6a3656b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698326431, "uuid": "dc3ca591-d0c0-4ead-9b1d-73e214381a7b", "value": "Payment Receipt.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63cb8d00-73ec-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698316961, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316961, "uuid": "7f7255fc-b147-4e69-96fe-2f2292d3d70a", "comment": "Malware payload (RedLineStealer)", "value": "69c6b12cc698515b870df51f7c4ac266", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316961, "uuid": "a710ca83-666d-4b21-be57-55e215692791", "comment": "Malware payload (RedLineStealer)", "value": "ec0112fa3d908d7bc33a63a427fed19745dd19759bb450b5b6f21daef9cde777", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316961, "uuid": "405b659c-d960-46e4-ad70-c07e2985f780", "comment": "Malware payload (RedLineStealer)", "value": "b1e36432e4515ebf5b0148c64fb8dad7c3908ecf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316961, "uuid": "ad97fd77-74c4-471f-b147-e105cda20463", "comment": "Malware payload (RedLineStealer)", "value": "36a490f214efee8b614da5958a23558b0179929848ed7c17555498a503d9b0c88a3c4897cd7d18a6d420b002d4f7b5b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316961, "uuid": "d7d88252-f9e2-4feb-b979-50086b86cd18", "value": "T1F6D533E60C953F4DC16505F4CF1E5E849EB8BA69EAE843C89616CF29FCA0C45D3B6C44", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316961, "uuid": "dd9831fa-a7d8-435a-897d-c79737f1c420", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316961, "uuid": "c34684a3-44cb-4624-ae42-b35dca51b2d0", "value": "49152:BzlAeowdixo4MBEHVr3LlWNoEYyo8dXup/uZWuoyTigQ4OA:B9ZE9LUbO8NuMZuyTiglOA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698316961, "uuid": "99dbc450-0570-4cd3-8070-b1fae756a35a", "value": 2790872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698316961, "uuid": "98d82bf9-ac32-4426-b99c-5f190db7e07e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316961, "uuid": "ce247c9d-661e-4550-a5f8-12ae7817e233", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aca721f7-7424-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698341135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341135, "uuid": "c9c4a9f1-638e-4aa1-8030-8ace116cebc1", "comment": "Malware payload (RecordBreaker)", "value": "82c670182cfbff5ea1b24ce669d7140e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341135, "uuid": "193a1a9b-dbbd-48dd-93ad-48b813e436f3", "comment": "Malware payload (RecordBreaker)", "value": "ede2ea768fa5ffe0d6b2d266914f8bc163624ce4d887600466aa6eb473da8947", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341135, "uuid": "3dad2bb6-15d5-4515-81bb-92e50e844fe6", "comment": "Malware payload (RecordBreaker)", "value": "bf2d2b433564e3edea2307b90312e01a80a343c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341135, "uuid": "c4f00838-d2df-4571-afbc-954b80a0fb13", "comment": "Malware payload (RecordBreaker)", "value": "e92c60e5b1b389f6b551900d80e3fc9fb73d68686c942e128f605aac5e9371879e439a19d77e88fe236aff116782d91d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341135, "uuid": "f74d8e91-b4c9-4325-9672-8018edfb4987", "value": "T18E752322BAF59363EAF9177058F747C31B30BC918C24D23A3B858D8B58B19D4D532B66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341135, "uuid": "56ff2b2a-4ed7-4d7b-b024-f1289e7c1517", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341135, "uuid": "9b7ca2b2-9077-4d84-ab66-ce48fb905c47", "value": "24576:cyEkyYq0WcsngB+qpjZEwrZZ3+oUV+p9lBuxUWev1eeT/WozA5Uz/NuahaE:LEkyNrgpjZh9Yos+pzBvE6/L/Nua", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698341135, "uuid": "20ccfa16-8196-4be2-b89b-41fe618c8ba8", "value": 1619968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698341135, "uuid": "4a54fc63-347a-4e35-8079-618f71836ec2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341135, "uuid": "a1a8136d-d9b6-4927-88b2-7e0e0fc34a0a", "value": "82c670182cfbff5ea1b24ce669d7140e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7def170f-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698303691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303691, "uuid": "3c01b473-5ff8-4a9c-bba4-6e68473a70e9", "comment": "Malware payload (GuLoader)", "value": "0850c19d12c7ff51d34f4bd1290f100d", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303691, "uuid": "5dc1fe32-af83-4538-92c8-eb8c76964d03", "comment": "Malware payload (GuLoader)", "value": "edef247138086a686eaa64ae9aba01df09ef08aa2fef6bc432745be58fe117a8", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303691, "uuid": "6d755c28-26ee-4c44-a501-6f0cd19b0382", "comment": "Malware payload (GuLoader)", "value": "9ccb2e954c2b4ebd4c38c6d316dae996173b76b2", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303691, "uuid": "13db60ed-6ab6-4201-8433-0f31002cafcb", "comment": "Malware payload (GuLoader)", "value": "54218392d5b9e2e2c72a74ccf2441c42a743b94aa5fd7160d9c9e3ead4b2990874b14b68ea8690043d5811c4c8f71b60", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303691, "uuid": "530094d1-0ef8-49b5-840d-7b94404bda02", "value": "T17D737DE5DB64161A4D4B37EAEC808845C9BDC12A5523411AFFEE03CF520B59C93FEB1A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303691, "uuid": "83102ede-6acb-4313-9e5c-f444a20556a8", "value": "1536:fabO3W9BAtJHtNJnrRTdiOCzPzhqZYQjk1hO:SbC+APHtlTdi1PzA2Qjk1hO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303691, "uuid": "05c42bc2-57ac-486d-9e85-9a19ff402c7c", "value": 74739, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303691, "uuid": "29e613c0-88c7-41e0-a1ba-618bec26f239", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303691, "uuid": "91ee2046-bbe4-46e9-9660-d362586f2fc7", "value": "\uc6b8\uc0b0 1,2\uacf5\uc7a5 \uc608\uc0b0.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59522dc3-7410-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698332406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332406, "uuid": "dff1ae13-f950-430f-b5a7-ab2bd67551a3", "comment": "Malware payload (Mirai)", "value": "1db17e4e90ab8533b817cd2b86211e1b", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332406, "uuid": "475cc2e8-e95b-469f-86a1-c4812d33851b", "comment": "Malware payload (Mirai)", "value": "ee3f8ad5caad0bf69dad4391948cbd558a3293cf1d253ea2f7f5b8e125e48b7f", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332406, "uuid": "c28e7cba-2726-4990-b19f-5b95ff57a961", "comment": "Malware payload (Mirai)", "value": "52cbb696854ab6a5d94667421b09d7df0898d19c", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698332406, "uuid": "5c1d3a2b-71d0-45cd-8881-1598f66921f8", "comment": "Malware payload (Mirai)", "value": "1ebc1ec77256de768f03919f21bd938aac1f0c3dc208d7d502347c674bb3a7de861bbdc61aeb9388ad5749ee5bdfdccc", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332406, "uuid": "2bba9a9b-0cb0-47e1-8945-813f8a8eff68", "value": "T1F7B2F1D5D6FB2BC3C2A1D336D4BC5A4D96731AC00746450A110AB28FA697A0E47FB3E5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332406, "uuid": "b8bec916-ac56-410d-9d63-d749f365c68b", "value": "384:MvDKKQOcRpmYLdn6RBOFRFt5rUFW10iSelCo3AnupPFNqnrrd1NEZgO8UXWozPLW:i/QOC0Yhn6ROHWFGrcwNVFCnNBxcwc6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698332406, "uuid": "2d45875e-457a-438c-846e-e2c7edb793f4", "value": 24728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698332406, "uuid": "16ce9fcd-2631-486d-aee4-43caae4d4060", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698332406, "uuid": "2c9321cb-93f2-4d52-b81d-f6f33be175e6", "value": "phantom.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5c23a6e-73eb-11ee-8907-42010a9c0042", "comment": "Malware payload (Tofsee)", "timestamp": 1698316643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316643, "uuid": "b8b7cd87-98d5-48fe-b179-aac49839a8ab", "comment": "Malware payload (Tofsee)", "value": "7c5475199054ef4cc93f566743eb3a03", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316643, "uuid": "4ddcdfd4-6790-4fc8-b03c-8a2143cd3633", "comment": "Malware payload (Tofsee)", "value": "eed76de86b8200456f420b784325e37771199c855ad5a1c89940d0aff1d2849d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316643, "uuid": "34042bed-1c2d-490a-8fae-357f70130daf", "comment": "Malware payload (Tofsee)", "value": "c03196e9aa143d3369fc3408e77956ef7e1e6542", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698316643, "uuid": "e161f44f-7f8a-4985-b418-af864f07b85c", "comment": "Malware payload (Tofsee)", "value": "86304eb414e929d2f0015e28b9bf2d815a045a30bfd2a9057d734a254f935c533fcec582a7affddeb56298de0ea63683", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316643, "uuid": "bd6d794e-e753-4adc-863a-6bdee5d19f89", "value": "T12E04D026B6E0D072E1B356302970C6B51E3BBC329B7645CF33941E7E0E706D1AA76392", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316643, "uuid": "f8f881fb-c074-43ec-814f-dd610f9b87ce", "value": "c9d627725d963a238bfec2492e717a9d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316643, "uuid": "81eec121-ee30-4d9e-b13b-cc155f440bb0", "value": "3072:mHBNJ4pIhHt6UtoH4sBXVpuelzK0rFLVL/KXvd0a6gYvpjSoyBcaVWKJICk:uL4pIhNGH4sTpuelrf/2vn6vS3iK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698316643, "uuid": "3b969ba3-b001-4a19-ba6c-6712baf836c9", "value": 184320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698316643, "uuid": "1bcf5733-0b7e-4152-8cc6-b4297700ee37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698316643, "uuid": "c1dc1059-ff85-4be5-8e85-0f58ef1a84bb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5865bf79-7448-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698356456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356456, "uuid": "6a72ed61-a807-443e-a877-30d85c70eaa8", "comment": "Malware payload", "value": "21423308d68060b54d0c72f1bc831f40", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "stegocampaing", "colour": "#8CED67", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356456, "uuid": "39e10a2b-f053-43c0-a882-32df64503482", "comment": "Malware payload", "value": "ef0354d6735194feb4b8c58d41bf8f460c59754eb8ea88adf7bc8eb31f2d8724", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "stegocampaing", "colour": "#8CED67", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356456, "uuid": "8c54e61e-7a3a-4bf9-9822-1ef3c410fc01", "comment": "Malware payload", "value": "59344dc28b8bee72d735068fbf9d31962037a0d9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "stegocampaing", "colour": "#8CED67", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698356456, "uuid": "5fbcd0e9-f7d1-464d-8986-7468d1e641b5", "comment": "Malware payload", "value": "01349f1201844f80b018c88dd494a35d851afc4c76125aad90bcea59110f7be4527b4800e0cbf8716a6d7286ca6b75d7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "stegocampaing", "colour": "#8CED67", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356456, "uuid": "9b49d815-c6a3-4002-ac77-6091893979d0", "value": "T1E5E5C009B6A6EE2FD3A46B3BA26345285631D2017B83BB1F1F7E42783D963740D423D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356456, "uuid": "2de65360-0abb-463c-ba9f-292bce95b97e", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356456, "uuid": "229a60ca-a4c2-4538-903d-86102d344fa5", "value": "49152:SUVBJ/+y3DPW9tT0ZzuKd9so9LP2bSDAhWfjAU9L+GqeMmJFl:SUVBsx6yKd9MSGWEgS9x2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698356456, "uuid": "10036f27-a3c4-42c4-acc1-75cda7d7fa6b", "value": 3260928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698356456, "uuid": "88674350-96e5-483c-ad09-501ad5696e77", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698356456, "uuid": "7ac9f067-0706-4be2-ad20-c27ebbeead03", "value": "download.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5955a31c-7422-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698340137, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340137, "uuid": "64a32980-78de-446e-bdb7-00bec1ddbea0", "comment": "Malware payload", "value": "a682de246e303671214208d0aab629f0", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340137, "uuid": "3e3c61d4-a025-4ee4-8fb0-e6abe6fb51be", "comment": "Malware payload", "value": "ef9b8291d9652be6567cab80ff8dbfde1cc62b667b3838b2b856348d76e5b9a5", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340137, "uuid": "6ce175bf-1888-4eee-826a-751d275ff07c", "comment": "Malware payload", "value": "6aaedad99ca75f6f6d2b86beeb679c3797312fcb", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698340137, "uuid": "721ed77a-3aed-4cde-9cee-0fba0a2de2da", "comment": "Malware payload", "value": "4f88e4e8869c79db235b7dd1737832b025ff5e5482b1350c8e98cf97e0b49d0433f773d3dc6e027a3d6edfe781b56cff", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340137, "uuid": "e0c96b2d-34e8-482f-9a4d-a387edffa6b6", "value": "T15BF723E3E37DAC29D533853596762362A9684F50A211F32E5805F52CFEF7AD24A01FE0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340137, "uuid": "9b6be88f-21aa-4068-8305-cd65732b90dd", "value": "1572864:LX0/kKGYARvI9HzyM0hv+kAlzIcG//FgOfXbn5vaccDiP3XPe4:LAwYARvI9HOThvwkhFgOfL5xCiP3W4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698340137, "uuid": "d22cd219-edf0-4a8a-ad01-f7f101cb8958", "value": 76331356, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698340137, "uuid": "b53d2f64-2c66-4af7-bf8b-bc4dc406023f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698340137, "uuid": "008f96e0-7144-4b76-8f1a-eaab313707a2", "value": "Telegram\u4e2d\u6587\u7248.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d9bd4db-744b-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698357619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357619, "uuid": "d7d5318a-09ac-49da-98ed-b7bb13489b76", "comment": "Malware payload (Mirai)", "value": "4e8852ecf8fffc8f331feca3b34fff0d", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357619, "uuid": "450bddef-c410-4c8a-8e19-b694c5df8d7d", "comment": "Malware payload (Mirai)", "value": "f039fed79e903656f6b6c562ce246cca9499f3d1bfea4fce1ddce5b1167e810c", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357619, "uuid": "be70aff6-3f8e-4edc-ac02-6371b526fb48", "comment": "Malware payload (Mirai)", "value": "eed081582675df024af34bc7a6d4dc1e04fb4d56", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357619, "uuid": "fcb8fb7f-bfee-437c-89a1-e37dc7e0ac8f", "comment": "Malware payload (Mirai)", "value": "a837dda90dba3743e55dc1ad1c4c89a5c9e8f918d750d555664551232b52b87a6bfc6ce763e66cf090d129bee30a9f81", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357619, "uuid": "3f85949f-cda2-40ff-ad9d-8aa531a8e9a8", "value": "T1F31329C4A943DDF8EC1502B02276F736DBB6F07A211DED97C39C9527A882A40D9472ED", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357619, "uuid": "e7e392c1-50b1-4d1b-8f86-c03a4700c781", "value": "768:AdjgKRk+hJeQby4WIY/WXoKmY3Mgi+2xGU/ObPqgFD+EeoV:Ad0KRk+hJeQby4WIY/+o1Y3Mgips/7qN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698357619, "uuid": "a535930c-a422-4e1f-ad77-866200603ad4", "value": 43356, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698357619, "uuid": "15f76a23-d625-48f1-8609-8611a174214b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357619, "uuid": "aec81d0e-f66b-4161-a06a-0b39821205c9", "value": "4e8852ecf8fffc8f331feca3b34fff0d.elf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c022fe3-7412-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698333216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333216, "uuid": "8481b928-c82b-4f15-a1a6-28f04bbfe6fd", "comment": "Malware payload", "value": "977b17755167050c6d120b5851bc524a", "object_relation": "md5", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333216, "uuid": "ec0cf98d-8411-4774-bd49-b791cfe34ac5", "comment": "Malware payload", "value": "f05f24d5a75240b7214594a7497c25d64670c87b287bf1291304f9f19e662e8c", "object_relation": "sha256", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333216, "uuid": "91951481-4d42-4e18-bee4-94449efd75ac", "comment": "Malware payload", "value": "f90a3ea0ccc80c3a9b5c7be69be2b3ac67a27aa7", "object_relation": "sha1", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698333216, "uuid": "df75c254-31d6-4a28-a782-ab9b95c02b4c", "comment": "Malware payload", "value": "3403c388046178b911f6c71eb9c9b6a80f9eb16a459b72e3db689a364e7d8102bb812287630a49d8c5f61d7c273f0417", "object_relation": "sha3-384", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333216, "uuid": "9b113b11-9693-4356-833f-2ec0bfd6a109", "value": "T143E433CD7BDB1FAEABB79CEAC94F371158099C634F1EC18953308A37E520982D1A7560", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333216, "uuid": "7802c0a0-ebb3-4c7f-967b-4fa3d0fa539a", "value": "12288:U6w4CV4hvJkRE7Z7h71zp+ns+iH55ZLKNXxMFKcINgut:h9hvJkRszp+/uWCFxet", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698333216, "uuid": "5d5c6fae-9648-42f1-a2c4-43c2284b4574", "value": 693287, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698333216, "uuid": "42015846-24bf-4a00-97f0-cc0d2c2d50c5", "value": "application/gzip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698333216, "uuid": "c2b9d8ff-3fbd-45c9-a86d-f81944a1e7b3", "value": "RECEIPT OF PAYMENT SWIFT.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bddfb3d1-73f9-11ee-8907-42010a9c0042", "comment": "Malware payload (RemcosRAT)", "timestamp": 1698322696, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322696, "uuid": "610377a5-c4a8-409c-874e-f47a8ea9ccc6", "comment": "Malware payload (RemcosRAT)", "value": "8b1422d6b17dd727c69291aa1ff09481", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322696, "uuid": "042d8840-8830-4cbd-8ebf-edbba8f33bba", "comment": "Malware payload (RemcosRAT)", "value": "f08ab03484809d162963cf54a40b81f7722a83984744ecc79f4626b75b829b46", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322696, "uuid": "745302e5-f99b-4996-9a19-d37686f4a7f8", "comment": "Malware payload (RemcosRAT)", "value": "b09ac93ef0313867a755e59cf4b108ee5b376754", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322696, "uuid": "9a027f7b-3dea-4013-b507-8024894fb049", "comment": "Malware payload (RemcosRAT)", "value": "370d00d333f22604cf77e809326db2b66e052cf8346b7c12019bac3298a21c9941102f9bc0255e227f804363a22fc0bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322696, "uuid": "eab6049b-be34-4eea-b404-59adbca11c0f", "value": "T10FF4E1216B29F903E2F113F48567DFAA7B218D150D3B963386A4EF2B78FC3911D19216", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322696, "uuid": "9df77156-9b6b-4263-9da3-f0d417e2f49f", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322696, "uuid": "b884fb35-ad07-4d45-9aa8-46bbd98b1aa6", "value": "12288:uJWNBQfagdRGe/kEZusRW2FDipfAXRJ8+2FRAjI9XLvlDwLEuSflue6VfFtqdXFa:uWW6rE6MqY6VujkbvFHfluNtqdXFa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322696, "uuid": "31890267-7e52-4ea8-bf40-c5f83d9caa40", "value": 734679, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322696, "uuid": "5466751c-75b6-43c5-aac3-a7a851c68774", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322696, "uuid": "6cf3ae91-55ac-497d-9439-43d15abf6d7f", "value": "\u0412\u0421 \u0436\u0438\u0440 \u0442\u0435\u0445\u043d 26.10.2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f5aac60-73fd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698324255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324255, "uuid": "3626673c-02b7-4b7e-850a-afbcd9bf179b", "comment": "Malware payload (AgentTesla)", "value": "778e4cb51333c3b36ca45f5e45c2a1d8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324255, "uuid": "cfb69f86-e252-41e8-aa44-a77f94473cf5", "comment": "Malware payload (AgentTesla)", "value": "f136c078b7098690ea405ba293db35261ea710eeb0196acc146bbe434b1be12d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324255, "uuid": "42797c1e-a411-4e02-97a6-d20bda88901f", "comment": "Malware payload (AgentTesla)", "value": "d0625103ba1df451d43ea685cc1fb58d86843f1f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324255, "uuid": "c3881700-133c-47a7-a16b-4573524c4dc9", "comment": "Malware payload (AgentTesla)", "value": "541321511e88c6f2f80442ae45f7afc436645ba1ad3993e0d3d4708b3eac606289fe83bce6bf83451f1c335a93c11c85", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324255, "uuid": "caf59cdc-83a4-41d8-a14a-8f4bc6899bff", "value": "T1A2E4235C36AC4323D9EC1BF148504184E779E31A6AB1CE8C2DCA53EE1923FAADD0564F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324255, "uuid": "c6c41144-ed7d-4c80-8642-c7e2bc76971c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324255, "uuid": "5d5b4a42-7096-47e6-8479-22b1d057efab", "value": "12288:rUZIOhuxrFqiczOe3rEFHxReCvQiHZs9MYhToc5Ek6+E+ARpVPo4:ahhAYicSe3rEbReEQiy9MaTNv4Rpho", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324255, "uuid": "857d9e00-69f0-45f7-a2a7-ac72a634f595", "value": 657408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324255, "uuid": "0c54d553-45c7-4812-866f-e2f7766a73c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324255, "uuid": "1ddfe797-14ab-4c0b-a2e4-f512c55032f9", "value": "payment copy,pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c01d36d1-73de-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698311103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311103, "uuid": "b3a34b92-ec41-457d-aec3-ab5ddf6f2669", "comment": "Malware payload (Mirai)", "value": "687b6e3af88f2f1231935067eb3f6a43", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311103, "uuid": "2f28e0ed-92db-411d-8a9d-5c9637579bf8", "comment": "Malware payload (Mirai)", "value": "f142b7ff02fa6acc1a18f759c20a56f7db375e6b4e5565081012ff1e3db72042", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311103, "uuid": "13791f87-ded8-4be2-98f3-0750dc056a4a", "comment": "Malware payload (Mirai)", "value": "195d32f3faf9efb057e2e2aaab0486584ea51004", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311103, "uuid": "01ef99e9-5393-4726-9f0a-b4aa4e0c7ed0", "comment": "Malware payload (Mirai)", "value": "717e4d6bdec1fde2f2d221a6ad3a808496e6bbebf91ce201454a20e51ebc296a41922c4a34347de7fa7a3ecf5bae6951", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311103, "uuid": "231ad372-0fd9-4e54-84aa-8c1e5dee2ce8", "value": "T17F337A77E46A5E94C086817075249F351F23B2C893932EBB16EAC2755483EACF509FF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311103, "uuid": "e6fe93f5-a3f1-4482-bbc7-a619a0af46ce", "value": "1536:8aWjW/cXGET0SEZqKAlSW4UBOCVQV5nb:8pjWuGEgZtAuUBOV5nb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311103, "uuid": "5982e2e1-b38b-41a1-87ab-5d0991fe6b50", "value": 50584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311103, "uuid": "ea386193-d33c-4c0d-90a6-2fa158123298", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311103, "uuid": "b4c8a05d-0568-4233-b0e0-333f6c44ace6", "value": "687b6e3af88f2f1231935067eb3f6a43", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56e1ec0b-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (GuLoader)", "timestamp": 1698303625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303625, "uuid": "218a8278-5933-449e-bdca-f37280d6b674", "comment": "Malware payload (GuLoader)", "value": "a44e0426df5af78940e42f1f7fa90d13", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303625, "uuid": "0f14097a-b773-4933-bf08-b7ee66a5b7d0", "comment": "Malware payload (GuLoader)", "value": "f1fa8925779ca6d7bbebaa31ab1a24139f786b3c68c88efec72630c3ba37e4ca", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303625, "uuid": "e5db3e62-5a50-46bf-ad3a-86312440e60e", "comment": "Malware payload (GuLoader)", "value": "0ecbe1b14628b46d4633f90d7a15c0d9f575511a", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303625, "uuid": "099ac063-0dd6-4fe8-860e-a76ecbda2755", "comment": "Malware payload (GuLoader)", "value": "a8053bbccf54153763013c287d0e0232a18fc622fb4b94ffe04d9b3ae0a93b762947eb1f450b6aac1f0f959f5bfee5ec", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303625, "uuid": "a8bc7a73-f75a-4ed3-bcc9-fc37def93595", "value": "T1F8736EE5DB68161D0D4B37EADC408891C9BCC16959234119FEEE078EA20B59CD3FEB1E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303625, "uuid": "d1fdbb15-2b29-4974-98ce-abd640be8cb5", "value": "1536:jabO90tBADDmtpJqrQToFOCzpVNMVph8sASkwhO:mbUoAfmtNToF1pVNErASkwhO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303625, "uuid": "b5cf7a0a-a7d1-4890-a1c2-b86b426cd6fb", "value": 74636, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303625, "uuid": "c590542a-1cd3-4d11-a3e1-508878f136b4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303625, "uuid": "47c4d712-d269-4e92-a0d2-66f0ddaee2e7", "value": "20230498774987.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa3215f8-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1698304195, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304195, "uuid": "5a49f181-88d3-4dca-88cc-35a9bb097dcb", "comment": "Malware payload (DBatLoader)", "value": "872e638d499bd843fda1dab46ae5245b", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304195, "uuid": "8dc590f6-4607-4be0-a5a0-a3475c94f720", "comment": "Malware payload (DBatLoader)", "value": "f20f47d3d6665d9f24bba7bab57b474b848bc0b7d814d88af27c02d34f7dd159", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304195, "uuid": "63d59440-b006-4aa1-9d73-ae1950fd9175", "comment": "Malware payload (DBatLoader)", "value": "3660ce2dda8ac802bb515358ae36e901d5b29a35", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304195, "uuid": "bc7d6c37-96bd-4b43-951a-d9a4b8537c03", "comment": "Malware payload (DBatLoader)", "value": "a3882b20393bf387e842dad3e8d12425e66afedd57529d51738eadb251e98da7de34fae029a5b65c58eed4d7365afe02", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304195, "uuid": "16e6aa99-00b1-42bf-b8af-77b4a5eef584", "value": "T1CA55D016F66188B5F03B0A396B2B57DEDF1C6E2929A4284B27FD7E580E35243345D0B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304195, "uuid": "6c6267e7-7cf5-4537-b86c-832489a6807d", "value": "b4498ed238a5d5d6510e036e3bb29986", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304195, "uuid": "3718d618-12d5-498b-a3f3-c59c065c54b8", "value": "24576:bKuO345cRv/kabphVsJhfYPzyB+4Buxrhre0Qud/0hkEBS/:bLysS24mwe0VMkEe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304195, "uuid": "b35be21d-9523-4881-bb9d-e566f461b41d", "value": 1315328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304195, "uuid": "7bf99072-f1fc-4b23-98a3-dedfe0ee341f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304195, "uuid": "d73f0675-25e0-4126-bdd0-0de25016651e", "value": "Glmtylqgpqjtux.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e81edcdd-743f-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698352832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352832, "uuid": "e04eb6a8-5e02-4d04-9843-38eb916c4b2b", "comment": "Malware payload", "value": "ef90e78c6a453084235a36d64bb023b8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352832, "uuid": "8d9da2fa-53a3-4cb6-b910-ecc135f39c37", "comment": "Malware payload", "value": "f2ab1aa34d0f6fc9cd8f6db413e96e7fecb62a63738db603fb41c1bda722d5fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352832, "uuid": "afedbe4e-b7e0-497d-9316-3d7a1e3922e1", "comment": "Malware payload", "value": "33e286fac0d10ffd70990d68a4aae245f1b44d8e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352832, "uuid": "5e71178c-f30c-4046-a6cf-c89f8540b47e", "comment": "Malware payload", "value": "5b12e5f6a01b8be56db6ae0be28dcab55beb3197daf8b3da02e0233806e3304f1c5f3e74a9de3e7064f480cb58584d1e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352832, "uuid": "b2cc18cb-a179-4e8e-8303-6a514114b30e", "value": "T16304D022B6E0D072D5B3953059B1C2662E3B78325B7589CF77940A7E0E707D0EBB6362", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352832, "uuid": "e9a02286-5b7d-4699-aa21-bc829cb2da9c", "value": "0b825660c7d5ed229100a6d233732e14", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352832, "uuid": "4cf5ad57-7969-4235-9cdb-0b41d901e48d", "value": "3072:9IBNGqoxUlUUEH4V/22AdmCHMHqGcCVdMtt++cq0WJND5S4kYaoa:KvoyYH4Vu2AdmCHMHnm7l+WNlH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698352832, "uuid": "10f96b1b-1675-4142-9971-7dca01ef4a17", "value": 184320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698352832, "uuid": "a426faf5-7158-47f1-b849-4e7a730b7e79", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352832, "uuid": "84c119dd-9279-4054-9233-b17e9d1fc2cf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcb1408b-7456-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698362691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362691, "uuid": "54eb65b5-083c-484e-9eff-47bc9dbd6b87", "comment": "Malware payload (Mirai)", "value": "1c6e0b6491a5720d6f7716851affbf52", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362691, "uuid": "c1320f67-8a5d-44db-8d93-bfe85f6b8312", "comment": "Malware payload (Mirai)", "value": "f36c4316c30f0ad230a0a9d68eaa32b47d7a33eeb127ab8645ea057cf6a490d2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362691, "uuid": "e4e267c5-c8fd-4143-a978-a692fdd07ee3", "comment": "Malware payload (Mirai)", "value": "50d74a3aa31a3c930e484a71edc97137bc5a6113", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698362691, "uuid": "83cc3920-410a-4e9c-9966-a2adc9884735", "comment": "Malware payload (Mirai)", "value": "0e42cbf004fe1dcd090c900fad0c3a916d9c61e2d9d5f620322d1f19e15f20f262b16ba20d75c9bbada70a4da88de2b3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362691, "uuid": "773b1534-40e8-4ca5-8ff6-9e3496e66788", "value": "T119639CB2C9642E18D2598AB1F128CF3583639504A2973FFE916AC76DA443EDCF5183F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362691, "uuid": "5f8c7137-2a1e-418a-b803-489235b3e022", "value": "1536:k6ICOnrFOwlhO6xMmwS99i29r3mCriMXwKQ10cm8RK:3Aw2O6xMwL9r3mqXQMYK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698362691, "uuid": "410b5763-356c-4143-9170-89a297aa439b", "value": 66928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698362691, "uuid": "4b354214-1b18-4e1c-bd20-9bbd96acd7a1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698362691, "uuid": "49ebf501-182b-400a-91f1-8ad575d033f6", "value": "1c6e0b6491a5720d6f7716851affbf52", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8339941a-73fd-11ee-8907-42010a9c0042", "comment": "Malware payload (zgRAT)", "timestamp": 1698324316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324316, "uuid": "5e37b964-ce2a-4b26-a416-088f96a370be", "comment": "Malware payload (zgRAT)", "value": "29c2cb0b32172165df33da1b900888f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324316, "uuid": "200de1cf-cbc9-4a51-83ab-e9d1144b239a", "comment": "Malware payload (zgRAT)", "value": "f3b9aa2fed618d8b9c6404f4e8f995cc56f325fc68c33340433fd9c094c9cff6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324316, "uuid": "71f5e06e-527c-488d-b149-98f7720885c3", "comment": "Malware payload (zgRAT)", "value": "e09e84dcec894c8e8ed3ca5e4c34d14cd3bdd8ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324316, "uuid": "78b2dd62-d969-475b-8ff3-e3963c3740db", "comment": "Malware payload (zgRAT)", "value": "eb9455b4b410de78d620e8854af3329a581138b54210550df79df929d90f16cffbc4c09bf056cc9760a355b4118c75f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324316, "uuid": "901c070a-ec06-4b2d-b927-36c663ca4526", "value": "T108333118EE40DA46C915FA37C8F5B210C37471876323C72E696A6DBA2597327968E0FC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324316, "uuid": "dbc74595-a411-49da-92dd-5e05f6861eae", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324316, "uuid": "56306067-3cc5-47a0-8959-1fd6db1701fa", "value": "1536:fBuTu/MyyBI0aBbBUynDfZ5sBdVNYYUVlpyF:fBuCUyyBI0aBbBUynDxSB/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324316, "uuid": "df539de6-0818-411b-859e-7a31125bc48f", "value": 52224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324316, "uuid": "8edf6ddc-7285-406b-ba6e-6a4fefdb2b53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324316, "uuid": "53c80ce0-0b08-44a2-b715-a2796c0171ab", "value": "ify.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87b29597-73de-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698311009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311009, "uuid": "bba35e61-e00a-4187-ab11-ac6fbcc536dc", "comment": "Malware payload (AgentTesla)", "value": "0520df234975e0e20b25c7476e38d860", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311009, "uuid": "713a3a4d-0267-44e3-bb99-ce69ef5fb7c6", "comment": "Malware payload (AgentTesla)", "value": "f3c4cac14a62d805b772cbab3e9d554c02739394cb04833e6848c1da19f9b196", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311009, "uuid": "c8b7f60a-9b34-48ee-a5f3-3102480c6220", "comment": "Malware payload (AgentTesla)", "value": "1daddb9e475523001efaa6443be1039797d23168", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311009, "uuid": "806e6ff2-e2ff-4784-a33b-7afaa2e43f28", "comment": "Malware payload (AgentTesla)", "value": "b7d56943eab393107b97dfa9a7d64f16a0b0ca340c9e18256e6adcd0f587245d0c018723a8a4d6362881738cba2ef889", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311009, "uuid": "af6479c7-dc83-411b-bb92-b37e12217266", "value": "T14905F1213678C772F76088B908B34606C355AFA526C5CBA4D9B1DCB91ABBF846CD314F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311009, "uuid": "05cac03b-9f96-431c-9133-fe60322b88dd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311009, "uuid": "0637a126-1091-4d95-90bf-e3c5a5178df8", "value": "12288:uRShdh6sxTA6qdhTGFppjXZqDBsvF4TXnyVvhNULqdNWvUaPgdWp3blUpS+ieWpS:ZzDxs6AIjpMBbiBXMW0vxMWdpUp8z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311009, "uuid": "5daae2fe-109c-4874-af19-ba87d339e23d", "value": 867328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311009, "uuid": "94f74bfa-5b00-455b-9599-c0cd32de82cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311009, "uuid": "10d9393b-427d-48d5-8d21-c865972a6043", "value": "FWD-P231023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a11c831c-7449-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698357007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357007, "uuid": "73a090a4-fd5a-4839-9c5b-95b1c4dc3cd5", "comment": "Malware payload", "value": "24ea373078f365a3fdcdf8594091b558", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357007, "uuid": "3e987b2b-864c-432e-85f1-9b730e6d9ed7", "comment": "Malware payload", "value": "f42aaeea61966f061be565b3471e0d9e3826620fea99b9bc7ff1a9a8beb2faca", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357007, "uuid": "b8840fbc-1a2f-4160-936f-3595d69657b9", "comment": "Malware payload", "value": "6e6df316e5f70b70dcbac0c618ab6ceeda4e21cd", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698357007, "uuid": "c01ffe01-5b94-4637-84fe-19457f9c0200", "comment": "Malware payload", "value": "f581b7802049b0e68931fc799dbed7f42df0ed0600435a234b06d11bb4ce3460cf12404590e0acb84ffe48c353ca0fd7", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357007, "uuid": "17eb110f-36d5-4dc6-9334-ffd58fe35526", "value": "T12DC2E0C0EB98708ADBF61C7FE5F8450AB26085BD9DA1304722184754ED830ABE6FFC16", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357007, "uuid": "aa0398ac-dffa-4aac-964c-361ac5d213b0", "value": "768:RqLXZL9EKjnHRNx4tQQ5IQSCZOYm3UcGGT6:RqLhJjnHRr4aQaQBER6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698357007, "uuid": "5ad74fa6-36ed-4ac7-8cbc-9fae344680fc", "value": 26136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698357007, "uuid": "c6d05779-e99f-4418-a2ec-e0405c661e6d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698357007, "uuid": "7ad204e6-5a6b-4bf0-9b47-15881a56d80e", "value": "doxbin.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fed24a3-7406-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698328095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328095, "uuid": "ff8ac2a8-5f68-49e1-b029-040e78dd776e", "comment": "Malware payload (AgentTesla)", "value": "4a37f9742f77cb125032a1ece9b60ef2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328095, "uuid": "30972e3e-02fe-4648-bfd2-cd32bfb5aca6", "comment": "Malware payload (AgentTesla)", "value": "f42ea5fb6d6439253f2f37cf857b200fae0aadcc86c80f3c73cbc5a7715e279e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328095, "uuid": "e1ed1dc4-f78f-44e9-9296-a9ab93907f9c", "comment": "Malware payload (AgentTesla)", "value": "5e7e6c0201dde224f4bae87f6c25df85b917d968", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698328095, "uuid": "4508af02-29b6-42a9-a490-2d9a34a6874f", "comment": "Malware payload (AgentTesla)", "value": "cb7fe9d963319d532cc28ec1cd07224b9181338f1cc5aa0daaa6b143f8cadee9762bbf41f387d1f65e75d89f870b4043", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328095, "uuid": "762b5e8b-7b19-40b2-9e1c-8915b9a8caf1", "value": "T109D42344E496910E98B983F9FE1E49607975F4D37F710196CBADA2FFEE060CDA12022D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328095, "uuid": "951b69d6-f7ae-4d28-bd99-d04731553597", "value": "12288:ePV5YtrFVqinpwVt+MxeXZRi2d4FcK7kTTpdm9aLyKDTbttH7Ca9rNlnz8iZswbZ:pzqybJEom3YTT29vKnBtbCODbZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698328095, "uuid": "bd4ae153-5a98-41e5-a433-950de38b1a60", "value": 609860, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698328095, "uuid": "ab314e8d-ba38-4232-af8c-bbd07144967e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698328095, "uuid": "9260b446-5e0b-45f4-83d4-0d3528b57d55", "value": "SOA pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd70cdf4-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (DBatLoader)", "timestamp": 1698304254, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304254, "uuid": "184a02f4-1016-42b1-9611-236da280e5c8", "comment": "Malware payload (DBatLoader)", "value": "791e03f518419a3c905816b426711a31", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304254, "uuid": "544c5410-c4e7-4973-840e-585fb94eda64", "comment": "Malware payload (DBatLoader)", "value": "f45307b5999dab601bb6371d4617cb7378d352e234f1df11b5ba41d779a90564", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304254, "uuid": "b1dfb3eb-ca26-4849-9b2c-fcc524d139ea", "comment": "Malware payload (DBatLoader)", "value": "f2104194bb354a6be104ecf97599d2ff6cf1fe57", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304254, "uuid": "c70a223d-8f83-476d-b4e5-a7ec5bed6d71", "comment": "Malware payload (DBatLoader)", "value": "c7e1a6eafca890e884cf245981c4a3678a7dee2e5c0f41b6950a0b07bbfabe278e344f962934553f76baa83d7ccda3d6", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304254, "uuid": "4805b37c-6223-41cb-a15b-f9d44a5263e7", "value": "T13D55D00BE3618871F03A1679A8174B1DDF2A7D252DA8A84A27FC3F585F31746346E07B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304254, "uuid": "0b44bb04-b521-4588-be9c-ce1e23fbb381", "value": "91a1eb4157c5e26a9ad6d8fdf398dbf8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304254, "uuid": "bc536c30-5a7d-411b-af96-020f1514e0cb", "value": "24576:UHQhZtDKt9N6+arvC0/hfYPzyB+4Buxrhre0Qjd/0hkEBSBrTFJ:UPt1h24mwe0cMkEKFJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304254, "uuid": "c18bb58d-d494-4776-9b68-eaf687c8ea45", "value": 1296896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304254, "uuid": "3b79df87-b2b5-4227-9e73-982b056bbb57", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304254, "uuid": "de1249cf-fcdd-4135-885a-e41c4c22192a", "value": "Product Inquiryr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62fb7689-73a3-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698285607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285607, "uuid": "eba1c223-a1ab-495f-80f0-1294ffa10fbc", "comment": "Malware payload (Mirai)", "value": "97b04c7878d685bcdb96d10c99292d9c", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285607, "uuid": "a598aa40-dee3-4ead-b4e3-170acacc99d6", "comment": "Malware payload (Mirai)", "value": "f475d023efcdd965fb9230e217ae713b96aa07a8b68ca486a01ad7243d27a1cc", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285607, "uuid": "14b58263-519d-4624-bc62-ae25efbf1818", "comment": "Malware payload (Mirai)", "value": "8838b1b730afc6ecde6532e4c3e2e3f9b37ab0bf", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698285607, "uuid": "c20d42b7-361c-4116-94c4-f81aaacbfdf5", "comment": "Malware payload (Mirai)", "value": "8fc3fd49cfefe3ba2d24fef13ab14b7ea57a0e9fbe5443c1c81e3e9c86c1f3cb6bd6603e9f60bcb7f0c76518c3e9fa05", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285607, "uuid": "ce425563-3cf1-4e5b-a4a9-653099f49700", "value": "T17CA2E015BF1886CBC832297545D9F6D22356FC62F2ACCC192A40C15FB4A33E96830F8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285607, "uuid": "97fce8cc-f5b5-4a9a-a863-a1a86f648e49", "value": "384:Mg/Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaqOKV14b+502F2vwA9dWuMW21bAKI:598o08kxofBE+ZkXaqGbp2F2TWul0c5l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698285607, "uuid": "ee58d735-29a6-4b00-b7cf-a6197c33322d", "value": 21500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698285607, "uuid": "9d039a97-17cd-46c3-ba5b-85c0e461cbcd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698285607, "uuid": "eb992f10-dfe2-4be3-af82-0dbd039ae754", "value": "boatnet.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9bf5ed2-743d-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698352002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352002, "uuid": "a94d5a94-e62e-4b1c-8848-82d9c58fa8fc", "comment": "Malware payload", "value": "68819e1fb43bf21512c016d360095bd5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352002, "uuid": "2f546cc0-8e30-4f7f-81c3-f8046625d950", "comment": "Malware payload", "value": "f5ef29499940845fa93e9cc6e7ff3fc7ead86afe350a938999fbc32ecc037c84", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352002, "uuid": "83702c25-7dfb-4554-8cd8-aac48d5bed5e", "comment": "Malware payload", "value": "4a217f8ca049ce1be76c2fc8be50b0b24a6d8adb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698352002, "uuid": "936ec894-2932-4ed3-8a51-3ab30f38b23a", "comment": "Malware payload", "value": "60e20cf5dc0702b730f6251516adeb8fabf4c2b76f26618740ef02d896805ae1ca419e62fe27f680d468d5e5b9fd503b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352002, "uuid": "ab36001f-08aa-48f5-a634-91649689f3a6", "value": "T1F1753302E9F44123FCF863749CF71A9B0B36B5B24969474F2988892E4DF39D0A570B76", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352002, "uuid": "609aa90f-ce3f-4657-b868-42724b80b8db", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352002, "uuid": "c967aceb-b452-47c2-b1d6-6424be261aa2", "value": "49152:3ktsOEhflYTN6va4amlJaNAS6P6rsND5jBoCq:ssOEhS6VraNAP6qlj0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698352002, "uuid": "4274d053-ced2-4e5f-93fb-a037136bc9d4", "value": 1626112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698352002, "uuid": "2abbfe3e-0f55-4456-8f6d-d8e5eee30d4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698352002, "uuid": "075385c2-e7f5-4e8c-a0a5-6a0b52664679", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b845ab66-73f8-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698322257, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322257, "uuid": "a7513f72-eb44-45d8-ab33-01dbedbe1b9d", "comment": "Malware payload", "value": "c1521547dea051bd7a007516511fb2ca", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322257, "uuid": "cac2d529-b2fa-4e67-9c3b-8e12fedbb164", "comment": "Malware payload", "value": "f8847e6cfa9d58ce821bca8d28dffabf0217bee958a71d1b1bcffbc44a48487d", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322257, "uuid": "69d210e0-e634-4a25-89e9-994d8906d403", "comment": "Malware payload", "value": "2043d9356251df20db257aae03b545450de94a01", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698322257, "uuid": "8445e007-8f48-44c2-9f79-3e501db36b24", "comment": "Malware payload", "value": "7f476ce11d54c3811c0f6f58ff24f2ff3e6c277872c73af09a0fb711cf2a97203810a18ac1c3cdf9b9d2cc924ece298c", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322257, "uuid": "9f41cbff-5d86-46b8-80cd-e7c5b8b60349", "value": "T197A53300E428203DAF702EFD046ED7DF281571A16C7F61E59F759005A9ED6AB08A7E2F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322257, "uuid": "592177d2-d8b3-4aef-8c17-e9a4b1135660", "value": "49152:gBXKXPs6vdSuaeOP9I4oDu4PQGEVGcvfOb2Q/3NNa7WK:gBXK0U0uaLV8i77nQ/947WK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698322257, "uuid": "70632cff-24f7-40e6-9aea-d4910d0934fa", "value": 2075058, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698322257, "uuid": "8810f62b-dd05-4b2a-8331-6faffb121bd7", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698322257, "uuid": "3f592d84-848e-4cac-8f53-8c006c306770", "value": "INVOICE.NEW ORDER.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23bdf063-73d7-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698307834, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307834, "uuid": "5a48f88c-2512-446c-800a-057432b38e88", "comment": "Malware payload (Mirai)", "value": "4d7bf761a38dad1c146823fd2946c0ba", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307834, "uuid": "abcfb5a8-3783-4f9b-aff6-92f6fc3177c7", "comment": "Malware payload (Mirai)", "value": "f8e3e1e2a21cfab89d0042e78236e95892830a5ea2951097bc9b590f6fa09013", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307834, "uuid": "e3444bbb-cb33-434e-9489-11e622992618", "comment": "Malware payload (Mirai)", "value": "bc2f6076bcffdd864f14c886d61957c75ab93d41", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698307834, "uuid": "1349ffea-927e-4b55-9bb1-75cde0187c93", "comment": "Malware payload (Mirai)", "value": "ca26299ad26000caec3da81f71a002bb1896c6669bd23d6ecfd5e1a664d8a4012aa0bdbb8104b71d7a6135eb96540a4c", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307834, "uuid": "5af97063-0ad0-401d-b722-983758d4c530", "value": "T161630956F8814B22C5C6027AF92E118E332357FCE3DEB2229D216F2077C696B0E76D55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307834, "uuid": "b453deda-5a2e-4d3f-8cef-fcf977965c54", "value": "1536:tpnqh/sOR5YbAP+uppI4/jQGaHA1zuITig8F2+lhyS5bYon2:K/9R5MEDaq8F2+lhySRBn2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698307834, "uuid": "286d4550-588a-4667-8654-fdeb82ca837d", "value": 70964, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698307834, "uuid": "dc425c5e-e148-47de-a009-ed3af49f9792", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698307834, "uuid": "1fb526bf-5253-4ab8-bd92-09e116d5445d", "value": "arm6.n", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b2faeee-73ce-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698304089, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304089, "uuid": "ef73ffe3-fecb-4779-8a8d-0ace79ca6cfb", "comment": "Malware payload (AgentTesla)", "value": "3082bcc477192149fc388417c53bbe47", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304089, "uuid": "824a7134-107d-44bf-b189-7be6c358923b", "comment": "Malware payload (AgentTesla)", "value": "f9ae42b3e998b7debd5cf71113d2fea8b56c55924f0f4afd254a125422d9261e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304089, "uuid": "04b1e37c-cc62-4e38-88d6-4130315253ee", "comment": "Malware payload (AgentTesla)", "value": "488c1b847602942f952a7d7a70694d8e0429bb67", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698304089, "uuid": "c0bf618c-565e-4bce-b0a6-c4b29fcf2c3e", "comment": "Malware payload (AgentTesla)", "value": "fb00baf4caef40e7cbf2c14d5e6cc7f4c1b1f29f94b918028815c752215d87f8951a80de8bfd0b1d6e2fd4a3a34868b4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304089, "uuid": "d6f22aa2-7f5d-42c3-a4d9-28009df15a65", "value": "T163F4236D94F3377A03AED013B28D7CCA46269B25040350B5720A9F75F9C4DFEAB21D6A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304089, "uuid": "392ebb59-c3bd-4eff-ac1c-be627336765d", "value": "12288:ZM+Izu1ZjppWx/Qypy5MlaHtfiD9zLgITNeQFpBw++oPMFLrymPNt8KYNBuQnTio:FjjpWQypyylaHN4EI5e02CPlmcxYQnTn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698304089, "uuid": "d288fbf3-b5e1-4218-83d4-d4c77241a709", "value": 750058, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698304089, "uuid": "dc432156-75dd-4aad-83b4-711d26494233", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698304089, "uuid": "08336eca-a913-4642-af7c-ca896bc60424", "value": "Proforma Invoice MX80952312 .xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f18f47ac-73b6-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698294006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294006, "uuid": "62afe0f1-ef17-481c-846f-ec8fa65b2383", "comment": "Malware payload (Mirai)", "value": "8e656583fc62b60852fdc21e1e05de43", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294006, "uuid": "911c5de3-d189-47cb-be32-dc8058c8a8dc", "comment": "Malware payload (Mirai)", "value": "fab54ca1b9f56153f7c8fb7787b56e4e6af5eb4562ae93b23e5ec630f9b09320", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294006, "uuid": "55167377-8b54-4519-9702-491c05d6c0e9", "comment": "Malware payload (Mirai)", "value": "e32caed5f10f928e43483c2e11279365cca35f47", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294006, "uuid": "4f68b4d3-badc-41ae-99c9-e08cbfb7e497", "comment": "Malware payload (Mirai)", "value": "8f22433c492148930bb769906938d6f6b61798e1fde6bfa4f3b645e6c5439913d67009a0b38b2aa75a8ed045c60f59e0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294006, "uuid": "74614b4d-08b0-483b-9412-a844d8483fef", "value": "T105536EC6B4119E7DF5CBE7BE84224D0EB821722150531B27BB6FFD83BD721A48946E06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294006, "uuid": "183f71fa-6bb1-42d3-b72d-c98f3121a152", "value": "1536:kPqRg0FGTbSX5xpLepSGorsF7QhOx2X/ZOqc/yA8I:p5VHV8I9cK+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698294006, "uuid": "0ba3b823-f3e8-4bfb-b005-4535efb5f3f6", "value": 66508, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698294006, "uuid": "d98c831b-74ce-4035-9d5e-984cc9838383", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294006, "uuid": "2d67063c-997e-4d2f-9bbd-cd19d4de935c", "value": "8e656583fc62b60852fdc21e1e05de43", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11a4791f-7426-11ee-8907-42010a9c0042", "comment": "Malware payload (RedLineStealer)", "timestamp": 1698341734, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341734, "uuid": "9d8de0b0-ed80-4098-bebc-33db37fdfbbd", "comment": "Malware payload (RedLineStealer)", "value": "fb08c8ef1f557c8022b050fa37c0294c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341734, "uuid": "9a833b23-dba3-4a86-9bcd-f605a78cb3a8", "comment": "Malware payload (RedLineStealer)", "value": "fb6cd473f49eb7b7b3b66726a6d03419f6a360308484fabf4125315b84c706ef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341734, "uuid": "c6e012ec-38cf-4170-b1f2-28de60580cf3", "comment": "Malware payload (RedLineStealer)", "value": "a194e0a3d72903409fe833f375272f1e546f1fc0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698341734, "uuid": "c35eb3ca-ede0-44a2-9c22-df26976c74b3", "comment": "Malware payload (RedLineStealer)", "value": "1fd403653fbca9eeccdde15453ecf6d299ae420c541ab42cf3f637ea6b04628bce0d07e483b74d6f6f1daab295313446", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341734, "uuid": "50e427c0-ad39-4086-a7cb-b132c9417149", "value": "T1C9152342A2E8D573CCB52FB089F64B871E36BCA169789357234159AF2D721C0A47273F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341734, "uuid": "bbfea2af-8bf1-4b2c-b941-12f6a17f920d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341734, "uuid": "19f64026-2854-4618-9b6b-ec66e1e7655b", "value": "24576:XyjyFLK+TIpfY4aXxmuR9pDmtWgGzKwWzz:ijOtIpfaxmuR9VYWRzKF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698341734, "uuid": "c4b829b3-3dff-441a-92cb-72bab2415a7b", "value": 920064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698341734, "uuid": "6225fc19-c9a0-4287-be65-a73f36d4e448", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698341734, "uuid": "b7b0aa71-2d20-4642-8df6-c2e12579f6ff", "value": "FB08C8EF1F557C8022B050FA37C0294C.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b509cd34-73df-11ee-8907-42010a9c0042", "comment": "Malware payload (AgnianeStealer)", "timestamp": 1698311514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311514, "uuid": "631daf2a-6c10-4a7f-a367-2a37800092a6", "comment": "Malware payload (AgnianeStealer)", "value": "6c209163f8881e51e553f6c1b306d645", "object_relation": "md5", "Tag": [ { "name": "AgnianeStealer", "colour": "#1F7C99", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311514, "uuid": "5635b6e2-6a46-49cb-8b13-048e4d2716fc", "comment": "Malware payload (AgnianeStealer)", "value": "fc1b0f044807d4f0f7d3c68c1adb2f38da0f8a577e11322102559b6467c1fd21", "object_relation": "sha256", "Tag": [ { "name": "AgnianeStealer", "colour": "#1F7C99", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311514, "uuid": "8f3c10d0-c288-41b3-9428-0bd321b7b416", "comment": "Malware payload (AgnianeStealer)", "value": "9e6692f04c6ce18c4b95e9614b26dcbd47099de7", "object_relation": "sha1", "Tag": [ { "name": "AgnianeStealer", "colour": "#1F7C99", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698311514, "uuid": "0176c3b4-5824-4fbe-924c-b2a171a69fc1", "comment": "Malware payload (AgnianeStealer)", "value": "5b21cc0450af5b5d0c6cf08ae210a3a301c88ae355e68f3ec24dbbb0c2853f1d2f17a8d9189249f71f7ef6008a1a4edf", "object_relation": "sha3-384", "Tag": [ { "name": "AgnianeStealer", "colour": "#1F7C99", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311514, "uuid": "ec92be19-c7c2-4d83-83ef-5378629ad7f2", "value": "T162E3999C725072DFC86BC576AEA82C68EB6064BB930B9203945715EDEA1D9D7CF040F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311514, "uuid": "e01fc26b-e693-44ba-b0ba-7331624bec3b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311514, "uuid": "51a84436-bbd7-4fb3-8824-70958321e793", "value": "3072:oGlXG5eobrf35GO002X9CHWAhCr6m/bYQu5UwOl3xd:IxbrfcO002X9CHWAhCr6m/bYQu5UwOl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698311514, "uuid": "19900460-1b50-4670-987e-984e52ad8679", "value": 145920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698311514, "uuid": "d7851cf8-0a6b-456d-b392-5cb27b2c04d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698311514, "uuid": "90a1fcf5-df5c-4edb-a08d-5c6fe7821da9", "value": "6c209163f8881e51e553f6c1b306d645.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0aa7fa75-7447-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698355896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355896, "uuid": "4894c2da-c75c-4941-87bf-9bcdb7aca4fa", "comment": "Malware payload", "value": "478f3f010ee58bfb92d52b6bf40b9272", "object_relation": "md5", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355896, "uuid": "c3f30fe1-5a5a-485d-a7ae-02de4ab617a1", "comment": "Malware payload", "value": "fc92b85ec3a84fa98a1f097c7dbd43db4a0d15c3c4be2cd83c7bc9a9663bb748", "object_relation": "sha256", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355896, "uuid": "5548a6aa-2c6b-4f2c-81c6-8d9f912d1a6c", "comment": "Malware payload", "value": "2009b66f3272dcad1d8bd342ebf4b58e1ae6c227", "object_relation": "sha1", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698355896, "uuid": "52ec35a7-07dc-4969-832f-4b9dcf728aa8", "comment": "Malware payload", "value": "e8639fd20e7172884ef2937645302c03bdd316f3b1b2468a090eb52fb5be97f4e3ff2aa88e5f063b1a7970ac7042f630", "object_relation": "sha3-384", "Tag": [ { "name": "china", "colour": "#CC5139", "exportable": true, "hide_tag": false }, { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FakeUpdates", "colour": "#0FE0FE", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355896, "uuid": "f7e90376-fe60-447e-a125-aac67aeb4937", "value": "T1D1082313B384D43AD16B163B9D2FE6B4983F7F656A129C0727F43E8D5F32640292A643", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355896, "uuid": "aef3e8a4-bf4f-4aac-95fc-3eecf85312e5", "value": "48a475c959f42bd8be441f1318132e46", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355896, "uuid": "a2677e68-a89e-4d97-8b53-4ad806e7b594", "value": "1572864:Hqd0yfhm5TQ+tuVv/+rEYA0aMXlZmCog8IUHQxLelQMhVX:N5AVTCog1UwxLelQ0l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698355896, "uuid": "5b47b208-91d2-45d0-9058-2f5aabceba43", "value": 78677472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698355896, "uuid": "2fce79b7-aacf-40f1-99e7-68f5e5c1a698", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698355896, "uuid": "707d0da8-21d5-43aa-a1ac-fafd5683da4f", "value": "ESBrowserSetup_600105_2.2.1.140.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44cfb6ff-73b7-11ee-8907-42010a9c0042", "comment": "Malware payload (Formbook)", "timestamp": 1698294146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294146, "uuid": "d22b8c89-a1aa-4673-a1c8-97d04bea6841", "comment": "Malware payload (Formbook)", "value": "e1647acb2250bc34c35eb165653ddacb", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294146, "uuid": "9dbd750f-3b9f-4481-9cc8-b2a7f076734f", "comment": "Malware payload (Formbook)", "value": "fcce3e3dee993dc20fd8ef3f57063d6224a562e61ea68e896a63efa4c1140fe4", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294146, "uuid": "e99fa89c-1d08-42e6-b40a-7c094c4ecd8f", "comment": "Malware payload (Formbook)", "value": "365356bd940cdca3cf401d9a10b81b5a51d9fb2a", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698294146, "uuid": "616f6a01-8f21-49fa-a255-70988fc0d4d0", "comment": "Malware payload (Formbook)", "value": "27915e5a1d4df4413e674bbcc5ab728e04a7dc40f3cc1bfda5a40566fe3b16cf65b8ec9265f168fbad21bf4839a6bd42", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294146, "uuid": "bca1bc8e-2df3-48f3-b4a4-46277968eee2", "value": "T1AC7423EF9918438E3B94600D19EEEC12B02FDD54CBFA89A6A4174E457F3E664C73D089", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294146, "uuid": "01d4be7f-c449-43dc-82bc-b20df83e8f29", "value": "6144:95dVacB+x6cTpPLyr7Ad7peYDIWlCh6tplHWjEqgBV4IoOSU6826Gzl8+vFy:9NXBk6cTpzyr7UpeOIlEigB5oXUYl8+Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698294146, "uuid": "2172cdac-0549-46cb-9f51-10bb9fa1728b", "value": 346079, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698294146, "uuid": "eea39b52-9956-44d7-a2c5-e2c040bc1b2d", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698294146, "uuid": "b63b3f8a-fce8-494c-b5bb-1d8d993f5b33", "value": "A0719_016_9900_F5_001_D_A_1M_230714.pdf.tgz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "702b9b8b-73cd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698303668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303668, "uuid": "717c593a-707c-465a-91a2-56475c272287", "comment": "Malware payload (AgentTesla)", "value": "843bafc6fb8ee89b2ad6a807ee7d5f54", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303668, "uuid": "3a9a1e40-222e-4d95-a4bf-799a11bd6a51", "comment": "Malware payload (AgentTesla)", "value": "fd49c53f3fb8010f2404e4bf823bba0e9055052d4269c5299230225162b1a2e8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303668, "uuid": "eb863b29-0635-431e-9c6f-2bb5e555948e", "comment": "Malware payload (AgentTesla)", "value": "a93ab3818267febb9d265b6c590bbed9e3b8107e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303668, "uuid": "6f73abc2-b3fe-4ff1-8723-68cb6fc2b330", "comment": "Malware payload (AgentTesla)", "value": "2ce00b9a9846e8a6adb4ae0baefb01f37f9c9048986da85cfc54698eb43cf0fff7febd15118758ba0471e29c1bb84fdb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303668, "uuid": "00f584ea-fbb6-475e-8715-cd15997ca334", "value": "T162342E2039EF605CB5B37F532FE979A5AE6FFAB11B19715E2040031B8A12E84CD61B71", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303668, "uuid": "8101517c-d2a4-4990-9da9-6221c828fd78", "value": "6144:V9m9Q9h9Q9X9V9B9p9X9y9S9W9Y9t9G9e9x9q9H9j9p9K9298909W9D989Q9V9u4:V9m9Q9h9Q9X9V9B9p9X9y9S9W9Y9t9GS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303668, "uuid": "94a4ad98-1c0d-45fb-a168-5a1ef9029217", "value": 240086, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303668, "uuid": "c9cca671-9bc4-4ea7-ac0d-75706037bb32", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303668, "uuid": "ff765d27-d6ea-4482-b2f4-e4582e632e3a", "value": "facturas y datos bancarios.PDF_______________.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcb32fd3-7428-11ee-8907-42010a9c0042", "comment": "Malware payload (RecordBreaker)", "timestamp": 1698342934, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342934, "uuid": "1b222c2a-940c-49d5-9e26-50c0bcc54572", "comment": "Malware payload (RecordBreaker)", "value": "2e059c1b7ebe96a82b7b111c4e5d4a11", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342934, "uuid": "eb5a44e9-bb51-4e4c-bf6c-f5f44ce4e678", "comment": "Malware payload (RecordBreaker)", "value": "fe40b52e8a7e9e2cbd03bbc9b94f34b52d5640a4843b7e90a6f6389eec2f7f57", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342934, "uuid": "bc78a645-2249-45df-8e55-3a1cb14de958", "comment": "Malware payload (RecordBreaker)", "value": "f6a63ff8bd74ad3cfbf239a43f6370cadeb9d759", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698342934, "uuid": "78fde6fd-9679-45f7-977b-a50107092478", "comment": "Malware payload (RecordBreaker)", "value": "d6039990001835a6ad07607cfdf67e0fea3b87b97f9cf54e948cdb1cb252ede4160f1c12e7f1484a8a11d7cfdfcc0e8e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342934, "uuid": "d84835d3-6c11-4c1f-80c2-ce9c0408e484", "value": "T150158D3138C48176EDE220B743ECFA2643ADE4B4072516DF06D85BEED7606C27B36696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342934, "uuid": "aa28f345-3cab-48bf-9c04-86107ba6f105", "value": "f030c1fd78181b976a79f24c5afc47f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342934, "uuid": "bf9b3d91-44a0-47ae-a008-485db2994e1c", "value": "12288:Pm4zcCjaHhNmNwTOHKzE0E5GkDy/2yRoYhdZpau4NN19gupDZ2YVLtFDAM:DRjazmNwTuKzE0E5nD3yJrZped", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698342934, "uuid": "49f03b7b-43a8-42d0-a5ec-5114c70f435a", "value": 930304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698342934, "uuid": "2470db50-fd8d-4b32-8720-ebe86bbd7302", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698342934, "uuid": "09cd17d8-f14c-4b49-b904-b100ad19a6e6", "value": "2e059c1b7ebe96a82b7b111c4e5d4a11.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49285f24-73aa-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698288570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288570, "uuid": "c9222036-9823-417d-8374-98b11b927a2d", "comment": "Malware payload (Mirai)", "value": "f72725b8792a0d6ffcbb50e8d40f26f6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288570, "uuid": "18f2b172-2a07-45e0-aea0-144325a624ab", "comment": "Malware payload (Mirai)", "value": "fe69f8916936372961f02e7e2917b7fcee6b15d390fa4fa94de226f8f9991049", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288570, "uuid": "87c33072-daf9-4aa9-8a58-d62ce13c30c6", "comment": "Malware payload (Mirai)", "value": "30dd16c7334112ea5f8ed6f53f4dbe0207a04d2f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698288570, "uuid": "93ba79fd-ccda-4bef-a01e-5bc9bb815bd2", "comment": "Malware payload (Mirai)", "value": "8a1ddb5d4343a48b90a6d694fad28d3b6ba0f957e1e1d2c430356275631e5435671048c1324aa4ceaa14aee55ffe605a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288570, "uuid": "07a17d49-4a79-4dba-9760-6848096936a0", "value": "T14FC2D0E0B726F931C520AC3EE53A4D8A3A51167C91FF393664158C358EC1A9B63F84E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288570, "uuid": "a1f7247d-9acb-4066-8dda-d70756a0a645", "value": "768:JMKyhegCCMqfizjoNpd2vJdX6vwrh9q3UELu3:OKy4qfqoeJdXWgULq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698288570, "uuid": "82475b43-3039-4477-a7d9-7a24e314f5b7", "value": 27300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698288570, "uuid": "b830eed4-55a1-45c3-a73c-e0da0bb5f141", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698288570, "uuid": "f670d843-a738-44d9-a972-580335e4a916", "value": "f72725b8792a0d6ffcbb50e8d40f26f6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25e06606-73fd-11ee-8907-42010a9c0042", "comment": "Malware payload (AgentTesla)", "timestamp": 1698324159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324159, "uuid": "9ff6bcc1-a5e2-41e5-ac79-c69107e56e65", "comment": "Malware payload (AgentTesla)", "value": "88676753336902a1d0491e12c0ca535b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324159, "uuid": "743b169b-6b15-4818-8f8e-080989a72536", "comment": "Malware payload (AgentTesla)", "value": "ff27d09500911e69370bcbf72f938fa96c2b542e588281c00b2da9158d95b10f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324159, "uuid": "ab1a3b6c-cd29-46aa-b41d-d13b613a3d71", "comment": "Malware payload (AgentTesla)", "value": "326f86b69562f5f2886284bff53ff20921a33710", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698324159, "uuid": "be1168e5-295a-4530-92b1-658a4a1f21ae", "comment": "Malware payload (AgentTesla)", "value": "6b1f272560e5f3d4800ea3e9fa1aa702762aced9b379547086a12bef9c45b2b48aafcc163527da8db50488c4aa415957", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324159, "uuid": "fb80cfac-4b0e-45f0-8e07-84aabeb7bf0a", "value": "T14DB423CF1A25DA43A8ADF0D7436FAB96EC0D68BDEDD23C2B31E0951451ABED10E5C214", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324159, "uuid": "4d5f8293-638f-4a09-abf0-2d6711bc8aa1", "value": "12288:/QXwmCfO07LBfuAR5CBk2cdWuDF7sDo84mtiR3O+afV5sW5FteNG5mA0PqfumpfZ:/qmBz/AbcdWyd8eRfsV5sW5+NG5mYDRZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698324159, "uuid": "c1cedacd-4de0-4bcf-9a72-028e9a48b0a3", "value": 531077, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698324159, "uuid": "a8d8ee29-564e-45ea-9d37-cf2fa432c6fa", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698324159, "uuid": "bfca99fb-9d4f-42ad-8c11-e077ddd64576", "value": "SOA Sept 30.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b729dda9-741f-11ee-8907-42010a9c0042", "comment": "Malware payload (Mirai)", "timestamp": 1698339006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339006, "uuid": "c26c2b36-a283-44d2-afe6-d0f8a3e9db48", "comment": "Malware payload (Mirai)", "value": "4a7b819137ce661c2b390d5f14a6b11d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339006, "uuid": "6eabbc90-d85d-4c26-b1cb-bdc5b9cd723b", "comment": "Malware payload (Mirai)", "value": "ff55258913352664be35c4d14c75a917cd58af166dd3f7914f0876d6e1d33fe0", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339006, "uuid": "0869a71d-93d6-444c-8de8-cf6b149a1146", "comment": "Malware payload (Mirai)", "value": "e5765f21bec72942afe4ace80ff2248853304f89", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698339006, "uuid": "24f9f73b-d1bc-402f-8e08-3c49f97f37a7", "comment": "Malware payload (Mirai)", "value": "5b6ba64fbf5c7df5230c3821b313b9f6d02589078c7cba95e1ae56dbb0bda5759643291f437c18faa074d41ec9c8c31e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339006, "uuid": "0b18141b-3768-4c26-bd18-043fed70a734", "value": "T1CF4302A4449865538EDB3834A66B0EC770216C3DE5C8FD122D49C25EBBCEF6D43296A3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339006, "uuid": "5c0808f7-9ce6-41d6-a41a-326adb0245e1", "value": "768:5ghjonGZzL6WgNAEzCIkSthxUCFLxIyhFkoclOfMLugeXgg8cv/q3UIH2tD22ucc:ZGteU6leCFLzT26MPewPEQHm6qogT05X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698339006, "uuid": "2e18e0cb-1380-498c-90a5-8ff1907ea5e0", "value": 56064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698339006, "uuid": "36a2cf35-e0fc-4fd5-879a-db212d7e8ce3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698339006, "uuid": "893151f0-970e-4d3e-9100-5c527fe70b6e", "value": "z0r0.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84e031ed-73cc-11ee-8907-42010a9c0042", "comment": "Malware payload", "timestamp": 1698303273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303273, "uuid": "697cc623-3bb9-47a0-9b1e-f0e40dd42f8f", "comment": "Malware payload", "value": "90da13a764955ae58b0360129abe9d23", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303273, "uuid": "1ffc43d8-f56d-4ef3-ace4-4edf8c8e6200", "comment": "Malware payload", "value": "ff575bbaa8724c8cbe1c0e154f445cb64fb843495932b090178bf815d1db234e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303273, "uuid": "bb517534-97f6-478a-b0e1-3b56c0f8ee37", "comment": "Malware payload", "value": "a0fa7531f3af61fc13554918bd307a8b0bd6dfc4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1698303273, "uuid": "0acf760c-714d-4b48-b68f-bb0a0c6dc519", "comment": "Malware payload", "value": "a9be48fbb617e4f8c255834e8a7cc0b0a00d4d592cf76d2186e10211e92c1977a5ecd92b234d6ef802bb51c402b1fb16", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303273, "uuid": "70e1788d-a96a-4ad5-8eea-8dc73eb15692", "value": "T19E978C0773E60095E5B7D2388AA74507D7B3B8635331DADF329D06152FABAD09A7E320", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303273, "uuid": "60d620b8-820b-45cb-bd4a-825b16e62854", "value": "4d0fb8dc9ee470058274f448bebbb85f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303273, "uuid": "e6eb3847-5440-4f58-a9f1-ea97ed45378f", "value": "393216:k1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfE:kMguj8Q4VfvyqFTrYpgr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1698303273, "uuid": "5ad8b645-b3ae-4116-af66-08f91e56c77e", "value": 39817182, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1698303273, "uuid": "c04f490e-77a4-44b8-af1f-db40f6d503e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1698303273, "uuid": "c4769d0d-426c-441b-8854-4f8f40dbc0bf", "value": "ff575bbaa8724c8cbe1c0e154f445cb64fb843495932b090178bf815d1db234e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }