{ "Event": { "published": true, "date": "2022-03-10", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2022-03-10", "timestamp": 1646956982, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "18d3b211-84ab-43b5-85a4-2bee61b9e027", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc1d34a2-a033-11ec-9275-42010a9c0029", "comment": "Malware payload (njrat)", "timestamp": 1646890567, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646890567, "uuid": "78014566-21f5-453a-b67b-edef87571f8f", "comment": "Malware payload (njrat)", "value": "c92ba03ee481018677938fe20bf8aa32", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646890567, "uuid": "9ea51295-f20a-4518-9e8b-42052c02e441", "comment": "Malware payload (njrat)", "value": "00037a0cc29f3c99e88aeb57af189e291c6fe38b8b252718ec793096c4b7f463", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646890567, "uuid": "4850fd3c-87a6-42f8-bbbe-e88391b7c571", "comment": "Malware payload (njrat)", "value": "82ffd9604931b14e41b66580b42c71e6b6bc0283", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646890567, "uuid": "00209bec-f210-44f0-b1ee-aa717012d753", "comment": "Malware payload (njrat)", "value": "d33645254de759466b8ce2d05cfa8d6649a1e98dbd46888b410cffed777aa90dc3a188811215520da27847b1abecb4a1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646890567, "uuid": "a66798b8-acf9-480c-923e-5b63d82ce094", "value": "T14215B40A690FDB1EC4E185BBD3FA444312623B454AF2B18659247BAC5FB168EF35D2C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646890567, "uuid": "74f05db7-082e-4971-aae6-2e8c5308f637", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646890567, "uuid": "16cb25e0-4785-4500-bc26-df1e89c48656", "value": "12288:QS0b2mBEYoox3+yyNtpIJSNZB6RFTow/I3MqBM2esOc2VV:QBrKYBxbkqSNZBWFTow/9h2rr2VV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646890567, "uuid": "2c103f1d-fa4d-468d-aba3-b8bed119a1ff", "value": 887296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646890567, "uuid": "9952629d-2a66-45d6-853d-d13a7acc1b6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646890567, "uuid": "265e5df2-933b-417f-b7eb-0b258eaefc81", "value": "c92ba03ee481018677938fe20bf8aa32.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "385cb5b5-a086-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646925887, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646925887, "uuid": "6911f80b-54e2-4762-8151-92e352f4d674", "comment": "Malware payload (Formbook)", "value": "0f8e4f0d26d7e05ee1c58b443be9a4cd", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r09", "colour": "#5B3928", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646925887, "uuid": "5940575c-6514-47ae-82fa-b14249eefd87", "comment": "Malware payload (Formbook)", "value": "011a7574cece4977a1fbe2a6908e211c64da1dfdeecb2b7d25845b109c8a3347", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r09", "colour": "#5B3928", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646925887, "uuid": "498dba97-76a4-404e-9e23-82eebd8590a3", "comment": "Malware payload (Formbook)", "value": "7d3deabb5f0afbbe3a32f2b7f931e3d0f4802820", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r09", "colour": "#5B3928", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646925887, "uuid": "1e8106bd-de10-4184-9bac-55ee3757815a", "comment": "Malware payload (Formbook)", "value": "74c538da06afb8cb55a72c81cf5779dd4e848b7272e07a61c762c10f3846e222f3e01637c084e070f9f4319fba0b5a9f", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r09", "colour": "#5B3928", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646925887, "uuid": "8bee5629-d1d9-4bd1-a41c-f36699bab6d4", "value": "T10AA4231647A36F680518E4C1FDA112B15371ACA1B1F249EBC3ED0E8DAE58D7527DE3C1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646925887, "uuid": "f4fd5814-d1b9-4358-8832-d8e5b72d85f8", "value": "12288:1arG4YjaWymTzKu5UvHYByt4D81cKIaJzksaKgqR:UrP2y3ur4+QnIEGqR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646925887, "uuid": "608db39a-3581-413a-b97d-a0dc488cbbf4", "value": 491688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646925887, "uuid": "efa2cb2f-5345-4807-bb40-733c6f2005b6", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646925887, "uuid": "ae28817d-f3bf-4989-8bc9-22548cabf155", "value": "IMG_Purchase Order New.....Pdf.r09", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "913e9441-a048-11ec-9275-42010a9c0029", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1646899407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646899407, "uuid": "63f8f567-4943-4ea5-ace5-caaac521f2cb", "comment": "Malware payload (ArkeiStealer)", "value": "35dc863b7aca51c8eec8d48843edfe82", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646899407, "uuid": "c29d5ef1-6d2f-4e31-979c-cbbb5afb9275", "comment": "Malware payload (ArkeiStealer)", "value": "01a1bc516376847423c1c746bf012650483bc006a036053b529cdc1b0ec34446", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646899407, "uuid": "441ba785-6019-46ce-a5b9-728080e07c67", "comment": "Malware payload (ArkeiStealer)", "value": "6e11143aa5e62c0703614db3e7f5e439730fb4cd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646899407, "uuid": "4ebcd7d4-d829-42fc-a69e-953b93d57a1d", "comment": "Malware payload (ArkeiStealer)", "value": "424312ce8bbaba4d76f08d8aca12bec83bc9d5ec162a5f1e8a42859428f57578a0933be20dda35210d5160d34dcbb30a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646899407, "uuid": "eb66d82e-b334-4b1e-869c-be58c391efe6", "value": "T14054D0113AA0C832C493A1305C29C7B1967FB5315AB9C94737A4133A6EF33D1EAB6F56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646899407, "uuid": "0b10b892-fa77-41b6-aaa0-4367c2e3565e", "value": "1bd024066a86f151729fa49bd4381603", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646899407, "uuid": "e2bf152c-4b40-4ce6-a5e4-e68fa62eb0a8", "value": "3072:jSpAHXLd/BoG15QxUgBIkKd5PibEeaBUXCl5RA5k3dR:G+HXLd/BiSgBJKd5PiQNB1A5e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646899407, "uuid": "de8add97-6066-45ac-91f6-c778b5efe71e", "value": 279552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646899407, "uuid": "4820e13e-b531-4a26-9e23-0bb682a60f91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646899407, "uuid": "2c4fbb24-4608-4371-b6ef-e06fedcb984a", "value": "35dc863b7aca51c8eec8d48843edfe82", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa5881cf-a05e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908898, "uuid": "21858db4-339e-41bf-8338-26de55f64321", "comment": "Malware payload (Heodo)", "value": "a9cda454e914f4aea95defcb1ee71348", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908898, "uuid": "4b861edf-8bc4-4cd2-8e27-cf5baf0ac446", "comment": "Malware payload (Heodo)", "value": "01c9823efe2a4b8733ecb4ad7cf5779118f58a83736c57f490625d85200973f5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908898, "uuid": "ac1c4436-cf19-42fc-a8b5-97a627b05063", "comment": "Malware payload (Heodo)", "value": "c1734e69f676069a00aff1b56d0760017826b283", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908898, "uuid": "c2cdb70a-e6e1-4089-b226-d92cad1f7dd4", "comment": "Malware payload (Heodo)", "value": "e2f22842f7138b59299858579e5abdfb738eb80c8c6143cd793447613d2f76e69c08a4cbf60f22c2d21c57fc05037696", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908898, "uuid": "8cfd059c-7f46-4cba-b30b-0d4bebcffe4a", "value": "T1E3D46B2271DE4073CC9A107C0911E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908898, "uuid": "b7a6bbfd-8f36-481f-b7be-908f7bec6ace", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908898, "uuid": "ba3067e6-1342-4d26-8c94-17a70940ae1a", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAx:WRO5DDUmhnspspsqi022/OByw+iVifMI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908898, "uuid": "a9ae8105-8bf9-4499-9088-9c39146e913b", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908898, "uuid": "583de605-de02-46fe-a563-f40359ec0d98", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908898, "uuid": "cc40f467-3a0e-4861-b1fe-8f0d019489d1", "value": "a9cda454e914f4aea95defcb1ee71348", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab346f18-a09f-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646936817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936817, "uuid": "41418c42-7a8a-4a1c-b0eb-9075c059caf2", "comment": "Malware payload (Mirai)", "value": "ad96b03da7bb7af2607726e3d32ab7fe", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936817, "uuid": "857cbc91-62a6-474b-9c90-1100ba429115", "comment": "Malware payload (Mirai)", "value": "0207eaeccbdb26bc5c468557495095d76f6d7a3bd79b5b99bc0bb55ff3419ada", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936817, "uuid": "af5a1842-381a-4b96-b15c-aa5a199d15b9", "comment": "Malware payload (Mirai)", "value": "80381d4d0f91410e1952186465a578505e62aa8e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936817, "uuid": "7613e1e4-5ff1-46e7-bfd1-fca26fba437d", "comment": "Malware payload (Mirai)", "value": "2671965c3ae99f1570e61376f9b88ae9432464c020fc72a1524d67c50fa9a8480184c82da8a8c878c34484e3c2815d76", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646936817, "uuid": "49fb0a56-2b7a-4679-b441-07d3d8f756eb", "value": "T1B673A80E6E618FBCFB5A823487B78E20A65833D627E1D541E15DEA111EB034E741FF98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646936817, "uuid": "03b34af2-b81f-46e0-8662-34222d975620", "value": "1536:YZIJO4rSB6xTqzEI+CRIxuF9IJajZvGIyv:LPOBuqzE3xxuF9IgNvde", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646936817, "uuid": "7c44ec75-8251-4b67-bb49-b862c63e2497", "value": 76612, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646936817, "uuid": "fb580c14-e0db-4fd2-bfcb-d8f28de0494c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646936817, "uuid": "1d85b44b-596b-4347-8cef-7a59cd206fc6", "value": "ad96b03da7bb7af2607726e3d32ab7fe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc0fa95b-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646920122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920122, "uuid": "6c5debaa-223c-474a-96e9-edc8fd568a60", "comment": "Malware payload (AgentTesla)", "value": "bdc916237135ae2bfd383548785f2861", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920122, "uuid": "b07e8ed3-1c75-409b-82c2-f0cc3969c1f4", "comment": "Malware payload (AgentTesla)", "value": "022a7b6969af6cc8028f2a3675a63ed83fc93b957356c1d3b2ad1b4b51c99eed", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920122, "uuid": "4ffa75a7-e493-4bfb-b2d4-0747d5323497", "comment": "Malware payload (AgentTesla)", "value": "02be820b0cf970e7aad00c7a1460ef9c5f2a35a6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920122, "uuid": "3edf99b0-4d7c-48b6-be25-542976af18e0", "comment": "Malware payload (AgentTesla)", "value": "e2158daa15bbfc0e6cbf3afbec7de959a02b8df34cd73e4f9257915e7e67f31e3d3583a1a24e33ff59a1969bd63924a2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920122, "uuid": "949b5f7e-f7d6-47b1-9cc3-9b4037807a54", "value": "T16F74230912D0E6F3C452097AD53B9235E7378C4C8ABD1EAB1FAA1F75316E71A48C91B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920122, "uuid": "0639c92a-fbd8-40c7-bc0c-bd82aeefeec6", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920122, "uuid": "3e072def-f870-423d-8da8-7a08b93995d6", "value": "6144:rGikJzqH6Hr7ZQCtlwVojmyWT4y9B5cHegT/tzpTnbrIJmOF0HRsv8sQ4KVkFcLF:yr7aCtlWP8bLFpTnkm4eav89BWjaz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920122, "uuid": "28794e26-1d18-4103-ad85-505d0993f77b", "value": 362058, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920122, "uuid": "d181bcbe-474c-47c1-8b05-22d84628fa78", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920122, "uuid": "3ba7d21d-9b2c-4109-bd16-ec1f3ab1e0e9", "value": "order inquiry_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "418bdd96-a055-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646904857, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904857, "uuid": "1bb5c15b-f6a6-4e6f-ab67-0ef615e17246", "comment": "Malware payload (Heodo)", "value": "bb5e61d846bb7a990bf75fce244bcf27", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904857, "uuid": "21c775a9-afe0-4179-b2ae-b24a0accd015", "comment": "Malware payload (Heodo)", "value": "035ded89222a91a8c40c8e38ff74b7d05e2b1f9a0c7c21c66e0c131547500ec6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904857, "uuid": "69bc1906-511c-4bb8-9be9-8f779804c377", "comment": "Malware payload (Heodo)", "value": "ded48038b1dd93df7a9e7e93107c966a7a921de7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904857, "uuid": "5819cfdb-2334-4602-bf55-14977d8373ac", "comment": "Malware payload (Heodo)", "value": "e72fbca160f4c4383973028441c30b96a55f4d3cf8d13664eebf4e31025b3270c64396d2c3065408eca3602bbc7ea3c6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904857, "uuid": "fba339ce-b1c9-4c2d-a33a-67068d22d250", "value": "T190D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904857, "uuid": "4c526edd-0667-41f3-9a59-66dbaf61682f", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904857, "uuid": "da128683-415d-4eb1-9644-6c40cac612e5", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArA2:WRO5DDUmhnspspsqi022/OByw+iVifMj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904857, "uuid": "a7d5bdc4-5587-4a03-bda7-29310cdd37ee", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904857, "uuid": "9174846b-c4a3-4a7e-bcbd-1c793d3585a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904857, "uuid": "b094fed2-1781-4c0e-aca7-e331c6ae6d2c", "value": "emotet_exe_e5_035ded89222a91a8c40c8e38ff74b7d05e2b1f9a0c7c21c66e0c131547500ec6_2022-03-10__093412.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50bc6f5a-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646907030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907030, "uuid": "b1f78de7-8174-47e9-8784-b49337d133c1", "comment": "Malware payload", "value": "a6d325c645582fdcc7b776361d728989", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907030, "uuid": "2394dfe9-b5d1-4cee-852d-0e6d4780bd5a", "comment": "Malware payload", "value": "03a1bc0b598325c152801f439b40463f507e78ecd389acacd97e49ce6c4e85b7", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907030, "uuid": "2eb2edff-2698-4da8-b719-98e48d9dae3d", "comment": "Malware payload", "value": "e0c769c2d959311b3781a04ce849b72f48f0c74b", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907030, "uuid": "75a380b0-398b-492f-84b8-cc86501917fe", "comment": "Malware payload", "value": "4193e68f873656fe9554bdcb409a123243bd57466fd1438770a4cc3c77704ecccb5722979d91925ac66c740a86b3119e", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907030, "uuid": "f71112cd-6ad6-4cf5-8085-4575c975232d", "value": "T134364B7AB245763DC49F0E3A9533B628DA3B6B722912CC5747F4498C8E368902B7F507", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907030, "uuid": "d3c50ce2-dd4e-404b-bb2c-1e8419234798", "value": "49152:GRjLbhsLDlE+WuSYXLnvqyvERLA49FzTyOeVlEfWhsGYv3A:aX+BQ9FqsGYvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907030, "uuid": "0f45fdd3-ec15-4ba4-82e1-a1a8ff897dcc", "value": 5265408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907030, "uuid": "6ef456d0-a3ab-470a-b5bc-308807b3377f", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907030, "uuid": "35c8abae-9d15-461f-aa88-a7bcc522046e", "value": "FevereiroExtrato-2022.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d9efb12-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (STRRAT)", "timestamp": 1646907078, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907078, "uuid": "eb2da776-5e1e-49dc-ad9e-e948988478da", "comment": "Malware payload (STRRAT)", "value": "4c4a45dc122e7e19f18848f1a8a2719a", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907078, "uuid": "93ae4aae-1884-4fa9-8f3b-9be8dbfda9f6", "comment": "Malware payload (STRRAT)", "value": "03a1d8d13abb62bdba3dfb397462f8cae4d617183b5bffdf1e16736e34729910", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907078, "uuid": "a07efdc8-cb82-4c56-bacf-03d016d54d59", "comment": "Malware payload (STRRAT)", "value": "cfb4d920ebd2959a127118cb076bcd45eeac1536", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907078, "uuid": "61b17710-6c15-449f-a696-72b1e2954323", "comment": "Malware payload (STRRAT)", "value": "9ee4d230b6a0539bd623f5f8581a410e5658e6564562167564968ef309b3394e693d8256b31659aa68a9dd0deb22920a", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907078, "uuid": "621e20e3-c4c6-4265-8bdb-55b369ab084d", "value": "T1FD0423C71FCBABF649072BDD9638526C19045FC70A7F28892B822459D5E898E7F4C32D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907078, "uuid": "664f0450-db4a-40e9-b6aa-feccb79d1b68", "value": "3072:zqG5CybGVkQAnxd4EY/jlfDeVx2VIq89a92KJ2Wlx6VFWylK7mEJblRBDVkR:zqVixOFbl7eVx2V3nD3WblSHbbi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907078, "uuid": "2a611343-b551-44b6-8f9f-cd7bc02fe209", "value": 183591, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907078, "uuid": "33abc54c-083d-4ec5-b7cb-ba1002219c73", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907078, "uuid": "3df56dab-8ca6-4afb-bf0c-d48cfbc14510", "value": "JPRQ-0000839-2022 ___ SRL000211 __pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3312d4c-a046-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1646898605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898605, "uuid": "3fc28091-3d6d-47f5-9b0e-48d0309b8fdc", "comment": "Malware payload (Gafgyt)", "value": "cc97ef7e23be6d20262a89950698f3f1", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898605, "uuid": "551287c7-9931-4c85-a8a6-118dd139aeef", "comment": "Malware payload (Gafgyt)", "value": "03f8062d79685e10825daad7acb1448b9dbefd1dbaaa9183fc51ec7611122362", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898605, "uuid": "0d8127e6-3828-4b23-a782-1919aa513ad1", "comment": "Malware payload (Gafgyt)", "value": "408346297011c6f037625dab2c1ee4fb62a7c2c5", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898605, "uuid": "4ede2f87-7087-44b3-a9a1-cfd725de50d9", "comment": "Malware payload (Gafgyt)", "value": "4f5e82135a7854f3d2e487d9bec52e1e032c75a9a7bcdcc1f68dc54dfedae55ed5fcfbd08b0f6f592bfb77422e249d73", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646898605, "uuid": "74c86467-25d8-40b6-bbbf-4600132b9309", "value": "T1FAB32956BD428F03C2C215F3BB9E46883B265BFCD2EB7143D924AFA137574D6092A9D0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646898605, "uuid": "1cb898e9-e6e2-490c-ba42-6a961286ee60", "value": "1536:OWk6sR0dl+v+5E9OA6bDmsBCjgkfCdcZ4dblOkrhjatPJNdi9T4qvC5hzOG7e:Od0D+QBzbvCjrC1dDsb0NvC5hzOG7e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646898605, "uuid": "bba6119b-58d1-443b-b8a8-7d00ada154cb", "value": 107604, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646898605, "uuid": "0d8e00a2-443c-4b50-ab65-0e7d22a3c560", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646898605, "uuid": "4f6e83a4-f354-4972-8829-5dd474dce35e", "value": "FBI.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c09aa3e-a0a0-11ec-9275-42010a9c0029", "comment": "Malware payload (Smoke Loader)", "timestamp": 1646937060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937060, "uuid": "9c96e33e-1abb-436d-8136-7af9a2d7ef13", "comment": "Malware payload (Smoke Loader)", "value": "e7dac1680784996bdbd5f97595c351b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937060, "uuid": "723a54ce-87ec-454e-9e76-abfd226417d2", "comment": "Malware payload (Smoke Loader)", "value": "045a93ee4aa61fd3bb2c7f706085a249b9664876b7a2e5d8282129ac6df15be2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937060, "uuid": "bfe8dae3-7b3d-4f69-8182-b374d1732cc4", "comment": "Malware payload (Smoke Loader)", "value": "98c265f9877abfb8c90c84f05ad0ca871bb38524", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937060, "uuid": "bf6e2160-9b12-4a83-8fca-cd1baddb35b5", "comment": "Malware payload (Smoke Loader)", "value": "7266ea40f981bd23d25540f6eb14d8563f5de684b2986a2018ffd9b554be406f4be44e94575d961989a3a3078b1ed060", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937060, "uuid": "0305b3cf-1604-4873-8979-8db37db1ec4e", "value": "T1F74633F7772B88D6F5D678B0213CA4B414F511DE8A63B2157376F0C8E8A38EE4606356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937060, "uuid": "6b41340a-1411-45d5-b33a-1f691c5683c6", "value": "c05041e01f84e1ccca9c4451f3b6a383", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937060, "uuid": "7816b0ee-3db5-49d3-a45d-b5d0566609b2", "value": "98304:JsgwzJgmhSFUZTkz7UzVWiWorPzFPqGG7bd0IF7RkOkkGlcUIsjIb8D6m4F0Ry:JVRmBYz7UzJ35y3d0+7RokGlmsUYDvRy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646937060, "uuid": "7a0c7902-ed6e-48c9-b396-16bda3a2a18d", "value": 5853819, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646937060, "uuid": "6a61fcc2-ab3c-494f-9fb8-35423a25683c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937060, "uuid": "cd21d5d6-eef0-4355-983f-e21430522c6a", "value": "045A93EE4AA61FD3BB2C7F706085A249B9664876B7A2E.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acf914ed-a05e-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646908903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908903, "uuid": "326c7595-3d11-4f66-b50c-ce6b8da92922", "comment": "Malware payload (Loki)", "value": "4ce249eeda9b676e394b08949e446c9b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908903, "uuid": "9dccf7db-d1ef-473c-bbfb-0aa6d37d017e", "comment": "Malware payload (Loki)", "value": "0533fd92928dfa445d66c5527b4e58716a179d9e251a4f234b0328f93a7192f9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908903, "uuid": "ab286078-b978-4e55-8b33-916ab9dedbf9", "comment": "Malware payload (Loki)", "value": "116a66b74bb5c00ecb6cc0cdc62d212bf82e180c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908903, "uuid": "1e363d31-170c-4eb9-92de-a5a9dd7d830b", "comment": "Malware payload (Loki)", "value": "202fcc634255beec4542bd2ebd00b0e4da56d5971b6eb31dfef1bfcdbd8e0302f407061fb44c268b2bd55c7091a19afc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908903, "uuid": "e7036845-4f84-4f5c-b6ec-6d715d67155c", "value": "T1C5949CE9DD1D5C45C4242133802AFA6EE264ED52ABF025CF17983D2B267DBD6C0B3279", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908903, "uuid": "1b9536d2-7ee4-4147-a360-f00873d569fa", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908903, "uuid": "71a0166e-1271-45f7-a173-14e53f301efc", "value": "6144:8GiE4wqqcXqs3pSnyG2LrcGuG98uQUTg1IFZ99imqshqTQ+dXknFDqvmi41FjHD6:Iw3QHLEARMeFDDFK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908903, "uuid": "88a59e77-40a8-402e-b1db-7369f409b29f", "value": 432661, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908903, "uuid": "14dd5512-0819-47f2-bbab-44b108a8c098", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908903, "uuid": "de44babb-0c97-4dea-a676-49fbe4aade23", "value": "4ce249eeda9b676e394b08949e446c9b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05228c16-a082-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646924083, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924083, "uuid": "8056cf88-7d84-4e6f-a45f-cf1ce4767f65", "comment": "Malware payload (Formbook)", "value": "226c08deee7705005c7fd3b60529e621", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924083, "uuid": "f9755e1c-a332-4a28-8bb8-68483ba37f4e", "comment": "Malware payload (Formbook)", "value": "053bb1a8c163bd121cd9b9a48f1c9667e7c0937fc50da002a0e15790e815a22d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924083, "uuid": "8512e914-d504-4d9a-b2f1-5398b7f4247a", "comment": "Malware payload (Formbook)", "value": "15239bafe7d44e5fdea55193ac5c261d1b617722", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924083, "uuid": "95373b3e-5b9e-4bf8-8258-e18ebebf51d8", "comment": "Malware payload (Formbook)", "value": "0734be554f2df7efc14b8269015b9ce15241d0814ed0d95f6603af86aa231d330c72c9fe9d40770f1f4fbcad5df6a759", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924083, "uuid": "702b87f0-62e3-4ac7-9d29-55b1094c4a46", "value": "T1BE25CF10A96A103BF2BF9A7A1BC1F87749DBF1A61604E1BE1C2CC6494FD1A7C9D81C35", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924083, "uuid": "f2157b98-653c-43c2-b3f9-d29c25365db1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924083, "uuid": "2bec7ed1-6403-47ea-b1a1-ca475fc0dbed", "value": "24576:6ifEGNO6VjkVyxRYxg82ouTYd5TW53gIUa:6RGyubJPUrTdLa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646924083, "uuid": "909b8dfb-ce96-48ee-bc69-138fff87987b", "value": 970240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646924083, "uuid": "1e0c2d82-d9cb-4619-8aee-c73eafbd7ba1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924083, "uuid": "d9ddee86-50bb-4b96-a841-3f1cb0471076", "value": "Qoutation 1956 PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59370097-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646907044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907044, "uuid": "31bace1e-d6cb-40e9-b5ae-6277482751a1", "comment": "Malware payload", "value": "cead0efd19a202c81a63ac6489b04e5d", "object_relation": "md5", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907044, "uuid": "9b0a3592-3949-4b2a-8ee9-6b0e16c83b0b", "comment": "Malware payload", "value": "06062b94f5122b8e90cca9c672de8d16f9ea095d4f0888549583d280426b7940", "object_relation": "sha256", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907044, "uuid": "a7268241-b78d-4872-b536-3ea7e9eabdaf", "comment": "Malware payload", "value": "52be416bb1bb3bd823654c33c3bbf44fcba7a2ed", "object_relation": "sha1", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907044, "uuid": "447e6dd6-09b1-4a3e-9398-a2a8372709de", "comment": "Malware payload", "value": "4b791de0563e9288744a6526f3e56e7cd56f1fb0143d740b8655ff33abffaed5fed14204ca750b5f96493c43fdac2666", "object_relation": "sha3-384", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907044, "uuid": "3e928bbe-456d-466e-b168-a512b112cce6", "value": "T146D4AE57F6E77A65E6AEC1BAC6B1C82C66B3309612B0C3CF774045492D22392483DB1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907044, "uuid": "a5a8dc6d-3b80-4f81-90b0-3616e388c40f", "value": "f20a8db3e4a8c03c1ab177b2660fdd78", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907044, "uuid": "ab401b59-e5b1-4b2a-8ecc-bbc59b69fae2", "value": "12288:1zLjlZHAt+AZrkOCH8bzbBSreHOi1uWD242S6+41qg:1zLhltAdkjcX1+DWeS6Zp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907044, "uuid": "98ff7393-1b7b-4bf3-9537-3caa02ba6920", "value": 615424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907044, "uuid": "1a487169-de59-48c2-9552-ee10ddd9f818", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907044, "uuid": "d8d8979f-f8a3-4139-88ce-a127c9eda745", "value": "Customer Statements.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "884bce84-a042-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646896815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896815, "uuid": "23b63b0e-e338-44a9-bfd0-a10a058616f4", "comment": "Malware payload (AgentTesla)", "value": "3b1edf4e359b0804b00d31ff5e7df992", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896815, "uuid": "8a3dacb1-4a06-44d3-8d7b-60f04aa12454", "comment": "Malware payload (AgentTesla)", "value": "0638e7a8f8654699ae33906b19c438f1d30bd74e46317c22de234c8d9545d021", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896815, "uuid": "902d7ae2-324a-4019-925b-3df23e143f19", "comment": "Malware payload (AgentTesla)", "value": "2d55e0f810669610f3ce76d0cef954527d1c4913", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896815, "uuid": "f10dc130-4f8b-455f-8a47-a9bfdacaab2f", "comment": "Malware payload (AgentTesla)", "value": "4fca334822394a5e9fbccb83aff9c155df2d370075b97c61e5847377704e0cc8ed61fbc5e547a6934f25727b38ea9d48", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896815, "uuid": "683e1613-fb88-450b-8a90-f9b02db14247", "value": "T10C258DAD336075DFC867CA328E681E68EFA0B876830F92179057059D9D2D99BCF144F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896815, "uuid": "e70c91d2-39ec-4415-9001-e5d4243631cd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896815, "uuid": "88a20e1e-b82a-4a0f-91fa-1dd2f69b8ce6", "value": "24576:40yyEEEEEEEEEEEEEEEEEO2U0RSFtDAQKwRkRzU68W3zrG6G+4f9:rEEEEEEEEEEEEEEEEEO2mtsHvRAEzfN8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646896815, "uuid": "410feac2-78d3-423a-9103-e6746bc4f937", "value": 1034752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646896815, "uuid": "c5745a1e-3517-4d86-9741-6d54221e7208", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896815, "uuid": "e6f63ac8-58c9-40bd-8b50-aeca5dce6f83", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bf9bfac-a076-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646919101, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919101, "uuid": "a7a23cab-4369-4497-886f-79461aef8189", "comment": "Malware payload (Heodo)", "value": "5e924c5efa67482cf4f29b7d28144ee5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919101, "uuid": "de9296c0-cf69-4367-b010-f4e48986d766", "comment": "Malware payload (Heodo)", "value": "0712c75375207a01c3e6b64cb5099a8f17614cef4d69cd6ca21fb562c9f599e2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919101, "uuid": "a7c24f6e-74b5-4949-9e4e-a84bdab3b5fa", "comment": "Malware payload (Heodo)", "value": "0396875c3afbc5f324255bb9764aabd60d7804e6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919101, "uuid": "34d4a9d7-6f7b-4423-a036-6e27e1a4de91", "comment": "Malware payload (Heodo)", "value": "09088a6ceeac5619ce4e8cc66c0fafdd2317369131dffd85929ec184208d06508034a63a439c350847d7bdee2900e46d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919101, "uuid": "2c57ece5-a0e9-47bd-9f70-739b20d88ecf", "value": "T1E7D46B2271DE4073CC9A107C0911E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919101, "uuid": "f1fe5fa9-559d-4439-ac6f-65a6e165b333", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919101, "uuid": "ab7e2c6c-0558-4b7c-ae9a-32c9acadad0c", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAd:WRO5DDUmhnspspsqi022/OByw+iVifMM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646919101, "uuid": "11321694-b9d6-491c-a8ca-28264f242335", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646919101, "uuid": "1c947c5e-183d-4719-903d-1a62dfb069a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919101, "uuid": "96eede9c-27a5-491c-82b3-6a60c8392105", "value": "5e924c5efa67482cf4f29b7d28144ee5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcf77b11-a08c-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646928686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928686, "uuid": "c1811e45-032c-4d42-a61f-a2826c7d99de", "comment": "Malware payload (RedLineStealer)", "value": "2ea1f62658c28107d8025d23d79b8504", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928686, "uuid": "aba81796-eb72-4e21-8d48-8e19b7a6550f", "comment": "Malware payload (RedLineStealer)", "value": "075a7e765feac653d371644bb3ad4ceeac958aa80b093798da6d2c58c5593cd2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928686, "uuid": "56184a6a-bda9-4738-8b6e-0c31274f94c4", "comment": "Malware payload (RedLineStealer)", "value": "b767ea663f269c52c976d98bfb311461469f7620", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928686, "uuid": "b12742ab-b5fa-4e46-adb5-eafaafac3664", "comment": "Malware payload (RedLineStealer)", "value": "42f58c3252c859ed68ccf61076b7810a656b79c52ee372eb717637c350f081ae6309566824113830116069b1501ff737", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928686, "uuid": "9a217e01-8c85-47b4-b8d0-66dfd060feed", "value": "T1A73629F13D0BA2CFD24A49B4E80ADE43C82C03F54F64A541DC6D78BDAE92D9126C7B59", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928686, "uuid": "0ac7b1ec-628e-46de-bd93-d037f93fbd2f", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928686, "uuid": "b6dae875-1e33-4d73-9bc1-3230b436bef5", "value": "98304:QL9r+0EigolRFP1WUSA+6bZ8Vmr/0OcJqYQ1Zt:+1WY+6imL0nlut", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646928686, "uuid": "f54b006c-d835-4253-a67a-86edb98fea6e", "value": 5207040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646928686, "uuid": "3cfd4cc1-d494-408e-ba0d-cc7a5926e0ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928686, "uuid": "ade8ca83-f718-495f-8922-22ff98f62a48", "value": "2EA1F62658C28107D8025D23D79B8504.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "701a7cee-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646905365, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905365, "uuid": "a63ddb78-72b4-4bdb-b83d-7bcaf25aaabd", "comment": "Malware payload (Loki)", "value": "d42b311347f3723b5a04f0d42a07de41", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905365, "uuid": "0f810da5-2e1f-499c-9328-af1e65eb7ea2", "comment": "Malware payload (Loki)", "value": "084603069cdb95669bef0aacb4a5dbddaf18db1f392f384237787ed1a7e7e511", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905365, "uuid": "4631c5ed-0f36-4074-84a3-12e636b7d098", "comment": "Malware payload (Loki)", "value": "b67a0d74820549207716e5c83ab61d54079bee8b", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905365, "uuid": "2894ad8c-c15f-499d-b951-42cfc5b5962a", "comment": "Malware payload (Loki)", "value": "b9c5f7a83b8a017042cf58c0346e2b32cb99a9fc931497d833becc0bfa5701da9f9798ad8b370fa731d626fe69c20135", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905365, "uuid": "d889514b-6de9-41b6-a88f-f35e7c13fd41", "value": "T1F21412E46203A993E12B3B3300B38D51157BEED4BD5BCEC42788B57A5AB358365CC278", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905365, "uuid": "4aa4d336-82ed-4da0-9c03-301f6aea6cac", "value": "3072:NTvZhtMZTahh2Tjn3NpkBtr7SX4Xg8bwEESnTnc303vefS6c/3LKCDHkqNTI:tdCyWLdph4w8Tr/v92mHkiE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905365, "uuid": "b8a3ecae-0d91-4bd1-8226-1ea55fbd6ede", "value": 191272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905365, "uuid": "9bf064e7-0ac3-4a1c-9da1-3fc7adb532bd", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905365, "uuid": "c75be1f9-6f3f-493d-9814-7ea7ba33cb8b", "value": "45.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f2f140f-a0b1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646944313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944313, "uuid": "3a869a0d-c29a-4c23-aa5b-7c9154686950", "comment": "Malware payload (Heodo)", "value": "28cfa5391fe1b196a72b66a058036fec", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944313, "uuid": "a1ac3865-48ed-455c-b47c-2a73da02d975", "comment": "Malware payload (Heodo)", "value": "08b7f43f4b829414e96e46152b034b365a911a8282437c02ae5bd4084797c958", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944313, "uuid": "1447d8e5-da13-4fc9-ba23-31de7b9d6b5e", "comment": "Malware payload (Heodo)", "value": "025e368b5194b94710d570054f1070124981709d", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944313, "uuid": "b2d8b50e-d656-4ea4-840b-c8d37f7fbbc1", "comment": "Malware payload (Heodo)", "value": "8e30bb1cb6667615d3d7ea3f807cf4f51556ac2dc258bfb20e9ced8f98782521e740806200da49c9754ae45766c18342", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944313, "uuid": "083a8fb8-d5fc-49b9-847e-9e3b2a776736", "value": "T16664E0643A798742CC678BF0BE80A7058D689BF8CA2CBBF8E541154B36327875427D7D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944313, "uuid": "42e582fe-0652-430e-8f07-f502b4e4fbb2", "value": "dea53e55838db2f02b23d40714c9e2f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944313, "uuid": "b2bedef2-072a-4683-835c-9ee43d4a935e", "value": "3072:+NturOHXRfHMB6i1n6C8TBs2tVRIS681K/MCGa7bQvU8deULir78wdXko2ngXOa9:kukMAyj8dvVrta7bQXd1LirJ3bghygq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646944313, "uuid": "555771d5-b7b2-47b7-a5f6-f79253388098", "value": 315484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646944313, "uuid": "9c0ff33d-a7f6-4680-8924-238e21a6dcd2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944313, "uuid": "17f5864a-fb9b-4ccb-9191-aa5ae9b09cdc", "value": "08B7F43F4B829414E96E46152B034B365A911A8282437.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cfdfbd2-a0ac-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646942242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942242, "uuid": "cf7a891e-2061-4741-957b-50314ec5af9f", "comment": "Malware payload", "value": "466ea2c9e4eee3f9bcdecaee77e15d6c", "object_relation": "md5", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "forkbomb", "colour": "#272789", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942242, "uuid": "e9a2d343-e695-41e1-9889-d2acd0bf3a93", "comment": "Malware payload", "value": "0961ce81dcd94b768215b34894ad2cae95388d83e8976568d95beb8bfb93fd80", "object_relation": "sha256", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "forkbomb", "colour": "#272789", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942242, "uuid": "9109ff79-7518-49eb-9760-8b4cb57eace7", "comment": "Malware payload", "value": "2da11fb85281c44e46cb61371954ae11251e959a", "object_relation": "sha1", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "forkbomb", "colour": "#272789", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942242, "uuid": "eede7272-41da-4698-be89-3330c0b2e7e9", "comment": "Malware payload", "value": "74d5964fe2781de94071585837ee14448fa48a78f60a1d7ee7ea67744d0c3a0162b148894e3d0d565a0c7111238a77ce", "object_relation": "sha3-384", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "forkbomb", "colour": "#272789", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942242, "uuid": "62f2ad1d-2d55-40e3-8fd2-d1d3c6796a1f", "value": "T115A3B423FA5C0071F6C686B1596687A63816FC3119609D0B674EFF9C2E31643BAF532B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942242, "uuid": "ed946481-ed96-49d8-bdf0-ae758604326b", "value": "7d35b01162fe2f420c7998d649c65cdc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942242, "uuid": "1b40c950-de89-4738-ae1c-3cef122ac50c", "value": "384:oLLSWwue/4youZfWkXiWgEiSZexdiHxZWE0ishIrjpWKV:oLLS+6dWailEl0iR4KqIrkA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646942242, "uuid": "01bd0b89-31a0-4947-9a09-c9e16fe0ca44", "value": 105998, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646942242, "uuid": "c071c4d6-3bb6-4613-bcb6-d7309acce59e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942242, "uuid": "358541be-8930-4abb-b60d-b464257a11ec", "value": "DeployPatch.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c13f836-a083-11ec-9275-42010a9c0029", "comment": "Malware payload (GuLoader)", "timestamp": 1646924658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924658, "uuid": "3491629b-5c94-4a76-8d67-632cf45e9e7c", "comment": "Malware payload (GuLoader)", "value": "1d5fee4cfeae41b2c458a8b02e9f2c0c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924658, "uuid": "a855da9a-93ff-4f79-ae08-92ef56ee78dd", "comment": "Malware payload (GuLoader)", "value": "0979d3ec53367e698bc9e1669115bc1fe935ecbac8a442da098400b15fc89bd7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924658, "uuid": "cdedea2f-10e4-4025-8d78-2e6196125978", "comment": "Malware payload (GuLoader)", "value": "ac9a5b4e84585e03cdcd8d4ec770a8741c8fe290", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924658, "uuid": "bc68dfcf-46e3-472a-9fbe-e9f4dd61d4f7", "comment": "Malware payload (GuLoader)", "value": "3e79b9f99e7060ab8cc026ac8b5d2f5080609e75e7ae971f294362e61e248e74ce6e15b1d560d3e2b234509e91954b97", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924658, "uuid": "68a77839-7bc3-45fc-a8dd-0039228bef58", "value": "T190740285F7A0C9A6CC620430D57B96F7466BAC69D8124787279D3F1A3D377028A1F723", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924658, "uuid": "46c3778a-c2c3-4aba-9507-7b05460124a1", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924658, "uuid": "3281f1de-9e6b-41e8-a911-637a9814322a", "value": "6144:AYa6lZ3EXk1tPCXF+xORAKT46Ca3vB2x/4w4ZEQvZtO6p:AYjPE+xOmKE6Ca/BK3ALk6p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646924658, "uuid": "a76d010f-2ec2-4021-86b7-d9cde9aef773", "value": 346328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646924658, "uuid": "6cf14cab-0783-4229-b1a3-a63c4de64d8a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924658, "uuid": "8087425d-510f-470b-830a-3c6bb352cda6", "value": "edgeless.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb5dba0a-a069-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646913651, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913651, "uuid": "4e17cc65-a4f8-4acc-9b28-5e21981d0ac7", "comment": "Malware payload (Heodo)", "value": "617b81924927b2459147b014ba6d3286", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913651, "uuid": "58d19b64-d972-4067-973c-fcab95dbc710", "comment": "Malware payload (Heodo)", "value": "0ab887aa3abdfa27176d5ac6b2e11472d00f7774d2f0c8ad53d573f2f6e13133", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913651, "uuid": "b970b7fa-9eb8-413f-86b1-b42b05f3fc8b", "comment": "Malware payload (Heodo)", "value": "02e5c85c1d48fe77b133de7d4a1181c80c5d368f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913651, "uuid": "3c00359c-d67c-41d4-8ac5-e477e3a80f7f", "comment": "Malware payload (Heodo)", "value": "6f72c2c71195cff833eab6ca3127c418a9a6d14d454f9f2ca86be3a5c8f17f5bbfecfaafc0806240c72e936e7e1151fc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913651, "uuid": "fd4bc0e2-4061-491c-bfc2-cd677e356ff3", "value": "T1CED46B2271DE4073CC9A107C0911D59FD59EF978F627E84FA298AEAD2EE13C94534F0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913651, "uuid": "ad32a03b-af85-4c9c-aca7-c1ec20330adf", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913651, "uuid": "d293e86a-cfe0-4881-8e2b-0bfd7e140463", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAu:WRO5DDUmhnspspsqi022/OByw+iVifMX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646913651, "uuid": "65fddf4f-7372-4265-849b-ea174d6e893b", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646913651, "uuid": "eb6d5e40-18d5-47a3-8918-9a0bb6dee863", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913651, "uuid": "8978ee01-2d57-4074-92d2-1fbd3e267abb", "value": "617b81924927b2459147b014ba6d3286", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "749bf3bf-a02b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646886904, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886904, "uuid": "05e53fe8-1677-482e-b280-ac4dfaf18819", "comment": "Malware payload", "value": "8b745f633427dfbb169bd2cfed7630c1", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886904, "uuid": "f59ee716-772f-499b-b61c-689e61d08d76", "comment": "Malware payload", "value": "0b616736b741927d35d157d29ae0af9b3eca63b2e95acf272c90acbadea26a3d", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886904, "uuid": "74ce1ce3-ee95-4447-b004-8b9c5095d6d2", "comment": "Malware payload", "value": "9374681e694496ab89a2737772bd7e362c37e2a7", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886904, "uuid": "8cc97b36-136e-4f1c-ab51-abbebbeff750", "comment": "Malware payload", "value": "b4de166c9a4b5362c8048874362face1965f6962d482a309af9d06f3b2949a96c6abbf52849bd5c18b0d77aadbee2929", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886904, "uuid": "44a92bd9-4b60-417a-9659-7de485c6c95a", "value": "T1DFC21A02B30C0947C2776EF43A3B27D0B39FE99121E8D685715ED68AE1B2D315295ECD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886904, "uuid": "5758a0b3-7083-46a1-b22f-47e67a517d22", "value": "384:WKfwhg9xnwtHgemfdugAUP69KfrOYeeTEIqGU9KIVFZQLtYNFwoB2bePgdb:3wO9xn6OfojerFU9TFZ8toZwI0b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646886904, "uuid": "45abda4b-d052-4694-8df1-060d868f3231", "value": 27208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646886904, "uuid": "11862164-04f2-402a-b9a3-5a113f622de6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886904, "uuid": "2edc9590-2f35-4deb-825c-29648142c7c6", "value": "SecuriteInfo.com.ELF.Mirai-BRYTrj.2500.13266", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eda01be1-a053-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646904287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904287, "uuid": "d87b1e61-d920-4b66-9b5d-714530b75cc2", "comment": "Malware payload", "value": "8932906ce4bf47c8ad9ab82aaf246052", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904287, "uuid": "821b5d37-801a-4991-be65-1fcc959c1f0d", "comment": "Malware payload", "value": "0b9dbebe4e5cff5ba2aed97cb1168de2e5435b8e64f9c0344ed7910432f2aa9a", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904287, "uuid": "143d809f-9006-46f2-b235-f57dc67b297c", "comment": "Malware payload", "value": "051782adbb37f5ca245e6ee1616686684ea9a4d5", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904287, "uuid": "e930e101-0873-4e08-a033-e3abe9f981fd", "comment": "Malware payload", "value": "7950a1f4f837c98f7725d106ef84752115f09907e28ff1c270b241da02553493ef93ce8e0b0d266db64e7bc5956744f1", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904287, "uuid": "f18fe8be-bf90-4854-891f-4a1953fdb8c7", "value": "T147D3CFF076809CD2DF9E9B97A1555E9D2726317BEEC624CC504EFBC92B773408A0D882", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904287, "uuid": "5151d2a9-d620-4ff2-bb0c-c1b622ddf347", "value": "1536:rkREakBcANi076wXw+PD59VHwJWGb8L+VJf8gbzdYaVYmg3x9LaJEia8nA/AtUEq:wRlQiQtU8adYkvJjaPaepzN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904287, "uuid": "4c0e239e-7794-4118-bf94-8ae3d98742cc", "value": 138314, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904287, "uuid": "ffe30ad1-ddd5-497c-a410-5c2c01b34de1", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904287, "uuid": "be42cf50-e9f5-437a-a006-270fd1b7de54", "value": "doc1002202287669934.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16d633c0-a02f-11ec-9275-42010a9c0029", "comment": "Malware payload (NetWire)", "timestamp": 1646888464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646888464, "uuid": "1b9d6aa7-4d5a-4535-a6be-15344ae319b4", "comment": "Malware payload (NetWire)", "value": "150e128f532ae5ed2464169be7451928", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646888464, "uuid": "85b96b60-3d41-4a4f-8adf-119f108245ac", "comment": "Malware payload (NetWire)", "value": "0e5c0026357d13a013c70bdc80d39ec3dfbedb4906fb217c7096fc49fb78b2f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646888464, "uuid": "d6fa3d69-800b-4ae8-ae85-19f77f5c3d23", "comment": "Malware payload (NetWire)", "value": "a194fdacf2582d28f4a32fef4627cd7480a37533", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646888464, "uuid": "af5ee418-a6ed-47a7-bf6d-4fce35a5428c", "comment": "Malware payload (NetWire)", "value": "6f4f567631dd31f5ceedc32822946d737847bfe9dbd98c466306704df5c3e84755bc69fe334bc7cc6b67d0dc36b2b477", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646888464, "uuid": "279bde92-f100-4b00-9285-3a8fc94d546d", "value": "T15E94BF9BBB5E4262CDA40F7C3AB2AF6C1B06FE64BBE6220714547EF525333CA3850455", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646888464, "uuid": "af530732-0e09-4d99-968d-dee252abe160", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646888464, "uuid": "ac8ae024-509d-4987-9732-cbd7f4a45612", "value": "12288:NdWufnVwi3AQZEDm0D0tZ4egf40ROB2GdDH:hV5wQZE+Z4egf40Ra3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646888464, "uuid": "bf2f898e-8d59-4871-a170-eb11a06bd11a", "value": 411136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646888464, "uuid": "8a747cf0-e5e4-4f8f-bb91-07828ed0fd4e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646888464, "uuid": "5d6732b6-abde-4db2-bc06-62d920fb6f1b", "value": "PaymentConfirmation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86f86d92-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (GuLoader)", "timestamp": 1646907121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907121, "uuid": "d792421b-29a5-4cfe-8f66-1dc80c777f77", "comment": "Malware payload (GuLoader)", "value": "145021315135e63cf1d7393883eb3a03", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907121, "uuid": "ed77341f-61ca-41db-957c-d6f94c483cee", "comment": "Malware payload (GuLoader)", "value": "0faa426103d068eb2a0dff28073ad870ccc4a07c5778f4038f84ceea8d53d28a", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907121, "uuid": "86f68936-6f49-4a5f-b7ae-79feb70052a5", "comment": "Malware payload (GuLoader)", "value": "c142d4dcd85b68ea6ddf89994a410511b64d450a", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907121, "uuid": "ca98f738-b32f-4557-8cc8-8dd49cd101fe", "comment": "Malware payload (GuLoader)", "value": "690d51eb763c113cfb200ce069a3d53a7f966e8d0634c34f66270cb3b5805ecfb2fbcb10358c9002449599db07e83dd8", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907121, "uuid": "186bad60-e43e-42e8-9947-3bd55d308014", "value": "T15DF4A1EFE644DA4EDBD453CE7AED1A0DC13C62042C5660068FE3853EEA59B1D6632F06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907121, "uuid": "90bb339d-2b7d-41c7-ac7a-27c3d700d733", "value": "3072:zfJsemD7cE9o4BmfXIiEoN6/CFfGkqNof+xK20zdDijH8KinCS7tLBTpBkPVMOe8:qeg7csY7VqiqD2eRdTCPRDg7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907121, "uuid": "a04c6abe-3793-4ffa-8a55-799f8b357748", "value": 733747, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907121, "uuid": "0246709f-651d-4cfc-975f-917d39d3c3df", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907121, "uuid": "43610f06-d6f5-44ea-ac3d-da9984a6bb43", "value": "Unicredit_Swift.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb2ec703-a0c5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646953272, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953272, "uuid": "809b63e9-bf59-47e2-b21a-0308a2b64d28", "comment": "Malware payload", "value": "f9efebed5cdd26312662743c602d46f1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953272, "uuid": "4bc370b1-c760-4de5-8068-de7551ce93f5", "comment": "Malware payload", "value": "0fd2e14c150e8847da6165d63f7b4a47d7ebf336c6e224089d890bd300392f61", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953272, "uuid": "9f30d5b7-5e11-4913-9133-594013c6b47e", "comment": "Malware payload", "value": "cf973f11cf3b3787d8843e4968e9151e83b30515", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953272, "uuid": "51aa4e12-376f-45cb-82c0-20c885a0846b", "comment": "Malware payload", "value": "b56ecb404b854f4a74967d501112f6dc77185e94111d8753ed1dd4b4c18707d77d3b2fac2c792b82c3496dbd34a7eab5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953272, "uuid": "8f2849bf-9207-43bf-bd07-f05e75b3aceb", "value": "T10FD46A40B5A3C070D3E7313846FD23CC67F9B9A1D7BB412B7A99954D6D3C8920B79A22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953272, "uuid": "cda9290a-676c-4915-b170-8388b9716863", "value": "cfe3f54a8e794cfc54f47ecbce05971c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953272, "uuid": "4fb8a936-19aa-495f-bb0d-aff4bec2391c", "value": "12288:ivpO7ru2TDuk1tYTwwe5AnYq2JaiMMMXdgir7OOBgzgENENENEn+ITITInTKTx4s:vru233dweOnYq2JaiMMMNgir7OOBgzgi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646953272, "uuid": "8c3047b3-560d-40b4-943a-f00cdb8a1282", "value": 655360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646953272, "uuid": "c493a71f-47c7-4c63-8004-1df26c7d812a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953272, "uuid": "f515d4cf-76fc-40d3-8a03-0271c1736116", "value": "emotet_exe_e5_0fd2e14c150e8847da6165d63f7b4a47d7ebf336c6e224089d890bd300392f61_2022-03-10__230107.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f0b37e4-a0aa-11ec-9275-42010a9c0029", "comment": "Malware payload (Urelas)", "timestamp": 1646941467, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941467, "uuid": "7ece3188-7d92-4b23-9227-356d73fbe9bb", "comment": "Malware payload (Urelas)", "value": "f93a243a40e310219d741549a2f2383d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Generic", "colour": "#12E30B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "Urelas", "colour": "#7F756F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941467, "uuid": "1fbad243-ef00-4cb5-94b5-a128d2a00ed4", "comment": "Malware payload (Urelas)", "value": "103cb128a060ff99e713d2ff66920813dd051ece83c367c10e2657f9bd6e11ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Generic", "colour": "#12E30B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "Urelas", "colour": "#7F756F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941467, "uuid": "5e288b52-5c4f-4628-aafd-d9f8a13b0804", "comment": "Malware payload (Urelas)", "value": "62a2daec55efaf47062b07bd6425028dbafbf816", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Generic", "colour": "#12E30B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "Urelas", "colour": "#7F756F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941467, "uuid": "3d78e66b-f7a2-495c-af3f-70b6dd7359d0", "comment": "Malware payload (Urelas)", "value": "eba47ec80c8412d1e61ff369fe1058013e3a2da387c82a27649202e4f53d955beb9db7693e2e2a82dda1291a258bab09", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Generic", "colour": "#12E30B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "Urelas", "colour": "#7F756F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941467, "uuid": "b5a52f66-ae44-4a45-b9b1-5becb42dab74", "value": "T17AE47C123A91D073C41E5C30C456CBBE4A7DBD321A668987F7951B2F5E313D29A3B38A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941467, "uuid": "370990cf-8b07-407f-827b-600214d5c0ef", "value": "2d079e67ec3c8cb76fdef6be53c3af0b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941467, "uuid": "556d95b8-5fa3-4176-9b4a-87f8cc75c54a", "value": "3072:+D8WJnu1zNSTeReJ3vbNLWADjti550jmu:+D8WJu1UTNLtDj045", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646941467, "uuid": "25da6125-7b57-4c9d-bf19-a9b80aba4d8f", "value": 678912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646941467, "uuid": "c0a9ccb3-ad93-468a-b679-d660c66e368d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941467, "uuid": "c37a093c-4593-4ff2-bb8c-bb1645abc367", "value": "generic.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bedf2453-a08f-11ec-9275-42010a9c0029", "comment": "Malware payload (IcedID)", "timestamp": 1646929978, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929978, "uuid": "08857f9e-a35e-4932-9f47-72e74024244f", "comment": "Malware payload (IcedID)", "value": "cf8b17c0df3bef2c6cd7d004fd98206d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929978, "uuid": "e718f254-6df3-4d3f-beed-178347f980fb", "comment": "Malware payload (IcedID)", "value": "104a2fb18fa07718480ab747cf2dfae9766d3e2d1b3f316fd21305739015fd82", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929978, "uuid": "241ea2be-3bf6-4587-9e89-e6d8b1451068", "comment": "Malware payload (IcedID)", "value": "23e63e7932e0e27dfd09746f883a8ee1f19cad11", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929978, "uuid": "ea4cfff5-450f-45fb-a4e5-787c651db2f4", "comment": "Malware payload (IcedID)", "value": "2fa922140488465fe3626fdcb4873007873be09230338317d98f3e925307fd1e6dee27d302be51c4ab6273852ee9c12a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929978, "uuid": "2170ab17-6e57-45a9-8e96-12071a5bbc99", "value": "T1C9359DA153B60AD9F076683458921D068DA17DB16270A2D7DBE3324B4A3DBF1373DF0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929978, "uuid": "ec9d3e91-cf2e-4d1f-96ab-3ebdfac42281", "value": "d83870d27e54e551d204568080053d96", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929978, "uuid": "5cdd55d9-a274-45a4-82f3-b86dce400ce2", "value": "12288:rlIvJ+4apFSqEdgSr0ye0coRMk1zmuSDSxzsIR4vTJIFVM+oxaj1/93XQ7G:rlIvJ+4oFCgSr00chk1+DSxzs/vqXHZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646929978, "uuid": "156a3a0c-feac-439b-b2ae-9594fc421582", "value": 1110016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646929978, "uuid": "5f04481e-b985-4e3d-bdbf-3abf58e502a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929978, "uuid": "8e91566e-bb95-4258-a946-609e2790a820", "value": "weekendx32.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a30c33de-a062-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1646910604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910604, "uuid": "3291e3ae-75f0-4e71-9e5c-3ad5b7309e1d", "comment": "Malware payload (Quakbot)", "value": "5ac6de11d08aa8e38d80b373b32ea197", "object_relation": "md5", "Tag": [ { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910604, "uuid": "fa6773bb-914f-4abe-8133-6327961bffac", "comment": "Malware payload (Quakbot)", "value": "10a92107eb104b74448bbac4cf8b0b0b7ca531a10b5c1ca37b93ef995f686319", "object_relation": "sha256", "Tag": [ { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910604, "uuid": "43d18016-0c6c-4a36-973c-a5db33915da8", "comment": "Malware payload (Quakbot)", "value": "00c780cc44d682896a2349259fbbfc9536875e12", "object_relation": "sha1", "Tag": [ { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910604, "uuid": "44bb2458-b0ed-4d54-9052-d711aa64a35f", "comment": "Malware payload (Quakbot)", "value": "a083db57e00146ae8094823b15ecce4b2dd179b05b4b4896df0dd3a0d2bb7d55f5aa3c9f7ba982061b63d6ad49b8e147", "object_relation": "sha3-384", "Tag": [ { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910604, "uuid": "65bfb654-c15f-4012-a3b6-7690d34f4f3e", "value": "T10634E016162451B1C2EDB978720B0DC192EF707EE906F9254B5207FA7F013FA8D6D2AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910604, "uuid": "158e7190-378c-4adf-ae75-840c6e904023", "value": "3072:+mpvZ+51+mCVdcmF/9OZNCsRCbOI59VzmWBgXEnkZtPaq4LwTGPCXViq:DpvY1MzcmfO4bOe5d/OIwTHp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646910604, "uuid": "18567bd5-ba61-4ce4-be75-5ce557dd8f65", "value": 242873, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646910604, "uuid": "72f0e0e1-1522-4d79-9e91-6382bdb297ed", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910604, "uuid": "eb78ab04-f077-4474-9154-67fde55d1637", "value": "5ac6de11d08aa8e38d80b373b32ea197.xlsb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fc7e1ae-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646905337, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905337, "uuid": "79505a44-a5a7-4239-bb46-9f7d6f9dcd91", "comment": "Malware payload (Formbook)", "value": "7070541287f3d919ea27a010d65607ea", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905337, "uuid": "68ec8b40-8ffe-4cb8-8e55-8212c2daf00e", "comment": "Malware payload (Formbook)", "value": "11cb656f3f135063c86ac033126428b9f2a4815e5131045b1227cae89f7bf9cc", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905337, "uuid": "df365edb-dcee-471e-ad24-b321794ba40c", "comment": "Malware payload (Formbook)", "value": "1ff96e3b93a247c4691db786be354c1406451611", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905337, "uuid": "205b7ae2-7d0d-462d-a10a-396ca4675e38", "comment": "Malware payload (Formbook)", "value": "790c5bec7d559712a86d972882e46500c8e0fb2b7d86f72b4669d7cd3397636a9086ee9fb107692546920e95fe635f20", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905337, "uuid": "6f79cd96-733b-4855-b2ad-bbc0a4d17f64", "value": "T10A14127921059049E231AF7522F1C4D363AECC5A267233F8E5FE379C20FB15D6A8529E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905337, "uuid": "91642514-4668-4626-875b-8ac929c7ee2e", "value": "3072:mQ89eUmPje/2h/y++x+Byvl9PSBhjC0559FLsmWfE1dtkLJyAsjHwlOFlBdflX:Z89IGx+Y99qBtCk59FWEtWHsjQoVbX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905337, "uuid": "6c040472-31a6-4c01-aa27-2bef09e73ebf", "value": 190616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905337, "uuid": "4dffee9b-5e1e-47f9-a09a-c9b81f14b2d5", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905337, "uuid": "87241bc0-1c02-4557-97d8-b9ab23c823e2", "value": "DHL_AWB_5758459849.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1159bfb8-a03c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646894039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894039, "uuid": "f1f7b1c9-ecd8-46ab-818c-ae0a766cf6f0", "comment": "Malware payload (Mirai)", "value": "3a502d2f30b682f21b250f875069469e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894039, "uuid": "82290a82-a2bb-4f94-b54e-80151346fac9", "comment": "Malware payload (Mirai)", "value": "12e00b91a28e399149deae7f94e5a57fe5effd1cf34572dbb65845b421a32286", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894039, "uuid": "85182539-14e3-421c-80a6-50ea4d21ecbf", "comment": "Malware payload (Mirai)", "value": "97887acf73a8bbad26fc9b8e86098edfe3c82e0d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894039, "uuid": "7cd1405f-ef92-4f56-a271-c04a93b7026e", "comment": "Malware payload (Mirai)", "value": "aed764b214b1bcebb22ef8e8e4fdeaf89c0cf124b8a9a77807b543851987b879d2b2d1a3a103a026d6bde1a397b78181", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894039, "uuid": "4eac4a08-fe2d-4bf6-bfb8-a0a93c4b150d", "value": "T15163F84AF8828B26C5C613BEF91D158D332253E8E3DEB2239E105B6077C646B0F67D56", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894039, "uuid": "89a17e44-fa71-428b-8146-da97721c3ddc", "value": "1536:H0nzhvCwk/3UNwuQqUkaduwaC6QtFq/Z/o7sFYzOPIhi0lWquq:YvfksN3QHkadGKy/Zo7XlWquq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646894039, "uuid": "16240dd3-d907-41ae-a76a-a6c122cd1913", "value": 71108, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646894039, "uuid": "d4d2aaea-1222-4b38-bf42-2ae5229d9202", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894039, "uuid": "4ccad133-f279-4971-8235-12fedf5dc82d", "value": "3a502d2f30b682f21b250f875069469e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c09f472a-a089-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646927404, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927404, "uuid": "771f99b2-1af3-4c7e-bd5b-fb5b374e4ad0", "comment": "Malware payload (Mirai)", "value": "e7f5b3e923015f55f3425f09d3684eba", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927404, "uuid": "debad5d5-075e-414c-8ab9-7d46b53499ba", "comment": "Malware payload (Mirai)", "value": "13012de247918e0c7da19e3914f79a0ac24df4aa2ed550d7e1195388217658a5", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927404, "uuid": "0f29699e-4327-4e58-8c3d-6fce54759c6a", "comment": "Malware payload (Mirai)", "value": "73500c566ae0bfed26f0071946f39eca8a0af543", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927404, "uuid": "b05d0ec3-57ef-48ab-a787-2a32ff85b266", "comment": "Malware payload (Mirai)", "value": "363c3557cefd754c4e91b8abdf68cf25ba12b268825f0b8dc2dd6eba8fc876d3828039ce3af03449f70a7e22fd62621e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927404, "uuid": "c2ca1819-aa61-43fa-aea8-6a6aa6c19a4c", "value": "T18733F171494BD9B2E8F0097C75E98E0271B9272DAAE133360E5A0BBC5D27D0367B1E91", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927404, "uuid": "822f85ed-697f-49db-97d5-52b774fc5029", "value": "768:sWVUWjY1YOWZSuKJBNRuHyyCrlcogjJWQBVq3UIaR5tevxBG+HJ9/frpKXmm59cl:5i97Ei3RqyRJbcByaev2wjp69c+Vi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646927404, "uuid": "dd6f9bc2-b9ac-40db-8da5-5cf4e4f3e4ce", "value": 52820, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646927404, "uuid": "688a47c5-649d-4535-9dcc-7face97f6bc8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927404, "uuid": "32ad7fbd-cdfa-4720-9d5d-24ffee8bca5f", "value": "darm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93c6a41a-a039-11ec-9275-42010a9c0029", "comment": "Malware payload (AsyncRAT)", "timestamp": 1646892969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892969, "uuid": "e7635149-ed8d-43ac-bfa9-972b03ec2fb3", "comment": "Malware payload (AsyncRAT)", "value": "c98f7f8af574fc2b29a80a48efbdcd7f", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892969, "uuid": "e1cecb83-f1aa-463d-940a-b9c1c4e04550", "comment": "Malware payload (AsyncRAT)", "value": "13d27cdf24f15d418b2197f6d017725bbd26ea1b8db7a61bdd648e90f1d269c5", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892969, "uuid": "cc732b27-0160-40d0-8645-bd3b605d0690", "comment": "Malware payload (AsyncRAT)", "value": "5a615444b638cef3dcb3115166142bb340c1acc5", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892969, "uuid": "a9c455fa-33cf-4ad4-8f34-33e74f754657", "comment": "Malware payload (AsyncRAT)", "value": "7c987d2a2e415712dcc15071485cbe5b948f67db2a9ab0371e67b218ece235474dba00dfa34d834cf1ecdf7b12feb6e8", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892969, "uuid": "449c76b8-e05d-447b-9c2a-a7783046e197", "value": "T1D7F2911472F81F27E27A93F61A7810004BF5B9AD2461E34C5DE670DF6AA5F408E92F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892969, "uuid": "3fa3a58b-0cf7-477a-b141-5ec623b0ef6e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892969, "uuid": "df717b9d-220a-45c9-9be4-a1745a818c1f", "value": "768:U9bPzMMWfokgDRTctWxcihsdL5ykYlAMt:U9bPQMItWxcqsduV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646892969, "uuid": "d0d65344-d3c8-40ec-9644-e5415bac752b", "value": 37376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646892969, "uuid": "5d7b205b-fdd0-4fe9-b3ec-5125def0e982", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892969, "uuid": "59de5485-87fa-406f-97a3-8d503ad1f7f4", "value": "c98f7f8af574fc2b29a80a48efbdcd7f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01293cfd-a07d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646921929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921929, "uuid": "d3d40a4d-f500-4ba5-9319-73ff6b0af45c", "comment": "Malware payload (Heodo)", "value": "461ed327e7f8e09bfac6f37188838898", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921929, "uuid": "8eff479d-d849-48ef-921d-714862521499", "comment": "Malware payload (Heodo)", "value": "13e31b60e32f43ecb118d987a38dffb974682a3267120f5c9a4a615adb660a3b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921929, "uuid": "8d332c64-4090-4001-af9c-4f1715820cef", "comment": "Malware payload (Heodo)", "value": "bf5fd13508743382145c806ac376f177d5f668f5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921929, "uuid": "37d4eeb5-fdac-4d70-bc62-ac2a146d3efc", "comment": "Malware payload (Heodo)", "value": "2a915c4ba742c7c74356196d1fde3e2fc024b3c39fd8e9cb7b4fa812b8568d0b46761f877c2af3921e5011aff718ebb5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921929, "uuid": "c50c0494-ab40-4298-a951-fbe89249f07a", "value": "T187D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921929, "uuid": "39ef0054-ab4d-480d-9093-7f4a18a01d99", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921929, "uuid": "2f4a7a86-86a2-4e51-99c6-fb45a467d61d", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAr:WRO5DDUmhnspspsqi022/OByw+iVifMC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646921929, "uuid": "fe69b610-644f-427c-a964-9888e2534d32", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646921929, "uuid": "ddacc598-c7e0-4dd3-ad9c-452b00291026", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921929, "uuid": "a378313f-ae02-491e-9dbe-490ecee1a197", "value": "461ed327e7f8e09bfac6f37188838898", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "954e243f-a019-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646879228, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879228, "uuid": "bceeb4ce-6ab7-41e6-954d-c7ce5a63dbdb", "comment": "Malware payload (Heodo)", "value": "198cc169edf0c64261d585feb335a769", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879228, "uuid": "1fa9763a-9a12-4bd2-99e2-fae469132bed", "comment": "Malware payload (Heodo)", "value": "1421367446ca47ec80d237699ef920a35b7807f38ee48a37f23016bdbc9c29ad", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879228, "uuid": "7cf9dff6-158c-4a1f-8967-6dba8d1a3987", "comment": "Malware payload (Heodo)", "value": "70a71a2ced02aecf058535fb9661bc06f979d607", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879228, "uuid": "2e880cf0-ea79-4bd7-af50-aa41085e8073", "comment": "Malware payload (Heodo)", "value": "08fde64e088375f151e9bb06d3cc91e8b6313f0a70017a0a939471697089b7ce8c369a1b0dd96235e15530ccc71b024d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879228, "uuid": "7b6e974b-61a9-474b-869f-c33dc9c1d7da", "value": "T1FD156D113781C037C11B3C3286AE937E62EA9A314FA5E6875F9475BD8E345C2DA3DB06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879228, "uuid": "b25f7ba9-6385-4acb-8127-28c1070d8983", "value": "a517173f90c43414bccc160c37653529", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879228, "uuid": "573fec8b-6202-4936-9938-58e60a993946", "value": "12288:4mZ2fbGh8Nggu3uTkIKD56pInvq0fPJ7/2fdwVW4S2Pje88koKiaCx:4Bu3uT5KUpInvPfodwVW4S2f8kiaCx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646879228, "uuid": "390212f9-7bb3-4143-8d8a-3b53ccb43d00", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646879228, "uuid": "5e399a0f-9385-4c68-a599-5f31732a5a6d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879228, "uuid": "d73ad5d7-3b72-4800-9d5d-50e31782ed87", "value": "198cc169edf0c64261d585feb335a769", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d32105ca-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646920134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920134, "uuid": "ef07cfec-a8de-46c9-bcb0-f6016d802ea8", "comment": "Malware payload (Formbook)", "value": "d41ce0376211f5ae9e2e89423105f0a4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920134, "uuid": "533f17d9-c669-48fc-83bd-d930548dec74", "comment": "Malware payload (Formbook)", "value": "16119a34513a37c16bc130507da88bfb5f90384bab73dc6f8559628416bb583f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920134, "uuid": "44a7b848-d191-4d4a-954c-45464e147d9a", "comment": "Malware payload (Formbook)", "value": "9b4dc19d181849518660331337ff345c403f4d19", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920134, "uuid": "924ac82f-880a-4b99-bb58-522483c7db42", "comment": "Malware payload (Formbook)", "value": "85d547b5b78c60cb6a4fbdfde4816f13bb7bf0f50c852789b5230e96a891b217fce683b01d8b4fb728a6b7505bedc530", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920134, "uuid": "5cb2fbc9-e8ea-4426-981a-bc9461ac5d00", "value": "T147158CE229EB401DF377ABB52FC4F8CE986AEE63151A70DB15522B364133940CD61B36", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920134, "uuid": "5a9e415b-25a8-4020-ba27-86319bec0a98", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920134, "uuid": "80ede1e9-912b-4814-a315-e333ec9c5d16", "value": "24576:zD5k6fYOeKJhFNModGZGGMwViBvZdBKWNAv5FeZ:zD5kiYEJhFNMoImVBvZXHNk5Fe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920134, "uuid": "416a90d0-2570-489b-9564-3ef1a724733a", "value": 903168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920134, "uuid": "ca6b65d7-5dc9-41ed-9daa-9a1d345b31b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920134, "uuid": "5aebe77e-511c-403b-bf69-250743b04392", "value": "PO 6A1108.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82eab0a8-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646903678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903678, "uuid": "55d4969b-ef9e-4f25-80cb-a27416cfb496", "comment": "Malware payload (RedLineStealer)", "value": "9b1e6967258e3745567cd01a2755575a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903678, "uuid": "bb5fd7af-5a68-47a2-9ab2-65a9f17b2f3f", "comment": "Malware payload (RedLineStealer)", "value": "17ff4c8a93af2be37922b4066c819f3ee2f7055268e0a76deea4b832a1a2c2fa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903678, "uuid": "adb74374-98f2-4818-a518-84202bda238e", "comment": "Malware payload (RedLineStealer)", "value": "14feb058f8fb62dd9e6493e88b51e8d328a84917", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903678, "uuid": "8125257b-c8e1-4ac7-98d6-59c8821f1a67", "comment": "Malware payload (RedLineStealer)", "value": "52ad17cf9711208605d79138a7e7665cbb97f8f584c9b2b2ac2cd657df5a95d17fdeee5a1ddbfde3eb2d9f00ea0be39a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903678, "uuid": "9207284a-55e8-467c-b3b5-82845662b4b6", "value": "T16EF48CC06C62BD0ACF831EFA0521BB1F67BD1BBE1EE7A517B520FA49B432984E107515", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903678, "uuid": "0d8fdf27-43bf-46e5-8784-074854642bc3", "value": "37f157b5ab370f5771fcfe59ff6ae581", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903678, "uuid": "4cb21ca7-7f59-4573-b835-f35ec4864236", "value": "12288:LdIHSSp7MgUep3INJ3r3p3RyXXzg3F2TTfdmQbZL9opgXSofHt5:LdVep3wRjphSXk12TTflbzo6ioP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903678, "uuid": "504abeb0-dca3-429a-bd6e-cef5ca5d5a42", "value": 789120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903678, "uuid": "31754635-f835-48be-b86d-97d08c133abb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903678, "uuid": "4376e1e0-1a19-42b7-b376-1f8b66ba63a8", "value": "17.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f11bfc6-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646905336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905336, "uuid": "27dd5222-be8f-4952-bbc6-6bc57ad6d5f9", "comment": "Malware payload (Heodo)", "value": "cec8f8bd13347b199e28b5d621abca31", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905336, "uuid": "9a592a4e-5102-4232-85fe-9f90a020ce64", "comment": "Malware payload (Heodo)", "value": "19ef058a3264a4ca46a6bec73a530116b5469017532764e77e083095d5855b0b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905336, "uuid": "1ef93e34-7fbe-46ff-a538-167ddeba4b93", "comment": "Malware payload (Heodo)", "value": "cddcf4a5e8de412f4e43e34c96385f4054bf9069", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905336, "uuid": "fe32e6eb-cedb-4d37-b722-7377f00d5a44", "comment": "Malware payload (Heodo)", "value": "df66425be09ac3f109bc5f5e87dc4b14259b8073551c298cd3b3c2e8c38b0bb73fbe2115bdaaa4ad10eed292b0c99790", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905336, "uuid": "dd535c68-eff8-44b8-a8db-4e1f8593ec04", "value": "T13FD46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905336, "uuid": "536d8797-e19d-4282-bf9e-3fa3bbc2d756", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905336, "uuid": "5d86e1f2-eef3-4ab1-a12d-e6d0059c911e", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAC:WRO5DDUmhnspspsqi022/OByw+iVifMf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905336, "uuid": "9184b0f8-094a-44b7-9ca1-72717aee5796", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905336, "uuid": "ff967055-2949-414c-919b-694bfaaecb4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905336, "uuid": "2238ff56-e9b1-4ca5-a367-1ddee89c529c", "value": "cec8f8bd13347b199e28b5d621abca31", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6db21291-a005-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646870571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870571, "uuid": "955a322a-6bc0-4b55-952a-21c1931eed4f", "comment": "Malware payload (Heodo)", "value": "e5d7feb949fbfc5929899e99e27a1ebc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870571, "uuid": "eeeeb625-b9b0-426a-99b0-b200cef1448e", "comment": "Malware payload (Heodo)", "value": "1a0e8dc91be59528af1ac9ef3a4a3d1d312fd31f557788c157509cf76e7d86bd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870571, "uuid": "a9600ce9-9998-4dfe-b397-5a6cd3c270fe", "comment": "Malware payload (Heodo)", "value": "0e64c87c44125fc27789fd2d5ad29913e5234278", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870571, "uuid": "5ee0cf11-215a-4844-b46a-8cf42974d5dc", "comment": "Malware payload (Heodo)", "value": "297636c2a2de47d787fcabf3af6054a1a201275b527e375416ec481388e9876ba2a4b541be09795e380e4df8a9ade862", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870571, "uuid": "ff340284-3841-4327-88b1-87ddfd7c33af", "value": "T1F4156D113781C037C11B3C3286AE937E62EA9A314FA5E6875F9475BD8E345C2DA3DB06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870571, "uuid": "07f61832-0f9a-4f68-9650-9cba5f1c93d1", "value": "a517173f90c43414bccc160c37653529", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870571, "uuid": "ee067586-c679-4004-9bfe-c1467a470df6", "value": "12288:4mZ2fbGh8Nggu3uTkIKD56pInvq0fPJ7/2fdwVW4SyPje88koKiaCx:4Bu3uT5KUpInvPfodwVW4Syf8kiaCx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646870571, "uuid": "520f7406-ad8e-423a-a367-be893acc3b0b", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646870571, "uuid": "5a677cac-9362-48c6-ae69-9762fecec8d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870571, "uuid": "7e2cc655-bf4e-4290-9344-3682c979dfca", "value": "emotet_exe_e5_1a0e8dc91be59528af1ac9ef3a4a3d1d312fd31f557788c157509cf76e7d86bd_2022-03-10__000246.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb7ed1a9-a038-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646892687, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892687, "uuid": "6c006d71-828f-41fe-8b1d-a434aa997079", "comment": "Malware payload (AgentTesla)", "value": "ee562199b4fafd5e9a58e76acac89d5b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892687, "uuid": "9ac9a926-af4f-44ee-9eb8-1e2ed429753c", "comment": "Malware payload (AgentTesla)", "value": "1a2eeea53da8ac4e9e962f218e104af2cbd686425be63db0e24d433c87b0f94b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892687, "uuid": "0b6a8757-630f-4e78-b6a5-7d5863005c2c", "comment": "Malware payload (AgentTesla)", "value": "2a2c4f25b7df5d32c5e03042e9afccea3ff792c7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892687, "uuid": "10344542-4e07-4c06-a93f-27d6ce2ae949", "comment": "Malware payload (AgentTesla)", "value": "9d23cd46b77c1cdc7f88df97320f37a84a8f3e83edd9a77ead06824e6ec3c9dda1eb2625afdb88b7b19dcee79c12d070", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892687, "uuid": "e1c69e46-a98c-469d-ac77-e26242a73e56", "value": "T1A5F46BAD326075DFC867CA72CE681C68EF907877830F9217905715ADAA6C99BCF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892687, "uuid": "aac76bdc-4dcc-44e2-be42-c815b342ac42", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892687, "uuid": "3a30bcf8-6603-48b4-ae96-71dce1400c49", "value": "12288:ay2/4SYGJEEEEEEEEEEEEEEEEEholUI8s0F9xCfEAwYHVXglcjCEQYfAJdMlQ720:aBKMEEEEEEEEEEEEEEEEEO2U0F9xCLQm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646892687, "uuid": "cb7f65dd-beaa-4edf-aa57-30945fcf8f10", "value": 754176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646892687, "uuid": "cf1bedad-5a9d-449b-9a15-0b6439f33550", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892687, "uuid": "7d4d8f97-9045-4df6-8260-42214f67f63f", "value": "HHH.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a042469-a066-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646912226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912226, "uuid": "2f8aa7fd-8376-4363-b313-2660ea8cc59a", "comment": "Malware payload (AgentTesla)", "value": "c86442e9f9e093735ea8421da6e4291f", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912226, "uuid": "9ba41794-bbe2-49c0-a558-0f8547976432", "comment": "Malware payload (AgentTesla)", "value": "1a491c9f7e3830bf19e3c7136cedc74e8296d348767be78085eab8e8bc7dbfa5", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912226, "uuid": "168f7262-7061-4640-b595-abbe5503ed4e", "comment": "Malware payload (AgentTesla)", "value": "b1951e60a07729958bde5f48f550f444fa80fece", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912226, "uuid": "4350f34b-fb41-486a-83f3-cf79c9340f63", "comment": "Malware payload (AgentTesla)", "value": "10da49efbf7b632f93ff2e93b3940800435c187362e8de4b65478cb052272e6abd7f6eb1bb8690c79a104c0ab45bbc73", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912226, "uuid": "386df1c8-8ca2-4b5b-b52a-6516263cbdcf", "value": "T1B074236609CC7F08C515A3A07FCA2F9BB18A6E68C2F37E78953F54144A1D0C2529B5BF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912226, "uuid": "95f54d75-9b35-4b02-a214-363abb39f603", "value": "6144:SJ+NfGBx9Fm1aOhFVkA8UKmlsjRzok3sceEgClC8KzPIibkan92:SJb21a+XkvUKmKjZVQ1ECzNbka92", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646912226, "uuid": "b9834bcd-ad7d-4dc1-924c-0a573fc81149", "value": 348650, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646912226, "uuid": "5cbb8d90-1e21-4887-a7c9-3f31be9cdd9b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912226, "uuid": "3fdf4cd1-8c69-4af8-b942-3a8c44c5859b", "value": "INV_10-03-2022_0011000530423_10.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1d985f5-a089-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646927406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927406, "uuid": "edb6ff7a-d818-4c28-a540-0f232a43349d", "comment": "Malware payload (Mirai)", "value": "374fe84816b64db43375ec33764b04d8", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927406, "uuid": "d0aa6714-d870-4dab-818a-20eaaa064992", "comment": "Malware payload (Mirai)", "value": "1a9d41bea07f2c8a5033ae9cbd4f5f9031b0b8644f93fdc03a466bba6bd0d7a2", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927406, "uuid": "f06b54f2-a531-4acb-a14b-1095268c9d01", "comment": "Malware payload (Mirai)", "value": "a65502a907655590a301a7632989dd1122c8feeb", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927406, "uuid": "a7104955-6e67-4500-8f52-7d722e781961", "comment": "Malware payload (Mirai)", "value": "8531e9477df26ae271abd5738df8e41d7041786693330f4bb7bacf49829b24aa42e29085937f3df0816ebbd84e39ef09", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927406, "uuid": "4f27a609-7d01-42fd-865c-56b8adf45dca", "value": "T129C2F12254AA1770EDB24C7CC07B5501338E7891A0BE32FF27BB851C74A65D34CEAB62", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927406, "uuid": "bdaa25a6-388b-4996-bfbf-4e5e556a0277", "value": "384:0qPTdebj5O5z/nftZwxmDz9nkXLLbxVfWNFuZKwVgpLBplZjwmI8IjF+lwJgAsF1:rpeb9ebnVZ5ZWVfWNUSLTbvGFNR03UM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646927406, "uuid": "ef754be7-2435-4020-b439-f9e04021cd8c", "value": 28112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646927406, "uuid": "a4677934-c263-4f43-8ec5-db489c1957a5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927406, "uuid": "59683eab-f7d3-4eb3-a95a-8551a7faaf27", "value": "darm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9d8bdc5-a05f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646909407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909407, "uuid": "46ee4bb8-b80e-42da-b7ad-cc9c708e2464", "comment": "Malware payload", "value": "db017762855b446daa8975350963dc6a", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909407, "uuid": "b70cfb89-c124-4876-b2e6-dba89c6c08ca", "comment": "Malware payload", "value": "1bd40f9f14338a1219619ab43e5a2ec4665b13f6eef592864873a6c2c11e2881", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909407, "uuid": "8a514729-049b-4261-9d8a-2d50be07acd2", "comment": "Malware payload", "value": "da33d04fe89ac276c1594fadd135896d4ca4ac4d", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909407, "uuid": "33987c5b-b106-4661-b8bf-2b04b69a3d24", "comment": "Malware payload", "value": "59148ad8aa9d1a00cd20f9daa866131db22b8b816cb3973f3767bd69d3180a8a75099d9514145b82aec12de6c36bfbe8", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909407, "uuid": "d0285ed7-b362-4fb5-831b-226975ca31a6", "value": "T111A3293BB2D2DAF5C043707A0DCB87E26521F1B87626650F35863B1A3A2D1C85E5D367", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909407, "uuid": "fe7bc764-ad0c-4448-8c32-ddd749a0790a", "value": "3072:I3oJ/LUD/CFLUjrXAuv74pv3if/GHY9DKAdRNuH4mz2bGxCE:DUuM7OCE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646909407, "uuid": "a86f7eca-a8e6-4f4e-b5f2-02af21f34289", "value": 99349, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646909407, "uuid": "fcb9e155-a147-42ff-b16e-6f91fae791fd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909407, "uuid": "c5178b3a-ded7-44e5-93fe-9e5eb339c962", "value": "enemybotx86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60fab7e4-a043-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646897179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897179, "uuid": "310892da-12cd-4fc2-8520-4c0aa8e45bde", "comment": "Malware payload (AgentTesla)", "value": "3f1ff014e0379a78543f58d6796664d9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897179, "uuid": "a4d72fb9-47af-4b87-8480-4d2bbe03df99", "comment": "Malware payload (AgentTesla)", "value": "1c61190afba54a823799db9a5b7b3c5059d1e752b0d795ad103780937f6e51db", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897179, "uuid": "01e7453c-7cb2-4bed-9856-0b35d6d9bd42", "comment": "Malware payload (AgentTesla)", "value": "7f0ab3d38baeb19ca643ba0add1aee4e853674be", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897179, "uuid": "bceda7a4-e3ab-480d-af84-b371c1157dae", "comment": "Malware payload (AgentTesla)", "value": "7d9461897e624f2b935bcce0ed051d9cddb3fe80635a7049ae42e6e55df1c92e3d038bfc2a138b821fdf07f8f15968b8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897179, "uuid": "1606ce13-24d0-462a-aa32-72c17b0610bd", "value": "T112D423C2CC9C758F81413A977AB9BC83AC0D544D698F74BAF6C0FA952B9E84F7214931", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897179, "uuid": "5c5a3eba-4ab4-496d-8885-7a9fe5c95b6f", "value": "12288:9QB+AvD4RaDpXh4Z03TSzva7nk258vgREZF1qKV7EpSS2HVXNihzy+nwpInSpzMO:UQWpXhuKT4vanEgREZF1q8IP2HVympvr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646897179, "uuid": "43e5f2f8-df9f-4729-bd35-c74102f19d0f", "value": 652359, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646897179, "uuid": "d9573586-58f2-43be-9575-2e409352812d", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897179, "uuid": "ffbbf055-3460-4bec-a491-abaaddece821", "value": "SOA.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "330915c4-a0a7-11ec-9275-42010a9c0029", "comment": "Malware payload (STRRAT)", "timestamp": 1646940051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940051, "uuid": "ee871c80-6b10-46d8-a5cf-e77f43af24ae", "comment": "Malware payload (STRRAT)", "value": "4153bf392a661ef5cbc2c0294abf6daa", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940051, "uuid": "4045eb42-6a13-4d7d-911d-bac777e6f4c1", "comment": "Malware payload (STRRAT)", "value": "1c81b13151a6a116b4c38b3fbc83b97696a7ef62ddcddbc33190cd82f2e20a33", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940051, "uuid": "b598cfb8-17d5-4ad2-9bbb-5b9694d6e34b", "comment": "Malware payload (STRRAT)", "value": "aaef580e51fa9b026e5939d4c5fc0d18166b55d1", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940051, "uuid": "3989e749-fefe-4f7f-a99d-4198152e4dad", "comment": "Malware payload (STRRAT)", "value": "ec47c875877106394d8fe402c12cafa6b35c06aa6191e8d70921a08fdf2d2fa9fdbc4fcfe97ab58d412427cb10b9d4d1", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940051, "uuid": "fa122c82-9435-4090-86c9-132ff9c45256", "value": "T13FF3F14EBEAB87E5E19F547A1918D132EA1C81C8E415623F35EC0C564CBBD6D0732D4E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940051, "uuid": "90c5fc0a-50a2-4ef3-8bf4-7f2dd5f22096", "value": "3072:fQF5TZwTpSCR3r7VmwE9J4g3nMYTIHjPh2R9b/xj9cUVpjUI8SKudi:IFvwTXnUJ73UDoR9Z9cmCVSNdi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646940051, "uuid": "f5ef4a65-3bc1-402b-aca8-65958fc282ba", "value": 172805, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646940051, "uuid": "40804193-da40-4792-b59d-c7b03605fc06", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940051, "uuid": "ca8337b0-bfdc-4a3f-8628-46cb55689b78", "value": "Delivery-Update.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ef51138-a07b-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1646921147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921147, "uuid": "13922fec-6738-445e-a397-98772e23f343", "comment": "Malware payload (Quakbot)", "value": "df3cbb35cd0f3424f37765c6626bdbf1", "object_relation": "md5", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921147, "uuid": "29e8c7ea-5e52-4315-9497-1f1fde84a053", "comment": "Malware payload (Quakbot)", "value": "1e6babc47a7fc33ca883adfc5165c6597fe1b60f04b08cfeec78055c37e05c7b", "object_relation": "sha256", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921147, "uuid": "d0c79f9c-8e84-4326-829f-cb3dfa1c9625", "comment": "Malware payload (Quakbot)", "value": "591276bea72991b2ab958b594376fd0d47a40876", "object_relation": "sha1", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921147, "uuid": "f3d142b7-4a73-4fd4-a3c1-4299411beafa", "comment": "Malware payload (Quakbot)", "value": "29885061c81498dd9d3c946985c7379b4f50c1ed0bce56c5e27d4680e4983ec8682fe8a95c468f09c4eaabe29e02fef8", "object_relation": "sha3-384", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921147, "uuid": "94c3d214-f118-467b-8b45-ce0f44cf7779", "value": "T165259D63E3D0487EC16A2B399D2B576898B96A113D24F4C63AE41C8C5F3764376273E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921147, "uuid": "61551c16-1998-4187-8b23-5c4870d5f736", "value": "4be20c1d0cff08001af7f6da02464dc6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921147, "uuid": "32abf3fc-60d8-47a8-a25d-753b047ddb85", "value": "24576:X9t3O1k4YwdH9CZ4nJ/TwiuPi6U2SAHl4XoWSIgX4Tw:X9n4RJlLLKKgX4T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646921147, "uuid": "c386fd47-bb02-44b7-b46a-4080556fd9da", "value": 969328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646921147, "uuid": "2e04ace8-dd03-48b9-b2cf-d7fb5b902581", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921147, "uuid": "c9ef8d4c-b163-4641-bc97-1b3dbf627552", "value": "1e6babc47a7fc33ca883adfc5165c6597fe1b60f04b08cfeec78055c37e05c7b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b1342c6-a083-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1646924576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924576, "uuid": "ca5c72df-21a9-45f6-870f-a49466914d40", "comment": "Malware payload (RemcosRAT)", "value": "a262e3bdee8123286dabffd72feeaef5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924576, "uuid": "34f507d7-7486-4f72-bd22-c1b0fe96fdae", "comment": "Malware payload (RemcosRAT)", "value": "1e9b14262f935e7f822b39afe45842ceac9c584e70a3b520d8f391d975d600ee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924576, "uuid": "c206980e-ef04-40ac-82de-e2c19808d551", "comment": "Malware payload (RemcosRAT)", "value": "2132a8c92252b24a1266a323a115c528e6554b56", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924576, "uuid": "9743adca-cbb0-428a-b4d5-ef8e9d1e1edc", "comment": "Malware payload (RemcosRAT)", "value": "cadb062b62790ac614896cbeb243940da765e8b308bd969ebdbf021c9b5638d62f6eb8fa18d8ca8f44b0bc129423a0f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924576, "uuid": "f06e8ecf-63df-48be-8f87-0bea93968882", "value": "T13635E0E0EE4C837DEC14723BC5E858701EF51A9D3411BF1AA68E01ED096BECF49A652D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924576, "uuid": "e5902d45-58df-4955-9413-f2a6ecdeb1c4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924576, "uuid": "e3cea632-325a-4a3c-a310-231bc3511343", "value": "24576:UNxz+vUuimD9V7DjkIFQqQsTMzVUj1b9nCz9LObYMg:ZvUu/95XkWQ0Fj1b9no9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646924576, "uuid": "091e5974-b026-4b46-8b0d-61fec35d9454", "value": 1153024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646924576, "uuid": "86fbd182-2451-4ac6-b887-d05956c98267", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924576, "uuid": "3e415878-aa8f-4fc2-be86-dd96a3a5aac5", "value": "NEW INQUIRY FOR QUOTATION NO.20221003.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b8d4451-a03c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646894056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894056, "uuid": "a8ad66e2-6dde-4e86-afac-7e80fbb90b1a", "comment": "Malware payload (Mirai)", "value": "fe8f9d64c4d635e8fdc233cdf9e1692a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894056, "uuid": "0cfe7d5f-bf34-4a88-ad12-fd8ded3d9393", "comment": "Malware payload (Mirai)", "value": "1fa571ecef7afd29c6017dc1338139ec1e110d59ec203a1e245b26aad0f22d2a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894056, "uuid": "af22cf65-89af-4d67-99ce-a0e723c3cbf4", "comment": "Malware payload (Mirai)", "value": "452fdb10994a40d6e0ed04e76992b02b22c1fefb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894056, "uuid": "100dcd7e-3c4d-4980-b8d9-2feb6f5f3e8c", "comment": "Malware payload (Mirai)", "value": "c0488b290ec4f014e1edb2756180121f00fca093b87a9cc9f175190fe1fa06646c116dc17868b07695fb143401851f55", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894056, "uuid": "a90f4642-8d4d-4173-ac5a-994349aac423", "value": "T1FE430851BC818A12C5E0127AFA2F858E3B2523E8E2DF77079D211B6176CB81F0D77E56", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894056, "uuid": "1d84384f-acc9-450e-952b-b1c38ddf9020", "value": "1536:6DkacQ/7s9QleS7ZjpLxfZWEBlAuf2ntQWhhot:6DNEaHfZXlt2n2Whh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646894056, "uuid": "e376b2c1-4f1c-4f06-a674-2b2b8156255b", "value": 60492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646894056, "uuid": "fa8d1805-4404-42b6-ad70-6288ebc4b7e1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894056, "uuid": "392e0edc-df08-4acd-8e29-8c4f7f9e6ff8", "value": "fe8f9d64c4d635e8fdc233cdf9e1692a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b511a0b-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646905330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905330, "uuid": "049fff42-247a-43f8-9ce7-21aa768704c0", "comment": "Malware payload (Loki)", "value": "0e6a7cfc9362294cd5fbe867a5ea2b1b", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905330, "uuid": "98ee703d-ad69-4555-af0c-a76e9ffd18e6", "comment": "Malware payload (Loki)", "value": "22d5ac1e6754f93c83d45c50b6fb9ac75d679a7c75c9932a3ef4cc0d5b19c8d4", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905330, "uuid": "fe91bd81-1015-4ea7-b2b5-cf4d26bb3524", "comment": "Malware payload (Loki)", "value": "96022c8747c1d5d1d485bd2166853e80d366c5e8", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905330, "uuid": "fca0736d-61d3-4d8f-a540-ec147b5bb75e", "comment": "Malware payload (Loki)", "value": "d42877b17d029e109475ac0752f695c574376f737a1c51c88c0b45906c645eb95ed5d5e050cf24cc5d4753fd4484efcb", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905330, "uuid": "2c698084-dbb6-4ff1-9d73-0f412d491ec7", "value": "T1BC1412E7252C8254EF26EDBB1504DB119615EF28ECE15D892281B5EFF737D2808224FA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905330, "uuid": "1522eb66-d225-4e91-895a-8b9d2ea8124f", "value": "3072:WJfzD9L2GD5pbJQu2LjA7CipGl9b/Au3wrnPtjik526M+NIe2wCbX9fc:ed2w5UxLjAO0GX/Alrnh752+HKfc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905330, "uuid": "6784cfb0-5e21-4d54-a3f0-57c145f43ac0", "value": 190568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905330, "uuid": "5073f89a-7304-414b-acf2-b5eeb16d0d85", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905330, "uuid": "d2053cdd-41ad-43c6-b70c-80a418a67aea", "value": "Scan copy.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c7832a3-a06c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914646, "uuid": "750a8cc2-57fe-45a9-bbfb-4f0ba4dbb40d", "comment": "Malware payload (Mirai)", "value": "18c5feb8855365d27ff3848311560f1b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914646, "uuid": "ee72af74-d20d-4ede-910a-39ee56c8a529", "comment": "Malware payload (Mirai)", "value": "23220b11537ad00cd8e1e9ecb49760e442f63db363705226172036a48a4982f2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914646, "uuid": "00fc13c2-0ce0-4cb8-8d0e-2acf3f8ada2e", "comment": "Malware payload (Mirai)", "value": "345ab078cb530424e3509df43a055fae58b12fdc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914646, "uuid": "d2f3d22c-f765-4f59-86ae-27fb7fbde385", "comment": "Malware payload (Mirai)", "value": "490cc3714e33bef21997a85bde7e19c4e4643916e9c9be1c2025ee68233218289e6393d197f510aaff55fbe2198e9176", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914646, "uuid": "9f8c898f-e377-4c94-a0f7-4753c4a37166", "value": "T174E3A53E7A11AFBEE168827107F29F70CF9529D326A19381E26CF6185E7118D0C9EB54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914646, "uuid": "d6b8a59a-2aa1-44d3-bb73-eb09b97b300e", "value": "3072:JW6dm9tS1aRGQdK76t/zCqI5mrThPaLEnvPrNb:c6IG+LC7mrThPaLEnvPrNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914646, "uuid": "9dce312e-c443-4baa-ac5e-d01171a4d84d", "value": 155428, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914646, "uuid": "68614905-279e-4048-89b4-619ee37dc2f0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914646, "uuid": "9e2110c7-acee-4b11-b99e-66fd98f6eb43", "value": "18c5feb8855365d27ff3848311560f1b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16499a9f-a03c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646894047, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894047, "uuid": "3c83395e-46a1-44ea-b119-82d691add025", "comment": "Malware payload (Mirai)", "value": "4fc33302787cef6209b585417545d756", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894047, "uuid": "92f64134-0736-484a-adbe-83730216c6e7", "comment": "Malware payload (Mirai)", "value": "23965a467e34e6bda7ea5784cfb9e7f164eeecba2eb2caa5e24d5d0b575d9f90", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894047, "uuid": "801fd6d6-0699-415c-a5ee-4bdde80375b1", "comment": "Malware payload (Mirai)", "value": "7b99cf5d9f54cbd7c1fea0aebe16b978bad38822", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894047, "uuid": "1cf9e4da-79d0-44b4-b145-998cc70ade15", "comment": "Malware payload (Mirai)", "value": "3733ebba51512430eae01cc28e533c712274b8f364e8c61f8c2ce393a27c991a0d2ad349117a6ace37a3325d89b6e2a2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894047, "uuid": "c4c33933-8507-413f-a83d-12cafea24804", "value": "T1A773C519BF610FF7ECAFCC3749E91B46298C945621943B367934C818F68B25B5AE3C60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894047, "uuid": "aa7f7f8b-016f-4ee0-8157-566e4cd9bd4c", "value": "1536:cJfEFvGQrH19rskjDosdadTDIROY9lbWZephJT:cqGQrH3rskjDouaVAbW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646894047, "uuid": "90cd3214-95dc-4b0f-96e6-8d9ed048dbd9", "value": 78244, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646894047, "uuid": "b64fe04f-c564-40e7-891f-686ed6422835", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894047, "uuid": "fd8fa71e-b0ac-4849-b408-43ab7f646bd1", "value": "4fc33302787cef6209b585417545d756", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfd147ce-a064-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646911538, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911538, "uuid": "320d6300-eda1-43c9-89a4-f2d042bcf72c", "comment": "Malware payload (Mirai)", "value": "9e2bcf107808a434fc7c9f54d0f48e36", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911538, "uuid": "2ed96f58-6a07-49fe-be77-5991a7540b2d", "comment": "Malware payload (Mirai)", "value": "24cb624da3cd3c517d5e5fbb6635fe2f91100c5e850ced0bccbe273c9bc0cf65", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911538, "uuid": "79209df6-a207-4548-8f35-cca01e27003c", "comment": "Malware payload (Mirai)", "value": "86c7db8f607b447658cdb0ecfe10c2e4705f1bf2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911538, "uuid": "4243f11f-5cd4-47a9-9fea-8137e8a80686", "comment": "Malware payload (Mirai)", "value": "55092e4dfaa3a984fd88c0e68eefd93a74e6ae08535ccb2bd88d5e98647af0db0e3c426ba8aa06a30602b8f7145efeb9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911538, "uuid": "6178788c-4865-444d-88c0-67bb4c88fbc2", "value": "T10D537C39D459ADE8C0064A74B819CE345F53E48483A32EF6DAA083EA9453DBDF419FF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911538, "uuid": "ca9fb72a-3e4a-4c60-9ad4-07fb4f9455f9", "value": "1536:Lan3rst5CCFjwtV3W69e+wfs3y7pI/q+LKyeqCM:Laot5CCdoyf+yNWLKyeq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646911538, "uuid": "615df640-9c71-4a0d-a429-9f5bdbd88dcc", "value": 65044, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646911538, "uuid": "b50b78c4-f90a-485b-b8d4-f6e56da2ff9a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911538, "uuid": "e653215c-ea2a-4517-a8a4-9434a18c3923", "value": "9e2bcf107808a434fc7c9f54d0f48e36", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f728785-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (STRRAT)", "timestamp": 1646907081, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907081, "uuid": "471c5b79-7bde-45af-8371-dac5b56f758f", "comment": "Malware payload (STRRAT)", "value": "1d6256be5a79d0b789e606c7d552414c", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907081, "uuid": "288f58f5-57c6-4127-be18-fa23fcf311d5", "comment": "Malware payload (STRRAT)", "value": "24e70f0058c2a0c097ae5844228a30dfbe454c1af241775582e9801d482d56b3", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907081, "uuid": "ca671d30-b516-4fe8-9eae-a89fb6a820ed", "comment": "Malware payload (STRRAT)", "value": "d5045273ab6e49ae8f365079ff3ae2cb73df1260", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907081, "uuid": "c5cc09ce-70df-47aa-a7b7-1eb3c5736d10", "comment": "Malware payload (STRRAT)", "value": "92a30f34558fe8bf4776d15f443f2ddef44a31843bea76c055dbd2a8dd6477e562618e4ef297c6d5eed9e0cd06e74f4f", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907081, "uuid": "8d45dd7c-8959-4116-b546-3a9b98e252b0", "value": "T13BC3126DF271AD91F246F73794C19780C10DBAB1C68ED18D41EA2A8DD6A24FCBE66840", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907081, "uuid": "ba6ea246-1f0b-4ad1-b098-5563e9846481", "value": "3072:Htlzb74SD3xFgVOggUotrOwVOsgnFOxT6quQFF:DzbMqhFgVIUPOOT0UqF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907081, "uuid": "18529a47-c188-401f-bd81-ef5dd1d2881b", "value": 120753, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907081, "uuid": "8eb902b5-378b-4438-a856-1a8f816fb18b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907081, "uuid": "d08c9803-6c1a-4c65-b0b8-7e2c71182f85", "value": "Reminder-Statement - 2022387.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fadeba16-a0c5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646953271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953271, "uuid": "c081d3f2-bb2c-4ca7-998d-d1bae995d1b0", "comment": "Malware payload", "value": "d6be53ed685c807e7e5f57f337206a40", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953271, "uuid": "d478bc02-2de4-4281-8e76-8c8acb70a364", "comment": "Malware payload", "value": "2510d413162b97be24dd93fb4ec04531f79779f7e57dadb076d732c3feec6b62", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953271, "uuid": "5513c9ed-bfdb-4264-be79-441cb0a24ae1", "comment": "Malware payload", "value": "d497f1ffcc002dfcaf63c982442c9b9037ea1d0f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953271, "uuid": "802eea6f-6fed-4fec-8f6a-2cbc974c9770", "comment": "Malware payload", "value": "faf34b7df2e75b49a74d26030c9e5f1df4c31e6b84c527299d3d7f27e4ad666b4c6d544130367c24395eefffe10892e5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953271, "uuid": "7d3b9598-45a2-4a76-9cd5-4bb869145450", "value": "T10AD46A40B5A3C070D3E7313846FD23CC67F9B9A1D7BB412B7A99954D6D3C8920B79A22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953271, "uuid": "4c07d8b2-78db-4702-81be-24d951cee89f", "value": "cfe3f54a8e794cfc54f47ecbce05971c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953271, "uuid": "f466d885-ffc7-46fd-9a90-6ad88fc03387", "value": "12288:ivpO7ru2TDuk1tYTwwe5AnYq2JaiMMMXdgir7OOBgzgENENENEn+ITITInTKTx4B:vru233dweOnYq2JaiMMMNgir7OOBgzgv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646953271, "uuid": "7e9400df-434b-4817-ae83-ad9e36e52ecd", "value": 655360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646953271, "uuid": "67af2add-9218-4301-92e6-bc8130021868", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953271, "uuid": "ecb144d2-f3ba-464a-8577-3ca58ae2b33a", "value": "emotet_exe_e5_2510d413162b97be24dd93fb4ec04531f79779f7e57dadb076d732c3feec6b62_2022-03-10__230107.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8be24820-a096-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646932899, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932899, "uuid": "8f55a9eb-eb5b-4d37-bdb1-7515d1f76901", "comment": "Malware payload (Heodo)", "value": "5adc65a2c7f95fd320242dbe3f4b725a", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932899, "uuid": "c4d8ab26-ae19-4d57-b0de-2eb6785ec9ae", "comment": "Malware payload (Heodo)", "value": "26022fab297b50b6b6f8704019b8bba765203f7bcbc0b125c83139164f790022", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932899, "uuid": "9047edbd-6c1c-4e9d-8777-4db694b61c86", "comment": "Malware payload (Heodo)", "value": "28d906ca0d3e58d690d6427ca1d12686e1aae7a9", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932899, "uuid": "79e6acda-dae4-47d4-8c06-de29f432ce57", "comment": "Malware payload (Heodo)", "value": "9ba3a023579b7b80dd0fb1a7fa290c3cf885f4c474d371d4c888b197d5954897a3d6c1f0814dc4d2a3e818411aac0e98", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932899, "uuid": "c8772868-17b5-4578-b341-dbfe8f225e1d", "value": "T1CB33596B96C4743BCE138C3D8E085B997D5B944260C09B76CF4CA69C7A8F5B50E4B0AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932899, "uuid": "c9bd2b48-a36d-41ca-b220-865bc54f5885", "value": "768:aICkZNRvmHvnQvlSQHAamYDSmPq9A3Bj9DLC+9uSEcmQThnuG3KC0VfVhC:aItBvGvQ8ncDSmSIBlGeuSEcm2h0HVfm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646932899, "uuid": "8b7c11d0-8dc8-4c26-98fd-a3ebb94b8cee", "value": 52699, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646932899, "uuid": "dbd3be13-9301-4cc2-9afb-09f6c58e4988", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932899, "uuid": "273537cc-ebba-4b7e-9f70-47eb2c2d4041", "value": "lista_0887.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca0ff844-a019-11ec-9275-42010a9c0029", "comment": "Malware payload (ZeuS)", "timestamp": 1646879316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879316, "uuid": "90a282c3-dc88-4060-b70d-0a2a32202b87", "comment": "Malware payload (ZeuS)", "value": "aefecc47f464e07a49ce517d88a48db4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879316, "uuid": "33d29c55-03ab-4aaf-a0b8-bfd759317a67", "comment": "Malware payload (ZeuS)", "value": "269b5b31bacfb2afa825f97e01f76617e71d11cb6391256142dc11eac0e1459d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879316, "uuid": "69cfd4bb-ee0e-4c04-9a92-bef652cc0cd5", "comment": "Malware payload (ZeuS)", "value": "ba7f3216113da60be46771443c2367970c5c2d61", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879316, "uuid": "774fcff0-26e2-4c94-8232-812bc13f549d", "comment": "Malware payload (ZeuS)", "value": "137e246ceba09d328dfc6907839ebd51be235d2e2f2bda1ec8aed8dfe20a2a81416c670c21ea67e41bbf8be5a17fc7b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879316, "uuid": "1cc2ba2b-5e7d-4684-a243-0d2d237a80eb", "value": "T1804523453BCC09BFDE6128B52950DC0D2B68B1661CAAAC5BDBE04DE71F468F6253B0D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879316, "uuid": "46b3661c-d021-409a-b7be-084581a0d56a", "value": "0c1e0b4890cc87424a0fd0132621e9be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879316, "uuid": "4ac53874-86fb-437a-ba78-1bfc6d6e7ae7", "value": "24576:6qFtSjoNZ5kJOdV5vUG4G1Wc2SWhCkp4KgufGqhrmpIeAW89UF:6u0o+JOrl9DGnCkp4w+qrmOeAh9UF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646879316, "uuid": "4c40f885-0864-4c70-b6b3-c1b3395ffe4b", "value": 1198080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646879316, "uuid": "623fa71e-97e7-414f-895f-f549deb080f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879316, "uuid": "e08774c8-c685-45a9-8642-ac5006c6a4f9", "value": "aefecc47f464e07a49ce517d88a48db4.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b2145f2-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646905356, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905356, "uuid": "7effd6c1-6f88-450e-a610-39c2c0aea0cb", "comment": "Malware payload (Heodo)", "value": "fe92d285573e10ff76346de2c9a3e405", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905356, "uuid": "949c7400-6de2-4fe3-adf5-43e1f72405fc", "comment": "Malware payload (Heodo)", "value": "2788a2c073c741fd26609d6dbb5e17c03a44e1bf7243733f8315671f4439e4f3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905356, "uuid": "1ddb65c2-f224-45d6-b10a-2982abf99c0b", "comment": "Malware payload (Heodo)", "value": "b0d94eb68fc02cc19dac3471ffe64694014f7f65", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905356, "uuid": "0e07b8da-59a5-45b3-a638-affca80b5b91", "comment": "Malware payload (Heodo)", "value": "25863109c0227128369caafa45c96f7106c72cee13e137d92796d55d5e00743c966df284b340519e13bec0e43a33b1b9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905356, "uuid": "2e58f846-15bd-4a62-965f-20d09fd73f7a", "value": "T171156D113781C037C11B3C3286AE937E62EA9A314FA5E6875F9475BD8E345C2DA3DB06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905356, "uuid": "a5c99981-d13b-495e-85ff-0b2d871e2cc2", "value": "a517173f90c43414bccc160c37653529", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905356, "uuid": "38405a9c-394d-4554-8f99-f4476f23a905", "value": "12288:4mZ2fbGh8Nggu3uTkIKD56pInvq0fPJ7/2fdwVW4SUPje88koKiaCx:4Bu3uT5KUpInvPfodwVW4SUf8kiaCx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905356, "uuid": "ab38b6e7-121e-4c1c-bed6-fe261cde7910", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905356, "uuid": "7b0a9d5f-1a64-48c8-8de5-b10506c4d04c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905356, "uuid": "e164708d-7320-48b7-a77d-843de9863244", "value": "fe92d285573e10ff76346de2c9a3e405", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9f63a9e-a0c5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646953270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953270, "uuid": "c97ba566-5045-47cc-bc52-faf291c79b4d", "comment": "Malware payload", "value": "87415df48f953099f153aedb9d1eaaa7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953270, "uuid": "f24c08e4-bc98-4357-b96c-72302a43132b", "comment": "Malware payload", "value": "284f6a5103091d87c439143599b03e8f42a146a799ab267db2ddd2133090765c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953270, "uuid": "692e8e5f-b24d-41b3-a368-e634dbedc9b0", "comment": "Malware payload", "value": "ccaf17c2bca8cf0f0e9e0bd7e5e50250dbf75b4f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953270, "uuid": "cf892470-efd0-4771-8a00-d67419465c29", "comment": "Malware payload", "value": "6c601828d45be66290d94c6c5f76baf1208e764371fe4ddf09f4dcaea84ab0bd28074248343d6a4327745baf82490140", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953270, "uuid": "61fb3bf3-0ae5-491d-a247-8e3da7a6d57e", "value": "T139D46A40B5A3C070D3E7313846FD23CC67F9B9A1D7BB412B7A99954D6D3C8920B79A22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953270, "uuid": "ebc394a8-a9db-48a6-8b03-428a56cd11f2", "value": "cfe3f54a8e794cfc54f47ecbce05971c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953270, "uuid": "8d256a11-ec57-49e1-a11b-bafb339bd1cb", "value": "12288:ivpO7ru2TDuk1tYTwwe5AnYq2JaiMMMXdgir7OOBgzgENENENEn+ITITInTKTx4O:vru233dweOnYq2JaiMMMNgir7OOBgzgw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646953270, "uuid": "35ab825e-698d-4878-8bc5-99b60cefd432", "value": 655360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646953270, "uuid": "b4e48356-63ba-48fb-841f-20cdcc395d39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953270, "uuid": "0dfa437e-78b4-4f84-b85f-e7aa88121dbc", "value": "emotet_exe_e5_284f6a5103091d87c439143599b03e8f42a146a799ab267db2ddd2133090765c_2022-03-10__230105.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "880b4259-a096-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646932892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932892, "uuid": "7ba8338d-0585-4deb-98c5-2d447c37bdac", "comment": "Malware payload (Heodo)", "value": "56b36749e72b66573687b0aeaf3958e1", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932892, "uuid": "493f9d67-22f0-4a40-b409-8e9cc684fa3b", "comment": "Malware payload (Heodo)", "value": "29963030c7ce35b44435d2e6e537589fa6ecd037011515025e904f3774a213b1", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932892, "uuid": "14acb5aa-5df2-47ec-90a6-85b39617d6c0", "comment": "Malware payload (Heodo)", "value": "589276bbff25710302efd623551f3fb787db00c1", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932892, "uuid": "721c8a1a-5a42-4997-badc-a7946c22d4c2", "comment": "Malware payload (Heodo)", "value": "acfa4298bb6a0ed228b84ca06248ad131c7a3e635cd11bcba798d2e48a26fd929036f35549e0fb5204f1ed2edcf16ed8", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932892, "uuid": "63c8cf41-9036-4023-9050-96719ff5ce08", "value": "T1BB33596B96C4743BCE138C3D8E085B997D5B944260C09B76CF4CA69C7A8F5B50E4B0AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932892, "uuid": "c212a6c6-8cb9-477c-afd9-d4e0786344a1", "value": "768:aICkZNRvmHvnQvlSQHAamYDSmPq9A3Bj9DLC+9uSEcmQThnuG3KC0VfVhC:aItBvGvQ8ncDSmSIBlGeuSEcm2h0HVfm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646932892, "uuid": "6ca1e057-fba9-4c59-b077-2ec35befe1c1", "value": 52699, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646932892, "uuid": "264a93da-a7be-46b9-b8c7-9a19cae5ba4b", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932892, "uuid": "bfc6939e-ba90-4cee-bbc4-1929389199bc", "value": "detalles_858491.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac977136-a0b4-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646945839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945839, "uuid": "3a1cbcbf-5600-4cd8-b215-c31d0246bd7a", "comment": "Malware payload", "value": "de26f817eed394260ecd7b48deba18a8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945839, "uuid": "3cc72596-76a6-4a06-bc96-8252127d7ea6", "comment": "Malware payload", "value": "29c8b408d6168b781f788efb5bcbd3a7e059182d48636e25c89881731ab880a8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945839, "uuid": "d3f07f1c-a2d2-4e44-a481-bc161c6cabc1", "comment": "Malware payload", "value": "d05876603e13e74d74e96884af2780a0d9b122fb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945839, "uuid": "c4b176cd-6355-4ab7-b936-0c1fb33122e3", "comment": "Malware payload", "value": "2a57fbd08ab1be9ba80c75d03b1f858b7351e2c447cd0bc30dc405dfefc227337cada6e36c735c4052587933a2ed970f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646945839, "uuid": "2686e331-9cf1-4059-a21f-34dc3089b53f", "value": "T1D7F2F230D89D9D31E6E6B9FB4D95CFC32A302BE97915CFF163421B1049187A65D0F988", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646945839, "uuid": "a505b3d1-5e6a-4409-9f89-07d709fc2764", "value": "768:WQSiBU4HM5Fv78N1jwbqozkucPv3K9za0xATPcvVDLuQt4uVcqgw0RTWXL:WsBHYFvXZIucHKhBtDKs4u+qgw01WXL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646945839, "uuid": "60906b29-da3b-4aeb-84e4-31f7eed27482", "value": 36084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646945839, "uuid": "a94f6548-28e4-4109-aee1-fe9c7a4e3093", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646945839, "uuid": "40719a0e-80dd-42e9-a89e-b341bea2d551", "value": "de26f817eed394260ecd7b48deba18a8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "753fd2dc-a02b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646886905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886905, "uuid": "bc76bdd2-3f25-443e-96f0-c86d50afaaca", "comment": "Malware payload", "value": "018e1c99706234daebda93d7eff9da64", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886905, "uuid": "429bf761-f237-41e8-b606-5f7fad7d9273", "comment": "Malware payload", "value": "2a510df850121cef364914819998d46ef31c32a22573e31962e145b9c1b0548d", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886905, "uuid": "3130ae97-957d-476c-8f38-0d9f15342d9a", "comment": "Malware payload", "value": "aeb55cc0b56e1ea6e0ddaff1167cca3997a2fe89", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886905, "uuid": "aa603b94-53f9-4936-bb72-8afa64862dbe", "comment": "Malware payload", "value": "463c1bf2d64bcb59b2e23ec6498fce61e049ee9ac4f4591aca85745784cc86c1906125f9016b7a3db2de56ee1f0eac1a", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886905, "uuid": "f33b2f33-39d7-41ec-8bd7-de7b5ca06fe3", "value": "T13E13095AF9816B11D5C11179FE0E124E73234B6CE3EE73265E24AF3067879770E3A81A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886905, "uuid": "1e2a9e25-c426-4c72-9bbf-98ca0146db07", "value": "768:FlnLSiV0SwhalCwD8mXEUNhiy6hu9oG0/wjMMNTVn8s5+YuI:FlnGi4alXFUUDiy64WG04Qfs5+Yu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646886905, "uuid": "7f63a42e-5875-4f31-9f6e-9a3f813b6570", "value": 42104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646886905, "uuid": "4bcd2f7a-50fa-48f4-a74e-8cf538629b92", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886905, "uuid": "69e10c22-ec76-4726-b89c-909bc173704b", "value": "SecuriteInfo.com.ELF.Mirai-BRZTrj.1386.12335", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bc3769f-a024-11ec-9275-42010a9c0029", "comment": "Malware payload (NetWire)", "timestamp": 1646883963, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646883963, "uuid": "67596730-f37f-4ac5-ab26-495a7bd7faf0", "comment": "Malware payload (NetWire)", "value": "9fe076dacf697fbdb328f7f95d6bdef6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646883963, "uuid": "ba979628-76e5-43d6-aba6-65055c7b758a", "comment": "Malware payload (NetWire)", "value": "2c9eea8d5b6618d104ec61f30308a1e872139ff87a6a9f18bf3d7dd442f9fcf0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646883963, "uuid": "17d6bfab-f34d-479b-b884-4d4c2328f92f", "comment": "Malware payload (NetWire)", "value": "26b22c25a92288150c24f1c159ddd76abd314513", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646883963, "uuid": "ac215a26-6aba-4092-b5b1-c0c7d3e6d1e0", "comment": "Malware payload (NetWire)", "value": "6d8aeb2080978f887ffbaa5139d71b5de17ced24e1b22049a402197c517b7f6cb59a620aac088f6e2e26c327f9cc302b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646883963, "uuid": "c1e7bd44-94c1-45b5-b3e9-1ea04b3db879", "value": "T19D84CF6289D2E80AC828D970D92BDBF5936A2D1DCE9267070366FC1A37FF1E3C419517", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646883963, "uuid": "68408e1e-3dc9-4f66-82ff-e7df133b1ed1", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646883963, "uuid": "644cdb38-3b7b-4741-bf31-f9825b9a6d39", "value": "6144:JGimzhkaUiNKoyHP9U55VpLHI8ypXvjLbU2//zhl4HGMBdqCH17C5J:ziNK9W55zI8MXv3bU2//0HGMBoCHdC5J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646883963, "uuid": "5dbc03d7-4616-4635-9d29-57be6d5493f2", "value": 394726, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646883963, "uuid": "0715d97b-cc51-4160-bdae-bebbe3b56aee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646883963, "uuid": "0c959f09-3bd6-404a-b3c9-e936463bd1c2", "value": "imagee.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c08cab7-a00b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646873011, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873011, "uuid": "7411c5ea-c002-4968-b506-b0d7173882e6", "comment": "Malware payload (Heodo)", "value": "c7020364b3ff4e12354fe65ef97f6252", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873011, "uuid": "6b6f1428-f214-494e-a9e3-e1f16bd169c1", "comment": "Malware payload (Heodo)", "value": "2d32c5eeea6d8cdb680585fdd4b62b02d66748b25193cd94aa6e1b4f8e5455ad", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873011, "uuid": "92c3ef56-0323-4ad8-b97b-0b24a8f29622", "comment": "Malware payload (Heodo)", "value": "0faa66c9ab6def290866d1ac00577caabcdd950b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873011, "uuid": "5bcaf8a3-483f-4124-b88d-72fff288620a", "comment": "Malware payload (Heodo)", "value": "479b9530fcb6674bc528e1c9e6bee4e42cc8347e63cf88463ea7da2f130d487ebd0a3a8772fb6a14d068147413c97e1f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873011, "uuid": "26381d7b-e1fc-4d5c-94c6-f7bce9a64a94", "value": "T19415370D6F918F79FC1D013898DD9B75AA99EC3B46A04F066ED2FABED4B71424C08D06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873011, "uuid": "b9346e70-e850-4898-b88e-d1c075e81764", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873011, "uuid": "1f23749e-c8f8-4ff7-9838-ef4d10bd7cf8", "value": "12288:aA9e3OrvpgqjtQFece6dddifiHxoB3rNd9CDr+aCx:blrvpgqj2FefQc3rLoDCaCx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646873011, "uuid": "03280541-a45f-4f9d-a0b9-30357b431676", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646873011, "uuid": "3a3b9a5e-4556-482b-b82e-0c2188db9eed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873011, "uuid": "201629c4-20c0-4902-b040-63b02fa885a9", "value": "emotet_exe_e5_c80fad0e3fa75e419d1c421d30cc5a16f269d816c0de45affcc12706d4667257_2022-03-10__004326.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60e7fc8f-a068-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646913070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913070, "uuid": "b1c76132-2cef-4a1c-8b0f-21db629311db", "comment": "Malware payload (RaccoonStealer)", "value": "a8907394f79598f9e85a13669723a88c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913070, "uuid": "26d6c747-73db-4dd4-9a76-71b5148c6e77", "comment": "Malware payload (RaccoonStealer)", "value": "2d892b56e76a69ef962a15c7a1ef782d985f67647df2042ae61b6711b3376fbf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913070, "uuid": "ea9626ea-fe35-4bc3-acbe-7c7f9cd32a4c", "comment": "Malware payload (RaccoonStealer)", "value": "01b318226f43da7a05aed686f08a7915f4da1a97", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913070, "uuid": "56f6eb68-0f99-47c2-b4ce-30683ee940c8", "comment": "Malware payload (RaccoonStealer)", "value": "39f53a0b41d5c4e00d66adc28590ea37096b2aec0b21cb18866ceb345c70ca34f3cd2f13fefbc06a301c12fb56d945c3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913070, "uuid": "511a30c6-b7dd-48b4-8819-9af66ebc4840", "value": "T1D9B4126177A1C172D4EBBD306A28C3B11A7EBD320674AA077354073D6F313A08D7A75A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913070, "uuid": "5b801a9a-b783-4de7-a1de-48956d185772", "value": "e0538044f9656c3c504709b72e66cb43", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913070, "uuid": "48cc09cb-15cf-4fea-9845-b67e061d654f", "value": "6144:QgV/CUWWYfjXJvv2bZv6YkkwDbNj8qcg0wl8AzZMdDevStaTs9HyP:QgNWWYrJ32YYkk4b589s8AlrvStaQG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646913070, "uuid": "4647a365-4b6e-4dd8-8f18-e33a4d39949c", "value": 528896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646913070, "uuid": "9f0d7fd6-d0d0-4ffb-b3f9-9fcfd9f0f565", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913070, "uuid": "8c748330-5f93-4e5f-a392-59ba974a1f6f", "value": "2d892b56e76a69ef962a15c7a1ef782d985f67647df20.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73763d5c-a06e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646915678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915678, "uuid": "d01ce77b-cd81-4fb9-9d09-0582cc8c5144", "comment": "Malware payload (Heodo)", "value": "6abd98978320ed884472a679a93ee7c9", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915678, "uuid": "3a9c6e09-e4e7-4d6e-9a2b-3766b20a4621", "comment": "Malware payload (Heodo)", "value": "2e53df694773f7121f1e14a449fbbc686fbedf2e01520d34e8ce40dbae8debd8", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915678, "uuid": "a7966c50-4494-40cf-9a29-1b2ab9cb5600", "comment": "Malware payload (Heodo)", "value": "23740c4351694cca1c516a9c9e915924cac7c6ea", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915678, "uuid": "c0e1770b-3a47-4ae4-9a35-d5c2936d715c", "comment": "Malware payload (Heodo)", "value": "f377478ef8d72c05e1f0adeb0dbbf3479621be2f671ee672bd88d1427b6e742db0e7a4554db006d71b350e0a0ad56a12", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915678, "uuid": "1d48a2fa-7eb8-4619-b1b4-69f204e294a0", "value": "T15723D01CE892B92DD3329D78C51852F4A60F23CE5054B16B1684F20D7F4BAE7478FA5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915678, "uuid": "ae35e940-a968-4d97-bac3-21c48a32d341", "value": "768:G1kICkZNRvmHazrfRmUOcIIGq9hqN6994E3ewNXz8OP6AQPHWZinVd0VhkhB:GKItBvGazLRYIzhqOisNz8OP6Tein0Vo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646915678, "uuid": "e58f7c00-49bd-459e-8c8d-f72633161611", "value": 45763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646915678, "uuid": "2d693a87-ec71-4a8c-9669-2fd39b434c91", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915678, "uuid": "c6581c2a-9dca-467e-86e9-2550b4429d5b", "value": "61_91.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebb38325-a05c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908149, "uuid": "e927f943-731e-4a15-b2ab-f48e2031ef26", "comment": "Malware payload (Heodo)", "value": "42fcbbea71f490710fcc0b336a9f6c94", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908149, "uuid": "261769b6-952d-48ac-945f-4f1a1dd4c4e1", "comment": "Malware payload (Heodo)", "value": "2f2f9b9f448657133561e7f7c35d6fc9b0fb6305a118a4e9fca3804e14d454d3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908149, "uuid": "d0010267-7507-4751-9f3d-fbd970322968", "comment": "Malware payload (Heodo)", "value": "0265833d3e426218c84d2b120225fbc49f954fc2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908149, "uuid": "2945e57f-bf8b-41f3-83d0-fc57a43c14e6", "comment": "Malware payload (Heodo)", "value": "94a5abbf5c6cbd5ac3a7143273affe8ff064bfd95582f7eb16614167bd78b05ef15cee9b005804a7a18ff47c42c2542d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908149, "uuid": "b3074758-e86f-44d5-9079-606776d097b6", "value": "T135D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908149, "uuid": "552142eb-dc06-4e35-bdb9-e168e29bfb57", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908149, "uuid": "75fa3e9c-85f7-4afc-a226-939c95698ef2", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAa:WRO5DDUmhnspspsqi022/OByw+iVifMP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908149, "uuid": "bb7e15e3-31a7-4e33-b6ce-d04a30c1446b", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908149, "uuid": "6380ec30-89a3-44bd-9717-cd9b34fe1abc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908149, "uuid": "1cc04d72-e77d-4625-a3e3-759c52144b0c", "value": "42fcbbea71f490710fcc0b336a9f6c94", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bba9b17-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646907021, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907021, "uuid": "6403f7e5-eca3-42c1-ae83-6c0eed0127ff", "comment": "Malware payload", "value": "4b64ecd221442432a75a15ddbaa42a53", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907021, "uuid": "271b135a-24f5-4e56-8fda-7508c073f4e7", "comment": "Malware payload", "value": "31400fad2bf5aba69cd9d7bd62c277c5050ff2705339093a682121ee8822eade", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907021, "uuid": "4c8a4a34-80b6-482f-b826-d13c51832868", "comment": "Malware payload", "value": "b2cbc8a6613932c3c30afe5f96ffff67b426266f", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907021, "uuid": "1c4b59c8-4d4d-436c-bc07-5c67265628c4", "comment": "Malware payload", "value": "2a3384d9c5ad8b5b593d01ff23123c9089f4e95e360a70516eeed83a62b0f97b3b162067228ac2b7ebf65c5ca3ff32c6", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907021, "uuid": "87d2271c-ad92-4163-9b16-3f36f62d3577", "value": "T1A1F55B26B2C5653BC07A0A3A5527E238B93B6A7D25128D4657F0C87C8E35B43F73E607", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907021, "uuid": "51e4b384-2b47-4e6b-8a88-6d5d69e2bf23", "value": "49152:gRkf1N6NwN9L1jRoSH2wEBxmcZ/c7TS6HyUGYS3A:/4wnfu0xHBGYOA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907021, "uuid": "da858fba-debf-4de2-9498-632f24155e51", "value": 3451392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907021, "uuid": "c28f1603-de30-4e5a-99f9-36238e376098", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907021, "uuid": "792bd8bc-57eb-4d78-b1fc-6ac8af34deb1", "value": "__]NFe hhepvtqw.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5511d12d-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646905319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905319, "uuid": "e7c98d72-e664-4364-a7f2-f4dbe27210fe", "comment": "Malware payload (AgentTesla)", "value": "fb298af6c6a59d5da51f3622fe919f9a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905319, "uuid": "6b8412dc-a622-4cf8-a1e8-d3a0b0ce22e1", "comment": "Malware payload (AgentTesla)", "value": "3287895f859635f8685159d26e4ce5b79e7cdb92be10819c72097e84f4a87f5a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905319, "uuid": "4e648005-dbb4-4f73-81b5-cee98737c931", "comment": "Malware payload (AgentTesla)", "value": "6efb0632f8564a887d014ab9f2e042a618f56042", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905319, "uuid": "81419716-7b0a-453b-bfdb-6baf4f95020e", "comment": "Malware payload (AgentTesla)", "value": "d6cb44e682fa0a4c8453d56071a7f38718a2e83c2482c1bae98526b534c49e151ac0a05ee4b13ef109ec9d70f23605e6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905319, "uuid": "ac3bbac6-0705-4d4d-9c69-6b3e57644947", "value": "T19E14025F73614B14EBF8A5FC801F618868F5EC0062E4E321199C771E39369D8CECA92B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905319, "uuid": "811c9172-68e5-49fc-9911-28ca6a29f141", "value": "3072:ZZbPonrjWav+2oZPOdM5V/qIf0gb5DnZlXpBrBS5VrDmd/Pykb0T8A:YnGav4ZpV/9f0gbBZvBd2Mm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905319, "uuid": "52045dc2-52db-408f-ae63-4fb74dc28421", "value": 190872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905319, "uuid": "37ef25f5-2171-47d8-a295-fde2c19beb78", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905319, "uuid": "142fa6ff-6a18-4178-b4c5-bdeb4006512e", "value": "swift.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4afae831-a0c3-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646952117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646952117, "uuid": "185e38cf-e5a7-4146-b2ff-6e59633aa928", "comment": "Malware payload", "value": "8529eb7f19f14f4bc5a0d0473e009a01", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646952117, "uuid": "9b76bcc8-26e6-4ed8-961b-c54854ff7b7c", "comment": "Malware payload", "value": "32c3ab642ec65c9e3cd2ad995de44e4537b271bc16bd24440bd4760b20d221ab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646952117, "uuid": "a68bff10-edbc-4912-815b-6af62374748d", "comment": "Malware payload", "value": "6293a81b1eb4b9ef7c35e8a2a532648005f9f07b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646952117, "uuid": "ebd341cb-4eed-4829-a42d-8766a7fcdf9e", "comment": "Malware payload", "value": "375ddb0877412271985226cb9632addafaa2c3d805b6f6de3cbe814cb6b394a4a662f46a9af2d512c2294f3c9c84c723", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646952117, "uuid": "cf88336a-f32e-4aa1-a065-03720c69ba37", "value": "T129C38D41B2D2417FE9619671845889908AEFFE313D658F97638C213ECC397E0477AFA2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646952117, "uuid": "f65555d2-c988-4aad-9135-10ae3914bd42", "value": "aaa0b167ae015162cacffab0e70ea77a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646952117, "uuid": "0f4988da-ac4a-4377-b978-472fc6c5d019", "value": "1536:j5MMCnkgeOdoWzkEXu/1X9fkYL1DMlS8eZPLn6penUBh+DIgXl7NcrnB16sWjcds:9MMuBeMR2/NdRJqY6peuDB1lm3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646952117, "uuid": "a280a826-7cae-4ab8-b89d-0b71fbe94866", "value": 120320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646952117, "uuid": "773131bc-8d7d-4247-8b06-5e3bf9a5c4e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646952117, "uuid": "202185bd-7d97-4e19-987f-7bf8155c7502", "value": "SecuriteInfo.com.Variant.Fragtor.65521.26023.20423", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2377ba60-a06c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646914685, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914685, "uuid": "4f811d52-616e-4946-97da-23aaa74bbbf7", "comment": "Malware payload (Heodo)", "value": "16b07927ff4a1d071fc3b34abbd0adcc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914685, "uuid": "f44099e2-f96d-483f-9d12-b942c385811e", "comment": "Malware payload (Heodo)", "value": "331e0545b911444c302b070c84493a6583f2f6c59a63a3b405ec725b3630a57c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914685, "uuid": "f665e91d-5116-4724-adbf-2949cd10f650", "comment": "Malware payload (Heodo)", "value": "1aadce1aceb22a87cdc2d40afe2837112d874b14", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914685, "uuid": "883145a3-46f7-4877-957f-e87445bd25c9", "comment": "Malware payload (Heodo)", "value": "48d314e3235bf23b6f2c19b3a4b969b131cc5586d60ccd2663e026fb2c6c5bcd0327046cc0197fd62d4d1f59be907b20", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914685, "uuid": "bd017e86-1817-4961-85ed-4875ba1334b8", "value": "T151D46B2271DE4073CC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914685, "uuid": "1057b55c-7b26-4e89-bbce-94c0df4f9a2d", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914685, "uuid": "46e22b71-13e6-4aaa-93e3-370e09d1d30a", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArA1:WRO5DDUmhnspspsqi022/OByw+iVifM4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914685, "uuid": "a34548fd-e064-4d4f-9fab-fd4d2c929ebf", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914685, "uuid": "15385d27-0700-46d5-901d-130d373ea2e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914685, "uuid": "47864ce7-5402-45cd-9505-1513741630e7", "value": "16b07927ff4a1d071fc3b34abbd0adcc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea305e02-a09b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646935205, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935205, "uuid": "c8b04060-fb9e-4c55-9e53-53372d596390", "comment": "Malware payload (Mirai)", "value": "a6444f5e81365e3c6eb338a84b74a388", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935205, "uuid": "f2b1cc2e-3fcd-4c46-8176-d8b8adf8592e", "comment": "Malware payload (Mirai)", "value": "33642d92ff5a79d4a27f0580889ea1ad30e5697d25b54e7bec8a7044de78d343", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935205, "uuid": "9c037114-407c-4f92-adbd-3c8caa383f5c", "comment": "Malware payload (Mirai)", "value": "8a656bbe57b0832ee4b42e2fdcdccf4056582cb2", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935205, "uuid": "781c798c-813e-4a82-98e7-d21bed229fe2", "comment": "Malware payload (Mirai)", "value": "d5a1e0f9a1789a2aa52ea34537de13d0aa5e39132d407b5df53c1abefc47a357d8592f8c50ef5a76cd032e4a19703fa0", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935205, "uuid": "6be231f0-9285-42f4-adc9-722a5c551c3d", "value": "T1B5D34B46FB418F13C4D617BAF9AF424933229B94E3EB730649285FB43F8666E0E53905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935205, "uuid": "e8994ae6-0712-4829-9863-7323de34d3c4", "value": "3072:f0DvinprSHrDqtVK/B3RJxQds/neqfasb2mKM/9M/zrr:f0DvinprSHrDeKXJxQds/eqfb2vM/9Mz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646935205, "uuid": "58b047a6-c948-415d-9928-2814094bae14", "value": 134572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646935205, "uuid": "06492045-b92b-426e-b2c3-8d13b8896155", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935205, "uuid": "1e9546be-1eb3-42b1-ade1-4186205fdf55", "value": "mirai.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "106c610b-a06c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914653, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914653, "uuid": "e89b521c-2149-4e62-bf22-d5474bc070d4", "comment": "Malware payload (Mirai)", "value": "1dad673e97a43e58b15eaa11e055dfbd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914653, "uuid": "8b60c8c9-358f-494b-a6f7-4b2166920fc9", "comment": "Malware payload (Mirai)", "value": "33e56e3f69c550b51454929937ccd595406c543467cac67df6df372382f282ab", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914653, "uuid": "702a7f81-e3ba-46cd-b144-a6d77a714beb", "comment": "Malware payload (Mirai)", "value": "7ff54dc833ef2b363889c3cf16efdd782d2b5cef", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914653, "uuid": "b22d9b09-c466-41ea-a74d-1ee73d0d2429", "comment": "Malware payload (Mirai)", "value": "93e9b10137ba1415c797152ea18b32080657f07a9dcaa65255941cf86f64cffece3f0146e624c4d8916738d70b22404f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914653, "uuid": "6319c65d-fee3-4a83-bd1b-ed0798aa5b8e", "value": "T15CB3F872B804DF66F00A96B504D38B367E30BFA70E6316A2731B39669D331D528A7F45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914653, "uuid": "d570ffb3-814a-40d2-9cdf-89db7ee56d31", "value": "3072:Ydg8GXIDvGIk1MG8+mjypvZ+oamm/QcuLB1niDNb:YuFX0GIk1MHyphLamm/QcuLB1niDNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914653, "uuid": "e4fc6e70-a8d1-4049-b680-842c947134f4", "value": 118090, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914653, "uuid": "9190251f-6529-42ad-bddb-4c6c2e19e6f8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914653, "uuid": "d6b5af1a-e856-40c2-a471-a874653a4f8b", "value": "1dad673e97a43e58b15eaa11e055dfbd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c490b3a9-a069-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646913667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913667, "uuid": "e997ef30-d679-4b74-9a0d-f6c37c411d68", "comment": "Malware payload (Heodo)", "value": "85f4d8bd7d069343ccaae169e8526c72", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913667, "uuid": "e981da49-b665-4324-ba64-2f45d3267a05", "comment": "Malware payload (Heodo)", "value": "348945f22f604f928d02ba480b16ea2e6ecb9cb787db9c7286940398fb8b53cd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913667, "uuid": "518b5e25-1d8b-459b-b788-4c6c97a0845b", "comment": "Malware payload (Heodo)", "value": "0d49a6946eaccfc495486b5980b2161430b1b8b1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913667, "uuid": "4ed73989-b7f9-4798-8d6d-99becdd9a2ec", "comment": "Malware payload (Heodo)", "value": "f977a643b36cc3f731af2255481ef61f67f88de03ed3e57e75522e1bfd8321169dc25efb2d4d6551cfaf30b29de5d88d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913667, "uuid": "25dd65a7-692d-4b8c-9253-481fb5296745", "value": "T101D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913667, "uuid": "d96106f2-3776-429a-b1a9-cb4e8d887842", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913667, "uuid": "e34107e3-473d-4b64-af58-140870f0a868", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAn:WRO5DDUmhnspspsqi022/OByw+iVifMS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646913667, "uuid": "5fdbf4d6-d8d0-48a9-980b-b713ba6b350e", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646913667, "uuid": "aecc6145-461c-494b-9dfb-2ae74d17d1fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913667, "uuid": "7e72aa2c-337d-4b6e-8326-65738c170d33", "value": "85f4d8bd7d069343ccaae169e8526c72", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cba64697-a064-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646911531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911531, "uuid": "e80a6257-0f30-455e-ade4-c889b40f68fc", "comment": "Malware payload (Mirai)", "value": "b8d438e9a4bf9a0c10d6adff272d9f6f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911531, "uuid": "4eec8fa3-0302-483e-81a0-98474b6e200c", "comment": "Malware payload (Mirai)", "value": "34fa39c813a30311825d3fe01db9a5f761b925b6b24fa2d10211a7273b37bae1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911531, "uuid": "3b1570a8-d95f-453c-80a7-2947b9581789", "comment": "Malware payload (Mirai)", "value": "f178fc2beab3ab62bed9c4e9963d0cde73bbb226", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911531, "uuid": "0559ed15-e294-4c18-a822-35c219061448", "comment": "Malware payload (Mirai)", "value": "dd678c911a36edeb1f8ac124fc95da00456ba7f050709d9a4a0c8b1d0313b9acdd434bf08f02039e441ece4b7bf1dac2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911531, "uuid": "ebd68233-7a4e-469b-aaea-630835efb783", "value": "T19E535D02B2180E0BE8E35AB0343F1FE087BEEAD025E0B545695FD7658A75E331586F8D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911531, "uuid": "d049597f-7a2e-467f-961a-f047f358c82d", "value": "1536:d2H4M8MQx17SGvDANs4LkFm7ALnq7gIMLFPM:CNmvFYAO7gIMLF0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646911531, "uuid": "4af57732-ed2f-4f67-b598-514f6b0adaa8", "value": 66648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646911531, "uuid": "bdc28567-03e8-4c31-b0b9-5bcc1d529d97", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911531, "uuid": "eaee4529-d4e5-447e-a330-77dd956efa82", "value": "b8d438e9a4bf9a0c10d6adff272d9f6f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73b996cf-a02b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646886902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886902, "uuid": "838d0a40-0afe-40ef-a0f0-85a32b392006", "comment": "Malware payload", "value": "c36edd694abdc372d69c7b62e6d97ab4", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886902, "uuid": "3f24d860-859f-4c1d-a3ec-567664910e26", "comment": "Malware payload", "value": "35214a586626ec14087249d81ecd99bb01987f6f04a645a4044f08b47f17e884", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886902, "uuid": "d9d708ba-f355-41be-83a5-b6ade4f9fc80", "comment": "Malware payload", "value": "90f1d3fe2cad053ebbcab35c9c0d034e832e0d85", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886902, "uuid": "b745583d-4e61-4a8c-9f7d-4e81c620c5e7", "comment": "Malware payload", "value": "cde4133a25d92a2a5524d0ef299aa08291f1b97011467440851368b61bc445bde9b99322815ab9043e16b6a908ab5faf", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886902, "uuid": "dee8384c-9fbd-4eaa-943e-f52f7ea60c0c", "value": "T13BC20995FE806602C5C26177FF0F43487B2A5358E2FD3347AA2AAF6133879660E2A511", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886902, "uuid": "773b042b-8a26-4ef6-a943-b7b8bb327405", "value": "384:2uCwE+NIOZec7tM7zvK4y7tolBadnxuIbtUpPjNyYGD1KtFx4e0HY2UFePGxx:DCC7ecxM7GA3adz+PjNyt1xIFIGxx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646886902, "uuid": "f1ed19da-e6fd-4184-8599-2425289d3529", "value": 26500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646886902, "uuid": "b685dd6d-7d82-44f3-acb6-22a1e4bf70bd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886902, "uuid": "02f3d007-4694-4199-a0f0-87c8dc33924f", "value": "SecuriteInfo.com.ELF.Mirai-BRZTrj.23.514", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "589f28ec-a0ae-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646943121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943121, "uuid": "c17bdbd6-1223-4f6c-9219-0debe75dc354", "comment": "Malware payload (RedLineStealer)", "value": "a91fb4ad2a4377eacf8f0ef8d52727c5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943121, "uuid": "0a590978-f8ae-4c33-9d43-434f07850a18", "comment": "Malware payload (RedLineStealer)", "value": "356b02d083bfe02dc53ff918bcef12a8fd44686b7ed05f66d7569659c1ad2dc9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943121, "uuid": "de2e2b6e-a7a4-4e0f-a88f-d79cda947f8e", "comment": "Malware payload (RedLineStealer)", "value": "fe10dafb53561d0a606d64f783286597d49a7ba6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943121, "uuid": "a8dd0fde-8e4e-4ab7-9240-5fd59bb69231", "comment": "Malware payload (RedLineStealer)", "value": "574eb008dd4ae13fe3ec7dde025e95338c75094178c350b645ca4df41b1fb2b9897ad2db50af0fda6cef92957ff1869f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943121, "uuid": "0b21c329-4ef8-42b0-9b46-e5414986f888", "value": "T1161523E75F8B5B4ACB48687432F21F1780A244D768D8827AA57B0F0A4D3D490FF695F8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943121, "uuid": "e0347f2f-80f1-4ef2-842e-3cb79b5c395e", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943121, "uuid": "bd656eb0-256d-435e-82b7-990977483c5b", "value": "24576:06N98XXotcBcfP7Z7M6hLzHU/gpXRhFpf3ip4kEaHNYK3W1ZOeQq/F:B8XXLcLXSgHhjf3iuNamPQ4F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646943121, "uuid": "f26bb2ba-0e41-4218-be19-25f160fe9bd3", "value": 949760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646943121, "uuid": "a207f896-426e-4ec4-840e-2c8a51c223bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943121, "uuid": "f6f2991e-3edd-46f3-8dec-96cc848bee52", "value": "356b02d083bfe02dc53ff918bcef12a8fd44686b7ed05.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9982174a-a096-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646932922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932922, "uuid": "e22dfc0f-353c-401f-908b-fc0fd51b57bc", "comment": "Malware payload (Heodo)", "value": "18f68db90e02a346939eff0a3e30c5a3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932922, "uuid": "5db2860a-bcfe-4d46-a0b4-d4a65531f01c", "comment": "Malware payload (Heodo)", "value": "357dfcedde5bfd61bc1ffeba9c72a3f6650c5df8b20e7c058bff6a87d7b615b3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932922, "uuid": "7dd2745e-f246-4b72-a031-a5164de993e1", "comment": "Malware payload (Heodo)", "value": "40150801a1ebfb671fed3632dc0e88b7d42545a1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932922, "uuid": "91d60217-f05f-4951-b6ab-7e6ff4164be2", "comment": "Malware payload (Heodo)", "value": "944e89db9ba2a1302e9352d18496671c012007ad0edbd712ed80cb8da7cb51cfd7b558f7bc97be99125f67a89a5b800b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932922, "uuid": "c8e8fc76-4453-4dd7-afd9-04ae87ae396e", "value": "T1E9D46B2271DE4073CC9A107C0911E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932922, "uuid": "24a02f96-951d-476d-a94d-5b740124c0f3", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932922, "uuid": "dac26195-1b04-4ae5-a1d4-cf2848df162d", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAM:WRO5DDUmhnspspsqi022/OByw+iVifMl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646932922, "uuid": "894887c8-e156-4afe-9b3a-cdc9c4b1eeea", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646932922, "uuid": "f8a5e252-5d7d-40db-a1ef-14b6ee6cba02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932922, "uuid": "7ec4613c-d0bf-4dca-9d11-f7b0b59c0c93", "value": "8hwrvktrCvU.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2266eae-a09f-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646936829, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936829, "uuid": "1917ddff-c363-4074-803f-fb2bd0dc32d6", "comment": "Malware payload (Mirai)", "value": "713252f1846bda3f4597415acce55d02", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936829, "uuid": "095fd480-3baa-4145-8303-f4811a10c2fc", "comment": "Malware payload (Mirai)", "value": "35878b4bfb6c2af36445ccb544dae35bde7dbea9c0cc2d581337a813e95f8329", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936829, "uuid": "7033b89c-e965-442b-8cee-c12a3bb80228", "comment": "Malware payload (Mirai)", "value": "6d9feef247393b479c915749cabec2e80f86a0a9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936829, "uuid": "eb4e0083-057b-4c60-ba3c-7dc2dcca5d60", "comment": "Malware payload (Mirai)", "value": "581192e4b46ffb67ce5678b8113a90848d952839e185a2044dd6dd40cdd3043a946a9ebfc16319aa8599b097089d2c49", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646936829, "uuid": "e292d13d-340e-40df-9204-01a0ee220ec6", "value": "T15573C519BF610FB7ECAFCC3749E91B46298C945621943B367934C818F68B25B5AE3C60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646936829, "uuid": "70ec7b86-ddaa-4d7a-9554-39b6231a4f58", "value": "1536:cJfEFvGQrH19rskjDosd5dTUIROY9lbWZephJT:cqGQrH3rskjDou5VXbW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646936829, "uuid": "bac000a9-26dd-4363-a80a-7cf2dfa87780", "value": 78244, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646936829, "uuid": "7f78d1b5-f29e-4904-b9e9-b73b08e43aaa", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646936829, "uuid": "8e5751d2-5c6b-460c-b087-31bfc4b9adbf", "value": "713252f1846bda3f4597415acce55d02", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0335918-a053-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646904291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904291, "uuid": "2b99ddfa-f88e-47d0-aa1c-c36fa67e3fb8", "comment": "Malware payload (Formbook)", "value": "58b0568aee755368ce30b6bb368bd189", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904291, "uuid": "7a3031a3-4b30-4504-a2b2-8125a9869907", "comment": "Malware payload (Formbook)", "value": "36f025547972c566f4614bdc0493064d4e802bd8ff25c3290d69c735082f8f85", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904291, "uuid": "2bf53302-ea60-4cc2-9b41-c2465aa815f9", "comment": "Malware payload (Formbook)", "value": "05b403d255355a477edb6225b476595b758804e7", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904291, "uuid": "047b1e8e-3ef0-494b-b09e-e21f379f525b", "comment": "Malware payload (Formbook)", "value": "f2f6a29ed4e8e89c1360b7e455b3466b68c28df3571bfa1323cd57b075affedad66edeb4d7e40c1bb382f9e19e27b2da", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904291, "uuid": "544e49c5-cffe-4dd5-88b9-854bd6323f06", "value": "T102A5EC31B1327A97C3160461165FBE86430CBE47B2C55F8CA05DFBF82CA6CA79346D9A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904291, "uuid": "9d7e02d5-2cf4-45d8-bf3b-5c5ca630d79e", "value": "1536:1ch6dtRGWbCtpl5kmrJ//RFxXxBpzB9TBtiBqK8Qf6YXkY0kY0kY92i3e+6fw5bL:hc0R9u02O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904291, "uuid": "f4784e46-8ca6-45bf-b88c-7c6fe4409c65", "value": 2170334, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904291, "uuid": "205bd0eb-8948-4707-807a-b8d41e3def07", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904291, "uuid": "ab9c0295-bc59-4cda-82ed-27f3cba6a695", "value": "Order.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2a47c5c-a077-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646919757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919757, "uuid": "c3040f53-1e33-47f0-a426-aa6f3922ef2d", "comment": "Malware payload (Heodo)", "value": "5fa7e32b3f51d65012d8cda5ca5d0895", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919757, "uuid": "684ec56e-67e9-4719-850f-628d5c6dcb93", "comment": "Malware payload (Heodo)", "value": "3802ac5e72e7e3ff7dd63051f3d30f04a7d0ba62cf30f3731c6d6cbf125d5b13", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919757, "uuid": "33bc8c14-8616-46b6-88cc-a2d71633df11", "comment": "Malware payload (Heodo)", "value": "a500edf09cf95a252bbac0a98f1d45ed7f210402", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919757, "uuid": "7b06d68e-1a7d-4bd2-8ebe-74276256f905", "comment": "Malware payload (Heodo)", "value": "70f64a25ed7fbcc6e5a523a03b784bba599b99001be6096458a46d6c7ee2a7bbee41e62a952e81fe97bbc14716143bdb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919757, "uuid": "c3f3ccae-27a7-4f5b-bf80-077944b7907c", "value": "T1D4D46B2271DE4073CC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919757, "uuid": "39a6e8b6-58c7-4c3a-b696-e385271e3d68", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919757, "uuid": "57c06e63-6096-4f73-aeef-94f7c639392a", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAu:WRO5DDUmhnspspsqi022/OByw+iVifMb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646919757, "uuid": "9441a371-5a0d-4eae-9a4c-821427a665a5", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646919757, "uuid": "14b4e43e-1b0c-4b9d-b25b-6d14bc92c58f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919757, "uuid": "7780a7fe-c9f1-400f-b1a0-a7983d09a430", "value": "5fa7e32b3f51d65012d8cda5ca5d0895", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e9f69ba-a05e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908771, "uuid": "0cc16f43-b619-4b59-bb95-6a589812f8fa", "comment": "Malware payload (Heodo)", "value": "aef9bf163015d266c079d216c9f39759", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908771, "uuid": "e7d9d0fb-f6e3-4aa9-8b00-1b23c71ed0f9", "comment": "Malware payload (Heodo)", "value": "3a347533fc183fbf4a176ef42ef3b97cc2d1feebe57135fa30d3265e82ea4032", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908771, "uuid": "0a3b6198-115b-4682-a59d-63e00eb6879c", "comment": "Malware payload (Heodo)", "value": "0e5e098968c9d0088b8eaabce7e16d20d21d99a3", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908771, "uuid": "cf137787-0f76-4c2a-acf4-44db68fab7c4", "comment": "Malware payload (Heodo)", "value": "ae0a4191862c2f6d7f1bb7c458727ab32afc6201f4d6c1167cb4cfea2bdcf400b04cf6a1938bc70272a2d4b42c70d3ed", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908771, "uuid": "5b346cb8-bccd-4300-a7c1-80f1ad8b3241", "value": "T1E423D129C560A81CC73E4C7582105AD272097906D9D9EB9A3585BB0C3FC2BFB53EF9C9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908771, "uuid": "46d7e5ec-0b46-404e-98c9-a933f0d3cbc1", "value": "768:6eoPDOevZCwrvtQazdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Uh0VU2etZF:poPDFtT5fTR4Lh1NisFYBc3cr+UqVUJ/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908771, "uuid": "357e6274-9e64-44b2-84a5-8c67a57d221e", "value": 47638, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908771, "uuid": "d0af3987-2ac7-4b49-a111-023002fafe8f", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908771, "uuid": "2275cc6a-cc18-440e-9fec-492f44af21d9", "value": "Change of Address.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ed4dbaa-a0ba-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646948312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948312, "uuid": "a9dc4258-5383-4c15-b7ad-be0ee66978f8", "comment": "Malware payload (Mirai)", "value": "ec20c0a2781e1a1e96c6c8601c37c550", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948312, "uuid": "e1374eed-2aba-41c3-93fe-2d55639c7644", "comment": "Malware payload (Mirai)", "value": "3a39b1b023fb5f3178b78a20d2feedd22232d922f72bdf7a772ccb656d5bdd02", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948312, "uuid": "7ae0a23e-6409-468c-af35-c8aa4ce04220", "comment": "Malware payload (Mirai)", "value": "553bf5b7ac93226440abf04f1d0f9961ea5e292a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948312, "uuid": "1f25b022-3117-4bc9-b62b-1c9cf2f3fa2b", "comment": "Malware payload (Mirai)", "value": "8ebaf2a9a6e418fe9809ebb3c1d9d43ba74ee0ac24cbf391f72e9470ba7aae6d3e7d43a36482ac829db3e1c708ee7513", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646948312, "uuid": "be7b56f8-6372-428d-ab71-a2a478d51a32", "value": "T182431925AD792E26C0D8B57E11F78724F2F2620E25B8C65E3C721E4EEF04740A5537BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646948312, "uuid": "e68f14d1-cc24-46d4-99e1-fac05ff287df", "value": "768:eLobAxU6q9Hfymp0xginuYvCkLB6WsTwIC1DQdszoDaS0O+DCD+:eL0AxvSHfymp0xgunvCkV6vTMDaul", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646948312, "uuid": "79d0e95d-0eab-4e0b-b30f-ffacca2f704a", "value": 60412, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646948312, "uuid": "72e11cd6-7cd3-4b79-83fe-17d92a734a51", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646948312, "uuid": "a83e4162-f12a-4b92-bfe3-7de0b7867161", "value": "ec20c0a2781e1a1e96c6c8601c37c550", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07907563-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646903471, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903471, "uuid": "68323a74-4d2b-4f60-8691-818090d85c3a", "comment": "Malware payload (RaccoonStealer)", "value": "cc2c7b2d0d68f9c6cf68eb7c31d8c514", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903471, "uuid": "68ff5a2e-17a7-462c-be90-33d161807761", "comment": "Malware payload (RaccoonStealer)", "value": "3a85d02695c8ec33750b5754a1beb81276ab9cd6afd91f38af67444a8a4509de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903471, "uuid": "1b066672-46ae-469c-9f28-6a2a32f45912", "comment": "Malware payload (RaccoonStealer)", "value": "65f066c9116ce907f147b1e82bc08c142c0fb591", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903471, "uuid": "a425abe4-8a28-4ba2-b01a-515f0ebab21b", "comment": "Malware payload (RaccoonStealer)", "value": "f06af5d5c42a55acc3e3f32cf7d99121866727d34470a7cc2afa4dafd51a7830bd599917a362b6fae986070739201204", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903471, "uuid": "8a596f31-56b5-411b-941e-8c57d0b3f8b0", "value": "T1F0C49E76B56180B7F17200B0AE6CABA1167DBC7059324DA773CA063E4FB05D19732A7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903471, "uuid": "aea7080b-09aa-44f5-8a6e-ba46d1f39ffc", "value": "32006b4f5f2216b7baee1433a001f6f6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903471, "uuid": "8961d1cf-39ee-4a53-92ef-ae0a06a39749", "value": "12288:37AVwypN9NnwDLaDHZoFBHq3Ad4Dqo3XWRsauaaqCuJ58Gf:rkX9JwDLaDHZoFs3ACcRQaafnGf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903471, "uuid": "e9dbdea9-4df7-4566-80ef-673af30c202c", "value": 590848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903471, "uuid": "a542f8e2-5995-4184-abda-29fde675d5a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903471, "uuid": "f4d6210c-be96-4afe-8497-c715086f1e91", "value": "cc2c7b2d0d68f9c6cf68eb7c31d8c514.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "778f6811-a06b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646914396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914396, "uuid": "eecd4cab-23d9-4148-bcbb-bc74f7679cec", "comment": "Malware payload (Heodo)", "value": "8589c51f45bce2c9600b9e564b39feed", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914396, "uuid": "9e67a2d9-18a3-4e90-85e9-7e88ac465b9a", "comment": "Malware payload (Heodo)", "value": "3adb04f85389fdbc1751b757d9bf46265b9e1ddd8bd2c5c65ca8ae7525aa724c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914396, "uuid": "59e22d64-6d5a-4917-ac17-ef8e78f65e25", "comment": "Malware payload (Heodo)", "value": "4bd9b54515c905a9bc0534880d4b8b668faacffb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914396, "uuid": "1cd56328-1da6-407b-bb3e-5050592e1af2", "comment": "Malware payload (Heodo)", "value": "dc095e04cbbcb419d1b37bebb535345a62683af338d91731e1f204f3e3ee19dfb19db94308f865d1179363b6478dd768", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914396, "uuid": "58e6d0ea-3b67-4693-bcda-56ab21dea4c7", "value": "T198D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914396, "uuid": "c1469625-61d4-425b-8882-3150cf546d16", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914396, "uuid": "7f379e7a-a1b2-4384-b24d-94dba59fc463", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArA3:WRO5DDUmhnspspsqi022/OByw+iVifM2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914396, "uuid": "e90b9ca3-8fdd-49e3-b455-64cd7d48f3f9", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914396, "uuid": "f800d57a-ad90-4cbc-91b1-c4c884170488", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914396, "uuid": "aad57fa8-d3b0-4a7f-99fe-55acf410b6f8", "value": "mqa0 (1).dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f54bdb64-a05c-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646908165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908165, "uuid": "89e80699-e1ed-485a-b07e-a4dc1a8ef92f", "comment": "Malware payload (Formbook)", "value": "1216baf1163100675d8854e5baa4140b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908165, "uuid": "b6a380d1-8582-4ae6-ad63-f7febbd66c75", "comment": "Malware payload (Formbook)", "value": "3aff0b3e7195005380f87feb7753190fa70cd885d10721e2fac690eb41690f2b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908165, "uuid": "c30756f3-6549-4137-8815-3c550d217e1f", "comment": "Malware payload (Formbook)", "value": "a4fff395b9ff3c8077a4001484dfadb758fc025d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908165, "uuid": "31b8ed7f-0fda-42d9-bb5c-4037fda5ee76", "comment": "Malware payload (Formbook)", "value": "343bba8420253a7028b3ed2dce81bf2b28df410a69b9917235da7303c39e17cca87e60af5c16d842182b52344365af4f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908165, "uuid": "1b2de946-213e-4394-b9b8-2cf1c5bd75d2", "value": "T12E25DFE2BF5C877EDC04323BD0E904701EF55A8A3821BF19AA8D42DD4A57ACF19A741D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908165, "uuid": "d9a48ae4-943d-454b-8ad9-755e71a77170", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908165, "uuid": "0b11f5ea-81bd-4c50-8539-a3e36395b63b", "value": "24576:AWHx+tiqkCcTfbdKUn66Sktx6KslveRm:AWwcMz6Sktx6KsOm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908165, "uuid": "22bb7ce7-257c-48e1-950d-89a84ac089c9", "value": 1029632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908165, "uuid": "8d0e27f2-c06b-44b1-affb-8e5d71c2a963", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908165, "uuid": "cab88e94-c63e-4f9c-8333-31a2d70a50e2", "value": "1216baf1163100675d8854e5baa4140b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49819736-a0b1-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1646944384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944384, "uuid": "1f79b894-2817-4147-9aad-6d7936e0b4c9", "comment": "Malware payload (RemcosRAT)", "value": "8ae17a83847dc996312ca5bc27d2b9f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944384, "uuid": "d871dcdd-f055-4069-939f-faa837c6fa3d", "comment": "Malware payload (RemcosRAT)", "value": "3b526bcc7af2bf1203446d5399af7d5ba9bb648ce9481e3286a52a67935d660a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944384, "uuid": "9a39a3ff-508b-41b8-8f17-479e5934c267", "comment": "Malware payload (RemcosRAT)", "value": "259bc50975338fc69b41cc04e12fe915bdcd6f1b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944384, "uuid": "c73f86d5-432d-4e75-978d-a4c1a31fc7a9", "comment": "Malware payload (RemcosRAT)", "value": "09669e3c53211baf12ddbbee848c4eecffb5cc185c8b2df1fe88e5c7f1955eb83cd2a28c5d646f0b8a91395bc4fc4df4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944384, "uuid": "6980b923-293a-4dd0-9da7-8e058025e870", "value": "T15645D02723C66B50D07EAB74A138588453F4660BE711CEAE7CD502FDAF21F4A6723663", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944384, "uuid": "0a3f6bf4-903e-4ab4-a42d-8ab302825874", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944384, "uuid": "a1ca17ea-885d-47ce-9c19-5ed8c5ba3037", "value": "24576:9OloskqcjhLcBYWT9mKQxNltN5Vorq8x4++/H:gpc9LcBLT9PQRtvVoWVh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646944384, "uuid": "f0d2c584-d030-48e2-9991-028c71c6199e", "value": 1178360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646944384, "uuid": "c5823ea3-7aa8-4470-baea-c8c4b8a051f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944384, "uuid": "eacb8192-9be2-44cc-9d05-04db9d50906e", "value": "Total Integrated Oil & Gas Company Business_Patricipation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42d695e4-a054-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646904430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904430, "uuid": "aae50fdf-f56e-4a68-8aaf-390fe9364dba", "comment": "Malware payload (Loki)", "value": "521384cb8afb8d88f3830064ba36170a", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904430, "uuid": "7d83c9c0-efc1-4912-9c3a-f91c4d38658f", "comment": "Malware payload (Loki)", "value": "3c32b0e13f06fc3574ed13b4396adca362583241255bd0b0cffc36065a7d5e07", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904430, "uuid": "11bac48e-96be-498d-be6a-7732faaab289", "comment": "Malware payload (Loki)", "value": "e75d78a9efe6d1d4aaf45227ae49f77930e5a839", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904430, "uuid": "888b6996-5a0e-45f0-a3ba-4862de730f76", "comment": "Malware payload (Loki)", "value": "9abf11b5a92569375ae3607082e82e1b20a0f63cf072420ac8c19dc31fd95650cf8fa96f3c22e040819803b860c67702", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904430, "uuid": "248aae0c-8106-4a7f-a6b2-bbd1d51f674f", "value": "T12F14013C6AB64562F2A956323F43D662796CECCA0C72D113F57D72C48C79AD4039A3A3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904430, "uuid": "58281051-7614-4c8d-80dc-7d8e49be227e", "value": "3072:9uND4O9BTJ67FvVo7vBgy3BDpgHHLuUNeFVtgI2PwZZW3WGOugHVAhgNF8Qsqa:o+OrThey3KUFQI2PSZW3BOzHVsgUQst", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904430, "uuid": "2eb062a5-b36b-4f93-b612-83f8735d1220", "value": 190936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904430, "uuid": "7f19940d-a297-418e-9c8b-ed7c376671c1", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904430, "uuid": "404bc4c1-218c-4bb7-a14b-9341d1e69967", "value": "pvu-20210850 USD.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf121611-a072-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646917550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917550, "uuid": "ea50cbdb-fa8a-4a4d-81a3-dc75fb5d97a8", "comment": "Malware payload (AgentTesla)", "value": "309bb64280ee826fed74bb3c44bab5b1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917550, "uuid": "57e412b2-eb79-495c-92b9-5b16e6970f88", "comment": "Malware payload (AgentTesla)", "value": "3c70061451cf00c64949ce8770e9ed0be7e561bab70b187f624a275e04d029c8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917550, "uuid": "030dd9f1-849c-4ec8-8d6c-6402c860b067", "comment": "Malware payload (AgentTesla)", "value": "87a8b99450da5057820ebe36a59fce5976f2cfaf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917550, "uuid": "cd58206f-6e5e-4470-a687-a24842c6123e", "comment": "Malware payload (AgentTesla)", "value": "a6b4d6639ce6d89d0a01514ffca1be43283e884e64e57ff903ab47412af39aa98724416ef42b142e64db2c034685d721", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917550, "uuid": "852f5532-9fea-4330-ab2d-8a595fb69d9b", "value": "T10A25CFE1FE4C867EDC10223AC4E944701EF55B8E3822FF5AAA8D01DD4A57ECF199642D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917550, "uuid": "d1cd2570-afb4-4881-8c1d-6d939ad5fa64", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917550, "uuid": "2d06664d-1f7f-4737-a417-80240e957c9b", "value": "24576:Vx3q/eA2Rt94mthwoJ9TSdUnFA4Us/2soA3Qe4g5CO3:42Rt94yhwoHSdUnm4t/2sNAe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646917550, "uuid": "36e17409-3aaf-4e4e-ac74-1efd0c894925", "value": 1051648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646917550, "uuid": "30bbeae4-9e91-473b-842e-f72990694469", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917550, "uuid": "77085bbe-9b35-491f-91f2-07e5ad8f1ede", "value": "BL 236125209.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eca7abdf-a08c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646928766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928766, "uuid": "56c89e80-3c80-465c-87a2-96400093c17f", "comment": "Malware payload (Heodo)", "value": "59312b7faa6f23e7e2c8bfc375c360d6", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928766, "uuid": "3eb3e161-0579-47e9-8949-9e5b39d213ec", "comment": "Malware payload (Heodo)", "value": "3d1237d4dbca48d0807fc0127ad89e66c9f114460c2cd32586da9ff160d4d2b8", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928766, "uuid": "8e16ee3d-f93f-4ad4-814b-ab0d69455a1b", "comment": "Malware payload (Heodo)", "value": "9687be8b79db19723a704430f604e3a17c316885", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928766, "uuid": "7e8dc5df-2d77-4b62-9518-d04d8ce78c0c", "comment": "Malware payload (Heodo)", "value": "fa865128b0c9a8cc14054ae2ed35cf809cb5c4c907690f53d84f160c6ccd8ad3d0c33611fb68572ee9bd8c334ee50273", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928766, "uuid": "ad7764ab-4596-431d-9a07-86e474435bca", "value": "T1A933596B96C4743BCE138C3D8E085B997D5B944260C09B76CF4CA69C7A8F5B50E4B0AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928766, "uuid": "2339f2a3-d500-45de-83ba-9376a831b2c6", "value": "768:KICkZNRvmHvnQvlSQHAamYDSmPq9A3Bj9DLC+9uSEcmQThnuG3KC0VfVhC:KItBvGvQ8ncDSmSIBlGeuSEcm2h0HVfm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646928766, "uuid": "5296dbf9-eb93-4bc1-8e35-37282168e16c", "value": 52699, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646928766, "uuid": "27276d6b-fa24-455c-8897-a6deac11077b", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928766, "uuid": "e5ae3ff6-78b6-49ef-b1e4-093eb96c921d", "value": "elenco 10032022.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ba66d77-a077-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646919396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919396, "uuid": "e29516fc-ce7f-4be8-83ea-dc0862428647", "comment": "Malware payload (Heodo)", "value": "79900d00b8170096f35e4ce1b8666b1b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919396, "uuid": "6fc0a295-ab27-4ed1-821f-130fb4b78989", "comment": "Malware payload (Heodo)", "value": "3e82864afe94d3c0229eb980a61b942c2a15f00231ade2c1361acadae83c56ed", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919396, "uuid": "f59307d2-18da-4ab0-9df8-89a7faea83ad", "comment": "Malware payload (Heodo)", "value": "ba492262d99bc07afb306601e44bde02caf45b79", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919396, "uuid": "e8e9a5dc-f52d-41dc-8922-383843a24fcd", "comment": "Malware payload (Heodo)", "value": "b10c5def2a196df1677f07a3daa476294b129100d73d5c5464bb6368aa8fe6191586cb11840fcf687a058ac22331a3de", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919396, "uuid": "474a877e-f1ad-47cf-91fb-f88026c5d35f", "value": "T1F633596B96C4743BCE138C3D8E085B997D5B944260C09B76CF4CA69C7A8F5B50E4B0AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919396, "uuid": "2053929a-c37d-4680-b807-100a8c28c9e9", "value": "768:6ICkZNRvmHvnQvlSQHAamYDSmPq9A3Bj9DLC+9uSEcmQThnuG3KC0VfVhC:6ItBvGvQ8ncDSmSIBlGeuSEcm2h0HVfm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646919396, "uuid": "0cbe3269-6ff3-425e-9e86-723429fec061", "value": 52699, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646919396, "uuid": "4038b8ec-bcd2-4d90-948a-8f064f4d47de", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919396, "uuid": "8146b842-f114-45b8-b1eb-76de88d0eff5", "value": "senza titolo_32362547562.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77759e0c-a063-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646910960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910960, "uuid": "af197920-c5bd-4a7a-82cb-075ae3029001", "comment": "Malware payload (Mirai)", "value": "f98a69c09c099f641adf60e9022db861", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910960, "uuid": "aaf9605e-de76-43c9-b6e6-963ae8396229", "comment": "Malware payload (Mirai)", "value": "3efe76b3e07d094cb1d59eb126593ed9f974d829a8cd643f8584c3ebbe987b3c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910960, "uuid": "2a498569-ce7d-406e-811f-bd19b98756af", "comment": "Malware payload (Mirai)", "value": "cbf043fbbcf34b7a010b18cf8b1421cfe9612bab", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910960, "uuid": "67c10c9e-8c26-47b4-a693-624bb32f2136", "comment": "Malware payload (Mirai)", "value": "8ce751ac778250f4d99c4f834f0377a41c7c9b92fedf6403a3b4febc723f9f2292d02067eac6c0a1443b6c434afd1f1d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910960, "uuid": "0f9ca129-db81-451b-aaea-20b9ab36d109", "value": "T1DF93C7297E628FBDF79D823947B78E22964837C637E1D581D15CDA005E7038E241BFA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910960, "uuid": "d17089ed-1a85-4963-bfd6-561c5335739f", "value": "1536:pK/ypWEnzHo9VumkNUYe30vPWIqGHyCPDkY6ss04o:I/ozH2FF30X3q4PD/6s34o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646910960, "uuid": "35b5c6d5-6770-46e8-947c-184b0cfd1767", "value": 89412, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646910960, "uuid": "a8a217be-1bc2-4fef-954b-c584d108e88d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910960, "uuid": "5b52ed67-79dd-4c0a-bce2-c66ff2a1bfb0", "value": "f98a69c09c099f641adf60e9022db861", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c05e59a-a094-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646931960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931960, "uuid": "6dcf8f4e-3752-4002-af4b-4884cd0f30a8", "comment": "Malware payload (RedLineStealer)", "value": "c0eea526ad748f64b0af3f1c9b9bb538", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931960, "uuid": "ab79f69c-fd5e-4fb2-8bee-4d7e75ba4f53", "comment": "Malware payload (RedLineStealer)", "value": "41659438ff4756d8e8cac92ee3af93221e117740aa11b38f580a5ea9a7f6fbe5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931960, "uuid": "8a0b6004-c99a-4a08-a6f0-78286cec09c1", "comment": "Malware payload (RedLineStealer)", "value": "551d6877e9fbcfec8be010690b57f2aa84294337", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931960, "uuid": "b379efee-f2f8-4e00-aa57-f7a8d7395484", "comment": "Malware payload (RedLineStealer)", "value": "e1cad5ab387447fc6a4e9464cdb3a9335e2b232a237f98102633c539f097ec948adaa39db23773300d82972994b2aed4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931960, "uuid": "873ce07b-d5b3-48b7-8baf-d2d9d395cf3f", "value": "T191457D63B3009DF4E56D09B14A5AC9B005A07CADDAD5462E31CCFA1E99F335224FF8DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931960, "uuid": "1d9ec8fa-2814-409c-b9b4-541d6ecce950", "value": "c10c9c865aa8fe5e8d1e2f6506fc459c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931960, "uuid": "00cead3d-2c66-40e9-a5e7-d5cf93709bc9", "value": "24576:yBVYKlFlJVAtQHLkqyO/LedmbLku61qrFQBN1KllZJ0pAp:87/eQHLkqyoKdAku61KKBN1rpA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646931960, "uuid": "13c46927-2dd7-4be6-b1b1-d5aec85b09b1", "value": 1270640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646931960, "uuid": "49db98b4-1cb7-40aa-8c5e-d19387c22db2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931960, "uuid": "51fd758d-93c1-4cc6-9fd6-1a41f3e165af", "value": "c0eea526ad748f64b0af3f1c9b9bb538.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ca29cf4-a005-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646870569, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870569, "uuid": "73534a79-46e8-4b71-a1bb-b85a7af65a99", "comment": "Malware payload (Heodo)", "value": "0ee2318ad2e98d1072b12456ebd47cde", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870569, "uuid": "4915cadf-1aa9-4417-a01e-7c7a11a63c1f", "comment": "Malware payload (Heodo)", "value": "421f4f3531173626652688c1f948b8b4f0a13086ecf23c596803a1f5ee5577c1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870569, "uuid": "839c269b-6c8e-41f5-9d52-419929f1768f", "comment": "Malware payload (Heodo)", "value": "a87698cb1f0bc62d664105d73f7538fc25e64d15", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870569, "uuid": "2f6a26c2-4e63-4ffb-a0d4-5dd844092a32", "comment": "Malware payload (Heodo)", "value": "e988d8fa4406e6a61ffe0ad445271cd2d19c295830fa0426cc01dbecb967e6e10b841422d0e3c88ab24681193781dea4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870569, "uuid": "61f11222-1c4b-460c-917a-4a5a0f650595", "value": "T1FC156D113781C037C11B3C3286AE937E62EA9A314FA5E6875F9475BD8E345C2DA3DB06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870569, "uuid": "f0d51f93-f31d-4968-a185-0e131c394cca", "value": "a517173f90c43414bccc160c37653529", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870569, "uuid": "bc92cb9f-eacd-4ed3-9464-adf325b25ae9", "value": "12288:4mZ2fbGh8Nggu3uTkIKD56pInvq0fPJ7/2fdwVW4SGPje88koKiaCx:4Bu3uT5KUpInvPfodwVW4SGf8kiaCx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646870569, "uuid": "ce89b38b-7167-43e9-94aa-39299597abf0", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646870569, "uuid": "58e2b8cc-f564-4573-9971-4c3707a4bcd3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870569, "uuid": "0d2b2cf2-4390-4717-a655-9c96b29a79e5", "value": "emotet_exe_e5_421f4f3531173626652688c1f948b8b4f0a13086ecf23c596803a1f5ee5577c1_2022-03-10__000244.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "891eb423-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646905406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905406, "uuid": "86576efa-89c4-47e0-a1f5-c5db5190bf07", "comment": "Malware payload (AgentTesla)", "value": "889cb880f0a28ffb6680d13ae1831b3f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905406, "uuid": "2a3ad2dc-fa0c-4d0b-83a3-6b22b7acefb8", "comment": "Malware payload (AgentTesla)", "value": "4289e800d7ba2a404abbe36ce06bb88d6d5d8bde0e5b77c8505922b3844a0f32", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905406, "uuid": "93505c7b-1c7c-44d1-bcd6-6da73afcda50", "comment": "Malware payload (AgentTesla)", "value": "f11dbd0a90eb2f84653b765ddcffaff640c40754", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905406, "uuid": "7fbf3541-c042-47ed-adfa-d3b526086eda", "comment": "Malware payload (AgentTesla)", "value": "ae10a7501264167383f4b311a6456eda413128dab1425e29349bc3058d4b33259f3fa4095a410e37bf5e95e990f09199", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905406, "uuid": "8385f117-67de-4b4a-8d4d-f26f0e44921c", "value": "T1B735BEE629FB501DF377ABB12FC8F8CE986AEA73151A30DB11520B768513A80CD61735", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905406, "uuid": "8950b6e2-38f5-48b6-8daf-36551520d969", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905406, "uuid": "9bb16445-93b3-4e6a-8767-7fbf670930a7", "value": "24576:0fuXD5kPIPvAMnmezJsM8SXD8B7x8gouE9/SO/w:0fuXD5kPIHWef9Dm9zG9/Sv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905406, "uuid": "4eb8215b-50a2-471d-8df7-b6a79559d097", "value": 1101824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905406, "uuid": "33d7a1ce-78f8-4e50-8286-420b6dc5fbbe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905406, "uuid": "f01aa17e-d6a7-40e4-a53d-c275b04ab5e7", "value": "ORDER FOR FU.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b187b78-a03f-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646895558, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646895558, "uuid": "7b2ef640-eb81-4c1e-9e94-3ce35b3deff6", "comment": "Malware payload (Formbook)", "value": "3f478b3fa5b2fd7c7423b45c8751f0e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646895558, "uuid": "713c2d47-cd3b-4c00-b32c-4f9a8beaf69b", "comment": "Malware payload (Formbook)", "value": "4298983d15dde34ec4c506a769e68c6124b9a0cfe22b73d720b611324bd6a8f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646895558, "uuid": "9490ddf3-89fc-4c01-bdbb-ab789360e7ff", "comment": "Malware payload (Formbook)", "value": "5a6bf8477e643206c22223eac51bba9f68285bc9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646895558, "uuid": "805c53e4-b7d3-41db-acb8-24a9e319f2cb", "comment": "Malware payload (Formbook)", "value": "84962a9a29c3408662925b889893efc9175f2262bd528b4e0cbcf96bc865848bd22772b06078f956951c48ecf962daae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646895558, "uuid": "45e4f3a7-26fd-486c-bf84-b4ba0cafc14b", "value": "T11FF46BAD322135DFC867CA72CEA81C68EFA07877830F9217905715AD9A6C997CF144F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646895558, "uuid": "bcecc961-a8e1-4c3b-b7c8-743d105a2d52", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646895558, "uuid": "e9d9ed8c-7893-4e61-9c2a-2c6c5ba1aeeb", "value": "12288:mleltJEEEEEEEEEEEEEEEEEholUI8s0zOn4vWxCtJ/xIwiXs7uk4oPYwKX1/1umk:mlel7EEEEEEEEEEEEEEEEEO2U0+4vW0S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646895558, "uuid": "1d9410da-b87e-43b0-aede-2b936179882e", "value": 744448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646895558, "uuid": "e2da3d1f-4ccd-4500-9003-63ae4c8172f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646895558, "uuid": "ae418cb5-df6f-4686-900b-805d3559941b", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e637aea6-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646920166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920166, "uuid": "a1e9e171-fcb0-4936-956d-1dcee9320a6e", "comment": "Malware payload (Loki)", "value": "18e510c9d9cdde60afaaeb9994f7a805", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920166, "uuid": "586b3947-0b01-4ab1-a5bc-5686f7415644", "comment": "Malware payload (Loki)", "value": "4309ff34bd00c8f514a9633c1a89b34bb3821efc66a13b9fd960d5e4f81d186a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920166, "uuid": "ea69ab96-0a7a-4d95-a871-f35abee603fa", "comment": "Malware payload (Loki)", "value": "97e0ee79d70ea5994b7ced192811a4b7bcd329be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920166, "uuid": "5bfc38b6-9960-4523-a619-8d567959f2bb", "comment": "Malware payload (Loki)", "value": "227767bbddfdaef4113a373006cdf0f3e3299c80fa2b5d4e561528428657264cabbc566cc5c06ec5b3f146d1fd27d58f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920166, "uuid": "6ec3670c-b00b-4145-98ca-858b8ad02e16", "value": "T10B158DE629EF505DF337ABB13FC8F8CE996AEA33151A20DB14521B368423990CD61735", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920166, "uuid": "e739c550-e359-4377-b7a5-8ee0f10f95fa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920166, "uuid": "a090cd7d-1a66-4fa7-a6f6-7ba0d81ece5e", "value": "12288:FtYZt3Zy3WD5kPOcc1acwLpNhK6wJkA/Y/BCnsYseJoeWsCYMTQBE9bW3I:FID5kQWs6w+eI1YseJaT18I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920166, "uuid": "6b59df09-72b9-4118-b988-c16ccb166631", "value": 880128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920166, "uuid": "b43948f9-3ef8-4708-a9be-5b63387b47b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920166, "uuid": "3740c6e3-9971-424f-b801-fd3c11295c45", "value": "wininit.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3be2a87b-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646906995, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906995, "uuid": "cae4d290-c2ce-4be7-b600-8cbc4e9d7dd4", "comment": "Malware payload", "value": "301a61d5c82efbd367776129fa545836", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906995, "uuid": "fd3d8598-aa0f-480b-997c-4ddced2f01db", "comment": "Malware payload", "value": "43463b984fd865b34fc31e6800f03c98192ba97ee5d458f07976685a2be7227d", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906995, "uuid": "6c63b198-bb01-41d0-8e4e-5d2557b8d793", "comment": "Malware payload", "value": "81a24d638d5a75610910260bc9147d8b86b131c3", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906995, "uuid": "70e9fd6d-18af-433a-a105-ffe53fdace2a", "comment": "Malware payload", "value": "f72d271612bb5d8ab40609d3d9c3d8e79905e5ae9aa75e5d7f1a4df474be82d1dfe56acdcdc40714030a4057e056e340", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906995, "uuid": "9593b113-11ec-4113-8a69-88d6a6c936ac", "value": "T164F55B27B285653BC06B0A3A9937E73C993B6A7D25168C5B5FF0488C8F359413B3E607", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906995, "uuid": "6fec5777-c2bf-4b6e-bbb8-f281866a4f9b", "value": "49152:DRoe4yvjikpoSFUKObDuubzNmxKTt5rvGYJ3A:T4cEblbzI05LGYVA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646906995, "uuid": "0b68aa8b-11bd-4f5a-afc2-03d58378d177", "value": 3428864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646906995, "uuid": "d05a726f-9f06-44f1-b504-0f618f531d53", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906995, "uuid": "22b2b3c2-f1e4-475d-aed6-e434b24d4ed6", "value": "___[eimb.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7946366f-a06e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646915688, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915688, "uuid": "4474b335-be4e-46ca-bdb2-4837f84ec84e", "comment": "Malware payload (Heodo)", "value": "89b1ccbfbf267dbe46380487f2111cd2", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915688, "uuid": "a15d7ca5-c183-420c-8fc2-165aaf6c897b", "comment": "Malware payload (Heodo)", "value": "43e04ccb35385fddd9c65c38070331ee0bf3932bbae93c571efa15ada6a3b127", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915688, "uuid": "5db5325b-fc0a-4cec-bb84-e5a82b24f706", "comment": "Malware payload (Heodo)", "value": "6aee35dda7f64af2d36dc9440f38fc8b712a4f1d", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915688, "uuid": "992ab395-6462-49d5-88d0-d23c63a5a8c3", "comment": "Malware payload (Heodo)", "value": "6001cf668cdddfd40f61519ec3fedbe9ebf595375b7b379b314aa6ad2d70432a15944c5b2dc414370c83038034ab9915", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915688, "uuid": "9f1575e1-5cf2-4750-8997-4e7e526a61b1", "value": "T13523D01CE892B92DD3329D78C51852F4A60F23CE5054B16B1684F20D7F4BAE7478FA5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915688, "uuid": "2752c93f-8938-4dd6-9d82-2377ecc35067", "value": "768:y1kICkZNRvmHazrfRmUOcIIGq9hqN6994E3ewNXz8OP6AQPHWZinVd0VhkhB:yKItBvGazLRYIzhqOisNz8OP6Tein0Vo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646915688, "uuid": "3e12b7ff-48ff-4768-8be5-5730f477ef44", "value": 45763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646915688, "uuid": "3c61affb-7c55-4439-93a1-0b0c0bca6d64", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915688, "uuid": "0d07f880-b402-4117-993e-cf99c78f35b2", "value": "DOCUMENTO_1003.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1010081a-a035-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646891030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891030, "uuid": "603814aa-417a-4451-a3db-a08dbdd2cacd", "comment": "Malware payload (Mirai)", "value": "39346aad0a1967a855d5c85ecd8969c3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891030, "uuid": "2944175c-29e9-4bb1-bb2a-df13bbcea487", "comment": "Malware payload (Mirai)", "value": "4605d8840d4d9e69d57c1cdb1f8c7d41d622a3f2dacebac19535b2c5305bf48e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891030, "uuid": "74242df3-c48d-43fe-928e-3309eacae8f1", "comment": "Malware payload (Mirai)", "value": "9d914a6b73b43ec010106596cba170afc001eab9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891030, "uuid": "27b4a76d-9909-46c4-b790-56f0479bc01b", "comment": "Malware payload (Mirai)", "value": "ee15330b62d25b7973d91a6d5c991d4e5f24ec9d513d7664033a07fd61cb0d9ff1f9bdeeb108e8dc9009f99f5070bb50", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891030, "uuid": "8e298050-f279-453b-a321-701a8ec52d3b", "value": "T1AF032A96BD818B02CAD151B7FF0F828C77265398E2EE3303AD296F1177879660F67506", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891030, "uuid": "4eaba990-ad63-4d90-a4bc-0873092f38fe", "value": "768:xQQni6d7eTgwL//HETYBMo/ILGcIHHH/56vpKm13vZYKTI:SP6dq8wL0Boisn/56v4mtZhT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891030, "uuid": "f02b4fc7-c58d-4e32-92b4-d1e0031632df", "value": 39568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891030, "uuid": "6f9b6967-10ca-4c85-9b01-2f5dbf45284a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891030, "uuid": "e9770c3e-d7fa-4e70-9293-38dac5941bca", "value": "39346aad0a1967a855d5c85ecd8969c3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "053e4c26-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646905185, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905185, "uuid": "0b3971fb-1acf-408d-9ac8-bf18c74769dd", "comment": "Malware payload (Formbook)", "value": "b067e0f1ecea872635940a171d328e86", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905185, "uuid": "2184c278-8cee-4c9d-8a10-157e7bc1bbbd", "comment": "Malware payload (Formbook)", "value": "46e87bcc7bc1edfa99739159e8e4e529d5d4a0cac3df8aaf55da03102424feef", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905185, "uuid": "8ab63890-44c8-4282-9fbc-1d8c0999968c", "comment": "Malware payload (Formbook)", "value": "e36c3edf1694857eb64da461098d20b28d6e0348", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905185, "uuid": "3fbf0593-30e9-42da-b55d-41961e3dceb7", "comment": "Malware payload (Formbook)", "value": "fc15f5399017a20b2c74f542eb77a21bffe06a0d4892ff68c34d29855cebedbd8621c94ac135e88ce2ff290306bda917", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905185, "uuid": "11902f42-7bd9-4940-89d8-def5f1f76ff3", "value": "T17014120977492FAAD87179F00EBBD7C522E0EFC03A6AC2A6F5413B4F1A35CA54971781", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905185, "uuid": "b6e67428-4e5f-4679-a779-461e13e0335c", "value": "3072:WBE7oB70j3nE/afP7PDKQ9UOHyny6kKxOC7uTkMn62MulF3bEbu/oq/CRLe3xOq0:6B70jX0WTeQ9UkIy6NP7uL6QFAS/T/Oh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905185, "uuid": "263f10a2-d045-41a8-9e0c-3fcea2abd8c2", "value": 191144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905185, "uuid": "8dee47c7-fb5e-4222-97a7-5a31427232a9", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905185, "uuid": "6f76f892-de5c-4bfd-be2d-fabbd5b99f7f", "value": "Permit & Commercial Invoice.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f373b39d-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646903867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903867, "uuid": "a2de94f4-7dcc-4d58-af46-2ba55d3dfad5", "comment": "Malware payload (AgentTesla)", "value": "dae526fe64367cc5d5fdcedce4f388f6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903867, "uuid": "62bf9f9e-5597-4f22-bc7b-f8d52db63d3a", "comment": "Malware payload (AgentTesla)", "value": "47db05d5b9885b7431f862e632781d90691f2b59c789bfb36eb2083955fd3342", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903867, "uuid": "8b13ce3a-0ecf-41e4-9137-755704c5b39e", "comment": "Malware payload (AgentTesla)", "value": "922135656a64dae17d6eaaf6839d5235caca3ef7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903867, "uuid": "4f333fdb-ea30-4869-8ec8-8e4fd201c979", "comment": "Malware payload (AgentTesla)", "value": "c119a6a500fdf4e4ced922238981a01c999c63c49dbec77d7d644800dd46243cc248aad817fb8cab120c13632a755a1b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903867, "uuid": "bac161cb-729a-4e0b-b2d7-e29b3a112948", "value": "T11315CEE0EF0882BFDC14A27AC4E848B11EF55A9E3410FF1A958E15DD0A57ECF18E652D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903867, "uuid": "418a759d-2173-4d35-9e7c-d6ebde8e6ba1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903867, "uuid": "bbe20d5f-d867-4b56-bb0b-f27be5e0b710", "value": "12288:9bx+zS0ESHSB+l7yv2HGengr33cfCqfcbdg8YmFh2EfA2jVfkBjcSz1NOwlz:Vx+Swyd2HKOCXVYmGkPkB5z1Nr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903867, "uuid": "c6027785-67e1-4598-90b4-6d91819bbaa3", "value": 884736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903867, "uuid": "aab0e7d6-9a50-47b0-a08f-3929f9161c94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903867, "uuid": "c95aa187-d907-4cba-bee9-40d500dae199", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e90f8cc-a05d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908234, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908234, "uuid": "3971e8a7-37e5-411d-9c18-c2b9a78c056d", "comment": "Malware payload (Heodo)", "value": "553a2b22a403d8f478824047c4cc10b4", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908234, "uuid": "a9880e96-9468-4436-97d7-9fd3dfc8acf8", "comment": "Malware payload (Heodo)", "value": "48a97dbc9e5fe13708d21d5c87c7b661634898615d123c9a2c1481205a34871a", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908234, "uuid": "2ef96c63-4e93-4a2f-881d-7efd4091e959", "comment": "Malware payload (Heodo)", "value": "48b25bb98aa3511b54fdaa45db45f744d2a2ea20", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908234, "uuid": "04babf33-eeab-430e-a014-ff28299b9ca4", "comment": "Malware payload (Heodo)", "value": "2ce30d00b688f4aa5cf7458c7c5e5dfca0d7e7a967c19f797d3a51c8d57c37122896407d1b5019f3c80d7168d969a8c2", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908234, "uuid": "05a0b8ab-32fb-435a-a00d-536558e3d180", "value": "T1A913D02CE65B3119C6359C7D561CDCF56E0821975409DA8B2848FBCC2EC1BF722AF19D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908234, "uuid": "0b82fcfd-7738-4e29-a9f2-748937b1a448", "value": "768:pCToSyUnZpOw+pyZfQCwBzii1H/KNsH7meB1Id5qXkm1qVw0je7:pQsUZpOw+pyZfQCezfCNRejIdcXheRj+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908234, "uuid": "a6637c65-c0fe-4193-b8a7-ecb031d90e21", "value": 44632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908234, "uuid": "5f77c8cc-f60b-4698-87f4-42c13f240c84", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908234, "uuid": "444df66e-5c3e-4b29-baef-59e546b85640", "value": "Mensaje_4133355891.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc6c928e-a02b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646887078, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887078, "uuid": "099ba593-dadc-4ab9-9081-233b2bd69101", "comment": "Malware payload", "value": "86410468b05d6bc22802a56f7f71fb75", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887078, "uuid": "b6dcfff9-d841-4c15-ac2c-af8f07ff5785", "comment": "Malware payload", "value": "48d552045f20c86e97faab624f452afc46d745d0ebbbd676ace7a8e4b8148fab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887078, "uuid": "85cb5d4b-f867-4f99-9a49-23ffcc757ef8", "comment": "Malware payload", "value": "49c1f4ebec2bf49fba6a5d7e9486406e53693936", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887078, "uuid": "213065e1-ffb4-4eab-8679-ef2ebbfdaef0", "comment": "Malware payload", "value": "ddf3ebadac7ffc323fb4126e27ceb76ab0486a408ad722830a67d2f56e0dc6ef7b31904fa2a83ba09d2079ca6704e365", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887078, "uuid": "8ed0d1dc-cdbd-451c-a056-9bfcddedd968", "value": "T117C67E4A0773899BE5C24C5A6216371E5AB5BE83E3C380F81476337C3EF2576EA60D16", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887078, "uuid": "76446d83-b6b0-42c1-9490-9d2c226db210", "value": "3cf0a0f29b49d3bcef2257e927daa04d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887078, "uuid": "e60902c4-28f6-4748-b48d-3bead5bb81c4", "value": "6144:TB9vaztxW37loK3qDcVHqhRRSnFHsUeX3ZZ0xYdtVmYhPzmXkesZiNvKzLoKKbhY:nvq837lo0qAZq9uFI3rndrm6LD9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646887078, "uuid": "c7dcb171-3992-4ef4-9321-fa7e3f37c3e8", "value": 12559249, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646887078, "uuid": "632d5f2f-8539-4c1a-9e13-717aae3190f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887078, "uuid": "d9ce3f35-9c94-4a62-bfa0-0733ce585fcb", "value": "STIHAT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42fbc556-a055-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646904859, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904859, "uuid": "a566a8d8-a347-4524-adf3-29e16de5da9c", "comment": "Malware payload (Heodo)", "value": "cd8562d8dbd0a30608a212a8a2fcd94b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904859, "uuid": "25bc3fc7-e411-4e44-a166-6f164a5fcebf", "comment": "Malware payload (Heodo)", "value": "48ec35a21363154839f7caaaefca208b1eff87f1d7c702951d23f9644ef258e5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904859, "uuid": "b6cb3097-26bf-4e16-ad45-ba18f510be49", "comment": "Malware payload (Heodo)", "value": "0e85a8c14cd98f9fc10f56b6022fe369d54a22ad", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904859, "uuid": "b66cf111-6547-4560-a6c1-879f87d432b8", "comment": "Malware payload (Heodo)", "value": "c09e0c6727ce212d9525e6e5d4c86d77ca45c260883d0c6b908239795ed4bfaedd3a7a4793cf065d5e0e3bf3c5afa442", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904859, "uuid": "508a58c7-ec1b-42ec-91a2-44bbdd0e2c16", "value": "T15DD46B2271DE4073DC9A107C0811D59FD59EF978F627E84FA298AEAD2EE13C94534F0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904859, "uuid": "a8d1a2ba-75cf-42f2-b4f9-47beb95b6850", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904859, "uuid": "7614883a-d4ef-494d-a9d3-0e532c4cea3d", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAW:WRO5DDUmhnspspsqi022/OByw+iVifMr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904859, "uuid": "8e85fe34-c9fc-4c95-874f-dbe8c65f358f", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904859, "uuid": "5c9442e4-c920-4caf-bc33-a7d692850601", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904859, "uuid": "14e0b41e-5c3a-4886-8363-083ea02cd7ea", "value": "emotet_exe_e5_48ec35a21363154839f7caaaefca208b1eff87f1d7c702951d23f9644ef258e5_2022-03-10__093414.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b923f0e-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (Smoke Loader)", "timestamp": 1646907048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907048, "uuid": "6c10f247-d48c-441f-8c71-c584f1d2f6f0", "comment": "Malware payload (Smoke Loader)", "value": "dedc8fd1642e0eaaa5465e02a87db7c5", "object_relation": "md5", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907048, "uuid": "9effddf5-f877-4767-ba60-08746ba9c8f2", "comment": "Malware payload (Smoke Loader)", "value": "495c78e2baff2b6473e25a68c3d35f19a7822016e84266f346678399bd95b467", "object_relation": "sha256", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907048, "uuid": "448f98a4-c386-43e4-9905-f42b65737612", "comment": "Malware payload (Smoke Loader)", "value": "6e26c942dffec570006fcaa4932663a378ed4b07", "object_relation": "sha1", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907048, "uuid": "b96c688f-0082-42c4-b94b-1da1c46733c8", "comment": "Malware payload (Smoke Loader)", "value": "658a1f2a38ac9fd17f97498b6229d8aea813931baf863ea6989b4a87f7534742d8b999c76a8de5257d686bc80ce1928b", "object_relation": "sha3-384", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907048, "uuid": "549ec2e1-1149-49bb-94cc-8425690ff345", "value": "T175E47C56BEC66EA2EF7F55B783A0EA3D1156736D03A08ACF760305993911FD2413EA03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907048, "uuid": "866915af-0e17-4656-8106-bde6adc3c103", "value": "0d1c2e8773adbfbc64d57aab36998066", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907048, "uuid": "67c2f634-c99f-4293-9bfd-71d3de19cb1e", "value": "12288:3fBUkVbwLSI5/Q8OF8bzbBSreOOi1uWD242S6+41qgHam:5UrO2X1NDWeS6Zp6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907048, "uuid": "fc111b5f-6cfd-4126-91af-8d95d6b23050", "value": 699392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907048, "uuid": "c6caf3ec-02ff-4943-bc36-b570facaae10", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907048, "uuid": "5440e38f-0bca-4396-94b0-45d358a46d09", "value": "Customer Statement.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "756b41e4-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (STRRAT)", "timestamp": 1646907091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907091, "uuid": "9eda403c-2eb0-4a21-9326-c149a0003ddc", "comment": "Malware payload (STRRAT)", "value": "36c2ea749c1d89e3da9b832abbc547ff", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907091, "uuid": "3a69345a-a01c-4bf7-99bd-840119858f8a", "comment": "Malware payload (STRRAT)", "value": "4a6bf376f773185ea479b76f0a6097ab9aff8d74bf71c7a9c0ff3cea09ba8553", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907091, "uuid": "2370b5ca-0346-4af1-810d-80fb659545d1", "comment": "Malware payload (STRRAT)", "value": "062ef6271ed1d76269dc22342b8ca0b09fc0347e", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907091, "uuid": "c22f6458-5976-47c1-a82e-15e3ab6b9ce8", "comment": "Malware payload (STRRAT)", "value": "9832db71115698a3a8e103292fbae5579bfc9eb393093e9de3a5c0cf8a97a0806cecb345f44ee5f9e4f9ee8f63c21926", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907091, "uuid": "1a95f8e6-6933-4a1d-aea8-0e3f19b72fd5", "value": "T1F50422571A4661F1A51386F806CF925EE36C03FDC47CE92E8E5363A2E1C90BC6657BA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907091, "uuid": "d4644e76-23ca-40b1-aaf3-dfa70238e8bd", "value": "3072:aI1Hm5bp42hhiyAgKjTrQGPOcuOSrvqNEExhja0DyUGMdxabCheu:aIxm5BhhiyAgK3FOxOQqNEMNa0uU/3jh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907091, "uuid": "5b61f368-9fda-409e-adb3-488dd0e2c3eb", "value": 175452, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907091, "uuid": "f4d8f7b7-e89d-4ae7-8c7c-8a1011f63881", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907091, "uuid": "54cd2323-e783-445c-a3b0-d6e176909985", "value": "ORD __ 000186552 __ ID211067 __ 09-03-2022 __ pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7498113-a05f-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646909403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909403, "uuid": "2ed90973-7648-4cde-b624-0be4f6d7241c", "comment": "Malware payload (Mirai)", "value": "00b82be7d148c8b6dad4ff66c44e6257", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909403, "uuid": "d6e7a0d8-f8a7-4a70-9c8f-ecaf677e1b55", "comment": "Malware payload (Mirai)", "value": "4b5e8a676143d2759354da52d996959960608bc9f3050e898abe9096a0480515", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909403, "uuid": "e1be711d-370e-4fbb-9494-0a9c09cd7be1", "comment": "Malware payload (Mirai)", "value": "12f992c5ce88ea154932822d0193a83dfd8c84c7", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909403, "uuid": "aadeed0a-5368-44f0-8e21-3ffa0a6dfcea", "comment": "Malware payload (Mirai)", "value": "cc147f9c50e0dda1ef57070a3f90d131fdc77b33921f41d6b55cd19397fbb2fd264fccc61cfa7de0afebe25dc6c7e54a", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909403, "uuid": "9153d25c-27b0-487e-82e3-95b0e68e6624", "value": "T1A2533AD0B583F9F1DC05057C307AEB36AE33F0B6613AE99BD3E5AA736811E01950269D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909403, "uuid": "5902bc24-e707-4278-8fa3-7cc3966e6e19", "value": "1536:+fJGABx7b/g6dLKdtLz/ori870RIoPtVdm/WXy4Ry4G:CEAX7b/g6dLKdB/oe870ioPtTm/Ay4gr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646909403, "uuid": "0283ba71-bb85-4d49-be63-9ed67929a171", "value": 62224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646909403, "uuid": "4c58a910-c30e-46fc-92af-31a29737cfc3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909403, "uuid": "5796980d-08c3-4d3f-a633-af3325922331", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7023a537-a019-11ec-9275-42010a9c0029", "comment": "Malware payload (ZeuS)", "timestamp": 1646879165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879165, "uuid": "67009886-4c9e-4540-bb03-aa6742b43348", "comment": "Malware payload (ZeuS)", "value": "67d7ecb16dc1bd8806da3722b3137e0a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879165, "uuid": "16901070-5f19-44d3-ba27-f3de2c38bbde", "comment": "Malware payload (ZeuS)", "value": "4bdee6083fc6a32ed77487d76cec724de78ced68f1555dfe97444f269f58eb94", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879165, "uuid": "e826b04e-8700-4adb-8e03-7481b97e313b", "comment": "Malware payload (ZeuS)", "value": "f2245248ab201a9652c9c60ca1e0c00fd8ea0f50", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879165, "uuid": "05442776-4d21-481a-ad3e-3780cc77d658", "comment": "Malware payload (ZeuS)", "value": "6c61bf2b52537477cbf81240cd22f056d79d5ab0bdd7655305352834f6885016de8e2ecbda3ff145b1163311cf7c449e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879165, "uuid": "c96612e2-06c8-48f0-8f0e-d689c71fe1a6", "value": "T16792D0FDAB9663B3E92180B3530781B1D58E4182C5EC66B1FD9D04D368ABDBFE154480", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879165, "uuid": "4ae8dab4-f026-4f6e-84fd-1131bd5fa99b", "value": "f7bd9bd421c857ecb36df18fed6997b9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879165, "uuid": "94fe60d5-0f1f-4747-af8c-f4fb33a078aa", "value": "384:2AoPc6XvgKLQiiDp5U0ZpJVJEXGb66sA+sCKRBqOixiNRAM2y36gFxp1BHG:2Aoz4KLQzI0PJVyWRbBdJAMDF1B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646879165, "uuid": "1343970b-67c9-4c91-b55c-97d1fd916eab", "value": 19456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646879165, "uuid": "ddb79bea-0218-44b0-85a6-b25f24dce1c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879165, "uuid": "ebf9c16f-033d-46bd-9245-ae3ebe1a6067", "value": "67d7ecb16dc1bd8806da3722b3137e0a.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "239101e7-a035-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646891063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891063, "uuid": "d5cc87f9-e168-4d62-8cc1-5b9691f911a9", "comment": "Malware payload (Mirai)", "value": "69367609ffd1b6c7c3ffe6a1c342b27b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891063, "uuid": "fa465fb8-ca3b-4563-a8a0-dc49fe5c316e", "comment": "Malware payload (Mirai)", "value": "4ce68cd699319665a30b609db4d7a5919e1e57f42b77962b7826026c27293876", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891063, "uuid": "a0c93c54-285e-4992-89c8-792a95d6bf06", "comment": "Malware payload (Mirai)", "value": "33f5304fbe5055930cc44020f91a076acb1c37d7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891063, "uuid": "a4430c99-74ef-4c0b-b6ef-d6459ef80d56", "comment": "Malware payload (Mirai)", "value": "bcfccc355ce2c17ec02c1f03afe075360837a53e4909d0709c262ced2083f6bcfc5bc24bbb96b7022548d2b056f0befb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891063, "uuid": "e173349b-1d61-4bdb-836e-eaaae7e7cb4d", "value": "T1DC231997F800E8BDF81EEB7F8457040A7231B2650592173733A3355BED762A4683AF86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891063, "uuid": "8f83a413-af98-44b4-bd8e-8dd076d8d5fe", "value": "768:X4r6V43ZPuFDeDM7a+8S1JYULUQ+iCHx5GtxV5ZbGBgHGq6OFIw:sc43ZmdVN8SbtUQ+i+5GbHZbGBgHxfFf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891063, "uuid": "2971df08-09c9-4a03-bb9b-582d7c5ca8b4", "value": 47332, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891063, "uuid": "b6ce70f2-35e7-4f02-9975-10d70ff01169", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891063, "uuid": "ebc13b3c-14fb-4497-93a0-0fa80eb7f2e6", "value": "69367609ffd1b6c7c3ffe6a1c342b27b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c62ac74-a06a-11ec-9275-42010a9c0029", "comment": "Malware payload (RevengeRAT)", "timestamp": 1646913975, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913975, "uuid": "b6ded873-9a8d-41f9-a1c8-f214e901ee38", "comment": "Malware payload (RevengeRAT)", "value": "d14761b1e6085dd9049a2d7d6c447a01", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913975, "uuid": "60695f78-748d-4cf3-9ba9-13d0531e748f", "comment": "Malware payload (RevengeRAT)", "value": "4e0e0722ad9c0f97d3f5c3d3bffcdc1bcf7e1d69d26f868ee5780d1dd850c1ef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913975, "uuid": "500a58a9-b382-4d24-9a0f-f7e59d1036ed", "comment": "Malware payload (RevengeRAT)", "value": "83d213483a0bb6055128cb730e3ee69a437aa0a9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913975, "uuid": "212f24cf-2f2d-4b74-b055-2cc6774bea32", "comment": "Malware payload (RevengeRAT)", "value": "01d029c654d4b524bc86274299259999911bdb61c7f66e03342ccbaf08f78a1e6aca95e7a5c5089a01b4dc679225e2d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RevengeRAT", "colour": "#2A8CF7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913975, "uuid": "9e11aabc-5f9f-466f-bd9e-3b0e8a44ca8a", "value": "T12D9633F4D2BAF013DC9ADDB07806FA3A68851E08670F9747278C3F365D631299E55E28", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913975, "uuid": "07e45bd5-7c6c-4bf5-a7f8-8f0d9be3f955", "value": "29b61e5a552b3a9bc00953de1c93be41", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913975, "uuid": "0447f767-f611-4957-afb4-fdbad4cd44a8", "value": "196608:8WSO+Y2oBk1btlU+TTr1m3kduzTE6AydJ8gaQmCOR7ZMwB3r0+:FT2ZlTTTZ21zA3ydJORVLr0+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646913975, "uuid": "f77a9ce5-2ed6-437a-b7d6-cae160512c40", "value": 9362631, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646913975, "uuid": "ce8aead4-347d-4d90-b9cf-ef85c5ce7a2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913975, "uuid": "ce9903fd-0e53-45a2-8ee1-b548fe8052da", "value": "4E0E0722AD9C0F97D3F5C3D3BFFCDC1BCF7E1D69D26F8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0bd12bce-a07b-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1646921088, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921088, "uuid": "34051dba-0d67-4705-a1c2-9ca13a5cbaf2", "comment": "Malware payload (Quakbot)", "value": "d46df1dc0b3687c1af0e89e8eb025fda", "object_relation": "md5", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921088, "uuid": "527780f4-f1ec-4784-aa39-82dd6052c8c7", "comment": "Malware payload (Quakbot)", "value": "4eef1079326176da61f0b764d729c03c55e7692138ae649e04b4bd1923b9bbaa", "object_relation": "sha256", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921088, "uuid": "abe25f0c-5c45-4400-8f11-ebd53670c78f", "comment": "Malware payload (Quakbot)", "value": "d33cdf8bab869280950146d6dcd0fe7a61828044", "object_relation": "sha1", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921088, "uuid": "0e9aab7b-85e8-46d9-85cf-ab657b077a6b", "comment": "Malware payload (Quakbot)", "value": "9675f57943eaaf58f9a9e1ec00aa54209c469047d246874edf38ff2afb86f3d82f407e06172151fea0bae985a33fa143", "object_relation": "sha3-384", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921088, "uuid": "88032aee-526a-4305-bc08-4f861df399eb", "value": "T1E8657E23F2C1887AD4761A3C9D1B739998BA79112D28F4C77AD44E8C1F37A433666393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921088, "uuid": "4cf6ce6b-d30e-43ff-949d-1c5f5051c975", "value": "cf78a88c4b0403a976a85038ec51a351", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921088, "uuid": "1b6d389a-c919-4599-b830-9984bdca7728", "value": "24576:zP2GXxd5hyXOZk/R8SoMbEYN54UUrW/tRJfJ1OwU2SAHl4XoWSIgX4Te:zu8jI6kcYN9R1qKKgX4T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646921088, "uuid": "329aae53-ead5-4c18-a71c-9b2e47d924d2", "value": 1511057, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646921088, "uuid": "be5633b7-3157-40c1-bcdd-d13253341e41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921088, "uuid": "6c5b39ab-9a2b-4bde-97f4-542893e73b69", "value": "4eef1079326176da61f0b764d729c03c55e7692138ae649e04b4bd1923b9bbaa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a726156-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (GuLoader)", "timestamp": 1646907100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907100, "uuid": "4d3e6aa9-51da-4500-8a7a-15a3d715f129", "comment": "Malware payload (GuLoader)", "value": "08edcdbe528251faa4b2f4d7acc0e70f", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907100, "uuid": "0d5ef4f6-d73c-453c-b172-f5a0031d109d", "comment": "Malware payload (GuLoader)", "value": "4fcdfd483c322ddc5f1c69ea499da6a08ff741ce6547401fa5d47dca2b91c3e2", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907100, "uuid": "082b4091-5cb3-41d7-8f94-ab3c18b133ea", "comment": "Malware payload (GuLoader)", "value": "a5824048852d13a54319218e18d06f604f1f3984", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907100, "uuid": "ca46ed80-df21-4c65-b0fb-e40b49e2312c", "comment": "Malware payload (GuLoader)", "value": "6ea671e42ca4b2a994ac352e870d7f04192845e91a317f4138eba38d495ec02b3e64fbc3cf47d3c729aaf1645f94e029", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907100, "uuid": "3d54be93-6ecb-436f-bf85-4a10bc0c280b", "value": "T1ECF41F74BF1F3A4C9A786F06878E2ACD811863CCD055E85263D0772E1A19DD46BEE34B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907100, "uuid": "4b4beeea-9b39-4920-aa9b-1d7161bcadb4", "value": "3072:pO54trS4SfM/lbi56UXgTnRCHq4hkUlof7Lv3WwjMV9A6cSixAVGLbxo:p5trSRqJi56bgojDHMV9A6cSixAVMbu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907100, "uuid": "ca3b6751-58ab-4807-ba06-3106756c7516", "value": 760537, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907100, "uuid": "b0acf975-b757-49e5-a47b-a61a37258bb9", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907100, "uuid": "29c22b00-6e94-4266-9032-977ec7393969", "value": "Swift-2203 zip .vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "945835cd-a077-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646919599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919599, "uuid": "e11b95d7-3a38-48ac-b1a9-88342d1d4555", "comment": "Malware payload (AgentTesla)", "value": "954b1079b63705ab85846ca54788d14d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919599, "uuid": "e07dc650-1399-4e84-8c5f-e13769417017", "comment": "Malware payload (AgentTesla)", "value": "50a312e921a0c75d0cf9374f2c5384f21dc96efa1cb3a614c2147e117d7171f8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919599, "uuid": "35a11039-837a-4611-8103-ce956f92878d", "comment": "Malware payload (AgentTesla)", "value": "a903a9752ec5b9fd47c6c72c8e3cf36d32ea2325", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919599, "uuid": "96780949-4f12-4a8d-a883-f92d254591db", "comment": "Malware payload (AgentTesla)", "value": "2a0f83d3ca76d1beb7e2834147a72563f8480e10184915718499d04c4a17f020682e97e91e4dc41972ee83d7614baa06", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919599, "uuid": "03c0fa48-53c9-451a-9fa2-7fded12ac852", "value": "T1B73317163899961AC5D4BBFCA9B2909253767DE10122C18FB8F97F29A933333DCC119D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919599, "uuid": "a3fff737-c984-4d6e-80fd-9e4d2939faf2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919599, "uuid": "a3357857-7afd-4dfa-b55d-598ed52105d1", "value": "768:vgYXzHkjoEe5y8kZe5CUkxlmMwCK/3deVDFH:vgcHqUxf5k630VDN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646919599, "uuid": "c283e6d7-e73e-4aa9-a0d6-f97cbc3aca2e", "value": 52736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646919599, "uuid": "f7245a6c-d606-4c77-a008-0a7ada3629f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919599, "uuid": "182feae9-2de2-4403-b4bb-b599eeec53c3", "value": "New Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5336f432-a0ae-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646943112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943112, "uuid": "24a2d876-31ea-4452-b327-4fd8ca4c9ebc", "comment": "Malware payload (RedLineStealer)", "value": "8249417822943407d47297d362e69a56", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943112, "uuid": "721af01f-ecb4-448d-aa30-87df3cb8aef8", "comment": "Malware payload (RedLineStealer)", "value": "50c32e2e458c85a4f0a67c8be550e03bd2127ccd158059c15eca921594245c03", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943112, "uuid": "768eed0e-b820-4b71-816d-43a5cbac4a66", "comment": "Malware payload (RedLineStealer)", "value": "35fd66260dc505121478e9f6dd3a27afb759a102", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943112, "uuid": "9c38f7c2-fac9-4338-96fd-eaf4952d3842", "comment": "Malware payload (RedLineStealer)", "value": "49fea3ed2d043a2361ed8dd2f6315d033a722d1d84384df4cccca7546378ec6b0e5303577a503aa9d6e273ff6fa1b078", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943112, "uuid": "e6651ece-6bee-46c7-a3d8-91e88744f9fc", "value": "T13D643A243DEA501AF1B3EF7A4BE4B5969AAEB7733B03945D105103870B23A81DED153E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943112, "uuid": "8f7cd0e5-b029-46c0-a5a3-63db74188d6e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943112, "uuid": "60fe1dc4-0741-4168-b790-d6629dea4fa1", "value": "6144:p6pCu2dTYXXPZSbSkQlgJQDJGJQE1ZVsGqX:spCXx4XkbSkQ2JcJGJQErVsGqX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646943112, "uuid": "914c1d64-f451-4fd4-84da-ec7a1e4f705d", "value": 311296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646943112, "uuid": "d7986403-3cd0-4e34-97a6-0bb80ae24e1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943112, "uuid": "2d822518-ad75-4bf2-abe2-34d82453db1b", "value": "50c32e2e458c85a4f0a67c8be550e03bd2127ccd15805.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84a84f75-a017-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646878341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646878341, "uuid": "493a6be4-ead9-4880-8c30-8d821ebf2b55", "comment": "Malware payload (Formbook)", "value": "d0885301c99cea1b4ce3ca1d92ce07d5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646878341, "uuid": "a7e749f5-96fb-4910-9199-81ad07d72742", "comment": "Malware payload (Formbook)", "value": "51985a3bb448c49846c0560a6d577ab1f2e6dcb4c44d8f5c68d09c371a0bc485", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646878341, "uuid": "167d6baf-abec-4a33-aa64-69e1779d0287", "comment": "Malware payload (Formbook)", "value": "d9d06cefe0cdc185cc354eefb34f353fac42b697", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646878341, "uuid": "a81c805a-aa93-4c3d-9b60-e9289220502a", "comment": "Malware payload (Formbook)", "value": "0d05ae417e0f1245f4d527abf0933d0888c99a4621c12152aa4f53c1bb30ee357f9103f9813c10aab2334edfd0051f7e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646878341, "uuid": "874eb4b9-2403-4ad6-8c47-16adb7790281", "value": "T11B15BE20BAA5603FE16B8D760BC0AC2359D7F5760206E2AF6C1EC6494FD967DCD81C72", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646878341, "uuid": "79c3a9ce-4698-48ea-9a3a-4de9948004d7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646878341, "uuid": "dfadef2f-77a0-46ba-b5d1-eef9a81b0011", "value": "24576:B+N58awMhqt1EgUJ+DLIeyHhp86ETVQBOhNHSSf:w8nOCLI5HU6EeBOl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646878341, "uuid": "83a01c8d-cecc-4845-a2ab-77622f534df8", "value": 940032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646878341, "uuid": "bd13c500-2cce-479a-a087-fd12e48e2eef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646878341, "uuid": "3b813246-caf6-4f5f-9577-38b5aaba28a4", "value": "LPS108326.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65b6541a-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646905347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905347, "uuid": "db03ddb9-a340-4d4c-8cdf-16569989dd4b", "comment": "Malware payload (Heodo)", "value": "84b3738690f1e17b17e8910722afb1a1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905347, "uuid": "fb0d7eb5-2251-4b06-8360-6e27168e01d0", "comment": "Malware payload (Heodo)", "value": "52053e9f2025a8d35bbd325e7c8998bda5db049f87553b4d40d1e5bc6a111410", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905347, "uuid": "6a7ce3ee-6c9d-4df7-a8fe-baff42479ca8", "comment": "Malware payload (Heodo)", "value": "023590999a7aa9c25ab4cbdee12b2a5570669b22", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905347, "uuid": "08077590-8a06-4d15-a13d-f3ec48529744", "comment": "Malware payload (Heodo)", "value": "aa086608b22aa9aa8d25dbfe92bbb5c859864f7905c1ac37a10d8b6cec9a01d6a71be18d739f9bab2a6dd3b92682db03", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905347, "uuid": "8fb71a4e-4e88-4729-a451-a73f6229b746", "value": "T147D46B2271DE4073CC9A107C0911E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905347, "uuid": "2f064567-0ddf-469a-b825-9e36fea7fdf0", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905347, "uuid": "ef739453-eca9-4961-99ab-093551499dd2", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAl:WRO5DDUmhnspspsqi022/OByw+iVifMA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905347, "uuid": "a1301d28-fd7c-465b-9f46-799ce56a447c", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905347, "uuid": "94863d40-ee70-42ec-afb8-a2c45bf59713", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905347, "uuid": "a0134a0b-b70a-4275-8f2c-854ab694a6be", "value": "84b3738690f1e17b17e8910722afb1a1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7aa2ba4b-a050-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646902805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902805, "uuid": "fd5c7532-db99-4c91-9769-c48fec46fc46", "comment": "Malware payload", "value": "504e645c12057db465d775e3c874a3ae", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902805, "uuid": "8c917317-03bc-4085-8e5f-369a914d9ba3", "comment": "Malware payload", "value": "5260b9a859d936c5b8e0dd81c0238de136d1159e41f0b148f86e2555cf4a4e38", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902805, "uuid": "70aa3140-0bec-4a4f-9b92-ff44cc715c79", "comment": "Malware payload", "value": "a7b7931f76bc86bf625e3afaf61bbfdcbc322023", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902805, "uuid": "be365aef-5848-452b-91d3-f67cd81b31d8", "comment": "Malware payload", "value": "a69efcc38f12ce50a51bdc4e668a8177ab8cc5604858b951983c8ffffb6f6173ad0a5ad13cdcdb18971dd0221442aeaf", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902805, "uuid": "f4664303-ffe3-49a3-91ac-d9e500d1050a", "value": "T164C39648EA95932EC2E2B2FFEF9842CD773A4794B3DB7D328539025467853687529320", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902805, "uuid": "328b1559-b987-4c87-8090-8e1f054c29ff", "value": "1536:Sf+FMgFShIRn1opFE6R5MNN+DOeZpGjRTvY2MEv82b7ylximOK5kWOgDLMwi:T5FEIRn1EE61DBpOTN82bCximzOgcF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646902805, "uuid": "d311c02e-6da7-4923-b3ec-4dee17b17f26", "value": 122098, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646902805, "uuid": "e4fa3ccb-5aca-40e9-8f0e-b5e2aa314e51", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902805, "uuid": "37243f0e-07dc-46ca-a85c-eaa4dca3c7c5", "value": "enemybotarm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22428ad2-a092-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646931004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931004, "uuid": "6ab8ca1f-e4d2-4372-b413-a5374bb38fde", "comment": "Malware payload (Mirai)", "value": "d796ab5b7ff74a0ad0a978daa2d6333c", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931004, "uuid": "38000aaf-031e-4acd-aa57-7e34b4490748", "comment": "Malware payload (Mirai)", "value": "52831407eaad00fb5ae66f5908aeb7bb775e79a2f5be772e2e79f4f1bc86c1c9", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931004, "uuid": "ded889c2-5730-4028-89fb-d9684c984257", "comment": "Malware payload (Mirai)", "value": "a6ccce7c6d2e156eb9985edb9715b45f4c1b2d62", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931004, "uuid": "812db0ed-ae5c-44d2-935f-0c85393aab0e", "comment": "Malware payload (Mirai)", "value": "e19ade663c13b8b5d819791b66749c7f360a47787ae3fcb24a84ce8c9e09c87a220fcf2baca89cfc363c2cbf2e274755", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931004, "uuid": "40f7edfc-0c61-4c53-be7a-f66209ac8500", "value": "T15B530747B44180FDC149D03447ABAA76C8237EBD1B3AF39637D4EE3A2C6AD221E59C45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931004, "uuid": "1f052b9e-2ab8-4e80-ae01-4eee8a5e6b69", "value": "1536:anF9U0FferGtOW4/RWo4bz8kkRqwZhJOlQ5M7WR:0FK0UrUO3JWvGRqwZOlr7WR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646931004, "uuid": "fd6777e0-a9c0-429c-b86d-352af86eae41", "value": 62720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646931004, "uuid": "7eb50ac0-1129-4792-a494-b65b2a0165a1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931004, "uuid": "acad14a3-3741-4a65-9704-3bbf8a8ba1a3", "value": "mirai.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8de1a76-a0b5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646946396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946396, "uuid": "c3d32091-98e4-4d9c-8bcb-6aa20032b068", "comment": "Malware payload", "value": "e37857b9d384f6412b620ec16c08f23f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946396, "uuid": "0c81be09-9fc5-4fad-9666-ba2888be7399", "comment": "Malware payload", "value": "52a6d7eafb8258c76e527acbb7858b4e0df4a67b60842a55011675462e098049", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946396, "uuid": "f068b374-e8c5-4d58-8dbd-1aa06d8d4e96", "comment": "Malware payload", "value": "836b657901e51036a40aadaf3ae3d8cf983b2c50", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946396, "uuid": "3023d727-2cf4-417d-86bd-e2f925edd8f9", "comment": "Malware payload", "value": "39a6bba288c1dc55150954a0b19a62d7bee7d6a91f14fc6d6436afc1d13c19b84c80fb31a14fbc904174ecd022772c90", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946396, "uuid": "5af5a33d-6aa3-4ac4-836a-53d2b99400f8", "value": "T18A03E12FC478BEBEC56CADBC6299117199993841458F87DC47204DE0DEAC68BF04D8BB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946396, "uuid": "a00e0fe5-f237-481f-9e5d-08580e63918c", "value": "768:/2F+/JP5JQ7qnT6C8ihvMFIcayKoQz++ntgZ8AthMuurZWMK:/TRBJQ7quGvMFCzgjtg4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646946396, "uuid": "55646c93-9fea-43fd-b408-759bf1c3b91b", "value": 38936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646946396, "uuid": "c74810f7-fc77-4ac0-9010-2e41b9f0f1bf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946396, "uuid": "8af35213-c0dc-493b-af4f-c906bd73f97a", "value": "e37857b9d384f6412b620ec16c08f23f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15a2a55e-a08d-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646928835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928835, "uuid": "09e4602d-7a2f-4876-a2d6-0c217f7c2666", "comment": "Malware payload", "value": "0da59bc4d91f23ce3c48363692777e30", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928835, "uuid": "8f7e3ada-33a1-404f-b9a6-63cb7cc91d86", "comment": "Malware payload", "value": "5580d8931fd96edf9d1c27f03df801d90ddef953ec3b5b6cb5b2835984dc0069", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928835, "uuid": "83c05a23-dd62-4ac3-9bf0-77f10010d20e", "comment": "Malware payload", "value": "e6951aa6123b954a8f3e12bd4cbf39571e3588eb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928835, "uuid": "35dd08de-b9f0-45ce-ad7e-570a4b38168c", "comment": "Malware payload", "value": "2fcd778b0c6b5cb9e771c71c41a190b45d5af51d3220e8ce657a5bd7e359e9d5385f8416cc488c1c09b0e54b906846cf", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928835, "uuid": "93ff74a0-8345-4624-a201-76e990eb6711", "value": "T1A994BF2CFECD5F71CF9D293EC6449100237BA599156AE32F498863ED8FA37E8B041616", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928835, "uuid": "28f55b4e-8e73-4f44-8054-da3140c28caa", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928835, "uuid": "e1e4f421-9f26-4981-8cb2-bc6177e1c9cc", "value": "6144:ej1cdBty6bb2cZDWlmymrYAx3foQ7PcTRJ2U2/Ja9PXLKfP1HO1p4WZb+5:eJcQ6bicwlTmrYANUi/iLKfJO1p4Ww5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646928835, "uuid": "97fe3c98-3ab9-4973-97c0-41c2f1583153", "value": 408576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646928835, "uuid": "acc782b1-f08b-4adf-bb83-1e58576b7628", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928835, "uuid": "36d9d4d5-92f5-4106-b60d-d0c62b34e087", "value": "Hmffumb.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97201872-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646920033, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920033, "uuid": "09d5385f-9545-498d-bbd3-0c109de13f83", "comment": "Malware payload (Heodo)", "value": "785af9fa543717ed18e531f22dd2e442", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920033, "uuid": "d7d77bc8-a500-48f4-adef-32a077649b6e", "comment": "Malware payload (Heodo)", "value": "55aac8fe0d1640beddb04aa386245279d0240a8eb047465321b9c1693a946dc4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920033, "uuid": "1c925287-769d-4f00-a7f7-852c04448d10", "comment": "Malware payload (Heodo)", "value": "1239cb250b58c5396bf49d23d86224804b51e0ec", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920033, "uuid": "d62acb99-394f-4a93-b512-cff7ef541e5f", "comment": "Malware payload (Heodo)", "value": "99d304cb16fff055fb71d38c2314c3d4ce6f75b8a62005201dc4bdd0fae8330feba33f763868f11f8dcf2d074392b26a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920033, "uuid": "036203d8-83ed-47fc-be2c-5ea0687b1d5e", "value": "T1A6D46B2271DE4073CC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920033, "uuid": "a5ddf684-7eaa-430e-a575-d134ca8e86cc", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920033, "uuid": "1f21b51a-f85b-487d-9a64-10263d024c24", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAI:WRO5DDUmhnspspsqi022/OByw+iVifMV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920033, "uuid": "b81d6c7f-7291-4be8-ad6b-3ffe5905fbb7", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920033, "uuid": "a3eabeba-216c-4043-a3f4-6ba450d517fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920033, "uuid": "79780243-7d97-4475-bf4a-9fe11d0eb256", "value": "55aac8fe0d1640beddb04aa386245279d0240a8eb047465321b9c1693a946dc4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e62943cb-a05c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908140, "uuid": "10f1bdf5-1826-428b-9759-6f8f0763424d", "comment": "Malware payload (Heodo)", "value": "5ed499a519b25cbdcd68da1683d17589", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908140, "uuid": "5a3307ed-3f08-40a9-96ad-01d79d651f9a", "comment": "Malware payload (Heodo)", "value": "55d36001597e60f205140162801cb33afc321013131ccb11b87df549fdd1b625", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908140, "uuid": "869b6421-89ec-4eb6-959f-7bb3b6d5f5f7", "comment": "Malware payload (Heodo)", "value": "dd43a9178ab9f2dbb837f85b93ef9bb9f3a9d910", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908140, "uuid": "012b08ea-d459-42b6-b893-7af6afaa0c5a", "comment": "Malware payload (Heodo)", "value": "5c445b1dc0035b7420a1222e7c4953e4107b72bf530ef7a98703b280691746dfceff1a5fbdd5be88a6dbedeebcfc6b34", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908140, "uuid": "ae16fbdd-246d-475c-b0c8-b4c7d2063792", "value": "T155D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908140, "uuid": "6e85e421-1f52-456e-9aff-ee21eef7d704", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908140, "uuid": "fb9c2dfb-ca28-432f-b3d8-9a65ffc53848", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAh:WRO5DDUmhnspspsqi022/OByw+iVifM8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908140, "uuid": "88b3d084-aaa4-405c-b277-354e2bbea5bc", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908140, "uuid": "d06dda62-0e28-49f0-aac1-35dc0959005d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908140, "uuid": "c9629daa-3d9a-4849-b275-d5118f960397", "value": "5ed499a519b25cbdcd68da1683d17589", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62fff517-a052-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646903625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903625, "uuid": "2173486c-47c5-4b58-8399-3e3d8145f466", "comment": "Malware payload", "value": "71daf43a25e86e86636d0d4b13e37e97", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903625, "uuid": "d6d029d8-b851-490f-b007-67f4f171c091", "comment": "Malware payload", "value": "570594726f213b5698d64a4da83128c3b89922614b970e91193a3e22fa18f47b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903625, "uuid": "92d8c565-7403-4cf6-b366-b0680fe1f329", "comment": "Malware payload", "value": "b4319eb36863e1189ff8ca643922f77b6503a2d8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903625, "uuid": "6c9483e3-3302-4e16-bbfd-93c59c34589e", "comment": "Malware payload", "value": "644ce77a2f9fd50987a02ffa197b3ef7d420afd7caf1f17d66116b3d279cccc47bd766c5f28c0d8f7085109086f4daa2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903625, "uuid": "f092a33d-1bc6-4b8d-b10a-c6d317bd2464", "value": "T14675F180BED4CC6DF5640479C7A49A9CA86CFC63BFDA46CE13509A2FD8E5082153F26D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903625, "uuid": "a582193d-f2ce-4725-ab8c-a8c9cf819a64", "value": "b4070734502a100c8f90bbd445995533", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903625, "uuid": "25eff9a0-71d4-425b-87da-79b7e8184037", "value": "24576:MpglfUKKDgXkXXUmM3EgtAOd9LvStWsdwIE0SGYN3HQ/xDLFHqpNLZq:HYJnUmbId9T0Wv0SGYNg/F5H8LZq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903625, "uuid": "8303e7ad-9dac-4b13-a778-673bdbd7d9fe", "value": 1558662, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903625, "uuid": "50d5c8c6-5e7b-4b68-9356-504b5510d56a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903625, "uuid": "6ddf62ae-b9a1-438d-b24e-76239d354634", "value": "57.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b351d6d-a054-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646904578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904578, "uuid": "e721824f-e9d9-411e-a2ca-9291c508b532", "comment": "Malware payload (Loki)", "value": "4c4f29b9453edc7b3ee9cede801e209b", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904578, "uuid": "62587f74-7cca-4d5d-9362-c63be768f637", "comment": "Malware payload (Loki)", "value": "5786e514c2c36333d5ff2da90c07d747c82aff37b4866c5fbc0724fd302091ac", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904578, "uuid": "fd6ded6a-91dc-4cb8-8791-cfdcd6812d8d", "comment": "Malware payload (Loki)", "value": "fc3f0f13779ecb0427529a3f7c9c56a41ba07441", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904578, "uuid": "db9f6384-89ce-4f9f-b60e-fc980483c786", "comment": "Malware payload (Loki)", "value": "2f9dc6d7842c34376383a761fd2d0401377880faab4200a4961554a010027e9a5e5016b9007b46ee63135fdcd12bc293", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904578, "uuid": "6c45f0d1-3a48-432f-939d-3d20da67ae9e", "value": "T191141226BC6243BACBE7A0BA97EFCBC19101EC365F28948F7413F2051576C812F67961", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904578, "uuid": "3355c090-b7fb-4d2f-a5ce-b04152a3aba6", "value": "3072:v5PXk6QnhewUDJ5h9jov7WFNezeXaIYcx4bgjDmpWOcElOjoTmvL+PTF58C:RP+hFUDJ5h9joaNezeXzZm7HlUXC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904578, "uuid": "98ee3184-e2c5-4ab4-ad9a-679011fa7325", "value": 190744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904578, "uuid": "4cb00df2-6962-4776-93e3-146ff82987c7", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904578, "uuid": "23502b4e-f4a2-4984-b372-2b92004f4548", "value": "CI & Fedex AWB.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43d667e5-a074-11ec-9275-42010a9c0029", "comment": "Malware payload (Vjw0rm)", "timestamp": 1646918175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646918175, "uuid": "10002af8-1c8e-4338-a85d-830eb0dd84f6", "comment": "Malware payload (Vjw0rm)", "value": "d59004727742eb8ba309368611e48019", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646918175, "uuid": "06ac7173-dc9e-430f-9c42-0613951986da", "comment": "Malware payload (Vjw0rm)", "value": "57e10092a0245e6d4d2c2c34100593f38cc6060aef482ca83e676b8715a114af", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646918175, "uuid": "8214e8a0-970a-4f85-8cb6-7c7fe09be7f8", "comment": "Malware payload (Vjw0rm)", "value": "55b2dce59cf019f819a980a4a142383b8a537a06", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646918175, "uuid": "3d4e28b0-c43c-4b41-80a1-d4a624343d9b", "comment": "Malware payload (Vjw0rm)", "value": "e4bd94a72b4426bc8f50434b02267937a9a09361dea9e5035307d986f6c69a5cfcbdb0dee32631480ef6ee3b730d3523", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646918175, "uuid": "90e665c6-ba4c-41d9-a5d6-2cce4172ec3e", "value": "T15426025973A441A9FEB7E037CB42C607D6B1B84A02778B2F01E45AB67F736B11A1E311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646918175, "uuid": "fd9a2d20-5f05-4acf-b6eb-13f5639c1cef", "value": "161c85364c462057ba28801ac1ad5404", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646918175, "uuid": "437fe15a-91ed-4c40-8ec0-0176f7e7183f", "value": "98304:jJotyDcOBfKpkNlCtur8VHx6FO0/5CR1tXNPmtiJPqz28:jbQ8lOVRQNhCR1++y28", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646918175, "uuid": "cdc5089b-c551-4cd7-9553-147657b5099b", "value": 4429312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646918175, "uuid": "fade16f5-7c80-4415-84fa-02ea03c319a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646918175, "uuid": "ef342261-13b5-4e56-b59e-4b6e2d455e44", "value": "57E10092A0245E6D4D2C2C34100593F38CC6060AEF482.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d2d2fa2-a070-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646916446, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916446, "uuid": "ed5836ba-c611-40a3-8309-8329b2e1092d", "comment": "Malware payload (Heodo)", "value": "b3af37e336b26a259d9047db4b01d39e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916446, "uuid": "7ee08b35-4639-4d21-be73-9a549fa9ad95", "comment": "Malware payload (Heodo)", "value": "581a19d8610b3b00e4f75dcbeb08c759c0705a4a69ed99ac3f8c4c6181d5de36", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916446, "uuid": "2acc7ad2-787f-4a8c-891c-63cc1955c800", "comment": "Malware payload (Heodo)", "value": "28390b59c9802bca039b6976bb0893f56ef22f7f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916446, "uuid": "74641ef4-1f57-4611-b8ce-cba2d450605e", "comment": "Malware payload (Heodo)", "value": "23386e461ef8ca381626f8dbcc83469a66706483784a053181b82dfd7533b04f1dad137a51da82638b9d03a651e939b4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916446, "uuid": "b6aa1334-2498-4ec9-8a30-c06de1197ee1", "value": "T1F9D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916446, "uuid": "e6d08e54-ac12-4340-a0c4-45090b1dcf95", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916446, "uuid": "31b760a8-e9aa-4788-9e6c-f5dabf443d01", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAn:WRO5DDUmhnspspsqi022/OByw+iVifMK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646916446, "uuid": "28d312ae-eb45-46cd-9897-9adf3242dc48", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646916446, "uuid": "c771c731-c199-48c4-a831-79b32028d111", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916446, "uuid": "37bf6efb-8751-462c-a32e-60e67abf79da", "value": "b3af37e336b26a259d9047db4b01d39e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5df4b67a-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646907052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907052, "uuid": "7333067f-bd23-4dd6-a098-d860957ec159", "comment": "Malware payload", "value": "72747fbd137bdcc5e0f3be5e0ac4f13a", "object_relation": "md5", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907052, "uuid": "83e567f8-bc2a-4af6-a55b-9cba319b59fc", "comment": "Malware payload", "value": "58949a88bbc21bbcdf1f1afc153ad4e499268a5cc1a6bbb50dd52adc50649dbc", "object_relation": "sha256", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907052, "uuid": "bdf7bab7-e9d2-422c-9d74-7afbd1886892", "comment": "Malware payload", "value": "73ace74a08c49e460c7f8467880b320710881443", "object_relation": "sha1", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907052, "uuid": "d5d1b970-2d41-4c64-8e20-e6d340daa310", "comment": "Malware payload", "value": "75f1058bec1f049120d9139567e0b58f5f97045801c86c606ce12e070d6c21b4012da58460fc43267141d9861a402d0c", "object_relation": "sha3-384", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907052, "uuid": "29da5f07-cbec-4948-bf72-d13b0ce1a3c6", "value": "T1DBE47C56BEC66EA2EF7F55B783A0EA3D1156336D03A18ACF760305993911FD2413EA03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907052, "uuid": "5712908f-6dbc-459c-99e1-3a9fe6763bc7", "value": "0d1c2e8773adbfbc64d57aab36998066", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907052, "uuid": "a917e962-6c3f-46d1-9dbe-1df5608b5233", "value": "12288:ffBUkVbwLSI5/Q8OF8bzbBSre1Oi1uWD242S6+4U67TCam:xUrO2X1YDWeS6Zx7TB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907052, "uuid": "ccb7897b-785c-4b9e-a957-38a9488c5988", "value": 699392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907052, "uuid": "e766fc16-768c-4e28-8ba3-124ce8874af3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907052, "uuid": "9fa71af5-bd17-401d-a3f7-d8c99b7a1013", "value": "0001_S2-13037.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "987e9180-a0c0-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646950959, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646950959, "uuid": "17cadf75-8874-4dc1-9a1b-087f0961e7a2", "comment": "Malware payload", "value": "0959bf541d52b6e2915420442bf44ce8", "object_relation": "md5", "Tag": [ { "name": "DEV-0665", "colour": "#11A24C", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SMB Spreader", "colour": "#C78C7B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646950959, "uuid": "fc9da686-6037-41a2-8ac5-75347f6dbba6", "comment": "Malware payload", "value": "5a300f72e221a228e3a36a043bef878b570529a7abc15559513ea07ae280bb48", "object_relation": "sha256", "Tag": [ { "name": "DEV-0665", "colour": "#11A24C", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SMB Spreader", "colour": "#C78C7B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646950959, "uuid": "6efb1a97-cdc4-4c2f-a2e0-539582431d77", "comment": "Malware payload", "value": "ac5b6f16fc5115f0e2327a589246ba00b41439c2", "object_relation": "sha1", "Tag": [ { "name": "DEV-0665", "colour": "#11A24C", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SMB Spreader", "colour": "#C78C7B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646950959, "uuid": "72079700-000c-4709-9e3e-318dd44be65f", "comment": "Malware payload", "value": "0924419c471296ef8bc1053fd11c687bf31feff4309b1b99bbdd1229e32dbf60a5773817c5b43c80b045fe3ee1d0a1dc", "object_relation": "sha3-384", "Tag": [ { "name": "DEV-0665", "colour": "#11A24C", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SMB Spreader", "colour": "#C78C7B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646950959, "uuid": "632fd29b-48e6-4302-b6f4-147be6d2ef7d", "value": "T16D74AE11B8C0C071C17B243529B4DBB21D7CB9701A71A99FA3E8197E5FB81C2AB35A5F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646950959, "uuid": "690c63ad-dbd1-419c-913a-1afa4328e5a3", "value": "0802be27b58612f1b2648b8a57d1acfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646950959, "uuid": "0733f7b5-42a5-4da2-9d61-cde0239fe5b5", "value": "6144:zB0WZ3twfUMDH34YslWeXEuS0dOIB9LcO1bJ/fKtn7eENm2eK7mnoUSgpAY8ODcV:lDRtSUMDH34DlWQEuS0UIzLR1NXKtn7f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646950959, "uuid": "027eefbf-3813-4116-bd0b-b2eafc54254d", "value": 348424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646950959, "uuid": "77c8f085-391b-4e6e-892f-87e4dd182ce8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646950959, "uuid": "3edc24a1-cfc7-484b-b925-be657214ed93", "value": "5a300f72e221a228e3a36a043bef878b570529a7abc15559513ea07ae280bb48.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0731071c-a00c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646873406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873406, "uuid": "3b2e0df9-38b4-4057-a0e8-f1d6ee38c73f", "comment": "Malware payload (Mirai)", "value": "e9fa3ce18b7e93f706a8675d3928d64d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873406, "uuid": "ee600cb1-bb94-4bf7-846b-d2816763880a", "comment": "Malware payload (Mirai)", "value": "5b3f3eb7906f295f1fa34835e4cadd29e5c392da753756829c1d4992be4181b9", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873406, "uuid": "51748edb-8502-4bdd-a03b-5fca815fb90e", "comment": "Malware payload (Mirai)", "value": "7bf070ddc4008e841dddf7778db6499b029fbc5d", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873406, "uuid": "c0f3a46c-7a6d-490f-9786-342552511b83", "comment": "Malware payload (Mirai)", "value": "d9ba6e9638b06f12357c0a96777fc0cfa5899f06f675522e4c4ccaac9f655f38996e1c70f155bbcf9bd8363eccab8e30", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873406, "uuid": "b893c73a-0e09-44c7-ac53-a0809a907750", "value": "T1EBD22A95BE415603C5C25177FF0E43487B2B079CE2FA33079A2AAF613787A660E2F516", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873406, "uuid": "2fc8fcf5-8f7b-4558-b7ce-f8612c229495", "value": "384:oRwE+NIyZe87xMzvKUy7zbBih3xGIbtUOPAlznEVnFx4enHY2XwTytiXYfHeP:oRCve89MGLihbpPAlwVI2wv+I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646873406, "uuid": "7b1b5814-85e4-405e-b09a-8c8822e37f35", "value": 29808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646873406, "uuid": "056d37e9-4fa4-4ccc-be82-c628bb6f018d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873406, "uuid": "105365bb-fdcd-4075-9132-d17c321284de", "value": "shloop.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59a90b93-a029-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646885999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885999, "uuid": "aa306b56-04bc-4247-9c6e-383ffe0368b6", "comment": "Malware payload (RedLineStealer)", "value": "761047795a9ac0774d6fe5451778a1de", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885999, "uuid": "7206a08d-dfdc-4831-bd97-5c8e0b533c5c", "comment": "Malware payload (RedLineStealer)", "value": "5b43720ddaaa16ce402b741be6a618fbf87f447b659e0ca5eec2076abacdc6e1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885999, "uuid": "23124fcf-a68d-4397-8819-16bc3c99c89f", "comment": "Malware payload (RedLineStealer)", "value": "8c63cdf6213eb3c3bf305b0052aedda29491d2cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885999, "uuid": "409ffb3d-0ddd-4aca-8114-4b7924003d75", "comment": "Malware payload (RedLineStealer)", "value": "0bccbd0267ed04ae3e765e6bb859477689b292e4693761a154136a016047e1b8e1e48058188e6153c8fd910fac39b32c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885999, "uuid": "3ed7f906-c43f-42ad-8d76-11b072fbb6ae", "value": "T1C9C4237FE5C8ED07C10A423043A17A6667840514C9E4E1ABB3BD8F839E6C5E3BD5A76C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885999, "uuid": "66c990b5-a5ce-49cd-bea0-d46780c032e6", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885999, "uuid": "4fa0e40d-1b7c-4620-8c96-1e8f7a0b9b9e", "value": "12288:Yp8NpxnTKiAvQ1c+OF/CQS03ULaHNqrxlKIQNotlB32caRj:VNt7C/CkEaHNYK3yX3kj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646885999, "uuid": "26d62021-3ada-4043-9aac-2c2955323908", "value": 569856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646885999, "uuid": "5d1235c7-b5bd-438e-88e8-2b11cfa78aec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885999, "uuid": "cd0e74c2-ca69-421d-8e23-8869fe3768fe", "value": "maybe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8642dae2-a09b-11ec-9275-42010a9c0029", "comment": "Malware payload (BitRAT)", "timestamp": 1646935037, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935037, "uuid": "35c8b627-ae52-4ce0-82e9-c5c6338ddd20", "comment": "Malware payload (BitRAT)", "value": "337687dbf3318704ce4dfbaa239994fc", "object_relation": "md5", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935037, "uuid": "bbe9e46a-7155-4ebb-818b-41c396a5a74a", "comment": "Malware payload (BitRAT)", "value": "5b61898d6d841d8ad78100951f8ac1e47a0b3f5002350a1539f8a4a824bb4927", "object_relation": "sha256", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935037, "uuid": "6a882ad5-6d8c-4a70-bdcf-754c9f759438", "comment": "Malware payload (BitRAT)", "value": "305e76ce2bdb2e397e70f83d82b541c4b69c89d6", "object_relation": "sha1", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935037, "uuid": "d20cb841-3751-41a1-a3b2-551a2112196b", "comment": "Malware payload (BitRAT)", "value": "2ac3876a70c04507fae56f2815d5d0f5aeff0ec266c34dc2cd629182d239c4780d122d690ff7cd65be28048be3836093", "object_relation": "sha3-384", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935037, "uuid": "5fe0c85a-2e36-4d27-b760-fbe2c5073946", "value": "T11F9533BA37C53BE4DD15A2FD98E20791C33C9664852D0713C7A5E944E983AACEC6390B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935037, "uuid": "72279599-08bc-4ee3-b2cf-d072fc72d9c9", "value": "49152:d2ClwcRI8u1dC1ww1KE4NGAvJ+t95ccroGW8W:3lwac125N4AQct95cc8D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646935037, "uuid": "06b9971b-0aac-4ec9-8ef7-42c908bbec38", "value": 1934480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646935037, "uuid": "20f6e214-a23e-4224-87e9-46b61722ec6f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935037, "uuid": "ee3d1a76-dfda-4756-99ba-747f3aa0986a", "value": "Invoice.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "678d9091-a066-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1646912222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912222, "uuid": "1350ec32-3cad-428c-b69f-acd59cc4ec2d", "comment": "Malware payload (Quakbot)", "value": "c33e8ea3f9b057a000c0bf4b603297a7", "object_relation": "md5", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912222, "uuid": "f6140814-9394-4faf-9a1c-19574b980912", "comment": "Malware payload (Quakbot)", "value": "5b777785f638b27254030c85cc845e9807c68db142c457495362723865489d41", "object_relation": "sha256", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912222, "uuid": "3cb1f681-37f6-4808-ac67-e9d6b8a7c4b7", "comment": "Malware payload (Quakbot)", "value": "3036b5a4f0ca84fbf6df6bfc24f8e8affd8b530e", "object_relation": "sha1", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912222, "uuid": "b86d63d6-d386-4f86-953f-9bfa6874b7a7", "comment": "Malware payload (Quakbot)", "value": "d9c92eb59d5a62482bb7e8f307a3d4966e665bf75deb3748af77b6a033884010d8faee21b4ed75b600967bef6d0b1b18", "object_relation": "sha3-384", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912222, "uuid": "30a6d9d3-d0c8-4aa9-afc5-77d4eab33396", "value": "T13634D092859555B6D1EEAB7023424CD1C1BF306AFC0AE816178353FB3A022F76D992FD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912222, "uuid": "c08c8656-87c9-4331-8a23-9d05c01aa8bd", "value": "3072:JV5YTPZav/2I01sV03b5R228Driy4EtLa/3WumKrDMzzwJS/wiv+jfcxmpOX3gLw:JV5Eusjr222+yXNQ3MwwdofaVE2/R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646912222, "uuid": "319113b9-99e4-4192-9ccc-c303d8e149da", "value": 239374, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646912222, "uuid": "065c26a7-939e-4536-84c0-57f6a6b60f0e", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912222, "uuid": "ba881131-7547-4e31-8ea2-087440555c84", "value": "dsibaiitilnaqu.xlsb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "466f8657-a066-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1646912167, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912167, "uuid": "b76d465a-a39c-4e97-b601-4f4291b5c5fd", "comment": "Malware payload (Quakbot)", "value": "8899d0c3e22730bfe92d66a9be16add1", "object_relation": "md5", "Tag": [ { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912167, "uuid": "64d8687e-5c3d-4f07-b752-dd12c5d7aefa", "comment": "Malware payload (Quakbot)", "value": "5b7c3b8412aa0b4bd317008e7fad8d93decdb9ff3bce11346364d83bb2f39ee2", "object_relation": "sha256", "Tag": [ { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912167, "uuid": "011ab3a8-42b7-4e88-852b-a1159cb07914", "comment": "Malware payload (Quakbot)", "value": "f5214bc26f57a330a19491f0e2f15f9c162b7a7e", "object_relation": "sha1", "Tag": [ { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912167, "uuid": "41dcbd8b-6526-4c2c-9e2c-ee08188d4fec", "comment": "Malware payload (Quakbot)", "value": "277e7411d163db39e0df42f347ba1a719e6877f3cad188530bb3593dd1df314aba883598b9491cbf08cc3b0a94f06cd1", "object_relation": "sha3-384", "Tag": [ { "name": "tr", "colour": "#C839D3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912167, "uuid": "8977da86-b529-4acc-b491-8cc10c0a2a58", "value": "T1232423508682B79A785C5C1BB7AE01E6B739CD81B9CF09C65C84DB7E3973B32CA4441D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912167, "uuid": "adfc4074-6240-4fc7-bea0-ceb5ed43a0d4", "value": "6144:PeBKt1ZfdXg6TJiX7Lp13gYKUwcpg2Dro8Ji0BcYubmt:yKplXg6TC791FKUDpg2H9JiUsY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646912167, "uuid": "c0ac646e-6b72-4e12-9623-e2a932e1d451", "value": 218955, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646912167, "uuid": "b1bfe246-e556-442e-9ebb-0f0a3dd32b46", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912167, "uuid": "db04171f-027b-4212-bf9a-fb8217642249", "value": "dsibaiitilnaqu.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a35c265d-a040-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646896002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896002, "uuid": "3bc0ce4a-e793-4a03-bfe4-4007be6aab75", "comment": "Malware payload (Heodo)", "value": "110f05646abf0c483b53019e664c6c21", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896002, "uuid": "dd733966-60ae-45bf-be39-0a47ad1ea329", "comment": "Malware payload (Heodo)", "value": "5bd596d98d2f49f22a480c3a0a3d78c81bc4214ead15cf1e069d20aee8b178fe", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896002, "uuid": "1eede117-f190-4b58-a977-089ff097a552", "comment": "Malware payload (Heodo)", "value": "c6fb54ff71b2b6fe0ffef9a373d45b79a66da8bc", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896002, "uuid": "bfee2581-370f-45e4-98a3-bd8c05a01d00", "comment": "Malware payload (Heodo)", "value": "e993a7bdf4caddbbb74a18f07b0e2347f7004c2942ab652e9dfddc255e9bf063590b80078a1993188f8461ccb5c8d2a3", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896002, "uuid": "3851ee63-ee67-4b80-8706-cb7e6952fdb4", "value": "T13A514421EB78EC84436E369029191CCF30B56B636BBA5D28ED7618291D14696DF0F94C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896002, "uuid": "c23761c2-5bd1-468f-88b9-1bd2bfcd8c45", "value": "48:JGpS00/b55xKSUmqrA98EnoXzPFURAr64KsRbFlyMtxxUR2F7O4YMF92JLb8x8n/:kpe/HxKHmKA9FoDPlrk+xz84YkwkC0TS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646896002, "uuid": "30c4bebe-be4f-4242-8ff6-4d4eb0e1cf61", "value": 3036, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646896002, "uuid": "b014a4a9-4257-4031-9b8d-554c7f9fb513", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896002, "uuid": "443c6c49-2ae6-404a-8546-5f95da048f2b", "value": "emotest.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffe7a96f-a06b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914625, "uuid": "41429212-6c98-4bfa-8a3d-75a00b4957c4", "comment": "Malware payload (Mirai)", "value": "b84113435f162edb9bddb38f5f7abfda", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914625, "uuid": "d78845e4-1bb7-4c24-9d09-41cffa434ce6", "comment": "Malware payload (Mirai)", "value": "5c048f538672dfcd76c8ef18470a4b58a4f80f4dd2cca2d6beefb0b5b1f25623", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914625, "uuid": "c15c17ee-aebc-4367-b11c-3754f383f05e", "comment": "Malware payload (Mirai)", "value": "c6805e922615233095514801522c5478dec4b213", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914625, "uuid": "e531a593-13a9-4fa6-81db-ceb796e9cb0c", "comment": "Malware payload (Mirai)", "value": "a6b4ba946b83f266129485c03a8d944956af142cd2c71b76bbffc57d49dfda764b09d43559da3b117076e37833b7e98f", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914625, "uuid": "edd74bb0-8484-456e-a105-fbc43d6a03c4", "value": "T14DB33B376251C97AC08356F426EBC5729D13BCBB0B32319A33D47D60AF368DA1E99B05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914625, "uuid": "d4562e53-7b1c-47d1-826d-6ba63bd50120", "value": "3072:kiry859a2ADJf9wHYqbgFFo8+HeA9+TRCm7FnVqfJXFWbNb:T9a2aLqkrMwsm7FnVqfJXFWbNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914625, "uuid": "201b60a3-4826-400a-a2c5-32dd51e9af71", "value": 116503, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914625, "uuid": "356d30ae-c48e-4627-a49f-6cadfcf096d3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914625, "uuid": "9cff5ccd-3c99-4b8f-9556-494f9b1c46d9", "value": "b84113435f162edb9bddb38f5f7abfda", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56ea2723-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646905322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905322, "uuid": "e4bf1c70-4a3a-40dc-8b77-871a2ec56486", "comment": "Malware payload (Heodo)", "value": "c398bc9f188ab08544735190620d65a2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905322, "uuid": "03da8130-610d-4dc3-8396-9c8a9ca12929", "comment": "Malware payload (Heodo)", "value": "5cdd027746cb391fb862077f2b59ef00d787ad5e95d3d38f86ec558f03303263", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905322, "uuid": "153cfcbb-0139-42dc-9650-3f558b49d83a", "comment": "Malware payload (Heodo)", "value": "ecd12017eb3d36722ce4a068f1860e58bf796d6a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905322, "uuid": "cf4d3535-4cfc-4daf-89ef-0f26d3b1d897", "comment": "Malware payload (Heodo)", "value": "82947995780e02ee8914e21175dc0ce8922611bac0c56153c9284f5f65110ac09ce4f5aa7065b001ac1e1db477464dc6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905322, "uuid": "6b78e3bd-7cf0-47f8-8057-9bcb38a92245", "value": "T1DAD46B2271DE4073CC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905322, "uuid": "0d7fff08-1a7c-41ad-8b72-98b0bb6d5014", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905322, "uuid": "f673ac89-491c-4aa3-a48d-732f8c694b14", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAd:WRO5DDUmhnspspsqi022/OByw+iVifMI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905322, "uuid": "5ca0d5f4-40c5-40cc-b67f-d43d61f03f5e", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905322, "uuid": "98aefa9b-bc7e-4684-a300-6ad18e318870", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905322, "uuid": "624d8938-5515-4147-a2c9-59671fb8ae07", "value": "c398bc9f188ab08544735190620d65a2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f09508e2-a05c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908157, "uuid": "f7f305ad-7c39-41eb-b772-e551455a079a", "comment": "Malware payload (Heodo)", "value": "b8b4e7756afa089fa0fc41712bc35420", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908157, "uuid": "8d0db59d-31f5-418e-ba2e-1b5551fab0a0", "comment": "Malware payload (Heodo)", "value": "5e68d6c4038553d03ef0d24c0d6b774b18356cf52fe8885543dcc92f7f8cd76b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908157, "uuid": "6507b01d-3ec2-42cf-899a-2b6d2a87f0d7", "comment": "Malware payload (Heodo)", "value": "7e9502ad456eca15ffa0534d625c38b099f6443d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908157, "uuid": "0e93d6f0-782b-4d9c-8f55-718057e2702b", "comment": "Malware payload (Heodo)", "value": "b57ed8af942126a8f76f2d56a8b03b30337a0c754e4a02dde8f4859aa29fce2193e14a528fff91649d3c344234acf582", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908157, "uuid": "bac9de10-0d39-47c1-a40e-bca01a005de4", "value": "T1DDD46B2271DE4073CC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908157, "uuid": "db734e2d-014c-4119-bdf8-488d192503d6", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908157, "uuid": "78ba3c26-d19e-4c06-9b60-91f5e5cec855", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAh:WRO5DDUmhnspspsqi022/OByw+iVifMc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908157, "uuid": "9c9317e5-7396-4f14-a28d-2e6fd80b8bee", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908157, "uuid": "3a98fed8-5893-401c-bce2-4384d7c92675", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908157, "uuid": "f2535b35-9252-46d8-8cd0-6198a4ed3480", "value": "b8b4e7756afa089fa0fc41712bc35420", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c6235f6-a02d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646887803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887803, "uuid": "61189e28-da7e-46a3-b3fe-7de88ab8cbaf", "comment": "Malware payload (Mirai)", "value": "4a6d5988e8f5488e998554deef239170", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887803, "uuid": "311c61f5-9a9f-4fc3-a483-f7515d1f3c1b", "comment": "Malware payload (Mirai)", "value": "5f9468fbed6b0d02c24afc9f80ed5c7c7a9ddf77113f61279b8874f880c14409", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887803, "uuid": "8f9cb4a3-3b57-4763-b629-9584db9b5243", "comment": "Malware payload (Mirai)", "value": "c5c0626705ad5edcf01a4138d27c1cdf005631d3", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887803, "uuid": "427b8d7e-966b-4917-b54c-4fb6e4c19286", "comment": "Malware payload (Mirai)", "value": "757f32d1da2df065914e4f5bcb674b74f91cf76b6648cc6cadc8db3155548c36f2e719660c2b3e2ed2fea84fbaac4920", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887803, "uuid": "19f6e9f5-8f0c-4cf9-8d65-9652889268b1", "value": "T1C3136D177141C0FDCCFDC2B45B8AA63A9DB374781361B69833D4FA26AE9ED212E1D105", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887803, "uuid": "c1357824-5daf-4f9b-8cac-d6d0d1e294c7", "value": "768:TVjbvFPyS61U0ZjUYYuuGb8J5Yk49FIicxYl3+kfJIK:Jwj1U0ZjUru6J5Yk48vxUfJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646887803, "uuid": "dd1e713c-3367-4731-80e1-1cb7642f73b6", "value": 42528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646887803, "uuid": "bea6c79e-b522-43bc-8e46-98d6fbb4845a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887803, "uuid": "61ec5940-736d-4202-b34e-87e05116bcfd", "value": "WW9mdWthc2hp.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "165f6af5-a03e-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646894906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894906, "uuid": "7e20ff02-4499-4a7b-bafb-713c925c16dd", "comment": "Malware payload (Loki)", "value": "1fdd2d4fe4146524b5eebe4da095feb3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894906, "uuid": "bbf3868d-985e-4513-9064-d5168682f458", "comment": "Malware payload (Loki)", "value": "6004ec071c2ad10414db0bfa10c40b05535281cbf01b8b77d0799670bdc8b0fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894906, "uuid": "290814d2-4fcb-41da-87ba-c2f416716ebd", "comment": "Malware payload (Loki)", "value": "f0b17aed3e7ccbf7e1c4ce2bd521a398761962e2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894906, "uuid": "dd47d843-3f83-48a2-93e5-a3b021e42da8", "comment": "Malware payload (Loki)", "value": "0094a853443c231555cbd5e5231466d8d9f643112d25b7fbac786e19595c843768d27c1263467f24494b8378d1e1fbe2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894906, "uuid": "3c9956ef-de95-4678-90c8-85bfc2d7a02b", "value": "T1D3642352F2E584BBEAE4853886735776EFF8891402B52F03A7701E3E2C695931C52F92", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894906, "uuid": "5f0b7dea-27ad-4419-8e78-3c06dd826b7b", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894906, "uuid": "bdeaa751-8297-4e3e-aec8-ccd238a0bea5", "value": "6144:rGid6B0QB/XVy83YRtW1sVpsjJSbOMUX95bgsbCKAb49Zvo7ZtvH:sB0MB6tmsVpsjJSq15EsDAs9ZGLvH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646894906, "uuid": "2b386963-7056-4da9-8c50-2892d09d95f2", "value": 310108, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646894906, "uuid": "052f5f58-f8e2-4c77-b433-66c6b57d54b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894906, "uuid": "89aabafd-b771-4bef-98f6-b973106b30f7", "value": "REMITTANCE_PROOF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f8aa4b7-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903672, "uuid": "85bbbebc-61ae-4297-9ec9-5d2942960d76", "comment": "Malware payload (SnakeKeylogger)", "value": "60d701616da0e5db2aff024188e423f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903672, "uuid": "17a2d06d-a440-44de-8678-8b0dace876cf", "comment": "Malware payload (SnakeKeylogger)", "value": "6066fc47ea6bbe1a4697b2d14e537e244cde2df01a94f57d343f6e846b4e87c9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903672, "uuid": "6ec30221-9ab1-4d7d-8eea-e3f6c6c2551a", "comment": "Malware payload (SnakeKeylogger)", "value": "9ced0e5a1aed00c4f4c8dc6066dbaf49657620ae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903672, "uuid": "8080bd98-1f9c-4b71-b63a-b0028775671e", "comment": "Malware payload (SnakeKeylogger)", "value": "d8cf693dd6ec0e103cd628c2f861fd7581a4637e7d8d11f285774f4e8146f372347b82fcc01066ece656f21335b3f747", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903672, "uuid": "ee122d25-86c9-4b36-8f7d-1229bf7b84d8", "value": "T1B3F4BEE0EF1887BEED14723EC4A818B00DFA2A9D3411BF1E968D11DD0967ECF45A652D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903672, "uuid": "afb072ca-48c3-423b-b3c4-988c73c49162", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903672, "uuid": "3d3de38a-d4fd-467a-b244-a94bcab55fe5", "value": "12288:WNx+F7i/JX66Euv65cq5bgF+yHr6zXnpJe263S5BM+D:WNxui/96Nunql6+yHkpUO5BM+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903672, "uuid": "395ebc1f-72ac-41ea-874d-63527bdb85f4", "value": 792064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903672, "uuid": "01ed736a-d4da-4556-a2af-2c8d4844a287", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903672, "uuid": "604ecd98-4959-482e-9e27-d4e06e26571a", "value": "HALKBANK.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba505bb4-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903771, "uuid": "51478e45-f66e-4844-9621-14c5891642b9", "comment": "Malware payload (SnakeKeylogger)", "value": "4024464344d3724472fede9373b34a22", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903771, "uuid": "226a0300-b444-4836-aee2-bb53cb9c98ea", "comment": "Malware payload (SnakeKeylogger)", "value": "6097f9b43dada40ad135176b107251bb97d307d84e6eaf44a5d1585a3fbb33d6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903771, "uuid": "963e256a-865c-4466-a9c9-61dfa0a8e5cd", "comment": "Malware payload (SnakeKeylogger)", "value": "e6f0967c4560aba82bc25e776190fae578dd3548", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903771, "uuid": "409d09af-7757-4374-9e96-c2544766def5", "comment": "Malware payload (SnakeKeylogger)", "value": "281e11021ae34469baee34427f78f33e5a79382a392bc1a5aa1a4b875e46637141a02f3e318a1b0b4e2b22521b8c3781", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903771, "uuid": "af7a603a-d2e3-4265-835b-442dcf4a6215", "value": "T11EB4D009327646C2EA78E7784C61550CCFF5EE26D34FF2BE7C86988D10B4B4B0685DA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903771, "uuid": "80aca39a-4d4d-41bc-9c8b-d16b0ec21bde", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903771, "uuid": "236db2e7-15df-41db-ab67-d9bf99183970", "value": "12288:0N4RUcZ64xJEEEEEEEEEEEEEEEEEholUI8s0sxtvgaxIqoauFbcFrTLg7Ku3:1UQEEEEEEEEEEEEEEEEEO2U0+iq0FbWG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903771, "uuid": "d6821c24-d164-4eea-b205-b05401712ded", "value": 503808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903771, "uuid": "3e209f17-1345-456a-a91f-61467c9ff133", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903771, "uuid": "8845b096-8ffb-4699-9b14-dd43e2be111b", "value": "SLK-98766.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a761be22-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903739, "uuid": "94643b8b-e6bb-4d38-af76-34bffc3033f7", "comment": "Malware payload (SnakeKeylogger)", "value": "354d74e6c153f03de4f78a6d3e4b888e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903739, "uuid": "a20c85e4-2eaa-431d-9574-0751342cc8fb", "comment": "Malware payload (SnakeKeylogger)", "value": "61f080e41e7c79e1e4e33a80ae88c8aa649afc26fec30b2b7b07d2599afe6fc3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903739, "uuid": "8ebac2b0-17b4-40fa-9442-33ffa4427819", "comment": "Malware payload (SnakeKeylogger)", "value": "eb40bee18907d3f19d47bcb50c71e6e4afafd677", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903739, "uuid": "db5ae34f-3b52-4f5c-9278-f0ca3bf8e692", "comment": "Malware payload (SnakeKeylogger)", "value": "ad6f536209445df9b14ba45bb9f6680ce195143e11dcc741ae85af19027e41108776063acd9f7bf9e67bcc18faf1be08", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903739, "uuid": "4e954d48-f87c-4f79-b28c-dccd11bd4cc2", "value": "T15A356AD270E5848EFB374AF17F99F86C1497FE6B1468100E119A7B2711B334164AAF3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903739, "uuid": "6db2bf8b-3c47-4b5a-912c-188a3abf81f1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903739, "uuid": "9ccd2d74-ebda-4ea8-b94c-45a215125c1b", "value": "24576:ID5kpv96ZCiOvceNxiBjKZiiOJnVRRWV:ID5kcEvPNxybiOn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903739, "uuid": "010dcd3b-3d3c-4792-9205-c427e2d89c26", "value": 1086976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903739, "uuid": "e0ba0447-36cd-41c8-bb54-7db03a84ae90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903739, "uuid": "63cc279c-f9a2-4910-8861-1d3847359c04", "value": "PO_287104.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7ff75ea-a0c1-11ec-9275-42010a9c0029", "comment": "Malware payload (N-W0rm)", "timestamp": 1646951441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646951441, "uuid": "9c93594a-9d40-43ee-9878-cfa5b444b952", "comment": "Malware payload (N-W0rm)", "value": "a4a4e25eeb1021b9e19f4ba6922d73ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646951441, "uuid": "365c4e70-80b3-4328-a56a-f4fa31b3a781", "comment": "Malware payload (N-W0rm)", "value": "62e2a9186c1fab1693c2db86b723cbfd4d51accdd03d6baa324f1e02e78e5913", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646951441, "uuid": "bb934b56-3b8f-4889-aa55-a2e0fba450e5", "comment": "Malware payload (N-W0rm)", "value": "8c5acb562c8aabb51dc7814b1261e3f7af4ab1c6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646951441, "uuid": "d946139b-ccdc-4d66-bdd3-40ca6dee5f44", "comment": "Malware payload (N-W0rm)", "value": "955411afda73e75b7ee85a06da64b0c48517676b73034e362b6c3211085645fd873232baf3f5d505da4e8b97913f9f33", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646951441, "uuid": "31d61a2d-74c3-4dde-8051-51dca0dc94a6", "value": "T17C5633834B65D58FFD76DEB0E24469B2B43FD17D0E38581E6784E42F6D861B2AC28702", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646951441, "uuid": "e6aca724-3479-49c5-901f-3729901eb352", "value": "c05041e01f84e1ccca9c4451f3b6a383", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646951441, "uuid": "6f0808d8-e4c9-4be1-8e48-3d3e777bf36c", "value": "98304:Jgetc5LSDOk9yCpMB4KNUEuDw44o++Ig3O8ZN2XO0bRZ5sNWJjbt7+CKcUVZ/itk:JPwYxyCOJNUnDflIUO8y3NMNW77tKHWC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646951441, "uuid": "4dd8bea1-068d-42cb-80b9-72fe27967aca", "value": 5990947, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646951441, "uuid": "3b1479ca-9d33-4358-a5ca-bc1cc4e425a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646951441, "uuid": "7f93f8de-e28b-4370-81e4-69fd1e0884de", "value": "a4a4e25eeb1021b9e19f4ba6922d73ff.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f1cb7b9-a06c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914678, "uuid": "68fe48a3-804c-44f4-9a44-efad6e278942", "comment": "Malware payload (Mirai)", "value": "fe7d533b709cabc47a25faf65ed86c9d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914678, "uuid": "3c3b1887-5656-4bc8-a7ba-04bf87224fd3", "comment": "Malware payload (Mirai)", "value": "6411a828f023be935730023e2b3bd19843106557a4a8c7126ffb4f7b16383ffe", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914678, "uuid": "11f99786-2ed6-47da-86f6-754d7330c8fc", "comment": "Malware payload (Mirai)", "value": "31b360fefe10ecce85d03a394654d9a530b4223c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914678, "uuid": "f9f5ad2b-7775-4793-8669-9738ff20ff58", "comment": "Malware payload (Mirai)", "value": "856ee799f3eb5cc9a4e09a8fcb84ba7dd5d59f7b90f22607d9b21e1f9a18ea4a8ceee906278e64a8d3e0b02ec2f8da46", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914678, "uuid": "dea3f132-c3bb-41ef-9bd6-2eae7aa97f42", "value": "T1DDA3F872E643CAB2C4430AF201A7DA6B0D21BE6B0A7A5A85F31C7CB09F334C57655F59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914678, "uuid": "5e18f397-8993-4bca-b0da-32a9eb1e4662", "value": "3072:wW8FUmgujld6Mkxm6AJ+4f/HmmFVcqq0GnDZT:wJFv4Lm6AJ+4f/HmmFVcqq0GnDZT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914678, "uuid": "ae98ac6b-12d3-415c-ba62-2ed42937e1c7", "value": 104138, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914678, "uuid": "69ca069a-5357-407b-a079-715ca64bdf1a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914678, "uuid": "d4baf5dc-abfd-4c50-aefd-b7b588c1ab31", "value": "fe7d533b709cabc47a25faf65ed86c9d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7015e1d-a082-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646924381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924381, "uuid": "5c677646-1cea-45ab-ba88-f935abdbf19c", "comment": "Malware payload (Formbook)", "value": "c01247f8ded7c1c2045f6c1f55a22e19", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924381, "uuid": "9b760f86-7263-4cb4-8d58-f913c096b2ba", "comment": "Malware payload (Formbook)", "value": "6635b0ae18d4c64088f89f63840e22bfbc5361df8c1424aa92b8cbd44ac5432d", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924381, "uuid": "01f6c50d-2943-4f56-bc03-c123eb4767fd", "comment": "Malware payload (Formbook)", "value": "bccf8a84d2fe6844806f8f3170be316fd1f389ef", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924381, "uuid": "e2cc254b-fffb-4f38-8322-6277d1b83437", "comment": "Malware payload (Formbook)", "value": "f126eef0b1187e4b9defe6994305107e17a179f6f8cb0136d523c81488a19b6c640605778f1d4d1e44aa05c3658efee2", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924381, "uuid": "376bd3b5-dc4d-4371-9e51-261e3b85c5bb", "value": "T1AE1402D4B62DC0C9E5A78FF80964BE660B33FE516C285396EB9437385CF51971C288B4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924381, "uuid": "ab55ccbd-0119-40ec-990e-5ae475f82b75", "value": "3072:gh7ErqgJ1FQNjWX6Mg74Kekeqx5MycBIfvi+iPD3fDWBjFpwDbT6sNAum:YYqI16NbekjzM2fLK3fYDwHusuJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646924381, "uuid": "62b33aa8-b44e-462f-a6fe-fbd001dda684", "value": 190952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646924381, "uuid": "c52c1b93-9c8b-47b6-9652-72747fdc87e1", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924381, "uuid": "427d2b73-e240-4944-85df-0d2fa19c00e5", "value": "RFQ#2761516.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b5e1c26-a0a2-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646937891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937891, "uuid": "747ddb40-b2a1-4a69-b5f8-cd7fc6035c49", "comment": "Malware payload (Formbook)", "value": "5941178515977e19c56165897c001dfa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937891, "uuid": "cc1c3501-d793-4ec0-bc1d-1770c54bb806", "comment": "Malware payload (Formbook)", "value": "67435ee3c6fd3d272c004256f34020df37fb93fd33c18720053b9d2c1bb19b67", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937891, "uuid": "24005eba-1e22-4f05-af35-204f440d6c34", "comment": "Malware payload (Formbook)", "value": "82bcf7bf06e7d95867d9a6a36b25eb7af602f4d8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937891, "uuid": "0ac90e61-5734-4e58-9664-0801d7c02530", "comment": "Malware payload (Formbook)", "value": "c460a3b28148529abbfdb1a6d135320e6b2081354988306b7d1d36a6e6342242466ea9885b7cc82d095798d2aeb2c4de", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937891, "uuid": "f69c6f02-8689-4587-8425-888c975c6645", "value": "T1A6F4CFF0EE18C3BEED14723BC1A859701EB55A9E3420BF5A914D01DD0A67ECF19E612E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937891, "uuid": "56ad0ab0-8f14-4db1-aab8-c60b6735d94f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937891, "uuid": "7590af31-0959-44d6-a671-88fb57b29d79", "value": "12288:xLx+tmKMKwGA+xueML8z81l9tegCTlgl1r8M0sJndRDmR2Muany7oe:5xWpwGvunL8zYElK1csndlMi7oe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646937891, "uuid": "bab77371-95b6-4d50-ae54-90c07d93db5a", "value": 778752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646937891, "uuid": "62eb6b55-00c5-4e0e-bd76-8f15df598a1b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937891, "uuid": "c0715cb6-143e-4ee9-b5c7-db74a4fc0662", "value": "Due invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "beb7df81-a04b-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646900772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900772, "uuid": "4bd1abf3-7071-400e-92a1-a3ebd2bedef5", "comment": "Malware payload (Formbook)", "value": "7c7fbd00021dd8938aecc47c722f0f96", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900772, "uuid": "6d0be84c-f747-4797-887c-983349388ab4", "comment": "Malware payload (Formbook)", "value": "687269adbd2c39527574f47f87e641e50e1b0f76a7595e16da138ddb23934a1f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900772, "uuid": "c1e0e2f0-3b66-4c1b-b562-056efcfaefe8", "comment": "Malware payload (Formbook)", "value": "a56421f665ae15690b587a18be50399fa2b64d25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900772, "uuid": "01891aaa-d701-4ad7-b1ec-80b1927003fd", "comment": "Malware payload (Formbook)", "value": "d5165877ce596961a55e88fe492f0c4e9cf38527b819505f4c326f8f0387f435a3ac912f4cedb04d368a8927bbf0f746", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900772, "uuid": "8d2f393b-671a-421b-8c5f-02832c60d08d", "value": "T1A1F45BAD316075DFC867CA72CE681C68EFA078B7830F9217905715AD9A6C99BCF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900772, "uuid": "2d6c7e8c-ce5d-42a6-af89-c368737fda47", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900772, "uuid": "605bedad-ac92-42af-8f15-5eb1976be42a", "value": "12288:FUZAJEEEEEEEEEEEEEEEEEholUI8s0WODT+bAQQ2c9n8oJITcmWmwldsnKOQHPXO:FVEEEEEEEEEEEEEEEEEO2U0WYU148oJX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646900772, "uuid": "2008ed35-d881-4f5d-8a50-440826d3f142", "value": 737792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646900772, "uuid": "b35517cc-3347-4ea0-b187-b16c31778c20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900772, "uuid": "872e937a-02eb-4979-960f-022c8b37c7dd", "value": "INQUIRY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad94f9b1-a081-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1646923936, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646923936, "uuid": "e29e0cf5-e29d-4810-8906-ce48ca71ea4a", "comment": "Malware payload (RemcosRAT)", "value": "0efdd4a37c10133109cb7f456ea5bc88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646923936, "uuid": "493080dd-e756-410c-a64e-493eb96cb81a", "comment": "Malware payload (RemcosRAT)", "value": "68a0057f18e9c4b63ba1247db4b21a83cc3a2adebac3dacff282a4577b35dc06", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646923936, "uuid": "944ab69f-d57d-4ac3-ad65-5d1389290317", "comment": "Malware payload (RemcosRAT)", "value": "aad6540d08dba6d83d6240dd7042290b84c847fa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646923936, "uuid": "e38b00e5-8c41-457f-b14d-0617cdbbea59", "comment": "Malware payload (RemcosRAT)", "value": "57652ee110728046a3267f99eaf6cf569cd6fe47a6fb72a957e7ddeec2cdcee9fe232f2f44736001351cb140cd5fd8be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646923936, "uuid": "656eda75-95c8-4724-92d0-91ff3846e5be", "value": "T1E645F1033F95C949F1D966B3C5EF51040BB4BA55A6B3E32B79A8337D08113A17C0AB9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646923936, "uuid": "33273636-bf4a-4acb-8014-3d7d527f16b6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646923936, "uuid": "cd5ad181-ed5c-4fff-a98b-e61916e18d97", "value": "24576:j0P6O1s9rpIZghY0wE2R61bOXCeH+qk6DX0CmrPx3fMma:a31s9djC61CXCeerS4Km", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646923936, "uuid": "f92aac43-2f5b-4633-bd47-ffd9b53ec724", "value": 1243648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646923936, "uuid": "55b6a609-971c-4dab-9f5a-7d7e23cd1ac4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646923936, "uuid": "fed73e6e-3a7b-45eb-beb4-18af19db4b6d", "value": "SOA - Feb 2022.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7f6a26f-a05f-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646909404, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909404, "uuid": "86f478a8-f42f-4800-8ce9-cc4b671e0c26", "comment": "Malware payload (Mirai)", "value": "9382aa77f384bbab17521245d44632d8", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909404, "uuid": "9d6e24a1-5929-4cc7-a369-2dcf5397d466", "comment": "Malware payload (Mirai)", "value": "6914f0e3ef46036a54f1fa104716cba250b7196da2a83f86955fbf4f54e810a1", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909404, "uuid": "e2f33669-6c30-4931-9e96-828138cde961", "comment": "Malware payload (Mirai)", "value": "459ab6c3b0ff9b4163df0285dc90cfaa315597c4", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909404, "uuid": "350c8b8f-11af-4adb-8748-817da790f934", "comment": "Malware payload (Mirai)", "value": "5232870814c376f3b416fc442d6961b5d07e82400719f6ff07f538df36ea9beba42dda9b8dcc4b071000f1d36c9c5660", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909404, "uuid": "a9e02d88-bb08-4514-941e-04295bb1ac5c", "value": "T1BEE33B46F6418A13C5D617B7FAAF414A33229794A3DB330699285FF43F87A5F0D23A06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909404, "uuid": "f2b1b33e-6c62-431e-a094-92b05c081a48", "value": "3072:y9OynMLQevOON3ZfB2IXOldW/1G78bxHWeXXuWeM/9ZCnkP:EOynMLQevOON3Zfc6/1G789HfXufM/9N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646909404, "uuid": "f5cce9f1-3a9d-4998-bc71-f6d394d5a0b6", "value": 145733, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646909404, "uuid": "ce4ea804-2070-44d8-83f4-7d11c8930a9a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909404, "uuid": "0a0d3809-c76d-4301-88a8-6dc377c7cf51", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfebdfb8-a053-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646904237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904237, "uuid": "7b0d5bc0-86bb-41fb-b772-e7909d852301", "comment": "Malware payload (RedLineStealer)", "value": "b59bc0d44caa3c531affdc58ac28d1cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904237, "uuid": "0dcfe405-6783-4871-a14c-4ab4cb4e8b4b", "comment": "Malware payload (RedLineStealer)", "value": "6917fedf4d0c602b19012fd46f45b26323a8798683120c6c45f2eda97b189fee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904237, "uuid": "a9eec120-e3ee-4263-8aae-68f925b02e88", "comment": "Malware payload (RedLineStealer)", "value": "ab22cd9b47b4eee6e764dd528c1e7d41aa7ab2e2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904237, "uuid": "15f8d406-cc7a-4a79-b5b2-fe4df2f3aa4f", "comment": "Malware payload (RedLineStealer)", "value": "20da6da120b1d6fdaadc9e029f80692a55f57cf602422cba07b3bcca01f57efb67a7a81f0d53203531021a6971d75474", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904237, "uuid": "a10b6dc5-fe4f-4cfb-bafc-441dbfee055a", "value": "T124F412829F514781E968117A8433DE500A21EE7EA7D48B6DB7D8F5BCDA33053CF2E264", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904237, "uuid": "e7365855-ebb2-4878-8811-9fffebbf68d4", "value": "aa1eb8c6c87523bffbde50d9058c3b58", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904237, "uuid": "37c23113-98c6-4ea2-bc0a-8b1781ce12a5", "value": "12288:11t+i9mO7FN0l5Oi7qN3ynVgPfFyZT4mNCxjTidPk61C+Wl9ZMC82b:11tBwQP0l8i70CnVnMbjTidruHMC82b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904237, "uuid": "42507291-28c8-49fb-b37a-17cbab714694", "value": 738896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904237, "uuid": "27dfc851-13ad-4398-9eff-ab6e0bac06cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904237, "uuid": "acb9b8b3-dfa6-4bd2-aa9f-7aea0d937c7b", "value": "b59bc0d44caa3c531affdc58ac28d1cc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5358686f-a089-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646927221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927221, "uuid": "018b108d-1f29-4200-845b-d5357836bdd7", "comment": "Malware payload", "value": "7082e5378cdf3d4bafcc07743cb82a7e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927221, "uuid": "9d2a617d-bf42-4068-8c4d-831801061008", "comment": "Malware payload", "value": "697b7d74d601ad7cfb533b1ad82b0cff8ad4b00000a3dbe5ddd62088a81d21cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927221, "uuid": "9f8f8065-5750-4db2-b1ca-9b0c6619e1dd", "comment": "Malware payload", "value": "e5eadc959bdd4a6efaa1b2661048951edd67dbe5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927221, "uuid": "deb5e76f-ca63-4a09-80b5-1b2c26b01f06", "comment": "Malware payload", "value": "af8838653ae33f352683cfe0d46021f4f2e404d3fc765548bbbdf17265aa6954f50ffc36f66fc4140d735b1898ef9f50", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927221, "uuid": "a9331964-a8b3-44b3-9ee3-af8ce8084662", "value": "T1BDC38D41B2D2417FE9619671845889808AEFFE323D658F97634C213ECC397E0477AFA2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927221, "uuid": "94637918-37d8-44d3-b978-67bdf77624ee", "value": "aaa0b167ae015162cacffab0e70ea77a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927221, "uuid": "bc5eaa15-7da5-43ed-ba23-dc884fab419c", "value": "1536:V5MMCnkgeOdoWzkEXu/1X9fkYL1DMlS2IRcbFStZnUG0hWD+cnO7fcrnB16sWjcB:nMMuBeMR2/NdRJEVEtZWsB1l1b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646927221, "uuid": "43523a9e-2dff-4b67-8027-08e0fa2d0fc2", "value": 120320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646927221, "uuid": "3615bcbd-c55a-4214-933f-772e6f9aa8f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927221, "uuid": "8cd34e76-979a-4e29-956e-5899b3a3ef9d", "value": "SecuriteInfo.com.W32.Agent.ECI.genEldorado.30276.5644", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbab5b5f-a06a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646914135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914135, "uuid": "228f26c5-896d-4fd2-b050-820077b84c99", "comment": "Malware payload", "value": "41b098541afdfaa086574fc35d2e0e96", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914135, "uuid": "6e500035-84a3-429d-9642-dda4b9bd38fe", "comment": "Malware payload", "value": "69db3bba0be358a25fac728f47d4cab6bf75b2fea9b0ba36423f40c1f552bac8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914135, "uuid": "09ff8fa0-38de-45b9-8fe0-b1a323423abc", "comment": "Malware payload", "value": "ada8399a7f035611d53c45de64d41dc0555fc637", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914135, "uuid": "b010fb3b-288b-4fa5-86b4-975de0a0d763", "comment": "Malware payload", "value": "65275bc684e5dcd7fab1c7cfebe6a0cdd7d75ca857ae32115fc6476e39be885163e651ae88b2cd6160541a7075609bf7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914135, "uuid": "90f803fb-f39a-4eb3-abd8-b30d3ede6e26", "value": "T1CD85BFCEEB8294B7C56B0A7005DBD77A2330E938805F4F576A9DCD78B817990BD0EA05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914135, "uuid": "b9bce110-8160-4756-b0d7-cd539b6d7d45", "value": "49152:bNihhOhBNhKhyu7cYx9z2rAnKsfRIaFyZB5Ss5+Nu:5ihhOhBNhKhRwwJ2ro6aFyZB5Ss5+Nu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914135, "uuid": "1790caf0-7653-4cf7-bbb9-4c1fa5959026", "value": 1870048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914135, "uuid": "f4ba7866-33a3-4158-997d-4cf940397311", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914135, "uuid": "144f99ca-917d-4219-94e8-d2e2d9158bbb", "value": "41b098541afdfaa086574fc35d2e0e96", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4528e880-a097-11ec-9275-42010a9c0029", "comment": "Malware payload (Vjw0rm)", "timestamp": 1646933210, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646933210, "uuid": "9861cc06-a59f-4a06-babc-76fe1e8c45c2", "comment": "Malware payload (Vjw0rm)", "value": "e1fad5d61bb637beb30aec6d3180ece2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646933210, "uuid": "1cffd374-1470-4fdc-be57-dcdb52b20466", "comment": "Malware payload (Vjw0rm)", "value": "6a2f6da502485750acde45ad22d36d186c335b2f61592c5eae168e9f971ffc70", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646933210, "uuid": "a62439d6-d5b6-4c7d-a4ac-79825ad397d6", "comment": "Malware payload (Vjw0rm)", "value": "88966028db1eb2a41cec54875486638937a28208", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646933210, "uuid": "84913da5-7c17-499e-b168-25ddc5600b55", "comment": "Malware payload (Vjw0rm)", "value": "f53d931b7a3af815eacd22922b2a8c09d060fe07466483af4eb73e9df7b84a19e29becdc93960874c6250be576ef9809", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646933210, "uuid": "1d8578e3-e064-4493-bcb8-9d3122d819b3", "value": "T15DB62232B392C0B6EA621471C56693760D3EB8250B3BEDC726805D5EFF726C19A7434E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646933210, "uuid": "b5865493-179a-4b16-80e2-a4302b8a21e4", "value": "46978de0f8944a65af1673d613222a98", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646933210, "uuid": "61771517-f6b0-4d03-9786-45bada0806d6", "value": "196608:tIcWBBSl7E58Xoe7HJflWIMSNKLzP/qEOc9DDZs68lKDNCe0XilVfEVff:tem3XX7pfEIZkLzPL9DydlKwXceVff", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646933210, "uuid": "d88881b1-3f56-472d-978e-dc920d7f49f8", "value": 11031552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646933210, "uuid": "a887451b-5c2e-48ee-8b33-4ec1ad7c183b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646933210, "uuid": "02f15e45-3e95-4802-b4b2-dcf03484c17d", "value": "6A2F6DA502485750ACDE45AD22D36D186C335B2F61592.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b50407ca-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903762, "uuid": "4ee34274-6ed1-4fb7-ad60-68fd36034186", "comment": "Malware payload (SnakeKeylogger)", "value": "a4b44f0d18ab590a118ad058d5ceeeac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903762, "uuid": "99803e01-eece-4089-ac8c-ae8ff477b249", "comment": "Malware payload (SnakeKeylogger)", "value": "6ab9af8333b758d7eb293e2b7f2f2c2957c828fc7087e6fe2e109172ca5cfc61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903762, "uuid": "8da46f4b-a7d4-48d5-951b-0cc67dd64f40", "comment": "Malware payload (SnakeKeylogger)", "value": "cbe9faac014b71486e02d271b705a52d84988343", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903762, "uuid": "db813c76-35d6-474d-9a70-6bedcfd2ab3f", "comment": "Malware payload (SnakeKeylogger)", "value": "890055af457906e8df905f879fec7d05f12f62ff670085ff9686b9a797fe80e670d524372cd81ff735c65167bf0ea4d2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903762, "uuid": "bd36bbf2-c6f2-4307-a2b2-ad6781de7188", "value": "T12C749D4123B82F53E2BDABF885B514240BF4761B753AE28D5CC668CF29A1F848E15B17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903762, "uuid": "fec7047e-f6e5-43b3-b8c8-a54afb47362b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903762, "uuid": "fb2fc708-2600-4125-95d0-e5fdd37dfb7f", "value": "6144:NS6K0dDHk/gz4/6P2pD+lpM3JMqTyZqoQBkU5qz4kaETmCbBP7U5DrtceV9q+rRk:NS6K0dDHk/gz4/6P2pD+lpM3JMqTyZqi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903762, "uuid": "c485e17d-d78c-4b3d-9d09-946d6256c8b6", "value": 370176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903762, "uuid": "d3625e97-4cdc-4abf-bd4e-5528154a1c37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903762, "uuid": "1210b3b8-8d13-46f4-a767-71f74ac25f71", "value": "shipment details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef05a445-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646907295, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907295, "uuid": "96cbe48a-24cb-4a9f-a0c9-093431202253", "comment": "Malware payload (Formbook)", "value": "8153fff6ae8acc21c3b93be7a4ce7ae2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907295, "uuid": "944dac4e-139c-44a8-9c4a-b26a3261b2f5", "comment": "Malware payload (Formbook)", "value": "6afc6e5728823f9902af52843f2c08ab13ba26a8be6394c6da92dbb79c89065f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907295, "uuid": "1baf3265-6926-43e8-9c8b-5d071a988922", "comment": "Malware payload (Formbook)", "value": "d35ef1de61bef6f350cb45309733d58d043a8903", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907295, "uuid": "a1301da5-81b9-4fd6-bf68-eccec988cd4b", "comment": "Malware payload (Formbook)", "value": "ca67a17ca836633eb9c244f08f9329f80f4a42243b41fb8c4b4ad872525100e48e9375edd7a4afc9a490266c7412f5be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907295, "uuid": "5ed30a6b-06a7-4981-b52a-ef9e24c94ac0", "value": "T1956402513654DCE7EC6A47B11C72D66A6EF0BD2917B8880F22E77E1B76B2783080F614", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907295, "uuid": "e3bbb8d8-c33b-4c32-8656-561b2b5d15fd", "value": "56a78d55f3f7af51443e58e0ce2fb5f6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907295, "uuid": "fae2e03c-0969-48b8-b638-c405c62a3dd1", "value": "6144:QbE/HUxNlC4D1gUyLzuhT8nBbOjp0VQ1KLn7BmFQPxIVSbbVNa3qVvw3K:QbLXjGkoUwa4EZK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907295, "uuid": "16c4d443-f452-4352-818c-95247a382441", "value": 321680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907295, "uuid": "1a416cb4-cbe1-4e8c-b9db-f5f358af4a52", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907295, "uuid": "90713ef8-2f41-4a1a-82f7-bfecf7d9682f", "value": "HSBC Payment Advice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08a7defd-a06b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646914210, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914210, "uuid": "84bc084f-d1ac-4c4c-a10e-01c44522311a", "comment": "Malware payload (Heodo)", "value": "5b920a8045015bef7e590e21911d155f", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914210, "uuid": "dc3cb25b-5bd8-4eb2-a080-75b96d2989dd", "comment": "Malware payload (Heodo)", "value": "6b9cee560a2a12877e95b5f6b362468fb69611deb27898627b975bb3800db866", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914210, "uuid": "3dfd921a-92c3-40e5-896e-9dc363e34b7e", "comment": "Malware payload (Heodo)", "value": "fdb03aceb89d260b874fb98d33d6a2e07930c963", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914210, "uuid": "74bf133f-549b-43ba-9c4f-ebb3032ed548", "comment": "Malware payload (Heodo)", "value": "30326699265eeb16f075c066fbb17bc23de152a33d2a55a597c06cb842624dc545179049707d701fb51c5390469b8a13", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914210, "uuid": "fb915c22-28cb-4432-a9cd-458f33ac18f0", "value": "T1BD33596B96C4743BCE138C3D8E085B997D5B944260C09B76CF4CA69C7A8F5B50E4B0AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914210, "uuid": "09d08b6a-262d-46f4-89b8-afd08f08b470", "value": "768:KICkZNRvmHvnQvlSQHAamYDSmPq9A3Bj9DLC+9uSEcmQThnuG3KC0VfVhC:KItBvGvQ8ncDSmSIBlGeuSEcm2h0HVfm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914210, "uuid": "7f219b3a-7f8f-4efc-b741-22502ae5476c", "value": 52699, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914210, "uuid": "6e4895f3-777c-4df2-9c0b-471752aef817", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914210, "uuid": "1dc9d6e5-ee32-4aee-b73d-e544894ecb02", "value": "DOCUMENTO-10032022.zls.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d15c530-a04a-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646900098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900098, "uuid": "61ebdaec-e631-4e45-b9cf-1edbcbdc9a0a", "comment": "Malware payload (SnakeKeylogger)", "value": "b11ba2e2af2aec56968f8f007c046f6e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900098, "uuid": "3a666d1d-4fd5-4cd9-891e-fc9b81fa6fb6", "comment": "Malware payload (SnakeKeylogger)", "value": "6ba89348fb2a058fcaa410abe1f4c09e8190022b7abcae0eb1ec640123c583f0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900098, "uuid": "2f6dfaf5-677c-4b5b-ad01-a74a0c4589bf", "comment": "Malware payload (SnakeKeylogger)", "value": "57f7b9a11eacf6258cc806a2ea4323b3be2e94be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900098, "uuid": "7d58f2b8-3aff-4eff-b8a4-520a5323d540", "comment": "Malware payload (SnakeKeylogger)", "value": "6fccdebbb2974b1fc900e21ee53452a519d5020cd9e3f495f8dfacfbc036d9bcd1b015b2c848e7b5011dfeeeffa58458", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900098, "uuid": "603a617d-5883-46a2-997c-3773b5c1412a", "value": "T19274AD4123B82F52E2BDABF8457454240BF5762F753AE28C6CD668DF2861F808F25B17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900098, "uuid": "6a7e84be-622a-490e-a4ef-c27c00bf0e17", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900098, "uuid": "ca889c94-4bc4-47be-9981-0c57136001ab", "value": "6144:NS6K0dDHk/gz4/6P2pD+lpM3JMqTyZ8oQBkUGivFIqOu8EJ6m48/xAkOVuJjNp5r:NS6K0dDHk/gz4/6P2pD+lpM3JMqTyZ8D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646900098, "uuid": "bbe0b6f5-74d7-4739-a8f1-2ec4f45d47fa", "value": 370176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646900098, "uuid": "2b4d5419-66e4-4086-801e-4ca7c791883f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900098, "uuid": "dba9063d-a92a-4fbf-956f-f8f34ce7c40a", "value": "Import shipment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "099022eb-a057-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646905622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905622, "uuid": "c07548ed-e619-4400-8d76-1cbe6e63ce05", "comment": "Malware payload (AgentTesla)", "value": "aa0e4d4a9ad93f23526c492f483c4624", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905622, "uuid": "0b8f3e63-4e54-4cfa-9383-c6e51cfe9807", "comment": "Malware payload (AgentTesla)", "value": "6bca1c6898c596415f8d1d2f49fafaf0ed3f448a593a87cc4cbc0e2a190cace3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905622, "uuid": "049851cb-f664-49d8-9d5d-44ac13450987", "comment": "Malware payload (AgentTesla)", "value": "b1c4e5dd91d4cf1f1d88778d0b840e86e1430cf4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905622, "uuid": "cdc36ab1-0f0a-480f-bac1-b0e913130e81", "comment": "Malware payload (AgentTesla)", "value": "509577cb53ea4480656e6605cd490fe6b1dc1e2f0f6d2387c3993f5a637c67d03a589fd83c923ad6735657e3188f45a6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905622, "uuid": "fcb85aca-2504-428c-865b-778ad94a94a9", "value": "T1DF35DFE0FE0C877EDC14323BC1E904701FF55A8A3422BF5AAA8D52DD4A57ACF499642D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905622, "uuid": "80f06d6e-4794-4606-96be-5ee2d8171017", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905622, "uuid": "e1642378-625d-4e2a-8bf1-7599eb10201f", "value": "12288:HuNx+hyaL42d2POaKFO80sfZxgThZfhg95uvm3cmSzhCCYz7MW+XNnCn4QPF/2Ac:HuNxxaL456FdfOn295WG0CCVdvX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905622, "uuid": "75366536-1ed1-4745-9bde-5871f711c89e", "value": 1065984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905622, "uuid": "a6af1a50-19cb-48f2-9cb5-c51367f9d375", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905622, "uuid": "5034fcd5-37f3-4fa6-bfe3-0c3d19695687", "value": "vbc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f12f733b-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646907299, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907299, "uuid": "2d47ce32-d104-461d-8f5c-e73684a8ad38", "comment": "Malware payload (Formbook)", "value": "f775e1f42737fd9a8d18bf167543a1df", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907299, "uuid": "9bec28bf-2993-402c-9fe7-1aee58bebe3a", "comment": "Malware payload (Formbook)", "value": "6c9bf7cbe574f8140b12440445988012fe384c080115eacc36e19545aa7e71af", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907299, "uuid": "64201784-88bd-4238-9848-5aac5e672a00", "comment": "Malware payload (Formbook)", "value": "86b2b1b18425bd75326f25712022d4a42b5441bd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907299, "uuid": "ce49b053-0c4b-49e9-8492-642d313debbf", "comment": "Malware payload (Formbook)", "value": "89d945a44632fd97622f2caf32c2342d2d49281d8c42fa43efe964f6fbcb6d736c98d294bc7498af6547d77f17df72a1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907299, "uuid": "6a10515d-ed2c-4c90-b0ca-e7db9c62c6a1", "value": "T1D764F2503A64D8DAE966037118B2D56B6DF4BD6906F8890F22E73F2B77F2383041F259", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907299, "uuid": "5e355c09-ce05-4366-b223-b800f8f7604d", "value": "56a78d55f3f7af51443e58e0ce2fb5f6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907299, "uuid": "ee0a135d-bcb7-40fb-b7d8-6c3aa46b2ad6", "value": "6144:AbE/HUxNlC4D1gUyLzuhT8nBbOBrSukNvSZMThAo2UJgwnbVNa3qVvwI:AbLXvk+MJbZEW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907299, "uuid": "fcc955ac-8675-4e59-810c-9b6cc6253a8e", "value": 320920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907299, "uuid": "d3f21ca0-3f89-438b-889f-9247e57e29c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907299, "uuid": "6d9276a6-0dcf-4c10-93ca-0f8711df814c", "value": "HSBC Payment Advice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d07f4cdc-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903808, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903808, "uuid": "45e3cffd-889b-4016-941d-743e30a719ce", "comment": "Malware payload (SnakeKeylogger)", "value": "aa955b717b9899115bd83ea08d298a4f", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903808, "uuid": "1dbf4212-2079-4ef5-9376-cae601aa0fea", "comment": "Malware payload (SnakeKeylogger)", "value": "6cf8062eea5af04902b223acc166f0daa9545a07e453b0b77ab60736579cf8a0", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903808, "uuid": "7e7bb11f-e5df-45a2-9bfb-70305db4d910", "comment": "Malware payload (SnakeKeylogger)", "value": "a3ebdb677acd06180d4cd44c81bb50076da1a8d5", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903808, "uuid": "a7b91d03-5660-4560-93e8-864ec68dad60", "comment": "Malware payload (SnakeKeylogger)", "value": "f9f74b9e3032c1804a724a605927d2ea62d7fadb79a077e79810f3e492e0fafa1ff5f295976d12a76db983888cd5ae11", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903808, "uuid": "c831536c-a758-428e-9aed-30e949d2ec11", "value": "T1C7F48DACBB5C2B97DF9419F289A650063D20375CA1CED2312A8EDE50F0E2C79993475F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903808, "uuid": "e1eb4b7d-b19c-48dc-bd3f-bd0a6b031c96", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903808, "uuid": "d3ab090c-1865-4c39-a196-7f42d8273471", "value": "12288:vJwDbMPYX4wIDwN47RGWx2j7z6MnKt88HeevdYX9z8z6YWDm1y/NyA1hw9oACdiD:xuYPYXVIDw+RGpj7zutJ8tlf5Z1/S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903808, "uuid": "1557f23c-caa4-481c-b47f-9934a653a262", "value": 747536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903808, "uuid": "ef817dcf-e130-48d7-a368-aa3c74c6b534", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903808, "uuid": "9870e534-f3ec-4a75-ba83-3cd81e8c084d", "value": "QUOTATION-FLEECE FW 2022-20,000 PCS-PDF.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15c51879-a08e-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646929265, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929265, "uuid": "f20768d1-f804-46e8-92a5-8c710c9885b3", "comment": "Malware payload (RaccoonStealer)", "value": "39fa00a8a5a3de05c70829f5120575b8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929265, "uuid": "b979c6f7-4341-4a18-94c6-5ccfec3ed2c1", "comment": "Malware payload (RaccoonStealer)", "value": "6d0b916a9b4f7cd21d7bd0f4a278cb2f1310b2d58d850674179847035bdbe15b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929265, "uuid": "c1d57ad1-35ba-4baf-b033-8caf18fb91b2", "comment": "Malware payload (RaccoonStealer)", "value": "8d78f469e5b195d4c91b433ea5c32a6434efa241", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929265, "uuid": "34560eba-2d5c-40ec-af1d-ad5375bfd7ce", "comment": "Malware payload (RaccoonStealer)", "value": "8d625d079abbff959a156d905607486c5f03e378caca6023dc30690bc98ebfebd3bba4cb64a183827d6b868ad23ee5ea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929265, "uuid": "84f2c623-5ca8-41d1-943c-14cab827c4d2", "value": "T1103533A722D26B27D54D25F1F30C1F662684B44931F8C902FE774E4A785A481D39E2FB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929265, "uuid": "ed5c0b00-5372-4e24-b0cb-1d7217157d6d", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929265, "uuid": "1f5c1f00-52d7-4476-9101-20839604dd7b", "value": "24576:PRmHmhTXGkoKTCoBCs2X3abbXbOLasOokEaHNYK397oy3NVzLj:5mpk7TCoeXabLUasOoNajU6NVj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646929265, "uuid": "2d12f536-46b0-4f9e-972c-10c3290513e6", "value": 1149952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646929265, "uuid": "200277fe-43f0-4020-bf08-127f373e7d2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929265, "uuid": "f62fd8fa-aae6-4235-97a6-006354846f2e", "value": "39fa00a8a5a3de05c70829f5120575b8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "220c1379-a08e-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646929285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929285, "uuid": "bcfe6b3f-41af-41b2-892a-25918ca4d8ff", "comment": "Malware payload (RedLineStealer)", "value": "44159e6348591de6cbac7d3d74dbcf22", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929285, "uuid": "707779df-b925-4110-a2d8-2efb7c621b70", "comment": "Malware payload (RedLineStealer)", "value": "6d13242db3b7161ab420c01a3baa628fa3fa656a7e2019fa41f285d9b82c3fe6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929285, "uuid": "3d93bc08-90ef-4cbc-acb5-fddc838a687d", "comment": "Malware payload (RedLineStealer)", "value": "ac1794bfbe7c08d831344fa8c3f01bd11d796db4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929285, "uuid": "6f8fae91-00d8-4110-b9fd-5981d35f266d", "comment": "Malware payload (RedLineStealer)", "value": "78b7fa415b492683430f0f8f232284ab13244dd94b15f7e196d8ce0bf6b68c669f50b389e6061064fd8606760b94e5d6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929285, "uuid": "eb0845b9-a91b-4b7d-813a-4e11940ded76", "value": "T17EC42313B79167D8E38E4FB0B5327F08CAB59A5158D61512A02087937FB24EAF62D37C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929285, "uuid": "f0d85b42-a2fa-461b-95a4-da6015da5acd", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929285, "uuid": "e58f2470-1a0d-4b6c-ad50-669d145fd9b5", "value": "12288:RansXksa1oBaVmBlrUoUgVYTKkeWQS03ULaHNqrxlKIQNo5H6dXCe1i1t:RZUeScl4oUD4WkEaHNYK3ga1Ce0T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646929285, "uuid": "2515f454-2c25-4bee-a26f-d2a784da8804", "value": 579072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646929285, "uuid": "5cad03c8-3c50-4820-b22b-dc2c8ae915be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929285, "uuid": "d00fbc9d-7c01-4564-8990-caf11f6dba4c", "value": "44159e6348591de6cbac7d3d74dbcf22.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2673c5b8-a035-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646891068, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891068, "uuid": "52bcb631-2cc0-4290-a8a0-4ccc95377fa6", "comment": "Malware payload (Mirai)", "value": "dc9c955169ad28da4a47878502c0efc4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891068, "uuid": "0475144b-b2ef-47ca-947b-accbf5d492e5", "comment": "Malware payload (Mirai)", "value": "6d36afa8ff3e47805062b544480a160ebee18142936277ef74f5ba95a5d2a3e5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891068, "uuid": "a5b20b5c-6600-4d05-9cbf-9dbb7653396a", "comment": "Malware payload (Mirai)", "value": "dd6d4aefb9537542316f458e7229dabf4aff9838", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891068, "uuid": "cc74776a-04cd-4ab4-a05a-17684abff040", "comment": "Malware payload (Mirai)", "value": "19ef73699384fe5fe5029778f6902314c92709e3a3a50dea84deda3912f3469b1fe2d233d7df2ca657c8a0c72de051d3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891068, "uuid": "5bc6b4c4-9e00-40f1-acef-297ab6d6f267", "value": "T1B1032B01F31C0443E1631EF03A3B1FE1A39FE98121E5F685750EEA89D276E315696E9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891068, "uuid": "3b50f341-13ef-440a-9bc0-9e13b764e117", "value": "768:U+L+C41SknY2gHNy9uwMSD82tVBe6hJFfFtVZrvYKiII:9hpknYBsuDu5zBLDFfZrvhiX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891068, "uuid": "45e7e235-4474-47d6-acef-447de5bc3b3e", "value": 41072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891068, "uuid": "770d25a7-1e5b-49c9-920b-07090e404988", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891068, "uuid": "ec9cceac-e2fe-40ac-877d-da95b54dbdc2", "value": "dc9c955169ad28da4a47878502c0efc4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "717beb56-a037-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646892052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892052, "uuid": "4b7cdb09-1ce6-4c46-9e01-9f120127ca7d", "comment": "Malware payload (Formbook)", "value": "633e57d383428103c591992b39717233", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892052, "uuid": "d41ccfda-a73a-43f7-804e-d25c1ef11545", "comment": "Malware payload (Formbook)", "value": "6e0e8d1cb340a26f3e8294c7b07ce486b56afcabfb90b7e20e4331b6384a85ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892052, "uuid": "55a05914-8ce2-4266-a748-bafa92dc6525", "comment": "Malware payload (Formbook)", "value": "b861d3bd833f41b40add0bc1a39d840e34f8fcd5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646892052, "uuid": "a54efad3-9bad-4d75-ae1d-476be5b0e565", "comment": "Malware payload (Formbook)", "value": "5f36846cdc974c6a31fbd3cd2fe52151b955e69421bb598796ba2a806bd8027dcd5dd9a93a92ac77831b00f48bf07998", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892052, "uuid": "36ea1ff9-0c17-4254-8a35-f7b82a77abc6", "value": "T10C459E62F3914D33D4731A789D5BA3A8582ABF143E285C8B7BF87D0C6F7A6403915293", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892052, "uuid": "7e0217dc-311d-4590-afed-39378d648830", "value": "f3ef87a63216dac1578ca750829fe4b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892052, "uuid": "51f92bc5-3b0b-4d40-9145-9197648d373f", "value": "24576:f4vPtIdV591Vr90+b5rdtftguklShhT7f:f4HtutddtAlSbn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646892052, "uuid": "01a36551-94b4-4c40-ab05-abff5dfe0128", "value": 1212928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646892052, "uuid": "d42b36e9-310f-419d-beb6-47553fc9de15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646892052, "uuid": "26f15a9f-acc5-403a-8818-ba9c10d30171", "value": "Revised-PO RWP - 49302748-11-2021 & RWP -49302749-11-2022.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a76ff19e-a05e-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646908893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908893, "uuid": "9cec01f4-b78a-4643-b0b9-86a9d2f8c1e4", "comment": "Malware payload (Loki)", "value": "87ef037d059e41780033874046c2986a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908893, "uuid": "b37ccc6c-9f9b-4970-ac1b-b62492dc11aa", "comment": "Malware payload (Loki)", "value": "6e3534b492756965a0251338cd6bdcfb9db67fc74d041268c02ba15f7d2f5d80", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908893, "uuid": "c439d245-efeb-4673-92b1-310b26e24375", "comment": "Malware payload (Loki)", "value": "c072c3498fb0d76aacd63739e557208f60669e78", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908893, "uuid": "0de1d587-6fba-4c38-9f2a-e57a5dcbe0cc", "comment": "Malware payload (Loki)", "value": "92aa7b2168dfab30c1a0b8ad09fa4beaa40dd7bc1e1faf3efe4bf2ed1f3bfdd315b365190054eafcd490294023f11452", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908893, "uuid": "d0b0e159-66a0-4e56-a8e9-d760bf4ba2b9", "value": "T12E64120677DA92F3D3D051332B73ABE3F2A3D6DC517C1A470B945E5B9C200925E21A9A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908893, "uuid": "8497fc47-f3ed-43b6-b574-5f1b4b983621", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908893, "uuid": "61c1383e-060b-41a8-94ba-e7df9031db4f", "value": "6144:rGiUu5XPEqgzV8AZT7QhiszS8eblzXC4ET9ZnQ9b61w:BUKisW8epzSZjng", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908893, "uuid": "b990a1fb-5ae2-4d38-b98b-47de868b20af", "value": 307426, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908893, "uuid": "f84f83e1-038c-42a5-be9a-5164c46ac270", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908893, "uuid": "0107effa-7a06-4923-9026-a7178844d613", "value": "87ef037d059e41780033874046c2986a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "086a2672-a06c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914639, "uuid": "d0456725-26cf-4546-976a-62af1c638dd1", "comment": "Malware payload (Mirai)", "value": "077faf89cb4c94e1601241084e08f4e6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914639, "uuid": "7eb1dd84-626a-4cc9-bf1a-bc0c2b4dce11", "comment": "Malware payload (Mirai)", "value": "6ebc65872580323e87da1d7db873e79add05b274f1a81165591084451ae60f81", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914639, "uuid": "27e14ed6-bca4-4dbc-b0b0-5a5d8484ca92", "comment": "Malware payload (Mirai)", "value": "7076d2846e3d20c083601296201e7c8a89940148", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914639, "uuid": "0ba6a270-1ed8-4bc2-bf28-8ea6f76ad841", "comment": "Malware payload (Mirai)", "value": "72e2abb01adbb11d3293637419e3b4c9069a23d55cae84c8f125c319e15f81d153e85b0337ab42d47abca2e7790a8ff1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914639, "uuid": "01c72d26-366e-4cd5-85c5-6a4951c8d7e4", "value": "T13DB31977A4654F73C045A5F125BA9A310F12AD931B1F1A88763CB6B04A3B4CEB84EF58", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914639, "uuid": "c9808692-0014-4402-b209-a9b4221a63f7", "value": "3072:MDVLSItJP+Xsp4JlN3HNjmH1cuEgvniuN/:MDV+ItJH2l3HNjmH1cuEgvniuN/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914639, "uuid": "3ee00a47-7b95-476d-bfed-cf1e38a2c0d4", "value": 112633, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914639, "uuid": "3cf91c99-5f0a-486b-a4b9-8c4f387c1ac4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914639, "uuid": "5ae15428-4ac6-4031-9c48-55b4d815a779", "value": "077faf89cb4c94e1601241084e08f4e6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d486d16-a0cd-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646956336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646956336, "uuid": "23091217-52b4-4efa-9655-62e4228d7220", "comment": "Malware payload", "value": "6ac81c1fedc91249f53621ee54a326ee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646956336, "uuid": "0cdea72a-53d6-4f39-aa64-2c70f54559cc", "comment": "Malware payload", "value": "6f7752dd2e41eadee66bdf76028fc3103f6154afd876b91c96d0563ffd40cc5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646956336, "uuid": "686a7b83-eadf-46b2-8010-85f9a0bb23f7", "comment": "Malware payload", "value": "01b01b976c85e411b48eda18fe812fe5a9b6c9aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646956336, "uuid": "b677eb92-5dd4-4287-81c4-0fe160bc168a", "comment": "Malware payload", "value": "3198ce24150a63303964ee7fd31813bd0caf2b7cd5c3b14545f34c7b649c0594dd5cb01c0da5cd7feec8dcb5baac370b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646956336, "uuid": "1a48f5e3-2b84-47af-af0b-cf8747fdffbc", "value": "T156D48D22B61FD03AD43254B40A58AB57663DBC381B6F8AE773D03A2959731D05F31EA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646956336, "uuid": "4d2f9741-dc97-43db-a328-c9ff1e847bd1", "value": "79b8903f4a6cd5e993db31c5f1cb8bbc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646956336, "uuid": "77681c1a-a8de-4e39-b821-a059e5568a2b", "value": "12288:Y3fEiRT475xbml8Zj5DiYqomekGUgHZVZnAxHUklUZnY3PK3NI3QqQTk2MI+OeOt:YvnNtl8QzRik2XpHuetXedRQD/cCs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646956336, "uuid": "2533d71f-081e-4a86-8da9-55974b773063", "value": 632320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646956336, "uuid": "f558d1b3-b115-4c86-8b7d-f79836b081ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646956336, "uuid": "41410fd0-13c1-427d-be56-152e4e242243", "value": "SecuriteInfo.com.Heur.Zygug.5.5730.5181", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "179a0b2e-a035-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646891043, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891043, "uuid": "f86a14bf-cb5a-4d66-9c21-738f5affa7d7", "comment": "Malware payload (Mirai)", "value": "fc0cf45ee35546c46cadc2718382d645", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891043, "uuid": "ee2eeaa6-52fa-4721-9f31-2dc44a9452c6", "comment": "Malware payload (Mirai)", "value": "70b1e59822cbe6de71a35f00cdb1ca7a1a9ecb42d9a175793829cbeb763e42e9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891043, "uuid": "bfa941e8-2eae-4823-8108-8a45428c2443", "comment": "Malware payload (Mirai)", "value": "540f8db6b90a8a7a0e70e420fab0eb69912efa2d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891043, "uuid": "022983b4-6f7e-4ad2-b0ee-9bfcb2dbb625", "comment": "Malware payload (Mirai)", "value": "e30b2ed825ba61ca135d74bcb84e699570b16e2d2a332f1e361940f4156695ec92ecd4605bd4ba0effa65e0651f6f0e3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891043, "uuid": "18566c6f-529c-46a6-8f3a-7a857042b011", "value": "T18CF28EB389762E58E14986B5B1348B3017B3E655858B2FBD0076C369C053EECF68A7F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891043, "uuid": "78114771-d0cb-4d7c-ae6c-5f09d94012fa", "value": "768:v4lgqfG4t8aPKImKUo0LaWo5q0CuHOp4fsp3iYK9I:v43t83KUo0mpE0CuapSh9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891043, "uuid": "428c6869-94e0-4d4c-b8f8-d64ef9c71e53", "value": 36404, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891043, "uuid": "7ce2f17b-579d-440c-98c0-128a2427baa1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891043, "uuid": "2b6fb520-1357-4c57-8a8f-fee37724a5f4", "value": "fc0cf45ee35546c46cadc2718382d645", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2590ac69-a04d-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646901374, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901374, "uuid": "c10eca44-4f63-4e6b-89f0-b1c3bab05982", "comment": "Malware payload (RaccoonStealer)", "value": "b36c551fd32ea8214003ea3a7e91269b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901374, "uuid": "8a1bd6a9-60ed-42b6-a399-64908ba52625", "comment": "Malware payload (RaccoonStealer)", "value": "70e8ad5e62ee2b742b069521615bfaa6ac61833dc927e8ab42bafff9d7952ac0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901374, "uuid": "ead5da44-3a33-4a40-a2ad-7803745eaa81", "comment": "Malware payload (RaccoonStealer)", "value": "9a50579f10041630f8d46a9caaadff2d736bcb40", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901374, "uuid": "d37d94a5-a714-4fb0-a176-a28cbfb04bdc", "comment": "Malware payload (RaccoonStealer)", "value": "138ae0ffd7d2d634d2150fa05127dd26d34b086a25731c090e82b730302f0ca3a6119447fdd1b0656a7efc27c9b09b4f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901374, "uuid": "13d1a53d-8ae4-4e75-a07a-5de2c9e3e720", "value": "T1CCB402627BE0C032E59255709D29C9709B3A793292F7D40B7B950B3C3E707C19A36F66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901374, "uuid": "27900ed8-93da-4d30-9566-f6aa5f406db4", "value": "1bd024066a86f151729fa49bd4381603", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901374, "uuid": "550aae6e-937c-444c-b5a1-63b5810c675b", "value": "12288:NDzY86izEpMP5Efc3G1AEqBnlMsp+vTJdx:J4d+P5ec3G1TqzMVTJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646901374, "uuid": "fddde8c5-fc2c-4985-84f0-d8c378a6c6f2", "value": 528896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646901374, "uuid": "10a8ea3b-f690-4353-a2c5-a66da196460c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901374, "uuid": "5fc4536e-984a-4ae9-9a26-8f100af9c683", "value": "70e8ad5e62ee2b742b069521615bfaa6ac61833dc927e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "649f5303-a056-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646905345, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905345, "uuid": "1a0ad4f8-43c6-4ffd-9e17-09f8389483f4", "comment": "Malware payload", "value": "4f81374b722cf0cee4b2e55304693151", "object_relation": "md5", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905345, "uuid": "c14d6fb0-5ce6-4e2f-b963-f90d28e79e1c", "comment": "Malware payload", "value": "71ae00d429fab3fa48098f54826cfb9966c91ee5b3af792a3ad97fd7d7164c52", "object_relation": "sha256", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905345, "uuid": "a09333c1-1016-4521-bee1-32a8e565a2e8", "comment": "Malware payload", "value": "fcdef6765eafc83634c476151817b8f6a49ff5c3", "object_relation": "sha1", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905345, "uuid": "5e9bd378-b31b-4f1e-99c7-ceed9de82834", "comment": "Malware payload", "value": "39196e3581c8d238fffb984a276e9919f7a9bb6f8d9206ca91ad4f9d204106261adbe3d608bcbc49dbc53df5ca12545c", "object_relation": "sha3-384", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905345, "uuid": "0948174d-9f24-4a33-bfa4-e41476ee052e", "value": "T1A8040250F7D4AB33EBCA3EBAD350710433A7BD51B440062726387E58543F39842AAE9E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905345, "uuid": "3f86108b-a217-4814-ac3c-4f58072112eb", "value": "3072:mfNgnqTuPMqRzRnwG/yGxwLTQYqxjXlzx+hDkJPoytV0ve+3x3C+FBX6EtKQZmLv:2XMRz9wGPYqJH+9kxocV0vVF/QBVL25W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905345, "uuid": "288c87d7-8fc9-4c80-883a-2ff59a2efa61", "value": 190200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905345, "uuid": "1066c3f3-b486-4eb0-b464-68d4fc7497df", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905345, "uuid": "600e3817-ac4e-455a-956b-bf515777dfd3", "value": "SKM10832.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c686ecd-a06f-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646915962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915962, "uuid": "384bfc95-9ab7-47fd-883b-489ade7f30d9", "comment": "Malware payload (Heodo)", "value": "7349425c4187d979aeed2114ac78a8ba", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915962, "uuid": "ee768a8c-16bd-47cf-b181-18c9cc2b003e", "comment": "Malware payload (Heodo)", "value": "71d91c347bb7a8dcf958590d079159d2882c392e739eceaedddd3f5935bc3c29", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915962, "uuid": "cdf50dc1-7f65-464e-9e52-a6f94e7059c6", "comment": "Malware payload (Heodo)", "value": "69970c26a3a7c3e993a619633cf07149a94f47e2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915962, "uuid": "13b655a0-8424-4c89-a818-01d241e2b579", "comment": "Malware payload (Heodo)", "value": "decfd34ad33c8748837e54eff499dd44b3737241a95eee4f31c9e70720fb71636ef87d5352443ee1bef4f5216c4c299f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915962, "uuid": "29bc23bd-0f79-4cfc-af7d-8adb4d518464", "value": "T1F8D46B2271DE4073CC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915962, "uuid": "9bfdd2f9-0331-4326-b74e-06728c443965", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915962, "uuid": "b7a8bf46-e2af-4839-8a28-f3805c31133c", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAE:WRO5DDUmhnspspsqi022/OByw+iVifM9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646915962, "uuid": "c4e05b25-f003-409f-a9e4-fea797ac72b4", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646915962, "uuid": "39b316ab-55b5-4afa-a49e-6471b6b38ff4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915962, "uuid": "1cb48802-8a6c-4cb1-82b6-d2a131b67185", "value": "t7lNrFcbA.fjxTaiMss.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c00f828d-a069-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646913659, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913659, "uuid": "16ccda1f-d4a9-48e1-8e81-1a9c8526f16a", "comment": "Malware payload (Heodo)", "value": "05763b8b9a0d0d79edf6e4b7b8cba319", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913659, "uuid": "e4a5f746-a013-4283-b509-59e5a5ba79e5", "comment": "Malware payload (Heodo)", "value": "72193fdf01589373c63abc604396b5cb87e2d4360024929a9b7c06f2e0ef213f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913659, "uuid": "07f256a8-96c3-48a4-8c90-00458471da27", "comment": "Malware payload (Heodo)", "value": "8fe66ae71d75a22086da86011fe9f2ec6a6e812d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913659, "uuid": "a8706d7b-aa6c-4528-9960-6e6f4280ac97", "comment": "Malware payload (Heodo)", "value": "fe77b8c6a07c83429008adcd0da2f837518911edac9c5dcf0e03b9f7f896464ea5758b11599bd08bdc3223385fd50318", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913659, "uuid": "d5b6f6d8-c7d7-42e0-9c9f-1ff6b563a794", "value": "T152D46B2271DE4073CC9A107C0911E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913659, "uuid": "7f8bcff6-2a17-42c5-91bb-b60cd6c620fc", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913659, "uuid": "d27b92db-bc93-40f5-9950-98500786eac2", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAw:WRO5DDUmhnspspsqi022/OByw+iVifMl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646913659, "uuid": "c9c63d49-8ae2-4876-a013-4a23239a5013", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646913659, "uuid": "92a80496-0a01-4923-a86f-4e6a5f1da3c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913659, "uuid": "48b2d61f-d8cb-4c43-beea-f286dd653061", "value": "05763b8b9a0d0d79edf6e4b7b8cba319", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e6bb7b3-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646907107, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907107, "uuid": "545a0e55-7f8c-42e4-b50d-a8848fbcada0", "comment": "Malware payload", "value": "5c254d66437ffbfe4146ae22a516451f", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907107, "uuid": "8d9b4b3d-81cb-47b4-bc70-a65a7e77657d", "comment": "Malware payload", "value": "724b6b5e627086ff22b9f2d2c045faa880dea62f513a694058b452aa1b6cad6f", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907107, "uuid": "de8732a5-470d-4f99-83fc-2d2bce329389", "comment": "Malware payload", "value": "54930d7e98aa81a0c55a07257a1838fff0ee90f3", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907107, "uuid": "f5535a3c-b535-41a0-9aab-7cdef3f1268e", "comment": "Malware payload", "value": "2452d0a707b869bbfaa9ff8552bfc6bae2b01e37626d6eb3859021bf807aae676f7d08f1fb9e6fa0ef86ad40c30846c6", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907107, "uuid": "584f6baf-9e3f-41a6-af24-fdd3ecd7c6c9", "value": "T1EB41D09E794BA924A1317E72DC8B085CE2761292E26553923A0CC7D9CF3A16CDAC6C1D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907107, "uuid": "12704c18-9c86-49a5-a0bf-66ed1ea06aa0", "value": "48:8VpEDkzsIvvQ6vSM6uo/e/HuLTiPIQ8U0BdO:w8kQILto/e/OLGhr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907107, "uuid": "3de62fb4-0e65-4413-b5c6-4b2f0db2ba49", "value": 2275, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907107, "uuid": "76934134-2cb6-4eb5-8ff5-e25d005959c5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907107, "uuid": "8dacc214-7ce9-4c70-a530-41a6c4592ab3", "value": "Payment Update 0310fz.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bd634d3-a05e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908713, "uuid": "a52e9e81-0e16-468f-bda2-95f7e58d7ceb", "comment": "Malware payload (Heodo)", "value": "c3046f60a0a779d1454235a289ae6bd9", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908713, "uuid": "72367fac-180b-418e-8aa2-e90678304eb2", "comment": "Malware payload (Heodo)", "value": "7370e8d9977a9b564f83e77723d6daa8a8f64a35ca3140738aeac1bf7274fe78", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908713, "uuid": "960d6d6a-4671-4124-9b5c-efeb01d2ad94", "comment": "Malware payload (Heodo)", "value": "94bfa9abc85f72c0fdd73560fe0c5336df4b3384", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908713, "uuid": "c3c1bef7-68fa-465e-8dca-ebb40cdce7eb", "comment": "Malware payload (Heodo)", "value": "a6940a374786056bf0e65061d9913a644979cdb5ee68b8c5ef1b793c0063036a23d4b6894eda1aae9f8097f022ea88cc", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908713, "uuid": "7310dc8a-1ba7-48da-b526-3467e1dbfa66", "value": "T1FE23E126C1706818CB3E4C7681006A92730A7901DDD9EF993199FB4C3B91FEF57AE98D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908713, "uuid": "4d1894da-01a9-4cec-84cf-5d1ebb13a623", "value": "768:6qLrVo43DOevZCwrvtZmzdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Ud0U2tCo:prVo43DwtT5fTR4Lh1NisFYBc3cr+U2T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908713, "uuid": "94ce5e08-a485-4543-b9ed-b4d4f628125f", "value": 46701, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908713, "uuid": "ec80ece1-08d1-468f-84a2-cf257bc3296b", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908713, "uuid": "c3476c87-6e77-436b-b67d-3dc4b8477a66", "value": "OMICS Group.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c795aeb0-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903793, "uuid": "3c1e77b4-f895-4e41-935e-b94a978c46fb", "comment": "Malware payload (SnakeKeylogger)", "value": "53b09471421f12b39764293ee64e7571", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903793, "uuid": "d4a12a44-ec84-4d9e-af3b-c314cfb77b11", "comment": "Malware payload (SnakeKeylogger)", "value": "743aa45fb5c7a9902235a50590cab57e4bf6d13163ef43d3aa8fd5f8130d03cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903793, "uuid": "bb30888c-d983-4958-a1e2-22065b5162f6", "comment": "Malware payload (SnakeKeylogger)", "value": "cc2f783b54684b9b64ad6868e22bc17de3cb2ba4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903793, "uuid": "924638b1-75ae-4b69-b786-6d3525239639", "comment": "Malware payload (SnakeKeylogger)", "value": "3235e04268f5b9b423dd2ed37e12bb499de812b0035d21d68c559e9494234bd46c57e1ba1dcb99659d28aab709a7fb05", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903793, "uuid": "19500e1b-2ce6-4f25-b6e4-6dc834ffacd6", "value": "T1E1458D90E16084BAF96F49B16F9AA83214D7BE9D1454801C1D6CFB0A1FF332D649FD2E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903793, "uuid": "3f2f0941-4a8e-488c-9b19-e6e3f1acafe5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903793, "uuid": "e89262ea-1c41-47aa-bea7-76958f75e7c0", "value": "24576:xmWfMgwfPfIDS8i86fpFBqWh5b7ZpjpHsAnW:xmKwfPQG8+V7hBXjlVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903793, "uuid": "7f7d50e9-a11c-4858-bee3-bd473bf686f5", "value": 1242112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903793, "uuid": "efc6d5f5-1208-48fa-b29a-7c819c17e7d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903793, "uuid": "1ad5f616-d5f9-4c7a-8687-0701857f1c92", "value": "Manejo de Caja Produbanco.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee56c5be-a05c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908153, "uuid": "4df4a072-fe35-4547-b329-62ebc0064818", "comment": "Malware payload (Heodo)", "value": "d3b99ed80d454a325e8cf5be0907cc51", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908153, "uuid": "75e5285c-2223-46c8-8892-8f1e5020c433", "comment": "Malware payload (Heodo)", "value": "7441f18b6e794e1db42fdde11a5f1891522eeb31b424bc1e961a3a4d4cb0494c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908153, "uuid": "8b4bdfd4-c0ff-4e73-9569-ddfdce129a15", "comment": "Malware payload (Heodo)", "value": "ccc58ac39ca050e750cfee5f2c1628b8ca51e3c1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908153, "uuid": "ccd17234-09bf-4476-ae1d-015bb06b3f85", "comment": "Malware payload (Heodo)", "value": "4e77b6ca665168d380a70b34e7d08e6fca3b8f576ca3778f15a4d8fab9f8ccd47e4c9914bace2409e685967911cfbc3a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908153, "uuid": "821d62cc-a664-4833-91fc-9f0c94f98440", "value": "T12FD46B2271DE4073CC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908153, "uuid": "747145c5-1cd9-4281-b2e8-a880fdc8644f", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908153, "uuid": "4740cf4c-2fe5-435c-9359-339a9fa99451", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArA4:WRO5DDUmhnspspsqi022/OByw+iVifMt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908153, "uuid": "b0206e95-e6af-42e9-bf2b-d2467448bfbf", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908153, "uuid": "d0238cb3-f970-418c-8a6a-9f75ad875a63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908153, "uuid": "fdafb3d9-2dce-4b90-a1da-15edd5a12fad", "value": "d3b99ed80d454a325e8cf5be0907cc51", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0bd4107-a028-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646885770, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885770, "uuid": "66857db2-0185-4c54-b66b-4ca44812db87", "comment": "Malware payload (Loki)", "value": "2f8a6a8e06ceaf487c87ec9587932116", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885770, "uuid": "99882be7-1e51-4b23-8b91-7a94400ba001", "comment": "Malware payload (Loki)", "value": "7546a473cf06da15a6756ade78a1ea00d95fc6c51fa77f5d6c18748ac54da6b0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885770, "uuid": "06b1f4a5-e344-4ed5-9b8e-454a5808d214", "comment": "Malware payload (Loki)", "value": "8dbf530bb07b3087e8e9424acb2f8f55def8ba49", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885770, "uuid": "663ee658-4c71-41dc-8ec4-841a77909a61", "comment": "Malware payload (Loki)", "value": "5a7865096f8a3b98f5e3f116fdc4c8e0477633e116d40b823156627bde9a0fc83ba7ea7c14c85a15cdea6a1f5fcfa665", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885770, "uuid": "4dbf8e59-89ff-4250-ab78-b44183d2689c", "value": "T139F4BEE0EF5C83BEEC14723EC0A818700DB51A9D3821BF5A964D11DD0A67ECF59A792D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885770, "uuid": "72059b69-833b-4069-9a0c-dee2843babcc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885770, "uuid": "4bb9886f-172d-480b-a98c-f2cbadc99406", "value": "12288:qNx+SdZJl8fXplBXzjHrGgeN5j46F15+SkzBqfX8b:qNxdJlylRDqlTdFKbteg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646885770, "uuid": "20ccf853-a160-4e8f-b501-e74b85839420", "value": 756224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646885770, "uuid": "652e8669-07bd-408a-8a61-b869f68a2140", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885770, "uuid": "526145a5-c852-4543-aac5-b938882058d1", "value": "Dhlinvoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1719ebc5-a04f-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1646902209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902209, "uuid": "8e28f883-961a-40ef-86f7-1fa9b6e5052c", "comment": "Malware payload (Quakbot)", "value": "83f20f18d2b451c49d979e4cf95abf07", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "ocx", "colour": "#2B6846", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902209, "uuid": "5c64fc1f-5ffc-4bb1-8c77-c04488689493", "comment": "Malware payload (Quakbot)", "value": "762da1e53605886833955a1ae875752d413fac2c48d97781d7787d3bc091bfb3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "ocx", "colour": "#2B6846", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902209, "uuid": "aeb7763f-e325-4d1e-817d-e3c08551319d", "comment": "Malware payload (Quakbot)", "value": "128eb735d930745d5cb2e57f28dd4f211f9d34db", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "ocx", "colour": "#2B6846", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902209, "uuid": "0a36f52d-4e57-44a3-b463-0d80397bc1e5", "comment": "Malware payload (Quakbot)", "value": "3ad9218d450c95803b08288f613de6a099c1b26b77996c82ddae2a5fd9b518ab05748c9b96182782b8b57439f08f36ad", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "ocx", "colour": "#2B6846", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902209, "uuid": "1281754f-1539-4012-971a-08270f68727f", "value": "T14534D092859555B6D1EEAB7023424CD1C1BF306AFC0AE816178353FB3A022F76D992FD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902209, "uuid": "a91ab26a-2b83-4a78-bee0-5e6858127ed7", "value": "3072:9V5YTPZav/2I01sV03b5R228Driy4EtLa/3WumKrDMzzwJS/wiv+jfcxmpOX3gLw:9V5Eusjr222+yXNQ3MwwdofaVE2/R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646902209, "uuid": "dea4d7c8-1e06-4754-9d2c-884586a998a2", "value": 239374, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646902209, "uuid": "fffcfb2d-21e7-4516-bdd2-8e9339d56b48", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902209, "uuid": "ae8a6f37-c1f2-47ef-a555-bda04c408110", "value": "rmmuesrosipus.xlsb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2bc2deb-a05c-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646908026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908026, "uuid": "1404bc8a-38be-4995-ab76-2b2ca327fdf5", "comment": "Malware payload (AgentTesla)", "value": "42743bc781030c340301b30e18e712b9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908026, "uuid": "a4c6a458-8f86-481c-b916-6e4d7900dc71", "comment": "Malware payload (AgentTesla)", "value": "78e11337f24d4794efa48f99612bcb32048a43e6af07a4dab19f4b145b641f0c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908026, "uuid": "0ba8d0d6-1cb4-4762-869c-f2f7c725809f", "comment": "Malware payload (AgentTesla)", "value": "a61d0a0c423ce3d87ae0928000ea27a11883a2ed", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908026, "uuid": "ddbd6782-cb07-44bc-b0b1-85717f8c2db2", "comment": "Malware payload (AgentTesla)", "value": "8f2f2ef0c2917e518718950198a94cc1dd3a29f4507fdc013e0a436af3f9db4292064ae69c243f10cae70e5563430045", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908026, "uuid": "4791d610-21e9-4eb1-a62b-ca51365a40be", "value": "T10E05CEE0EF5C83BEDC14726AC4E848710DF5199E3810BF5E968E01DD0A6BACF59A712D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908026, "uuid": "a5f96418-1373-4762-80ec-e6a79d76b750", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908026, "uuid": "b0e0ba60-b454-4b62-83a3-031d1cb7dd2d", "value": "12288:vDx+v/nm9YvOiqpCRoXfA20WVpCydynJS/iBF7MpO2TX/4eu8XfSqtB+PaI:bxw+9YWikCuPASPd7c+vu8Xf1r2n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908026, "uuid": "6e0c338c-b98a-46ac-8897-d6baafdf055d", "value": 869376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908026, "uuid": "f5b16fe8-a443-4f9b-8245-88e207c4d8dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908026, "uuid": "1864df14-2557-45ce-a45c-c6de6dde5b74", "value": "Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15b29f1a-a06c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914662, "uuid": "29f89b04-f783-4b9d-b15b-48df3cb752e2", "comment": "Malware payload (Mirai)", "value": "6a339190f816f84b3accafccb655abd8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914662, "uuid": "544db251-2082-4d24-9d11-b0174de373d8", "comment": "Malware payload (Mirai)", "value": "79496a82d6e45f844cc7a4d949fe1569439bfaaf6acbff73b6f142e4d97c6691", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914662, "uuid": "78094906-3cfa-42cf-a017-d69deeda1aff", "comment": "Malware payload (Mirai)", "value": "c1628ad12159d5e0bda6bfa695005f8ed8156472", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914662, "uuid": "d312195b-7b76-4801-a994-ba1546070d0c", "comment": "Malware payload (Mirai)", "value": "5c9c0d16f554b5e307d2d9eaab90af46ff0a3f90cd93f26577268da827fd888fb6598c99f3cbac57cd104137b0ed8500", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914662, "uuid": "abe0257d-92ab-4914-8dbb-6234982ce487", "value": "T146C3E730E8044B1BC2D223F6E75A869E3F351E9797A733155B3879B02FF27991E29520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914662, "uuid": "a5f879cd-33da-42eb-a171-cf51c54105e5", "value": "3072:4jDy/+mh1vtbPIKazbpcUPium7/L7QsvmGfIiNb:mOJ1vxfazbywm7/L7QsvmGfIiNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914662, "uuid": "5ca1bb1d-f944-4aa7-ac12-4bda891b079b", "value": 125008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914662, "uuid": "33455e34-afd9-4f28-9582-65cc5c417c45", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914662, "uuid": "c7364ead-455f-4578-af0d-901ba8cfb953", "value": "6a339190f816f84b3accafccb655abd8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aaedb476-a093-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646931662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931662, "uuid": "3f253a20-a4ec-48b0-8e7d-e5780cb598eb", "comment": "Malware payload (RaccoonStealer)", "value": "b234696a063259c2a5ff15957478b99b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931662, "uuid": "b26c4ddb-20ff-4dd6-bf0d-d2ea50136339", "comment": "Malware payload (RaccoonStealer)", "value": "79e15969948ef41c2ea9a9753ef6c890d9179372e7fc3eaaeb94bf061f22e0d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931662, "uuid": "9f188e41-6a6a-4069-a16a-df0aef6f313e", "comment": "Malware payload (RaccoonStealer)", "value": "755efc85945ece280bd6ecb194daea2833d1c7a3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931662, "uuid": "ca6aaf48-4930-4081-a167-22e3ede0acdd", "comment": "Malware payload (RaccoonStealer)", "value": "9d8278b7137a47025812ed254012983ef35559f41496d75b5a61eef05a07a1c4332c300c773e755bce75e8275439e455", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931662, "uuid": "af27e30a-dc9f-42b8-90d6-6f65ba9a785e", "value": "T1B43533B7F986FCD9C7A8A1F8F914DD19A113E75A83C72F1991691841188CCB1394EB3C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931662, "uuid": "59efc83b-00eb-41cc-a086-a71ad630818d", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931662, "uuid": "638760e5-25a0-41df-ba8b-e86585216fe5", "value": "24576:z+ZZG0KskNvWBtSOQnjIw3CE/uuq1o8HDYXA8kEaHNYK3Mr5FuD0G:zIZEsi+BYOIj3CyYYX3Nay5gDR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646931662, "uuid": "84f481a9-4899-4437-8de2-3337b241f4f9", "value": 1151640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646931662, "uuid": "086bb9b4-d2f5-4e17-8a7c-44a1b708a5c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931662, "uuid": "f84c2f99-5475-43d3-8dc7-53632a62e1a8", "value": "b234696a063259c2a5ff15957478b99b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85ff93bf-a0ab-11ec-9275-42010a9c0029", "comment": "Malware payload (DCRat)", "timestamp": 1646941908, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941908, "uuid": "05fcf13f-7a3e-4c78-8651-3b8a81568351", "comment": "Malware payload (DCRat)", "value": "3a4f9367640cd9f30f22c890dd7f2d8f", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941908, "uuid": "f204ba54-7915-4da2-b026-a00814af87a7", "comment": "Malware payload (DCRat)", "value": "7bec76e40704860d38c7b2996b7549ce8d49ea14441ad5d386c07d8859bca63e", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941908, "uuid": "f65ed900-c2d5-42db-a7ae-52f1bbd4325a", "comment": "Malware payload (DCRat)", "value": "812471ca155f5b0a71d5697bb0f5d806a8a1ad7b", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941908, "uuid": "8cdaa867-8c86-451c-841e-a8ddf3c765e7", "comment": "Malware payload (DCRat)", "value": "7d284f376cf68d57b7025c046d9231dc15ddc860a3d11678523d347322ada4faff968b159b844dbb7c2dc22d03c8c855", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941908, "uuid": "b6f4536e-fa57-4e5b-bad1-539b10c87ed4", "value": "T102C47D152AE9A925F1BF9BB9D8F069AEC776B5627763EF0F058102C50923740DC80B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941908, "uuid": "6139c00f-74e0-4b28-975d-b6d3c1846c17", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941908, "uuid": "737814e2-29b6-43e2-83c2-0381b21d2362", "value": "12288:NqnOg1f182lxYAe86mUgb9aWvfI2JzZQ3QARZ:N+Og1f1vYA8mUYW2Jzc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646941908, "uuid": "1b2257d0-5c07-41d2-bb07-2f885e9d53b1", "value": 567296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646941908, "uuid": "71d29683-bc91-4094-abdf-6088c08f74a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941908, "uuid": "17358173-ffce-44a7-88ca-1af2d3651f62", "value": "7BEC76E40704860D38C7B2996B7549CE8D49EA14441AD.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84d9c8ae-a063-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646910983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910983, "uuid": "6a33dc2b-5d3e-43e8-89eb-a5162ded908a", "comment": "Malware payload (Mirai)", "value": "0254e125a3b1a68bc105d9617d16e0af", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910983, "uuid": "3fd835e0-64fc-4da8-8392-10a9ee890abf", "comment": "Malware payload (Mirai)", "value": "7bf474ea240edcfb7866c9303393c47712bddb138ef9a232b962f274ce0ca8d5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910983, "uuid": "390bac2d-e298-470a-aefd-8b384f4b768d", "comment": "Malware payload (Mirai)", "value": "3e89e245a521a955a4448a98851ffd3678f5fdbd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910983, "uuid": "bb9e270b-7623-437f-ba86-7d1b4b40f65e", "comment": "Malware payload (Mirai)", "value": "bb6c3b29b7dab998cd1879a96ac513845ac8fbb2edfad11b0a5d84f493c6e0ab6f94bff9b3aedc2203dc8e133e427c8d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910983, "uuid": "69abbfd7-f86d-4496-b9eb-5b289761ebe7", "value": "T12193D60ABF610FF7D89BDC3705A92B05289C661A31A97B35BA30D818F54B21F19E3D74", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910983, "uuid": "f0a70c6b-4b92-4509-a8c6-7f62d886a9eb", "value": "1536:HqqwwN7q8t9IwEdhNPH8JJH8kpS4pZ6YKyMWb:Hqqww9rFW4pkW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646910983, "uuid": "d67b4168-0a71-44f8-8848-29e8c6621a16", "value": 89732, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646910983, "uuid": "4faf8816-3560-4af0-add7-cba859b00ae0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910983, "uuid": "5d84a2f3-859c-4992-98dd-bd8e3b345706", "value": "0254e125a3b1a68bc105d9617d16e0af", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a99c8655-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903743, "uuid": "12c9009c-36a0-48f4-9fe6-3898a63a9138", "comment": "Malware payload (SnakeKeylogger)", "value": "2892bf69494d60bea7e29dccc0019633", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903743, "uuid": "b4f74fc8-3df7-4569-af3f-a6b6fcf78447", "comment": "Malware payload (SnakeKeylogger)", "value": "7d6846d5681f1c40175415876d622533d6144edad27d835a3bdb400578c029a3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903743, "uuid": "d28fdfd6-b30f-4288-8d0d-205d16467a1d", "comment": "Malware payload (SnakeKeylogger)", "value": "7e5671b51be8f4d9e7dc8effb19f822558bdaab3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903743, "uuid": "99430c9c-feed-489e-ba26-448c244e2e50", "comment": "Malware payload (SnakeKeylogger)", "value": "43ef4a5736996a2340c5a252f6111dc0d01a96daf712e337f9648d1f25746a57e980585a064605cecb1b613b786f3431", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903743, "uuid": "912aedd3-5cc5-4268-8913-ada3050f7d08", "value": "T103F4AEF1EF5C877EEC14723EC4A818B01EF5698D3820BF5A968D019D0927ECF58A652D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903743, "uuid": "8992083b-ac39-4cdc-bcba-a618a260386b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903743, "uuid": "b90f75d5-96ae-4d0b-9848-2fbd7be35d50", "value": "12288:6Nx+O5ss31ZZYfiO2wArXngA1+I70kmwIkJzTTD90k+3KpnABsRbFrbL/:6Nx5sKZYfiXwArXg1Q0PC5D3AGzrbL/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903743, "uuid": "408c8c7d-9977-4980-b48b-937d0221acaa", "value": 791040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903743, "uuid": "3149340a-127c-4ea0-b3d8-249c280bc569", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903743, "uuid": "dd8dd0db-2d4b-4068-860c-7e4d6fd7ed73", "value": "Request for quotation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c775c994-a069-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646913672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913672, "uuid": "4bb06aa3-d9ab-4698-9943-1f5306124b59", "comment": "Malware payload (Heodo)", "value": "51da05f6781eddcb3a0115dd078161e9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913672, "uuid": "748d79f8-666d-45e7-a8ef-49dda292e417", "comment": "Malware payload (Heodo)", "value": "7e1e92e9b304c1e08a832d6a5ed223e336e0ab06f1373910611ee7d159f48fda", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913672, "uuid": "e6fb6abb-a7dc-4d2e-ac77-72897d71c68e", "comment": "Malware payload (Heodo)", "value": "0f58a70bee9279e8092dd0111d2e6de9cb841dcb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646913672, "uuid": "1226e6c7-ed39-4de8-bbf0-59edd7697b08", "comment": "Malware payload (Heodo)", "value": "3c40c6937f2712e5cab9b7f6aa8ffa7acad65518fbaceca1c15bc8226b026a5b7a8afdfb160202c70478a115e6fc4a29", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913672, "uuid": "058abd6d-d4b1-498c-aec5-01b8a18553d7", "value": "T1B2D46B2271DE4073CC9A107C0811D59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913672, "uuid": "7b6fc26c-fcd8-48a9-9e4f-c164b19577ab", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913672, "uuid": "885fe9a1-cef1-4109-8992-568c1f646fd3", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAj:WRO5DDUmhnspspsqi022/OByw+iVifMa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646913672, "uuid": "88ffa21f-8237-4b9f-92e4-f09b667c951e", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646913672, "uuid": "683aa6a7-a55c-4d32-86e1-02caac1f4c51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646913672, "uuid": "a3912300-edb8-4e0f-8547-737b163d90a1", "value": "51da05f6781eddcb3a0115dd078161e9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c29b3da1-a064-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646911516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911516, "uuid": "c97c04e2-69b4-4913-939f-f2b43556adb6", "comment": "Malware payload (Mirai)", "value": "95030977fcab2d0c0bed3ed518837e12", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911516, "uuid": "2c6c8f7b-e2aa-41dd-b47a-6b402145c083", "comment": "Malware payload (Mirai)", "value": "7ec6e4fa761fc16e24be45bd2b91a6a15d4edd319c272545a2e798aba20ca8c3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911516, "uuid": "f93b15db-f1e2-46a0-9650-1474d323d133", "comment": "Malware payload (Mirai)", "value": "d9a8238d6112046134a0d3d75bfaf5c8163f50ac", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911516, "uuid": "a60db9eb-46ec-426b-9234-97544a834771", "comment": "Malware payload (Mirai)", "value": "deafa1f30826c3a93c9afca62ea16d812f256907bf3082412cdf5fd9aac242bb39f89e585096460f3b82d47e2d9aeee6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911516, "uuid": "6bfaee61-8fbb-4be1-8281-31644efd033b", "value": "T18B533A99F4029E3CF98BE5BD84150E0AB92033D851931F2766EEFC937D331A49E51E86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911516, "uuid": "454efae3-30df-4f78-8022-92cdb3ef5000", "value": "1536:A76gTszWCC0pf1DFbV10hP8/28A5wf8LPS:AegTsKCrLV1wVK8rS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646911516, "uuid": "3f541732-4f55-4397-bf4e-a746fb10f90f", "value": 66560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646911516, "uuid": "29a5b09e-3b4f-42bb-baf7-a84ae0afa380", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911516, "uuid": "f9a133d5-32ad-45ed-9eac-acb6336a7568", "value": "95030977fcab2d0c0bed3ed518837e12", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20d2c1fe-a06d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646915110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915110, "uuid": "6389e315-57a9-440a-bcba-8d1f0d040fc0", "comment": "Malware payload (Mirai)", "value": "517f6954203f88bb0bf64f5645538df3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915110, "uuid": "4ab66334-fa5e-4667-8997-2fbc0676118e", "comment": "Malware payload (Mirai)", "value": "7f15e861c7523a02830a0d648533e2504495d21f35afd48f00a5894bee216b29", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915110, "uuid": "bfbca997-459d-4503-b4aa-17db325fbac9", "comment": "Malware payload (Mirai)", "value": "b488ea4116da51b2bcd2286eb6feaa47f748efad", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915110, "uuid": "fe730a55-e9ba-4a8e-9274-0776b0056297", "comment": "Malware payload (Mirai)", "value": "31681d353ae5c669b270a269717a9fe982dceccb4fa8a0cfa2b9fd67760a026d41e453a4cd38f5b6e3dd80794be3befd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915110, "uuid": "459c28ce-6caa-47e6-bdc3-9ec025179cee", "value": "T116C3C63B67170E23C0CA50B101E34332AE75DF9B34B952D7AAD07D686F36A843856BD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915110, "uuid": "40f3633b-fed2-496c-90f2-f57572f752a3", "value": "3072:wsrp9xV+GZTZepNPhj+e3fSqPIL7ymm/QMurB1nKGNb:SMQplVIamm/QMurB1nKGNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646915110, "uuid": "80f00a97-23a8-48c8-8a50-b266315938bd", "value": 129856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646915110, "uuid": "a8e02ef4-d016-447b-94fb-07091ec0bb07", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915110, "uuid": "eb17590f-bff6-40e4-b34b-39d47eac822c", "value": "517f6954203f88bb0bf64f5645538df3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a71e5e6-a054-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646904550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904550, "uuid": "aec51a31-84b0-4013-b29f-9c0df9bff0a4", "comment": "Malware payload (Formbook)", "value": "0962d96df13e9171592c186ea467ac43", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904550, "uuid": "0c1dc1b3-d40e-4792-a5e7-59f2d50b45d8", "comment": "Malware payload (Formbook)", "value": "818443734bfbb9a3bca464f225fdf7b2ca14cbd302f64a39b60fdc1df41883df", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904550, "uuid": "04239f43-3b65-42ed-a470-0d79ab311767", "comment": "Malware payload (Formbook)", "value": "1e9e3c6bbd046af1135e2edeec54e25d7a983ab7", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904550, "uuid": "c1d38848-44b3-4193-b02a-499d572c1415", "comment": "Malware payload (Formbook)", "value": "eabc078778ffd7d55a369a3a65b00b9ab9558249514134822202059e4cfd03fa498fef4151b25da0166b6127b0d100ef", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904550, "uuid": "7f655d73-e1b9-4e37-be8c-fdda69bcc9e6", "value": "T1DD1412267FC9F7E8E4D3EBBE34231196DC82BD568872738136897601C5798C4983B85B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904550, "uuid": "97cbeb77-affc-41ad-b462-248599dd6d70", "value": "3072:TWvWgeYErumtu/U4zS2/Q8mDWLoDBnX1Bo7z4ZBKZoQDk46FAJXcaEgCbKEcSG06:SvJ5Eam742QQdDWL6CU86Q+YcamZ47", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904550, "uuid": "1df3f929-9289-491d-a969-50e931a8a502", "value": 190376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904550, "uuid": "46b47ed9-4868-4ea9-8c8d-45cb0ebbda69", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904550, "uuid": "e860843d-5a06-4ed1-ac26-a38d032d1d2e", "value": "Payment copy.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b739fac-a055-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646904820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904820, "uuid": "7c2ff4a0-67dc-44b2-8bdd-9bbc9ffb2f52", "comment": "Malware payload (Formbook)", "value": "2820f14a2ca1190f914c715531a363ab", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904820, "uuid": "02eb0680-16e3-4e6f-9b1d-5e766189ccfe", "comment": "Malware payload (Formbook)", "value": "81ab7560677db0befd5cb823a2c2fcd6eff27e755caf1c28057090f711dbb6bb", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904820, "uuid": "61483133-7a34-40f5-aede-e26060f435e6", "comment": "Malware payload (Formbook)", "value": "a56509930fc8beb50473aafe5b5d53726a73dd68", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904820, "uuid": "63b989a6-1faa-46a0-8037-ce0c92b8cfa9", "comment": "Malware payload (Formbook)", "value": "c973d3cad1b2a105f6347bf849756bce03e9357c8da6783094f4e396f7e1801e2e940bb28e9876d7b65a26140c99cc52", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904820, "uuid": "2cb0e737-38b2-4e63-97b0-93d4e821290e", "value": "T1D6141275BBC16E80EDBDA2F460B4C92663649E0C3805D2D7B0A5317A2D7F6A2C620E75", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904820, "uuid": "fa95eb85-db42-42aa-838c-d28c25f098c2", "value": "3072:biwizMQ1lewacGlV40SGq6KeAprjGmNMl6v/bmxzUIzABaElqT:uMlwQlu0S3eAprjHjv/i1UFaPT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904820, "uuid": "a78ea96c-dd46-48fc-9ec6-68d752d0d8c6", "value": 191288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904820, "uuid": "acd7a23b-c038-4c4d-9350-b300d6820fa3", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904820, "uuid": "2cbb76ac-f5e3-4785-9e55-089d3970542a", "value": "Remittance Advice.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f05aa26d-a064-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646911593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911593, "uuid": "aa03ad55-a95a-4061-b2e1-2d810aa02ef3", "comment": "Malware payload (AgentTesla)", "value": "249bc206c7297783bfa33204f07b9791", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911593, "uuid": "c28fef90-a117-43fc-86df-9a3a243e4e26", "comment": "Malware payload (AgentTesla)", "value": "81d4e1c880068f5991a4434572d41358df7e9444a2d8dbacc92b796db3c67036", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911593, "uuid": "276fbcaa-4790-4240-99cc-abe8c4eb9e79", "comment": "Malware payload (AgentTesla)", "value": "85377f240683cc080d18a3c95f238f100918e58e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911593, "uuid": "7b77a57d-bbc2-4d3e-a83a-b66175436c2d", "comment": "Malware payload (AgentTesla)", "value": "5f08e2bfb00f17316367170bb284fd7b33c5b8ced7c94e4f0e29117865683519f4631c0c066c61792adef2717781b0f6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911593, "uuid": "299c1f37-778f-48b9-9baa-ce8766b2b0f3", "value": "T115C49C81E98166A0DC59AB706A36CD3582237DFDA874941D29DE3E373FFF2931026463", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911593, "uuid": "12ac4322-9f3d-4925-9f4e-0b46b22308e3", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911593, "uuid": "bd34f950-7df5-43bb-8c6b-54d79636bf82", "value": "12288:nP7r9r/+ppppppppppppppppppppppppppppp0YlzAGGBgl3kKNagFaH6H:n1MqhGkKAgMaH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646911593, "uuid": "8bbdee70-9aad-49f8-85e7-913d52a7179e", "value": 576784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646911593, "uuid": "6b9d9278-489b-4dc9-a37c-d29cfde3fa1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911593, "uuid": "4cc686fd-3b4e-4edc-9bdd-63c35a9c6094", "value": "PROFORMA INVOICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3df742a3-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646906998, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906998, "uuid": "d0df29fa-e3d1-489d-81e5-1bfb2f8d0526", "comment": "Malware payload", "value": "3ee76cdc36f92859a3b812109a68ade7", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906998, "uuid": "09249137-e1be-4dac-a0d8-4b38c331d70d", "comment": "Malware payload", "value": "833075c29afcaac44222f3eff94f75fb9d47eed0b5c01e9c2f700cd31acf44d7", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906998, "uuid": "fe87ab24-bbe0-4b18-9fb3-5df7e2e2881d", "comment": "Malware payload", "value": "02f3209eff34da65c41635db6ba06ea0f63ab8c5", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906998, "uuid": "85251b7b-fa61-4dd2-93cc-931fc3d29c43", "comment": "Malware payload", "value": "02f113e976385c40d4c0fca50b5360f74dca483cd447f0c720606b42e5173e9a739e3fbd26365caf441e8fe6b7b7f6a6", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906998, "uuid": "ce426116-f85b-4b07-9108-317cc05d375a", "value": "T176165C12B284A13EC0AB1B3789379658993BBA716926CC9B1BF44D8C8F355407B3F747", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906998, "uuid": "9bd02d40-6176-48b7-af0c-d9e7d44fd589", "value": "98304:4IgUBNTAu7drVeYX+UYTmiYGBGXBGYpA:4IlndrTX+UYT8GBy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646906998, "uuid": "e02442ad-140d-4f9d-8f2a-80aa20b2e015", "value": 4348928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646906998, "uuid": "82866e5e-3cdd-408c-91ef-dff04a1b0937", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906998, "uuid": "c2899be8-9992-4d4b-9b78-d2c466695677", "value": "Fatura08923499.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b04a59fd-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903754, "uuid": "7acb1e0b-fd1f-4779-ac00-a5cc0c03725e", "comment": "Malware payload (SnakeKeylogger)", "value": "dcab6422252c1f60d3d4980d125678b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903754, "uuid": "a9b57386-28ce-4e39-821a-87362ad41a39", "comment": "Malware payload (SnakeKeylogger)", "value": "83573f23c76756baf4e5c769d00030a7eb302300b7c5b3d06d67fa00d016d406", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903754, "uuid": "f970da79-ff99-4173-b549-07b7154d1e7c", "comment": "Malware payload (SnakeKeylogger)", "value": "1ac4e596bb9c7104b6d49d957c293f6f491b08c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903754, "uuid": "c3d81f7b-a78e-421e-84b6-b6a0cc26e4b8", "comment": "Malware payload (SnakeKeylogger)", "value": "c0ce9035f70122a984f5c839cc73e1191423144a0b9db765b0dff34f5a1f243a2234c08320cc66b223eb267890893744", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903754, "uuid": "9e036195-bbb3-4158-b663-9bc4afe7cfad", "value": "T1C1355AD270E5844EF7374AB17FA9F86C14A7FE6B1468100E119A7B2711B334164ABF3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903754, "uuid": "1389fb7f-9a64-461a-b3ac-e8535c4557da", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903754, "uuid": "07e7e7ca-b2a3-4a63-939f-cd5e6a80db9c", "value": "12288:TZt3Zy3WD5kPPblondw+XYe1UHXIR3ZNw5M72rFcssWoNbhO1p24K:XD5kXnLqUHG3nS62rFJdoZg1pE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903754, "uuid": "3e678dc7-a169-4c5b-8df1-acc51e62b0fc", "value": 1079808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903754, "uuid": "bcb445e2-a222-4892-8f40-a3ee211338b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903754, "uuid": "896cbf54-3831-42ea-b1d5-176fafe41d8b", "value": "LAPORAN TRANSAKSI TERAKHIR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cd73534-a02b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646886891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886891, "uuid": "73e74bb9-1914-477f-97d5-2ff0e5f0b8a1", "comment": "Malware payload", "value": "0a8acb6828268b002ea926f7ec53a6c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "VirLock", "colour": "#148CF2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886891, "uuid": "f127f26d-f233-49c4-bc13-de8717678aa4", "comment": "Malware payload", "value": "835b0dd0739f00efb423d9757d6cda3d47658071f7a37416ab2ff635e4365441", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "VirLock", "colour": "#148CF2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886891, "uuid": "37dd6bc2-1e27-474d-9853-117b5d4b0b59", "comment": "Malware payload", "value": "47013a5a3c0966c61c0ae763fff60a6a48068943", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "VirLock", "colour": "#148CF2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886891, "uuid": "894d5973-566f-4927-94b7-d200abe26869", "comment": "Malware payload", "value": "b2d7cb0c06cd04fa5cdfec5db0a266fb9e4f4c76825140a32a0ea2ae6baa96743a9a99fddc9ff1382ee7ed9826bc31ae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "VirLock", "colour": "#148CF2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886891, "uuid": "f85875bb-26d8-4f3c-a7eb-86702ebdd65c", "value": "T1BE765910C69115E1650A07ED94AA4B780BCF16A703CBC5FFF6AFD3BC589988D82613BD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886891, "uuid": "31063a08-8a1d-464c-bb65-2f61ebc76084", "value": "3a48c7db21f130124c835690e504c436", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886891, "uuid": "b4ab59aa-9331-43bb-9dd5-a55c6aea0bde", "value": "196608:rsYl4ZGXZqKIJPFT2duFex3xcVY3/XDiq6Q6un6q9K1ljpz:rLaGXZqKIJPFKdSY3/XDQQ6u6Jpz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646886891, "uuid": "1693a47a-d252-4cbe-b8aa-8031397800cb", "value": 7481344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646886891, "uuid": "00760c1c-a4a0-4c0b-8e28-f381e81ca181", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886891, "uuid": "f5ff0159-8322-471f-b71c-3297ed70aad2", "value": "0-RUN.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa33bcb1-a0c5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646953270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953270, "uuid": "ef7abadc-de61-4b39-a0d4-84cd4a8c2aaa", "comment": "Malware payload", "value": "49e595a4c089bbdcb2283d1497821f19", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953270, "uuid": "a6599680-763e-4636-9e24-89c413b8ba02", "comment": "Malware payload", "value": "84050ce54d69b2b4d91b0499e1e45fbbd1217267be9060010de7340026462442", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953270, "uuid": "5c49e9ff-0b55-4796-904d-d1bbfb01518f", "comment": "Malware payload", "value": "2c2dcbdedbafda8577fd55d77ed01659c6de7ed4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953270, "uuid": "69d63502-7fdd-478d-a9e0-81ab52530843", "comment": "Malware payload", "value": "09ab5f8fba96984a197e37186a95d91bb838226ad7ba928afaa0a92f231652120e66c9a695fbd84958fedfef23734086", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953270, "uuid": "d9039f0a-9105-4e8d-a7a9-d274a5a41e09", "value": "T151D46A40B5A3C070D3E7313846FD23CC67F9B9A1D7BB412B7A99954D6D3C8920B79A22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953270, "uuid": "75015c95-6774-407f-98ce-ecb08e4b10ab", "value": "cfe3f54a8e794cfc54f47ecbce05971c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953270, "uuid": "4f2ee471-6ad1-429d-90ce-24f3aa6d933a", "value": "12288:ivpO7ru2TDuk1tYTwwe5AnYq2JaiMMMXdgir7OOBgzgENENENEn+ITITInTKTx4B:vru233dweOnYq2JaiMMMNgir7OOBgzgn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646953270, "uuid": "3e7b5d54-180a-4eeb-bf58-316836669655", "value": 655360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646953270, "uuid": "7ca3717b-22d5-4382-a84f-3cbf74877ba6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953270, "uuid": "d3942ac2-cfcf-4156-be63-e6e0308f815c", "value": "emotet_exe_e5_84050ce54d69b2b4d91b0499e1e45fbbd1217267be9060010de7340026462442_2022-03-10__230104.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a55ceea4-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903736, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903736, "uuid": "735a2dc3-a588-426b-a428-f0de64e5088e", "comment": "Malware payload (SnakeKeylogger)", "value": "b074b2f182f4c9a1349e7dcec7af7497", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903736, "uuid": "27d00497-9574-4555-a2d8-553af97e7a59", "comment": "Malware payload (SnakeKeylogger)", "value": "848b498dfe2641240bc8638b7a9364e7b41a8fdacb2cb9b67612cb399b00eb8b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903736, "uuid": "bc7fde6d-78a8-4717-830f-254878b0fb13", "comment": "Malware payload (SnakeKeylogger)", "value": "04c6fdba536e91581fc5675e859c7d2010cefd7c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903736, "uuid": "50319209-1b3c-4b5b-9d0c-8b0359e89e69", "comment": "Malware payload (SnakeKeylogger)", "value": "d1e164b3bf6b7c2c6928483057cd901f4888c6bb6f3d8ef35db0c4afb9f288fda777410bcce447628f18c08a119f3caf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903736, "uuid": "d93d9122-1338-462d-8592-beb8f505cebc", "value": "T14EE44AAD326075DFC867CA72CEA81C68EF907877830F9217905715ADA96C99BCF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903736, "uuid": "7f1d25cd-219b-4fcc-8f9d-034f95b25b62", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903736, "uuid": "74dec9dd-b35d-479a-bb11-068a99948092", "value": "12288:D6WxzXJEEEEEEEEEEEEEEEEEholUI8s0ydHMmj/++SIQyaXLmYY5LwK0IT/Mz4y9:WkdEEEEEEEEEEEEEEEEEO2U0yzj/1Sfy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903736, "uuid": "ac5a41cb-3a50-45aa-ba2a-23e84e93061b", "value": 658944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903736, "uuid": "5de6f7d3-8377-43fe-85b0-e6e6b568b5dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903736, "uuid": "e5550fe0-1b5b-483e-9a7d-581506128937", "value": "g8PZ2v2YMmaX9Ac.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31a148fe-a090-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646930171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930171, "uuid": "e4dd8b29-e5e8-4dbd-b7f8-262ba533e1b1", "comment": "Malware payload", "value": "e9ad8fae2dd8f9d12e709af20d9aefad", "object_relation": "md5", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930171, "uuid": "cfcbf328-8309-43e4-9e47-5d57f7303383", "comment": "Malware payload", "value": "84f016ece77ddd7d611ffc0cbb2ce24184aeee3a2fdbb9d44d0837bc533ba238", "object_relation": "sha256", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930171, "uuid": "f529d172-2542-467e-a5e2-ecfa3f20ace0", "comment": "Malware payload", "value": "db7d1545c3c7e60235700af672c1d20175b380cd", "object_relation": "sha1", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930171, "uuid": "d7903903-bdc8-422e-8f2e-eb1848ab0504", "comment": "Malware payload", "value": "cc3acb0c7657fa31b4b73d613d586c6f5e28053b83899a8176a51033d6a0e7d0fd6e54ea060b7afd335d46075042be2c", "object_relation": "sha3-384", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646930171, "uuid": "6c8d9b20-0903-49e0-abc4-86b6c80d4679", "value": "T10B74233CEC2B1E519111431E6C9D2B162962540D7FE6A4EF4C1BC28F65C8F6F7AEC881", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646930171, "uuid": "1a75f79c-034a-4d6b-be40-9ba869227e99", "value": "6144:GzCBDQ0J9tcQEFDAAjNWifFs9HDtuFTSSrp3gnROInT7ki368xgs:GEDQ0TuQ6UAjk/9jtuFFZesITI5k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646930171, "uuid": "6e42a707-0d6a-48e2-b57d-9d51ee78e3cb", "value": 344906, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646930171, "uuid": "655268ad-dc6e-4cc3-af2c-4833079b46eb", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646930171, "uuid": "25573b5c-b9f2-4b8c-8c83-904f1e4370c4", "value": "license.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2949f103-a02c-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646887207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887207, "uuid": "dee61072-2c7a-40c0-91cf-097786dbb815", "comment": "Malware payload", "value": "a232b6f1e538e568f4e8c3d3561975aa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887207, "uuid": "9b725d7d-8184-46a3-b803-5effff68a0f5", "comment": "Malware payload", "value": "86301436bb2bbab39c34ac6a1f27f751fd9eb09a3b93e1adaa27dba3c4371f02", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887207, "uuid": "891fbbe9-b40a-4e2c-922d-76189df098f3", "comment": "Malware payload", "value": "45c7e73dc8759908d14291aca2e1a097a8bb2cdd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887207, "uuid": "0d810b67-3213-4def-9254-67c89d034f53", "comment": "Malware payload", "value": "afde4a8a74986db6cd7e2e64e1cb48f0d9cf8387f7246267a243a394c697fafb3c62fdf266130d794d925f04674e6d61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887207, "uuid": "177f1e85-202c-479d-8216-a2ba6427c2ea", "value": "T1B8B5AF3AF6D0C437C1236E7CDC5BE259A829BEE01D1824477BE92D8D9F397823426197", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887207, "uuid": "512d6b6f-0ade-4c72-98e6-a60ade1a96b8", "value": "423366de4156b0bf4af0d470ca1a247d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887207, "uuid": "ea87df02-3135-459b-a5ed-2b6a88776d35", "value": "49152:WZgvUokzV1FcrPZgvUoeZgvUokzV1FcrPZgvUov:WZsU7VcrPZsUVZsU7VcrPZsUe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646887207, "uuid": "eda444ea-6d53-4c8a-9280-522b389bc035", "value": 2396160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646887207, "uuid": "815fcc2f-2c42-4824-9aa0-ceeff398091c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887207, "uuid": "4c8e971d-440b-479c-b406-665bbfc5cbbe", "value": "92lock.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5222ae52-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646905314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905314, "uuid": "8e15d914-23e7-4745-a9de-6986c7966f52", "comment": "Malware payload (Formbook)", "value": "a7bde7efa7f93cecc04586c662f2b1ba", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905314, "uuid": "c87c86da-0fe2-4ddd-b839-096da201204e", "comment": "Malware payload (Formbook)", "value": "863dc0dbb8ea4d58e3e48dc9781faa4c18e0e62eb559b3798eb62793ad72c7a0", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905314, "uuid": "14b36f6f-83fa-4aff-96c2-5c4c362b1e1c", "comment": "Malware payload (Formbook)", "value": "a1676e6e50bffff68d49519c9198965212e63453", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905314, "uuid": "65227f86-7d05-44fc-9ac1-537001ff8832", "comment": "Malware payload (Formbook)", "value": "eeca95880093c9a25b0a58fcefa69e73a720583d39fe08b70adf335378f75d1222b09cb46cc11a4f69112b4b23f7b39e", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905314, "uuid": "07e3f7cb-6fcf-4b84-b36d-13d77a55b322", "value": "T1521412163BF49235E0B4B0B8491DAC16521EEC0B76D9C11E1EC97A16A47663C1FE3B3E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905314, "uuid": "ddf0edd0-6402-49d6-ade8-bd11bfd8d759", "value": "3072:IFg9w24jPhZnvxi/jnpoBYK2BzilBXOhowF1p5FnkDNcS97tVCIiRZU:4g9wz5dxin+lblBXOhNb5yh1yIiRq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905314, "uuid": "c088f8e1-0849-4044-b94b-2c32be6df4da", "value": 191048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905314, "uuid": "d56ea081-b320-4be7-8ef3-9c5ec46a00fd", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905314, "uuid": "d48a1cf7-9372-4442-9460-17a743bdbf0a", "value": "Tecnimac Order SO22-54382.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2b10104-a053-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646904161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904161, "uuid": "3aa114ae-9aa4-41f8-a3cf-badc0882d695", "comment": "Malware payload (RedLineStealer)", "value": "07a7b333916388a9c79677654bd38c58", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904161, "uuid": "18b818ef-6030-4b0d-9cbc-04f8698f4156", "comment": "Malware payload (RedLineStealer)", "value": "880412260564224d36a8407e38a8a58ac19aea2d1133535f8034f7dcf6889f64", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904161, "uuid": "38501814-a1f2-4eb4-8530-aaa6748bc0d7", "comment": "Malware payload (RedLineStealer)", "value": "654845924294710677dec0c184dea4f449d34bf9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904161, "uuid": "2d8be613-3b24-4821-ae7c-e53561f99cea", "comment": "Malware payload (RedLineStealer)", "value": "6923e83cfcc60807f58629067afa1a31faa275584b9a57e79e19dd2a674f9729ada1c564ad32d7e10f1f70ace9647bd4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904161, "uuid": "62aaae16-b79d-4ad3-b6c7-2265b3c04d79", "value": "T147F42343CF8A76B2D82C43F698A36EF45674A8A5F5F16B0B33725539EC211432E33616", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904161, "uuid": "e10169ff-77ba-4fb7-8c2d-0ad4963673cb", "value": "c41a42db16fdeefff5b001c6a322edc6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904161, "uuid": "370e7048-3f7b-49c6-91bc-0f6173c0d1e3", "value": "12288:ckksLj5r5mrbqvmMudPFVMKhtO9/gh/hUPZ5dESEz/MIUUSZEuG7Si:TkERIbDph/h+vdszEIEEfS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904161, "uuid": "4cb1623a-a19f-46a6-a766-25caa39bb4b0", "value": 753136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904161, "uuid": "773957d2-06ff-4d52-b394-25eaa2c29f5b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904161, "uuid": "07c8fd8c-c2fb-4b29-b4e4-2d1c9d1fa29d", "value": "07a7b333916388a9c79677654bd38c58.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d89fbbd6-a05f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646909405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909405, "uuid": "f28b8524-fcb2-4ec1-9017-fc2f73759dba", "comment": "Malware payload", "value": "0854bc60408fbeb1f291b8e091eb4cd2", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909405, "uuid": "cc87b328-ca0c-4663-976e-7e6152aaa421", "comment": "Malware payload", "value": "880fbd0fce57acf74b81e5697f0bb9c84dfffffe9cb2d344493e65b4e21dd448", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909405, "uuid": "50f3130d-0fb3-4223-92c6-267c23160b94", "comment": "Malware payload", "value": "0d253e0fd12ce47812141aacd4e00a8de3ada724", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909405, "uuid": "a0c52604-956c-442e-8498-8da3e4a8ecc2", "comment": "Malware payload", "value": "23e9ba079577f83c332b885b931eac48159beb433bd0e940a463811437eaf0f74e401644d00d28ac2b68244e67a0ec9a", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909405, "uuid": "563ffed2-b298-42a0-b333-9de3cd6f1979", "value": "T196C3C548FA94932EC7E1B2FFEF95428D73364790B3EB7D368239421527C53686538660", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909405, "uuid": "ffe12bf2-e0af-4031-bb31-c860e8a09b4e", "value": "1536:/rZYuVMh2jT9Zm5M2Vg789ZLzfVUvPY02bFyizvm3w0n5Wj:/riqMh2jxp74nNKz2bpzvS0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646909405, "uuid": "95bd96a0-7b6b-41f5-81c2-7525f6e70735", "value": 121652, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646909405, "uuid": "9335cd22-4837-480a-b806-7c26ba999a64", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909405, "uuid": "63726a6d-64ee-4660-a963-93be00882647", "value": "enemybotarm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c140d6fd-a089-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646927405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927405, "uuid": "3cbc5ea2-2faf-43d4-b236-614f3d53902c", "comment": "Malware payload (Mirai)", "value": "0ac2f9bd1b29a9ccef1e783135580127", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927405, "uuid": "f40090ad-0ccc-4121-b35b-97d0623d0580", "comment": "Malware payload (Mirai)", "value": "8835388a084d16f8297b3ac304f4f9555d8ee63a35eae1d964d3ecce0eab6472", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927405, "uuid": "396dffb1-88f0-4252-810d-efe91a94031e", "comment": "Malware payload (Mirai)", "value": "bb8bd55de79af4a82934214a2acf29c62d7079a3", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927405, "uuid": "1aa73e9f-3416-418c-bc83-7c186ad62488", "comment": "Malware payload (Mirai)", "value": "2161a6ab9790b47fc6c2fe96d5f0eafa10a0b00a17a8aad0992b95b4f7007efc2b6ef16bef73fd54b118f189b95a2a46", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927405, "uuid": "261b66a8-e2ac-4ce4-b089-91975ffca51d", "value": "T133C2E07A72F4496FEE357334664E445934132960839537EAAFA4453A16333A181FCCD6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927405, "uuid": "8b60f182-d777-4c4f-8b2a-a1c3de7b29ac", "value": "768:v4mb6QFfFHk8lFkHMpDPwstjw6k8ElOo2c/:gqBZkaDNk8ElOo2c/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646927405, "uuid": "dc043aab-8b99-44d3-9476-abbf81c9b4a6", "value": 27272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646927405, "uuid": "2ed6aaef-9be0-42ec-8024-592476fc9481", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927405, "uuid": "149ec2c7-27cc-4f35-94be-1a18534f2f36", "value": "dx86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81d7f9ef-a063-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646910978, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910978, "uuid": "6807d00e-b3fc-42e9-9509-c4b5dc2cc5fa", "comment": "Malware payload (Formbook)", "value": "4c7f223e22cca4b12224ea691ae770f8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910978, "uuid": "6ab0d651-d86b-40eb-84ad-4174106f9150", "comment": "Malware payload (Formbook)", "value": "89ca1ae6afd4451562d33f381d21e085245ebe1047d4a812d818fcf0a2e01393", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910978, "uuid": "31405c12-2584-45a1-a015-d3e1cb759809", "comment": "Malware payload (Formbook)", "value": "3d3c83e2e6690b8bcef3f88dbcf443cba59f3b02", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910978, "uuid": "f79a8b30-6888-43a9-9c42-02a105d270f5", "comment": "Malware payload (Formbook)", "value": "451d4d7db6a2ebc1a5e512c1180f1cb02157f7187850f62c808dee1014a45024a35fb5722efce2e8c620f8845e144567", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910978, "uuid": "589ed833-48dd-4a93-9f17-3bf4cf705d96", "value": "T1A6459F62B3914C37D4731A785C5B63A8A929BF182E285C877BF87D0C5F7A6803D252D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910978, "uuid": "98aab2df-76d4-4fb5-a943-d37f37e128e8", "value": "f3ef87a63216dac1578ca750829fe4b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910978, "uuid": "8e8d2735-eb7f-484b-bd7b-23ee09f827f4", "value": "24576:f4vPtIdV591Vr90+b5rdtftguklShhb7f:f4HtutddtAlSbf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646910978, "uuid": "c584d7c6-5f36-407c-8815-735eacc529d0", "value": 1212928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646910978, "uuid": "cc3c9991-5b28-498c-bcd3-487c198b50cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910978, "uuid": "ccb8f819-c20f-4a48-9d7f-c35f4b8063a2", "value": "4c7f223e22cca4b12224ea691ae770f8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f0fa197-a02c-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1646887378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887378, "uuid": "167b381d-1246-4d0d-898a-b7fad61d87d1", "comment": "Malware payload (Quakbot)", "value": "77d8df50f56df2c30411ae23b6550dbb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887378, "uuid": "381a5b06-84a0-4b0a-9052-951af5e1cea7", "comment": "Malware payload (Quakbot)", "value": "89ccfa693e4cb1ce39209ed9678b3b31f1954040a77119b556619cb36eb0af45", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887378, "uuid": "94d7968c-d47d-4026-9eed-bfbbbde4d544", "comment": "Malware payload (Quakbot)", "value": "ed6107bbc9ee82834f12576d030a306aa868528d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887378, "uuid": "c565dfd0-1924-4949-b497-df748a48a3b3", "comment": "Malware payload (Quakbot)", "value": "29158a71c1c9f0662d22d18c099cc5a7fe5650f2a134610c67ffddaa253487d122bc9cc60d839b3cf1b7d951cc1ec26c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887378, "uuid": "ee1cddbc-875b-49e8-8c2a-f81ee4263790", "value": "T1A6059D2AB28085FADB332E3C4C5556F47B797C33E91AAA8D67D41C4F4A38761281C367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887378, "uuid": "4b76c036-797c-4fb7-8b6a-6538c3f29e99", "value": "5d6fa77bb261ad530fb576f1a51f3820", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887378, "uuid": "89317529-a280-4922-a931-731419b5a074", "value": "12288:7Achha95RMxuPdeRcB/kXlbJn03WvdsEe+t598rUoF+DgPpnXlizB:0Ch2RMcFoqkXlF7T5yrUWUgPpnXlil", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646887378, "uuid": "b96400c3-eaab-49d2-8a65-51959ae0b738", "value": 825856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646887378, "uuid": "aa5407b0-0cd8-4217-b2bb-da49e9fe4289", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887378, "uuid": "31c55713-2c14-46c4-bc2c-01f9362b681a", "value": "def.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07bf4a16-a0a6-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646939549, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939549, "uuid": "9d5eb4ee-0c51-4638-9c45-42b01dbee0c9", "comment": "Malware payload (RedLineStealer)", "value": "03a6e8e5557d35d9d1c0b8dd9702bab5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939549, "uuid": "a315acd2-7946-4c96-854a-ed306b439a9d", "comment": "Malware payload (RedLineStealer)", "value": "8a8ed9f1dbe9f72dd7f60806be5130daf6148443a45d6c20d1449a4e490837c9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939549, "uuid": "cdce7acd-a3fb-416a-b95f-bc4054fdc745", "comment": "Malware payload (RedLineStealer)", "value": "80ee82ca5f6fae94de2a6c7228b88b78c1554323", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939549, "uuid": "635b709e-d71f-4ca0-87ab-8c08aa4b91b8", "comment": "Malware payload (RedLineStealer)", "value": "8c7ce392d901841304144d2c29a30e6b11a455bc250579e69ba50ea8e269b4c7b7df4f22f5bb52de0d11d0c0376a627a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939549, "uuid": "3ef6cf92-2f25-47fb-bcc9-2f3302e7b99d", "value": "T10F66332837E454B3E9306970675827F275E97B294E24405B33D498CCFEBDDAB612D0CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939549, "uuid": "25802e88-03a8-4d2b-bba8-f8e8db2d3eca", "value": "32569d67dc210c5cb9a759b08da2bdb3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939549, "uuid": "916f9394-1900-42ee-8761-2702454bb070", "value": "196608:xnwp8LztZbgzePW4QYWmMS0AXFZ1ZNi9iySw1P7owENeY:xwpazTgzkQHmMDYZ1ZTySw1sReY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646939549, "uuid": "5eaec458-a140-466b-84a3-4d25f34c6219", "value": 6951146, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646939549, "uuid": "e35f5c9d-116f-4662-a427-2dc4a2aa98b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939549, "uuid": "0b46f15f-83c2-4647-a7b6-a924bcd13ae2", "value": "8A8ED9F1DBE9F72DD7F60806BE5130DAF6148443A45D6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b52deabe-a01a-11ec-9275-42010a9c0029", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1646879711, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879711, "uuid": "34f5ada4-191f-4b61-b3d1-b2005cb3c51e", "comment": "Malware payload (ArkeiStealer)", "value": "937fb9efd2f9f371714aaf04aacc7da0", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879711, "uuid": "a8863b21-fdbf-468b-87e6-b9e98391e7e4", "comment": "Malware payload (ArkeiStealer)", "value": "8addfca49be443cc1314b8106f31321d875edb1eee58dd404378981a585b3212", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879711, "uuid": "82e61927-fa13-433c-a95b-8c7ea680a9d2", "comment": "Malware payload (ArkeiStealer)", "value": "0366d4e60d5b6972edc5116b689daf18a94591fa", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879711, "uuid": "e0f66ffc-8cbd-41ad-af96-1dbc1083f077", "comment": "Malware payload (ArkeiStealer)", "value": "0b2563f6212addf76154c96b4442aafc89b039fa4aca43db72bba9b508be5f29125f9bbeef181e11e889253539aa2bf9", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879711, "uuid": "e9b02f39-9ff8-4e80-83fa-fbb4cb5e404f", "value": "T17B54DF127AE0C833D593A3705924C6B15B7FB93266B5C9473788173E4F217D2AAB630B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879711, "uuid": "76dea014-6064-42f6-8e28-be9f28eb054c", "value": "ff8b9f66e50ce9e9d4ab740e6c8cda2a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879711, "uuid": "8a7c2af0-302e-4f60-8a1e-9a0e94d84127", "value": "3072:NSnTTHLLCXMA23TN29b3DDchDEwyelBzQl5hNIw1:gfHLLCXMDjNwTfADEUlBENIw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646879711, "uuid": "6b1fcb08-e8b1-4ffe-b88f-be6035823b6a", "value": 279040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646879711, "uuid": "cddd4e5b-a982-48e6-9ebd-3348cc8f182c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879711, "uuid": "6855edb7-9327-4844-8740-3cf9e5962ae8", "value": "SecuriteInfo.com.Trojan.Win32.Save.a.6887.15843", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eaf3b290-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646907289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907289, "uuid": "c0375545-653d-4d57-8f28-48b2eefb3458", "comment": "Malware payload (Formbook)", "value": "e1e864026477458aa566c392b112dcf8", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907289, "uuid": "2c972e66-d576-48e6-acbf-5bdefe1c04ac", "comment": "Malware payload (Formbook)", "value": "8cfe7a068902a7ad96405070816391795e429ff64f2e2bfcfc0776513c855826", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907289, "uuid": "4cf3d9cb-228e-4dda-9921-c388206e1315", "comment": "Malware payload (Formbook)", "value": "52ab6c3ba3202ff3a7187c3468b3a4428f543a60", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907289, "uuid": "9b9d7244-f1ee-4fdd-a93e-5a53d7c0b254", "comment": "Malware payload (Formbook)", "value": "c234815c6188a98c82f4b31b79437aa86c9d7df1b0672e87a45783a9e39ebfb6cf1982234d9ca335f7a680f3068f9dad", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907289, "uuid": "d20329cc-a4ba-421c-9f76-0ea4634565d4", "value": "T1D2B4BEDAF62BB4E1E82E40F4642B39922AD9F677D4FC047D1678903092920F7547BD4B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907289, "uuid": "59f79526-ac5f-4663-8bad-e7420a2ad853", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907289, "uuid": "2fbb5b64-eb90-4182-becd-2e5c940fb56c", "value": "12288:5LEyjrKT6Oc3ri0EiDNP5Sv2Gzdd7W/TxC/JxYAtO3cVkG:55jWT6Fri0Eih5SvddQrxwnY4OML", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907289, "uuid": "db5c3a21-318b-4142-97de-6616952c2d67", "value": 506164, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907289, "uuid": "48ca4e2e-77b4-499e-b5cb-6edfe1aedae6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907289, "uuid": "09906a45-8887-43b8-a9b4-f90927d95136", "value": "INV-DHL202038658530.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7cb2433-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903767, "uuid": "e3fb8113-0b0f-4bd9-91d8-771d646cc0de", "comment": "Malware payload (SnakeKeylogger)", "value": "15a1306c5969fd208a2d983ff681d790", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903767, "uuid": "7b6ce2e4-3fa9-454a-b6de-e4350ee995f3", "comment": "Malware payload (SnakeKeylogger)", "value": "8d1a806572f6599b232a7d16c4d120f6763eaf329b47c5218717abe0457fb555", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903767, "uuid": "35f9e9b3-56a2-43c3-9a25-c90959edd03a", "comment": "Malware payload (SnakeKeylogger)", "value": "11cbdb7fca383fef16d159fd60528fda4d765e17", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903767, "uuid": "d1865f64-83c9-4d4f-8487-042165d9a3aa", "comment": "Malware payload (SnakeKeylogger)", "value": "9418fb7e4388e5d91669945f0b202e1933e8a2d70abcede9d062f3c082c8ccae8136c410ec0335ae02058d43c6d5d11b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903767, "uuid": "5378cdcc-13eb-43ab-9c38-4618ebf215d7", "value": "T1909415D667F76112C6276E3F95B0660907EC9A20EDD60607B3C7BFA725322C92B4F844", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903767, "uuid": "65c867a1-3d31-4281-a7e7-794e4a734d2b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903767, "uuid": "1b4c78ca-86e7-4d19-952f-198e99d5ef0e", "value": "6144:TQh3tk/njlCMJG9LfTZXyPSg8QCJxCRsB/pFumzsgehYAP1CJmr3+9cLKm:TeQjgNf1XyPYQC3Rn/sgySA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903767, "uuid": "ce1c4890-456a-4d71-82fd-2b93bae9b7ff", "value": 418304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903767, "uuid": "00178aa5-2298-4e01-8d75-309e6360f11f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903767, "uuid": "0e3f3a7e-a9e8-45a1-a52b-5c77ccca69ce", "value": "\uff08\u5f15\u7528\uff0303102022\uff09.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc9884b9-a092-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646931263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931263, "uuid": "f8eeef9b-2579-4c41-bd70-0c28cc957aef", "comment": "Malware payload (AgentTesla)", "value": "3b38d305bfac8b02adebd9fbe1a34c91", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931263, "uuid": "e6cbb545-07ba-4786-a69f-2d17ab8383b7", "comment": "Malware payload (AgentTesla)", "value": "8e1acd33e2ed24df72debd67300dd87af201288fd5a8ce1a9f5c71e892a0da5e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931263, "uuid": "1d992d25-373c-481e-8042-b12c3ccdf3ef", "comment": "Malware payload (AgentTesla)", "value": "b1ea863ebad15af20d28ed0036c35a17f9c2e74a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931263, "uuid": "1725fde3-41ae-4fc1-83ca-7fa120bda4ad", "comment": "Malware payload (AgentTesla)", "value": "d33eee6a9e6bb30d1b9ac8f71b0d739e435e65ea35aade99931e4867d23efa785467ee3d5a3d74a1f146b9a9f3066daf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931263, "uuid": "81f4b90d-eb22-4031-8212-6c53aac4e218", "value": "T12235C0E1FF08877EDC14323AC1E904B11EF51B8E3522BF4AAA8D51DD0A17ACF499652D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931263, "uuid": "8d429f35-3fe7-440b-bfa4-583bc84e2fcf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931263, "uuid": "ef543e54-8e22-4130-9af7-1f2d50b29dc0", "value": "24576:+xYYw1uqoKhdWhixUaQFVSa810u5W8Q4bS5rW4vGCcl:3/1uqQba+VSa8Su5WTiSzL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646931263, "uuid": "e3ccd7f5-7727-40a7-88cf-bb5dc06c749f", "value": 1074176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646931263, "uuid": "4f3a8e6c-e0d1-483c-8d8a-85f41006108a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931263, "uuid": "ecf7e4e5-f4f0-408b-a69b-bc775aae5925", "value": "3b38d305bfac8b02adebd9fbe1a34c91", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d30f9842-a02c-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646887492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887492, "uuid": "2d6ff28c-942f-4302-b82d-b8f9c14a4668", "comment": "Malware payload", "value": "08a43e11c7fae52b64e2f2a4a0926dda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887492, "uuid": "21d6ba8b-d9e1-42a8-a1a8-443d1f8b5a43", "comment": "Malware payload", "value": "8f2b11915ebed1c3e8741f32e8c0a14b05a602147f5567f6707e5fe3a9c08eb2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887492, "uuid": "4590d7d3-b51b-460f-8231-a0d0e6227677", "comment": "Malware payload", "value": "b82e7cfebc872c930e5cc1a5d5683b67f0583a3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887492, "uuid": "a96a1eb2-7ea3-45ee-8f63-a5106f47134d", "comment": "Malware payload", "value": "65fd100d2afb210681b65c094d2f64273f87be19e2ea628d1af0163c9da85c883b8e7dea97fd626172a07d14a54b20ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887492, "uuid": "00a263f9-ea05-4062-adfd-89c429e58b75", "value": "T168958D20A6481021DC9E0EB1A504A732FD396D5FBF0E75C79E507E2A2EB75C12A7734B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887492, "uuid": "0ee2424d-e9c8-438a-8621-56d562542a1b", "value": "b941ddedcc51e5706d41335adb4e6b2a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887492, "uuid": "b04829f4-8f8c-4e7b-a61d-8d07ccd0dbba", "value": "24576:It1QF2QCSCYrwpemIwpeArzzW7SLOsDFncLmKDZOSzXFZ:I+2QCSCrpeapecREz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646887492, "uuid": "c2f51d85-d7ab-48f0-b68b-96d492e357fa", "value": 2003784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646887492, "uuid": "36820374-87e2-408e-9813-43edfde4e188", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887492, "uuid": "4965542a-16fa-4eea-ab55-808a68c65d35", "value": "firewall.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "662c3758-a043-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646897187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897187, "uuid": "1b4b428f-0bfb-4158-9dfc-67556f55c4b9", "comment": "Malware payload (AgentTesla)", "value": "afab79afb11694c57201bb63c0ed17bb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897187, "uuid": "865b2cd2-e1a0-4f91-b641-52bc01a651ad", "comment": "Malware payload (AgentTesla)", "value": "8f50a06a200ff7e3fa54aed5a4bb2252d7d08b647ed737ff95dced0b0c03547c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897187, "uuid": "5bfd47e9-68a6-4ff3-b50a-4b5108b31dfe", "comment": "Malware payload (AgentTesla)", "value": "870a3dd503c951fd467b2fed7126d84ddcfecebd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897187, "uuid": "35d64ddc-3898-4b93-8d49-6d76331e90fd", "comment": "Malware payload (AgentTesla)", "value": "19c6e277d57e84f4593ef79c92367c0041ab9296abe8c637f8aa8dd1f8f79f0c789ea82401619630c266d0c687117696", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897187, "uuid": "b703a81e-8180-43d3-aa06-2af589050c99", "value": "T10A253AA8725074DEC8A7C9729E18DC34DF917CBA930B511760D73D9FB9BD8A78E040A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897187, "uuid": "bc83d6db-c3b0-4883-9cf9-5cc65dc7d15e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897187, "uuid": "e988c37d-22e5-4e0f-99e7-563a09dfb245", "value": "24576:yCuEEEEEEEEEEEEEEEEEO2U06HlCvqQopjRUiD/MMMMMMMMMMMMMMMMMMMMMMMMp:GEEEEEEEEEEEEEEEEEO2zqQopjyiD/MK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646897187, "uuid": "002fadd2-4c22-4f3f-ae1b-b93c23e6ec3e", "value": 1013760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646897187, "uuid": "847251a9-2491-4b4a-8519-19bab71e2e6e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897187, "uuid": "73d52bec-337c-4cd3-b089-37bca7e728c2", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb21b9ca-a0a8-11ec-9275-42010a9c0029", "comment": "Malware payload (DCRat)", "timestamp": 1646940736, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940736, "uuid": "0f1476ab-137f-45d8-a3f6-d1123b623f3c", "comment": "Malware payload (DCRat)", "value": "cdd2e8326dc322c3848da68ec5875271", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940736, "uuid": "e654e499-a7f7-4e95-9578-47c72754102e", "comment": "Malware payload (DCRat)", "value": "8f7bab9df8b75b06db3d3386c8fea2e31c3c829793e6176f54daeaff7e9654fc", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940736, "uuid": "1146765e-44a6-40e3-9a91-82baae581606", "comment": "Malware payload (DCRat)", "value": "6aaf552da3a9d164bfb5098d388afe9650f92fb4", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940736, "uuid": "1d7a5f85-0a5a-46a0-a2f6-5ecb628402aa", "comment": "Malware payload (DCRat)", "value": "68ecf96e9b7051716bfe38462160bbabb1858e53fe69b391485e20a540ce1b63b34d2dab6dafa49b1d98fff43aa29b7e", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940736, "uuid": "02de1d72-f596-427d-9141-cf1371969710", "value": "T19975337839F61A2DDEF014B24456BD24E3BD9F089224610EC582A3EFE75B4FBE11D942", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940736, "uuid": "406429ff-72be-41c4-90c6-a6bc4a6973c9", "value": "2e5467cba76f44a088d39f78c5e807b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940736, "uuid": "eb72a7a9-985e-43b8-85e9-386d58cb27a9", "value": "24576:rXdFLv2yxA4ICoQqxWHNVWEcmHniPugY3X+W174h5o6VSuugjC3tyNpZp2MgZ:rXdFzH+4IC1qxWHDWEvrTX+W174h5oMU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646940736, "uuid": "6db7fd46-d0d2-4089-997a-279366b61c4e", "value": 1553920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646940736, "uuid": "a208596b-200b-4a39-a35a-4980455db3fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940736, "uuid": "77d96d29-9c57-4d88-b045-c01533a46b0e", "value": "8f7bab9df8b75b06db3d3386c8fea2e31c3c829793e61.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c6550b6-a061-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646910002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910002, "uuid": "ce8da4ea-5982-4268-a6e9-70c0d874f7aa", "comment": "Malware payload (Formbook)", "value": "2a78112aebaebff9cf4b798e4587ced3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910002, "uuid": "e6ea7375-d988-4711-88eb-198badb49f5b", "comment": "Malware payload (Formbook)", "value": "8fb9ddc78aef013fcbc8ff38135972fdacf66a871cc4b42f719efefe2255219f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910002, "uuid": "a6fffa79-6ab1-4355-9dce-7a39e62bdb93", "comment": "Malware payload (Formbook)", "value": "72341b0916d6cb32faf91a9194932952e70f85b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910002, "uuid": "5c264a59-ec5c-4034-a0c9-2acb9904c6dc", "comment": "Malware payload (Formbook)", "value": "146e2f63f48624b1d288375d3efe7b3236ab6e36d0016294fe3aca056f7a5ca3df68eca3b8289c981de6224fcea4bf6c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910002, "uuid": "0573155a-ea02-4f04-a1a8-a473077007ff", "value": "T195458E62B3814D37C4731A789C57A3A8952ABF142E289C877FF87D0C6F796803D25293", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910002, "uuid": "d2f782fc-51b3-4794-b821-03c13dba6d30", "value": "f3ef87a63216dac1578ca750829fe4b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910002, "uuid": "767658c3-05cb-4d5b-ad00-f8fad829ab94", "value": "24576:f4vPtIdV591Vr90+b5rdtftguklShhk7f:f4HtutddtAlSbg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646910002, "uuid": "1db8a3fc-f5e6-4261-ad5e-c961b5dfead1", "value": 1212928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646910002, "uuid": "f1ffadb4-9496-4ec7-82e0-9762b3553134", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910002, "uuid": "22373110-e04d-4f26-905b-3af9cd4a214d", "value": "Purchase Order121.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7dbb29d-a06b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914612, "uuid": "9935eb23-6a68-437e-8c9a-0df2d062086f", "comment": "Malware payload (Mirai)", "value": "19ea036806d83bd9eab997abb28a1bfe", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914612, "uuid": "06b44180-a5a5-4da6-bc33-35aa0752126a", "comment": "Malware payload (Mirai)", "value": "8fe10f213196f8e8678a408308ba365d1f1e2b8f9fb561600b398ee0079295df", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914612, "uuid": "23c81fc6-5f6c-4c28-af9a-dd87afa1f513", "comment": "Malware payload (Mirai)", "value": "7d20455256c917b788430b348d01cfb09fa5b64c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914612, "uuid": "6cdec987-9844-47c6-872a-25373382e55f", "comment": "Malware payload (Mirai)", "value": "40208a4954064aecf1cdb834f2a42b03a9ec32aa322cd5e4683fcd1c065323e12f0e6378f0f7e433f3915e572351b15d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914612, "uuid": "4fa6f3ae-43a2-4ec5-b942-0395a5271c77", "value": "T14DE32A30D4504B17C2D213FAA79E825E3F221F9793DB33115B38BAB41FE279A1D69924", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914612, "uuid": "afeaf87b-e798-4278-9aa5-5d6895e3fd2e", "value": "3072:Cv/WwsLgaq353qHiCOvhOppqkDQHbeskmhxQwoVSUNu:KPLaq351hOppqkLskmhxQwoVSUNu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914612, "uuid": "20bfafbf-c3b7-444b-8d72-da323738f9d3", "value": 143019, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914612, "uuid": "8a12857e-af1d-4541-a215-6b57a7eb65f1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914612, "uuid": "268d9304-d1c2-4ba0-8187-9e4244b7852e", "value": "19ea036806d83bd9eab997abb28a1bfe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e36131bb-a0c0-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646951085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646951085, "uuid": "2f238b01-289b-4b1a-a5cf-b04c5bca7b6a", "comment": "Malware payload", "value": "966eae734c9ddfde3b04d3e7c95a828f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646951085, "uuid": "3a16487e-8cd0-4dba-9863-d2e9c1759e3e", "comment": "Malware payload", "value": "9160d02294fcba0d8d02c6388646eee47a487e13f1af7310461cc0e2e7f57ed5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646951085, "uuid": "baff4255-9974-4695-b529-86a4ee803b30", "comment": "Malware payload", "value": "061c7dd2e6539fbb1cdd99b7243ac8b5437f9623", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646951085, "uuid": "474cc497-9d67-4486-8680-13ee2e7baeeb", "comment": "Malware payload", "value": "82e75f1895031d77a9047e0f0a3221b93c98f6e0d3233defb5fe22f8e61615323c8a779b10c5af4b990f1b573725be03", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646951085, "uuid": "cc0bb88c-f514-4e8e-b967-df26c8a895d5", "value": "T1DEB2A15FAE9555E0D1B8C07CC4E2612EF5B171A10B7293CBA752871B0B32BE4BA3DB41", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646951085, "uuid": "a207b2f1-38c4-4076-b364-ed5dc1693dc3", "value": "6eff1fe3996994233e9e009cbfb08a37", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646951085, "uuid": "3887df78-5fc9-415e-b47f-5317245e6d98", "value": "384:98FZIBbcd1M9YWkyiFBL0NomfGpJnqjqu3LJab:OFZIBUxftj0NoYGp03da", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646951085, "uuid": "7395d394-5b89-4434-965c-abc468ca85eb", "value": 23552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646951085, "uuid": "439ee817-9c13-43b6-86e6-cea10dae4146", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646951085, "uuid": "dee8dd7d-8dbf-4f94-8b47-c6de1aa07972", "value": "9160d02294fcba0d8d02c6388646eee47a487e13f1af7310461cc0e2e7f57ed5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e8cf2be-a0a5-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646939158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939158, "uuid": "cbe0371e-4971-4fcf-bd89-6281389ad967", "comment": "Malware payload (Mirai)", "value": "fed1c5be1a0fb9a0ae89ae13d75cbe49", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939158, "uuid": "fbf49cad-1b3f-4895-ae4d-111d90f4e7d3", "comment": "Malware payload (Mirai)", "value": "9488545715dbfa7243400fc8f577812db449277a25b8ab7981cbb889c16b483d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939158, "uuid": "9a62ee93-d0e5-40c7-8142-8a07c63e49ac", "comment": "Malware payload (Mirai)", "value": "8ccbd01d97e780ef2a7318cb4933dbc3474cda02", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939158, "uuid": "e8c66676-4133-4b9c-8948-65286093d912", "comment": "Malware payload (Mirai)", "value": "dca2bb8d3b25d597c21c22402e40bb30cb24d9b91bffa66e2822c3ddff0a7fdf0305361aca3022c5559238d1e70780a8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939158, "uuid": "5fb66f78-2d33-4fc1-9527-9e699bd3ac1e", "value": "T15A73A80E6E618FBCFB5A823487B78E20A65833D627E1D541E15DEA111EB034E741FF98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939158, "uuid": "582731ea-65a4-4e44-a804-aa3bddd93a47", "value": "1536:YZIJO4rSB6x2qzEItCRIxuF9IJajZvGIyv:LPOB3qzEIxxuF9IgNvde", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646939158, "uuid": "8c47a820-8663-46ac-bcfe-bc35a75c3b2d", "value": 76612, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646939158, "uuid": "a4f19537-7290-4a2e-a1cf-ee99d53297a4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939158, "uuid": "e718780b-bd37-4f6d-984f-4848c7e8c49f", "value": "fed1c5be1a0fb9a0ae89ae13d75cbe49", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "319619f4-a053-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646903971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903971, "uuid": "cb057d4e-d718-471c-ac16-b3a58f609739", "comment": "Malware payload (RaccoonStealer)", "value": "d1b14aa9c41b1fb168f0a33f8da66653", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "racoonstealer", "colour": "#2FC538", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903971, "uuid": "9fc6952b-33e7-4e07-9326-eb679e2d4eb9", "comment": "Malware payload (RaccoonStealer)", "value": "948c821b3a3f5b1ee3a8c49a15c449224be9b0e3c13b5876b5ffc67470424267", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "racoonstealer", "colour": "#2FC538", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903971, "uuid": "1d264869-094e-42c6-8044-00fa869e517d", "comment": "Malware payload (RaccoonStealer)", "value": "4969e9aa47972168ef618363e1b987287379bc7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "racoonstealer", "colour": "#2FC538", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903971, "uuid": "3ba94256-c0d9-49dc-84b8-613820098851", "comment": "Malware payload (RaccoonStealer)", "value": "2ad51e491a452cdee5af22528114566f0cee4427a7f5ea7fa43bf64ef0575574b2f5cd8135e68121b2658c3ab9fde65c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "racoonstealer", "colour": "#2FC538", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903971, "uuid": "6dd53e33-5c92-47f2-a235-49b560e9451e", "value": "T12D26233726641041E4E4EC36C13BBDD1B2B3476A8F42E9B8A7DE6DC016329E0E716D67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903971, "uuid": "1b23a6a9-7912-4cc8-883f-cdf8f8d5853a", "value": "8d9385e915ba457c4cd1015b2fd5405a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903971, "uuid": "88c56fe6-80e0-42b6-bb7c-36c0e051b79f", "value": "98304:pazY1fbHBs+4bb8rOla98yRte32wkM35MSNsj7A7fJ7K3JMSS:psef9IlweGR85Mq7J72Mr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903971, "uuid": "7e2ddf33-0b36-4217-a0b0-cad041c0d152", "value": 4679320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903971, "uuid": "de698340-5083-4c49-a51a-d94095b268da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903971, "uuid": "35b813aa-832f-4499-af81-c7664ace0b0f", "value": "Setup_Pass_1234.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e24095e9-a06a-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646914146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914146, "uuid": "5f9e255c-186c-4d2e-82f8-a4fa1d09880e", "comment": "Malware payload (Heodo)", "value": "6053b14caa531a68594f5af2af1c3bd0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914146, "uuid": "e0099456-dbbd-45a0-9450-25483dccb37e", "comment": "Malware payload (Heodo)", "value": "958dcb8fcc182fe56f3a642952260b6ca3ab9fd6f15f60c37cf84f0aa3833d8f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914146, "uuid": "e4bd26d2-0d24-427b-9c7c-7b7d5e617a21", "comment": "Malware payload (Heodo)", "value": "23abd4b779578e45da01374bcd6e1d1381201b96", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914146, "uuid": "6b3d53b4-7ea0-44c5-8aed-eb211eefc282", "comment": "Malware payload (Heodo)", "value": "09cc035e8ebd0e8543c060a43d95974171fa8d2b4701fb1b471234669432288dd7961cde74aa0af4d839cdd7511abbfe", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914146, "uuid": "d339265d-e520-49c7-8cf2-576644038c53", "value": "T103D46B2271DE4073CC9A107C0911E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914146, "uuid": "a5b90e76-7247-4d5c-8ad8-81a3cf48d88b", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914146, "uuid": "077afdb2-d5ec-49e9-b1e1-3f2f6a477127", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAN:WRO5DDUmhnspspsqi022/OByw+iVifME", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914146, "uuid": "483d2adc-61d5-4d8c-b1f5-2eee6e49531c", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914146, "uuid": "c9a8abd5-637d-4ad9-801a-e6d7ac04b3d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914146, "uuid": "1e3cfee9-98e1-4102-81a2-99ee49fdf9e9", "value": "6053b14caa531a68594f5af2af1c3bd0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a392fca0-a0b1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646944535, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944535, "uuid": "06e13402-8ee5-4e24-9b93-4963d910d0e1", "comment": "Malware payload (Heodo)", "value": "f897902d9f8b6529913a19f776b6e29f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944535, "uuid": "253cf418-e819-487c-9b96-281f9e30a1ed", "comment": "Malware payload (Heodo)", "value": "95e63503f1124abc3aab3994b68e1b0849ac14540c51662d5cc51021988145e6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944535, "uuid": "b88cc7f7-fbe1-41d6-93da-63f0f47a3944", "comment": "Malware payload (Heodo)", "value": "4031c96b5964410b95ba69e71975c69202d9ffb9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944535, "uuid": "2379e20d-a7f9-40af-bacd-fee893bc855c", "comment": "Malware payload (Heodo)", "value": "911c6b948bbf35a9c4edc0967ef58f5b6a98e3cf111cfca380a3dcf6df97d833a6e9d69d8bdaedb1c7a2ba32ace4f1d0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944535, "uuid": "888be66c-346d-488d-a582-29b8668d9dde", "value": "T1A1353951B04FD1BDC08F04BD596AA37EB29C9E100B7544EB329C3BDEAB389E545B2D06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944535, "uuid": "485f1d21-bbb5-4a60-8fd2-bca75f49bdf5", "value": "570e13786e13464ca954b67524d1cbb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944535, "uuid": "1074663c-ecc4-4e75-9011-b8e6881d8e3e", "value": "12288:NLyWPZ3mtGkQoQK/1mqXXpvoCpN8ARRZa1EPq9vsOwDu3kQybR:0KWtGkXQgDXloA1ZoytX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646944535, "uuid": "76678c64-bcb2-482c-b46b-b98f7baab698", "value": 1064960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646944535, "uuid": "34ae22ca-48c4-4686-b98c-4f364a8cdfb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944535, "uuid": "793974a1-d113-4803-84e6-2d4da7188806", "value": "emotet_exe_e5_95e63503f1124abc3aab3994b68e1b0849ac14540c51662d5cc51021988145e6_2022-03-10__203529.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea5b39d3-a02b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646887101, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887101, "uuid": "c56a2863-f757-4e9b-8bce-bc57e3b65a67", "comment": "Malware payload", "value": "3e14efa75d3df31f019918c46c55ae6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887101, "uuid": "788a88cf-07d0-4c5f-a7a6-3f62f8d9a0c2", "comment": "Malware payload", "value": "975f119696a3cf3411a68cc50d1afc1139b4c742e537e1c79077e07017a0b2dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887101, "uuid": "5e16c71c-de0e-4aae-9a4d-4bcc86bf23b5", "comment": "Malware payload", "value": "e1134e39f8f176a11f46d0a6fb3cd8fc68186db3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887101, "uuid": "272260c6-6756-41ea-b006-37e74a15da00", "comment": "Malware payload", "value": "b18931890bc01a4db3b3c61410ab2163cec8a97ab329c406c5189f3fd823561e7b2b251eef8bc122b065de15f6aa4bb7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887101, "uuid": "b0e31af8-f5af-469a-b450-bbed9aa2eea6", "value": "T189950284BFC48CA9E9651479CB601B5CD89CFC63BFE946CE5360C92BE8E10C2193B56D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887101, "uuid": "13893cef-8620-4a81-88ad-0f92ea8c265f", "value": "8066c16c838a608909d3b67f238a0b60", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887101, "uuid": "ace6a3e6-f6c8-44e2-9f9a-d274bdac2604", "value": "49152:q2B3FBfJXAEFrgMBWR+nictVGN2rJe3uBPULHk:q2B3FBfKEFrginic+WRBULHk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646887101, "uuid": "d5f758a5-4175-4859-a85d-1af3abd8eeaa", "value": 1980143, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646887101, "uuid": "ff99c16e-6016-487e-adf3-a8f26af20676", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887101, "uuid": "2ef37d7d-11d5-42a0-8e62-8d5608f03cea", "value": "WinRAR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16d1b107-a055-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646904785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904785, "uuid": "218cdfe3-e6c9-4ede-8a23-425f61bae986", "comment": "Malware payload (Loki)", "value": "28d44009ebbe63cc4d164d3cbf4e9a70", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904785, "uuid": "3640fff2-2dcc-47ed-964f-4be41f7ac155", "comment": "Malware payload (Loki)", "value": "97d94c04999ded16f9468d2064a7269e361bd2ddc44bdc48c54e949ced5e4c28", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904785, "uuid": "910cd227-1510-4ae9-9b07-b85e6af1a4ac", "comment": "Malware payload (Loki)", "value": "4e1ed3a277f599f45bedaaf460c4bbae0ae1af99", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904785, "uuid": "f1295a16-5b70-4f84-9a57-e8b500eaf3f7", "comment": "Malware payload (Loki)", "value": "868748c537257aaffd18e3974196f67c058fdec11f7552690cab18bb9cf7437fe2945b1948b85d8c5b5c7e61996e06eb", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904785, "uuid": "fc5425c9-d788-4d8d-9e16-e3bac2b3d51e", "value": "T19514015332B0C14FD6BE02BB9F519A119A257DBC8F69741E27CCFEC22A360264935763", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904785, "uuid": "49963861-66e6-443f-b3e7-3e22306b5a99", "value": "3072:IMuvqnZ06Zeh/8Ck64QpMJTMEVKPoaVH3Xi2ASzspk4u2LyzA8zeL/bEtGcXWk8p:q8pZe54RME5aVHjnopk4uoyzA8zsz4Gr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904785, "uuid": "078d3363-2a49-49a3-8952-1529226665b4", "value": 191080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904785, "uuid": "88685beb-c624-41ca-ae3e-0b7113c9743b", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904785, "uuid": "fac5b80f-5265-4c2d-afdf-6caf0ad23324", "value": "inv0985.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f42fa19f-a0b5-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646946388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946388, "uuid": "ecbe507c-66ea-4548-b19c-c526cea532a5", "comment": "Malware payload (Mirai)", "value": "ec3dbe92ba8d0b8bb79171699f4e3416", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946388, "uuid": "8110734a-0475-49da-9583-ec85fc62daa2", "comment": "Malware payload (Mirai)", "value": "97ebe6063b355c1065492d1913e7902bf0d6e8a8767d443da677d56694bad6e2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946388, "uuid": "dc056f7f-a079-4287-b52f-aa2284db309e", "comment": "Malware payload (Mirai)", "value": "c5e187fd23ad2769c9c174c75753e1104b7fd730", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946388, "uuid": "e1bff95b-b0e3-4ad5-b11c-7ca0c0fe31ec", "comment": "Malware payload (Mirai)", "value": "8deaeef5cc185fbef2d4cee73e623bca38bc23362e5111c42a888f6704d95c21a068d1f7232c1df7cbe08f2d4530190c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946388, "uuid": "25541c0c-a972-4d96-8794-e6d2d834116e", "value": "T1C2F2E141E595713BC4DA46305E8F5D4E39B8B32F85844F409BB8327F0A73B686B1839E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946388, "uuid": "75e1cbd9-3a67-451c-a097-24cd0215808d", "value": "768:Ftn+9TuBuaqQv/I2vEy9/ZOyiP4+qaxXKzNvV1dnbcuyD7UiyqD:Dn+RulzPEk/cyLQ4tPnouy8ZqD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646946388, "uuid": "38001173-a578-42f7-9f62-242dcdc2e0b8", "value": 35016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646946388, "uuid": "527b358b-8c37-4243-a16b-8aed3e96dfd1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946388, "uuid": "d2b5a81d-8196-43ea-a466-61d57272a689", "value": "ec3dbe92ba8d0b8bb79171699f4e3416", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ba5fb15-a053-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646904042, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904042, "uuid": "4ffe0cbd-9d20-4a90-9c7e-3c08ebb70e0c", "comment": "Malware payload (RedLineStealer)", "value": "23892bfe4d5f0c26ef31e8423288f378", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904042, "uuid": "8c843b09-d9ba-431c-b5c2-bbe30cd4408d", "comment": "Malware payload (RedLineStealer)", "value": "987416a165bd0a4a9e8498e73795a0c54a2560794c33f24b6349fd6907ca13a0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904042, "uuid": "088052ec-d36a-4cd4-b8f0-da5172470a10", "comment": "Malware payload (RedLineStealer)", "value": "4139db64738132a175d7329b94f1f1ffbffd5115", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904042, "uuid": "e02f8360-7820-443d-9544-9c9e512d63dc", "comment": "Malware payload (RedLineStealer)", "value": "9a71d6cd175f3327d344e6639327a51ecbb49067f815a78dcbb760b96df570bad83e1310d2a319b191a72a36eece5a25", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904042, "uuid": "4fc1054e-2e8f-47dd-a564-c934dcd71c2c", "value": "T1FFD4F180E88C56CEDC68453DB710BDF1582B6DEFA5C8893BE9C43054DDBED116F2A2A4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904042, "uuid": "30e31db5-a70c-49ce-a0df-560c1284f3ca", "value": "d3bb50472ef5f2d75ebbda4e4f8faa1d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904042, "uuid": "5e40df52-c2bb-44fc-aef0-b4d6626ef024", "value": "12288:2D6U09KMAdwQe/Kvdt+PFftC21Q8Lwt6BHDbglBSi7HL41zXD3xAMSxzRo:pB5lC2bMt6BjbySiP0zjxAzhR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904042, "uuid": "92b3b9fb-b82c-421f-b873-2f5b3d4b9031", "value": 637456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904042, "uuid": "0271d946-7012-4131-9003-fea1907b1dd3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904042, "uuid": "b332ecf2-dd62-4cd2-b6ba-51bf823fb170", "value": "23892bfe4d5f0c26ef31e8423288f378.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0f420a2-a083-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646924774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924774, "uuid": "bc6f63a0-1010-4f71-b3ca-3bc0a6d8649d", "comment": "Malware payload (Formbook)", "value": "6252237d4c11933a01f9795c97c728c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924774, "uuid": "56c4fbfb-f575-465b-8b6c-1dc3ec18a417", "comment": "Malware payload (Formbook)", "value": "98b2ac6e4cdb537c352e38576d8506017a03acd5ef9dc62ffe20e893b0f05a73", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924774, "uuid": "58d7f560-91a8-4e28-9bfc-625000eb4819", "comment": "Malware payload (Formbook)", "value": "e1fc3bb134a6ae9da49279f32eb9719b73bad2e0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646924774, "uuid": "613bab5f-6d96-41a6-a1e5-ab7057e653fa", "comment": "Malware payload (Formbook)", "value": "9ab6c4128e4d5e95953f32ea7a4965e52e1b03ede085dc26dc73bfbacccdeda91ddcab3a4e943c7f79148ee4a027d541", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924774, "uuid": "a0e8d375-8b72-4979-b577-2a97c51e7d2a", "value": "T11725DFE1FF08C37EDC04223AC1E944701EF51A8E3822FF4AAA8D51DD4957ACF599A52D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924774, "uuid": "0bd4770f-92de-4cbc-829d-d3359c4136a4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924774, "uuid": "0994a760-0080-4c61-8201-db9424f0da18", "value": "12288:8YfSx+mpx3DWcDCy3N9hddNhqDwuUG0HCHtUiM8WMRyOnC+YkFgvQdPhMQ51wuvM:8Yaxzoy3bhddNhuUHinRa+YkFJ3/HHS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646924774, "uuid": "3e7d9985-f6c1-46c0-b917-d4e44d3d58b9", "value": 1052672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646924774, "uuid": "189bf50e-23a4-45cf-97e2-2f6267e40f9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646924774, "uuid": "06946017-c150-4256-aadd-43c2e73c37ea", "value": "vbc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a626ae2-a0a0-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646937218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937218, "uuid": "7d330d9d-083e-4b8a-a587-bc6f11bdb919", "comment": "Malware payload (SnakeKeylogger)", "value": "eb1d71abbb515192a4a37dee2ea6e421", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937218, "uuid": "31abaae1-6da3-4c90-9462-ed488c497249", "comment": "Malware payload (SnakeKeylogger)", "value": "98d3d8b7681796a2b1b842e638552879217ca4a34dbd724e390c0c16f4d10292", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937218, "uuid": "ccca3ff4-ff76-4085-bc9b-821033f1bc48", "comment": "Malware payload (SnakeKeylogger)", "value": "7f47fc040f925f862000232bfb11f01550ddc67f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646937218, "uuid": "c252065c-5a8e-4bcf-a38f-0e5b76beb9b4", "comment": "Malware payload (SnakeKeylogger)", "value": "d6bfa8a4c9ca883f995b9ca92b3cd4020b0622a8abace10df8128e020764b06fc0b2267c7f26c19246bd5fb35eb43978", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937218, "uuid": "a94051c0-435e-449b-8af8-377a0a864242", "value": "T1D474AD4123B82F52E2BDAFF8847554240BF5762B752AF28D5CC664CF38A1F848E16B17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937218, "uuid": "01d4fac8-7333-4c49-9952-0c745f639fcb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937218, "uuid": "bd23bef4-f867-42b1-9fd4-1b2baa897cd2", "value": "6144:NS6K0dDHk/gz4/6P2pD+lpM3JMqTyZ8oQBkUGJaxxTXmvjVkIQwB9eBloL5hnNaf:NS6K0dDHk/gz4/6P2pD+lpM3JMqTyZ8b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646937218, "uuid": "31167ca6-9e46-42db-adb3-41638e9b14aa", "value": 370176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646937218, "uuid": "067a01e5-57e0-4b47-a656-1002ce245810", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646937218, "uuid": "5b602d64-533d-47aa-868e-aa230d6e3c55", "value": "Details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72910694-a02b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646886900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886900, "uuid": "8484b4c0-a1a8-4911-bd06-0fb57db41607", "comment": "Malware payload (Mirai)", "value": "9c11524471b4be05f9dc700e8315ee33", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886900, "uuid": "04a1ad4e-0568-4697-895f-ea3d34594539", "comment": "Malware payload (Mirai)", "value": "98e66939b2fe105298ef2e789bc59715f2f78d15a09708816a3b7f40c86e6b43", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886900, "uuid": "118929bd-4d59-4fc5-821a-54e79cf88da5", "comment": "Malware payload (Mirai)", "value": "ebdda181f9ec831a7063f0feba43f7e5e2cf608f", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886900, "uuid": "8f462a92-9826-4c38-8615-2f3ddac8b675", "comment": "Malware payload (Mirai)", "value": "1b7c31d3ff14e350e7945cc447b44a26920dad7ca262b702824b86ea5c564f10e555b5cd09029d35cda43f267b14706a", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886900, "uuid": "d88a93bc-bd68-4f2a-af89-57ae25ce226b", "value": "T18FB239A3CD792F18E68CC5B170200F752763E65AA2870FBA117EC2699093EDDF5063B4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886900, "uuid": "3a77c06c-b58a-45bb-bc88-9e2a61535e70", "value": "384:uVmfouKnMnAYREaQsIy2o0YjqBzKLrCfpcWtR/7SfCunm0CeP:WBuKnMbua/2o06ZCf2KRefCARCI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646886900, "uuid": "5754cd07-c81e-4479-8e97-30d551f96024", "value": 23796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646886900, "uuid": "f745e993-399e-4c76-b915-39519334b261", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886900, "uuid": "0cea8644-7d43-4bc0-bd8d-c8c81da04c3d", "value": "SecuriteInfo.com.Malware.ELF-Script.Save.3be8a403.16545.18654", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0479b00-a036-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646891701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891701, "uuid": "bb1069b0-c2c4-4327-a94d-502ef1283b55", "comment": "Malware payload (Mirai)", "value": "6e4f757a91c8094be9f652ecf50729fc", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891701, "uuid": "0a202e34-50cc-463b-86b1-8ca71a7ae84f", "comment": "Malware payload (Mirai)", "value": "9aecf01a56902dd4eb0cb87aef4dd2a0a7e54a20017390c47435d194156c4347", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891701, "uuid": "d1f41576-7bc1-4f63-b5fa-2ae66bf17d44", "comment": "Malware payload (Mirai)", "value": "8f76909035d01ff3ff5d7c65146f4e4a3b420f2a", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891701, "uuid": "1f312532-1cb2-4975-9d16-ec0261242fae", "comment": "Malware payload (Mirai)", "value": "bfd1c60c233b1c69ebab94005e9a4f642a8a28df61fbbdce9c9c0fd69c88bb46429daa78f0dc1a80fb809fbaeb29765a", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891701, "uuid": "bcbc74be-adbe-4475-ac2d-08aadeb0490b", "value": "T173431856BC818A16C6E01276FA2E85CE3B2523E8E2DF73078D211F6176CB41F0D67D96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891701, "uuid": "46baab25-5ff5-411f-979e-003a471e22b6", "value": "1536:xuXJpW+QpwAqEn8A0uqJwMGDuJ2nkAmXhR:xuaP6ulXe2nnOhR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891701, "uuid": "b166e414-f439-48ae-8593-b586fb955bc8", "value": 60460, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891701, "uuid": "463ec2d3-3d3e-47ad-bba5-7a1f80622c3a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891701, "uuid": "241bef64-6985-4418-9010-88b70482c328", "value": "mirai.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ad1eeaf-a093-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1646931501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931501, "uuid": "51ca4c8f-f5c6-4418-bc66-7984530379bb", "comment": "Malware payload (RemcosRAT)", "value": "6fcb3336f6ac6581139949e0932f6f3b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931501, "uuid": "7b98cf43-1ba3-4fa6-be68-1dda181cf14f", "comment": "Malware payload (RemcosRAT)", "value": "9cb0764ab0006460601b25b788c41cf1cd05b40ae92e5928ff13cd8267591767", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931501, "uuid": "69046c34-bfca-4e74-877a-2c68bd47f12e", "comment": "Malware payload (RemcosRAT)", "value": "0da4bb4b52f2e11ebd94422be6f94fd1fb10e993", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931501, "uuid": "36712155-e573-402e-a05f-a5e251b0f61a", "comment": "Malware payload (RemcosRAT)", "value": "1d3a69c89d60f9681aa67b95a6309fa833f72617e40cf46f18a7bdcfbbfd880d873b53083303399509b783699e37d491", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931501, "uuid": "eed87a73-beab-473d-a55e-f1d7445dd6f3", "value": "T1AF559C21B2A8575CD5F54BF29D20902013B73D596CB8E64A5CEE32DA3773F210A1CBA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931501, "uuid": "3e7fe726-5859-4c4c-b22e-f46ca55ced70", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931501, "uuid": "0cad5ce8-2412-42e1-9e2c-1404ca83b641", "value": "24576:teBwzABxxTfW75BjJQJQJQJf9ds5h3J7AlWDmHx3AHD//h:teBwzABxxTfW75nWWWsXAlWaHxwT/h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646931501, "uuid": "678bab4c-cc7e-4426-aaa6-1e1098f08693", "value": 1377792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646931501, "uuid": "6294e24a-8fd3-4af9-a00b-3883a12028d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931501, "uuid": "cc448165-402c-4e99-acca-4d2d624b16fc", "value": "DOCUMENT.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "390cb322-a03d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646894535, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894535, "uuid": "112d8320-0ad8-4a77-8a4f-5bf7186bbb31", "comment": "Malware payload (Heodo)", "value": "19be83a9338cb7aa9eaf5cb693e1a7c7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894535, "uuid": "3ee201c0-a543-4cf3-9735-3f176d8ddf2a", "comment": "Malware payload (Heodo)", "value": "9cc11f85170aa5f38f0b72fa91506ed7d9682e322127b77799894988fcf68597", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894535, "uuid": "647eb3dd-5434-47cc-8904-a0661174b9e6", "comment": "Malware payload (Heodo)", "value": "87bac5581791f2ae5fe2ad6285119b6793e1f7c2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894535, "uuid": "f72ef0c1-e141-4001-9625-f5ec030ad48c", "comment": "Malware payload (Heodo)", "value": "2743778abedbb7683127d113da0b8564223461053b7f0badae7dd831744eed370fbfe68b28ea33eb9fc757c89ce666e7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894535, "uuid": "125a1c78-fa89-4237-820d-0a48cda6adcc", "value": "T14794DF007AC6C433E1AA063949A7879467FDBD52ABF5C74FBF807E4D5E314828A35362", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894535, "uuid": "1922eddc-cc5b-4966-a99a-87d8002af47c", "value": "60acb5dbeebc778b5879492b3afca208", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894535, "uuid": "094f6042-e1f6-4e04-8d93-53dd0a0a3111", "value": "6144:aH0RW81UplEIb6hRAOf6DXyhCra8NCtS08OB8xS4GE/mFCo3QkgqbqAT:tFpMOfeihCramuiS4zCCo3QkvqA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646894535, "uuid": "206f6aa6-3144-47b9-ad85-df1dbc22f47d", "value": 421888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646894535, "uuid": "3b4a3c18-78fc-4100-92ca-ce9a6b6a1ffc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894535, "uuid": "30ca2edd-f6b0-423d-a6db-a3dd8abac925", "value": "drop.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cc5440b-a055-11ec-9275-42010a9c0029", "comment": "Malware payload (Smoke Loader)", "timestamp": 1646904795, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904795, "uuid": "18d5f42e-c93b-4984-9405-ebd4783e085f", "comment": "Malware payload (Smoke Loader)", "value": "8db84ad82febea337a94afe4d1abae2d", "object_relation": "md5", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904795, "uuid": "de18aba4-bf61-4ec8-91b8-38f0805c93c2", "comment": "Malware payload (Smoke Loader)", "value": "9e272ecdcea65010b95b596bd5fa66b41ceb96a66242c44b574919cc8ca570df", "object_relation": "sha256", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904795, "uuid": "41778ddf-ac11-42bd-96ca-27a66299d50d", "comment": "Malware payload (Smoke Loader)", "value": "6b94a928ee40ee87eb89f6d963b3e44c2de27f88", "object_relation": "sha1", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904795, "uuid": "cb4831c6-9d06-46b9-bee9-b2c313a7dd54", "comment": "Malware payload (Smoke Loader)", "value": "2a9f4cb167599e53eff24bb3671423a882a66cf8cefc2bb0f851909df70df6edb96314891ba8a069b362ef404b6c65bd", "object_relation": "sha3-384", "Tag": [ { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904795, "uuid": "2c79235d-e65f-4628-8d24-fcefeca86827", "value": "T1A492F580A6DCA554E5F716BCAE61C96B22B86FF62D80A04B2380F24D4678C482D9436F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904795, "uuid": "b2da5149-60e7-46ec-a6a3-4a30ad40eed9", "value": "384:U/mOgw3nq13vfXNbByvpz4wn0zdsK8+STmDjj:0dLXy3JByvpz4wadfzum7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904795, "uuid": "96ce6d7e-e7f6-46e8-9b2a-7aa82f3c201f", "value": 21048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904795, "uuid": "9f10a016-8e60-48ee-85fd-05a92aa893e0", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904795, "uuid": "492e66d7-83c8-4619-899e-9e66431153eb", "value": "Purchase Order FG-20220310.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecc5408e-a077-11ec-9275-42010a9c0029", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1646919747, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919747, "uuid": "507f6238-28dc-4307-880a-ef0e62b0d47c", "comment": "Malware payload (ArkeiStealer)", "value": "0b2d9078fd109b67365ffd30c2abeef4", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919747, "uuid": "8dce393c-a4fb-46aa-9d07-177b45df5a5f", "comment": "Malware payload (ArkeiStealer)", "value": "9f310d020dcac3af90592db796a878d1d8bc1285fc5431e836b9011d316d45c4", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919747, "uuid": "3af06876-e8d4-4f8a-9b97-d3a9ba5edd1d", "comment": "Malware payload (ArkeiStealer)", "value": "006afce997f00bd86bc612e31108f0e943ce911d", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919747, "uuid": "b67f7648-1512-461a-b5ef-7537f979664e", "comment": "Malware payload (ArkeiStealer)", "value": "c5ef07bdf820e23fac4ff6a57f2b2f0dd27f05826081664a8e6d6dcd8ab0dc7b3ed4c9ac757605706a79adb7676c23f2", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919747, "uuid": "30561adc-c8d8-400b-a860-98667509d56e", "value": "T13C54C0513BE1C873C4B291706924C6B19B7F74325ABAD9473B98073E5F313D29A7A30A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919747, "uuid": "bd6b988c-816c-4236-9226-d25dd1b77f0f", "value": "e0538044f9656c3c504709b72e66cb43", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919747, "uuid": "0330a05f-ef1a-4ad1-bdb7-9e56bd1ffd82", "value": "3072:B9o057kSoC9ZIBI7OSr9tbJW2LTBUupj57zdxsmT/2:M05/oC9mBI7FndDzdxBTe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646919747, "uuid": "9311b5ff-944f-42c4-b9d1-62c69df0e906", "value": 279552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646919747, "uuid": "4b043f82-c466-456f-8a02-bcd1593bb5c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919747, "uuid": "1aa567fa-1b63-425d-84ac-80873acd2617", "value": "SecuriteInfo.com.Packed-GDT0B2D9078FD10.21872.21856", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b07fd6c0-a0b4-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646945845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945845, "uuid": "78948aae-1daa-47d6-a774-7d0648e76809", "comment": "Malware payload", "value": "a80f74d566ddc07045169630f05a9e39", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945845, "uuid": "76cbe692-a26a-41cf-8110-06ddb1613f6a", "comment": "Malware payload", "value": "9fe6b39c1e01764ee7f13956e6e105bf8fd5a5196ebe59fd60a99d9dc0e6d4d0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945845, "uuid": "50f347a0-28fc-4052-ad9f-47ebcffb3a85", "comment": "Malware payload", "value": "5925305212127868481145c4b8b02a641201a280", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945845, "uuid": "01e0d7ab-c12a-4533-a7ea-10a3b378cb44", "comment": "Malware payload", "value": "4cb04568ed4f43be0ebd99fad80c87b330e7841749550d307aabd4a0a445e077416afed51a0a3f17d54d0bd148dc3651", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646945845, "uuid": "523d18f2-b5da-43cf-b558-b0abd3ee62a0", "value": "T19813E1109292A3F1EB51763BEC4E10815373AB35B1C272EDBB0B06A40F56C9E6E7D613", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646945845, "uuid": "3d793be6-ad9a-4c88-b8e6-6c5c9ee76ea0", "value": "768:vsI3mz8x1X3BZiFVUe+XI++WVzWpsULvhGYWAB6ib/ti98SIQF5QX/oYwgsjjcPh:06GY1X3DCSNXI+das4vlWA1FUIQF54dH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646945845, "uuid": "5fc337b6-beb3-4c2d-8f75-e26ed70bcf44", "value": 43560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646945845, "uuid": "74e5f936-9476-47bd-903f-84811d7273c9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646945845, "uuid": "28ae3757-d66a-4ec2-85d4-e5c927654d3d", "value": "a80f74d566ddc07045169630f05a9e39", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16ddab30-a089-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646927119, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927119, "uuid": "4654041b-315d-4fbb-b3b7-3ed9b5029a05", "comment": "Malware payload (Heodo)", "value": "6a3a9c0ba28b770bce200d8e9a3a40a9", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927119, "uuid": "1e029421-dda2-442a-b1a6-ebda909d4f09", "comment": "Malware payload (Heodo)", "value": "a0ee3451097f7cc42e6b7e8a5f778ce6ff0d95dee552a9e2a134a21248220ef4", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927119, "uuid": "5ef26b97-5685-496c-8e1f-498e048b140c", "comment": "Malware payload (Heodo)", "value": "c1b0bfa16d6e7d4299bc03cacdd6544471c28468", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646927119, "uuid": "65f35ef4-f918-4e59-abd9-e5d134d32a35", "comment": "Malware payload (Heodo)", "value": "8857f41af155e4330d646b5d37aefad6f306f0ec974f75bfe7f08c433b8e9fd4bc568b88f8e4ce2912dded73a16f5b82", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927119, "uuid": "297c707b-add8-46ec-9fe9-fb22644e0fb7", "value": "T12333596B96C4743BCE138C3D8E085B997D5B944260C09B76CF4CA69C7A8F5B50E4B0AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927119, "uuid": "86403df3-990b-4821-83ef-9486bac292c6", "value": "768:GICkZNRvmHvnQvlSQHAamYDSmPq9A3Bj9DLC+9uSEcmQThnuG3KC0VfVhC:GItBvGvQ8ncDSmSIBlGeuSEcm2h0HVfm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646927119, "uuid": "9b63789e-848b-4264-a88b-029fc40f76e8", "value": 52699, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646927119, "uuid": "50b5a144-6223-48de-b9a1-e964497df555", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646927119, "uuid": "2aaab316-54fe-490d-8135-644b1372fe8d", "value": "MAIL 1003.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b25acf33-a046-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1646898604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898604, "uuid": "fd260e10-cc1f-42e4-aeb9-eab841bb9f6e", "comment": "Malware payload (Gafgyt)", "value": "972046c8fdf7b86e3710f8413e145d8b", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898604, "uuid": "1680e9a4-12a7-4bf7-862a-96ec46cb126f", "comment": "Malware payload (Gafgyt)", "value": "a118895534e309adb913767b35bdc3b5d9572b0dc9e07595c0c1c38f91d319b8", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898604, "uuid": "63e1104c-d6de-4182-bfa8-b51c4ecfeecc", "comment": "Malware payload (Gafgyt)", "value": "52b7c740a48dd37bad87ac945312e6d329c8c482", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898604, "uuid": "f10c383f-432e-4d23-aca0-a88680e6fd8a", "comment": "Malware payload (Gafgyt)", "value": "97c056bca644c882780e2a46044bf79bd22380d2b31db6a7986dad40a339de57b3f5ca596342b234c86b0367a7500a31", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646898604, "uuid": "947a119d-03b7-405e-96d8-37337265fe9d", "value": "T1AEC32917F9419F12C0C325BAFB8E968933135BF9E3EB7102D9249F6027864DB0E76951", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646898604, "uuid": "709706fe-e5fd-4055-9751-00392dfd7b89", "value": "3072:EiLVEeCcPej9c8a3L3VZhegwk6IGrc6YFNfXC15htOMbr:EiLVEeCcPMG8a3zVZhegwjIa0FNfy15B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646898604, "uuid": "25273d3c-97b7-4d61-aaa0-519bbe30b506", "value": 128436, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646898604, "uuid": "f78702a2-d348-4b01-93e9-a325fe3e9c51", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646898604, "uuid": "b24b40d3-d245-4bb7-9bab-c1796c4fdf76", "value": "FBI.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "899e45b2-a03a-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646893381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646893381, "uuid": "da26076d-7585-4192-ba64-b840527fb350", "comment": "Malware payload (Mirai)", "value": "6354d9b4680ed0433277b90c5bb9d5ad", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646893381, "uuid": "959493a8-5257-4300-bf11-e3904b8c5f68", "comment": "Malware payload (Mirai)", "value": "a1b89ee6414da525ea9d6c59ccd646a8d7d62d4c9ebe3229d98035c6919e7d1d", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646893381, "uuid": "ef354110-2660-4e68-ac67-a1b84d4289da", "comment": "Malware payload (Mirai)", "value": "0d753d6298735ef3b549e276c8a5a583e5969834", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646893381, "uuid": "0ff3c1c8-b885-4152-90ed-a814992766b3", "comment": "Malware payload (Mirai)", "value": "900b395d9bea29e4b1c01349fbd71aa63b1303e1e7486d13525b48aa0e6a92f052bb9340632571fa8139aa75ca6a35a8", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646893381, "uuid": "1105785a-9339-407a-86ab-88a1e960ed40", "value": "T182530847B44180FDC149D03447AB6A76C8237EBD1B3AF39637D4EE3A2C6AD221E59C45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646893381, "uuid": "942437ab-a430-429d-a5e7-779d33e6a498", "value": "1536:anF9U0FferGtOW4/RWo4qz8kkRqwChJOlQ5M7WR:0FK0UrUO3JWvrRqwCOlr7WR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646893381, "uuid": "ebd40909-c11f-4178-9522-de72a3ed920e", "value": 62720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646893381, "uuid": "fb859dd5-868e-4415-afe5-507f79457ec8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646893381, "uuid": "eaac1ac4-86fc-4f58-966b-f09a86d84364", "value": "6354d9b4680ed0433277b90c5bb9d5ad", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ba75384-a0ae-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646943126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943126, "uuid": "b21ac9f0-b94f-48f1-b079-274a4b853c29", "comment": "Malware payload", "value": "24500382227977158ff9f176acac0746", "object_relation": "md5", "Tag": [ { "name": "PowerShellSMTPCredStealer", "colour": "#927F9B", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943126, "uuid": "c45ba347-491c-4f1d-82d6-08a9195a851b", "comment": "Malware payload", "value": "a2828ab62df825614487ae1336866667b80a30bb2b2a056e6a5d969dfb910238", "object_relation": "sha256", "Tag": [ { "name": "PowerShellSMTPCredStealer", "colour": "#927F9B", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943126, "uuid": "38b7691a-0ab0-4acd-9404-08311849b30e", "comment": "Malware payload", "value": "dc1f4683b344c997e3fedb6c5e60349b20944529", "object_relation": "sha1", "Tag": [ { "name": "PowerShellSMTPCredStealer", "colour": "#927F9B", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943126, "uuid": "467a4e52-ca77-43ed-ba92-68445fcb7406", "comment": "Malware payload", "value": "84783fd998b1707574bd663933b95dff8960a018862cde3cbc68e7ac51812fc4c1ec21354aeb0f3c05f57732f20d622b", "object_relation": "sha3-384", "Tag": [ { "name": "PowerShellSMTPCredStealer", "colour": "#927F9B", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943126, "uuid": "51caa595-2167-4d70-9751-2f0504d4c6a5", "value": "T12B3132019109F5E298703147FEA52946B086146B15237E18D4FD85A732FA7E1BE35AE3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943126, "uuid": "0403bcda-661e-499f-bfd2-7d14ea7f0c83", "value": "24:nubGnoWaoNMWZIVWvvXYxojBM6pMKcCZNLEE9+rDpL79XclSaaXdx2jdCHptNf8c:nNoANFSVCvXYqjBbpMBCQFxZclSaaXLf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646943126, "uuid": "ca5f41cc-e1e0-4813-a2d8-b5824942eaed", "value": 1469, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646943126, "uuid": "1fe92363-e925-416b-a472-b3367f250ba6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943126, "uuid": "e19abfbc-b6f4-49a8-8ae7-779429430f30", "value": "1fYftpSh.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61cc50fe-a063-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646910924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910924, "uuid": "ad8b8710-d6bb-4049-bfe2-3e2b334fe693", "comment": "Malware payload (Heodo)", "value": "57cd1e43dc667fdc2510c31d1106ed31", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910924, "uuid": "3b2d79b5-2881-4247-b6f4-fd1cccf4a0e0", "comment": "Malware payload (Heodo)", "value": "a33588137300a5e6715aa55173de86f410617d2cecf4af81c19c111a0eeba8c4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910924, "uuid": "bf56e451-14cb-4933-b6e4-57cbb037e389", "comment": "Malware payload (Heodo)", "value": "6b42e5468100c5bd19f1b01846a846e164c16a66", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910924, "uuid": "3de40ec2-73d2-4579-a287-fc517636918a", "comment": "Malware payload (Heodo)", "value": "f23d5d2d0fd5894f6d1ff8543ccbec63b75c18921048f3e4d6bd73e2c4b87601891a183c54a4370e0c98779c3676d1d2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910924, "uuid": "1d6e6a83-40cd-4ff9-b449-7e975a20b5ac", "value": "T19BD46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910924, "uuid": "b960847d-c933-47f7-8796-58e55a9b8cd3", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910924, "uuid": "25652190-8545-4270-b2a5-07564481d4ee", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArA1:WRO5DDUmhnspspsqi022/OByw+iVifMQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646910924, "uuid": "5d20ad5c-3afa-43d9-b544-30566f5e0440", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646910924, "uuid": "d51bf6e4-e65a-455b-9b81-42d6ddbdf41a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910924, "uuid": "9ebbab5a-13a1-48fd-a06a-9feb5c130a27", "value": "mqDs8oyqwmaw.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa2dae46-a019-11ec-9275-42010a9c0029", "comment": "Malware payload (ZeuS)", "timestamp": 1646879263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879263, "uuid": "beefa890-84a8-429a-ada0-e6af6ff1ec36", "comment": "Malware payload (ZeuS)", "value": "e2b2384ff6ba0cfca81f9dc22808b30b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879263, "uuid": "1a9a862b-e9e6-4287-87a7-e91e9bba4671", "comment": "Malware payload (ZeuS)", "value": "a3398f91815a1a025fd19ce86b9fb88160047b5d78973b352d266ef1bd971e6d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879263, "uuid": "514c0889-8296-4616-b96d-6657447dcd53", "comment": "Malware payload (ZeuS)", "value": "34db16f50b6e7b801a4084c467e5417a539c0217", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879263, "uuid": "769eb8f3-d1d9-4fe0-929e-c2259e0ce172", "comment": "Malware payload (ZeuS)", "value": "08313f1cb2c973f129d8507d753fa6b7ffb7c9f48c6ab12e078d1bd7d9381051849a6c0d01e71b62ac0018f99d8a69f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879263, "uuid": "9dd5c41b-989b-4b3e-a7f0-85de4d8df014", "value": "T15CA3D0837DEE4AAFED91143560105B23C7E6FC7090B9EDF6C7C1066B5BA660A941B2C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879263, "uuid": "376718cc-ca3b-491d-be6b-a8596d3ca8e7", "value": "0c1e0b4890cc87424a0fd0132621e9be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879263, "uuid": "1ad83d04-b2d0-4b0b-aedc-ed935850b601", "value": "1536:JBSoU033igtbVS+M4Uwxb+3v1dh/Zhp8t63lCTjNnIK2Gbp3UNvDQ4T5e5uUAFUq:JBLUU//3HUeW9dh/V/1OpnIK32O9eUq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646879263, "uuid": "36426f00-a9fe-41ed-a831-cf053033d5e0", "value": 99328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646879263, "uuid": "b11967f6-ffb8-4630-b202-517155a0f577", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879263, "uuid": "e09bb056-654e-4d9d-8739-f15178a1aeb9", "value": "e2b2384ff6ba0cfca81f9dc22808b30b.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "173038fc-a08e-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646929267, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929267, "uuid": "894491f9-b683-49e6-ad78-856238209993", "comment": "Malware payload (RaccoonStealer)", "value": "3aeb62f6c82fb2473d3dc509a41ccc77", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929267, "uuid": "7b495898-3612-4432-a1a3-49ab639bd05c", "comment": "Malware payload (RaccoonStealer)", "value": "a385b37d2fa2ab2967f406195ff31a699b86fc46931f4d71f0e68ca8990f4060", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929267, "uuid": "2ee9ff97-634b-40f1-9f16-b8891989893f", "comment": "Malware payload (RaccoonStealer)", "value": "01a1b336bf140076c469874b14721936da94a743", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929267, "uuid": "20b14840-9478-4729-8dcf-7f89bb305314", "comment": "Malware payload (RaccoonStealer)", "value": "34b502a5bfa822dfce8a81bee63a95d87727f43568a3c0cda50366f56077a429c39a2c3c51dd343f9a4feeb687f8236e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929267, "uuid": "324382c8-6ce9-4331-803f-81be0488ca73", "value": "T1A6353388DCA3BC9AD307C8F4D5A21E21651C31076CF9B2859EBB05DDC6457E7AA0B0BD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929267, "uuid": "f49227e4-fa32-4e6a-99d7-3d4ae7af5388", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929267, "uuid": "bc57cf60-e93a-41b9-afb4-64c460150dad", "value": "24576:gqhmgXSuGzLvtsU7xg1NtBw4ICpQ+noP+9GO0kEaHNYK32oPDQWd8UW33:H4giDlssg1NjwMu+h9n0NaFQWdvg3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646929267, "uuid": "ba6486e4-6e36-489a-85af-983d022fcdab", "value": 1158296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646929267, "uuid": "62a1612d-a93a-401d-9b7b-b970ca027671", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929267, "uuid": "229bba7a-934c-4a81-9e35-92ac1500da7a", "value": "3aeb62f6c82fb2473d3dc509a41ccc77.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23972b75-a092-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646931006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931006, "uuid": "5933343c-6fa7-4d5c-b117-8280d42654e4", "comment": "Malware payload (Mirai)", "value": "9d1f7697c4828070a178a4939ec71cb6", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931006, "uuid": "9c8cb01c-e122-434a-a25d-31c7177b6c7e", "comment": "Malware payload (Mirai)", "value": "a3f52c04cc8ee6882b5621098603b396f40f304c0768780df3dd005c875c0617", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931006, "uuid": "27de658e-301d-4cf7-886f-ba1119bdccc4", "comment": "Malware payload (Mirai)", "value": "287d41fb8d4b5a4a929d74c62209c84c67a4d553", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931006, "uuid": "7178a344-035c-48c3-accc-5f8cfa03090a", "comment": "Malware payload (Mirai)", "value": "0d57e1d80272c943a5c8093f58214b9fcc32f3a0a10055a1a7478b4015e1ac064d8397328957f781ec71054f8a964500", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931006, "uuid": "24222480-90d8-4ef2-925c-b76a937d85ce", "value": "T1C2D35B06FB418F13C4D617BAFAAF424933229B94E3EB730659285FB43F8665E0E53905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931006, "uuid": "44b118f9-32ae-45c0-9a2e-22199ec0afd3", "value": "3072:TDvifpXS+5mdlVDfqEJjitr6xQds/HQq5QEbOmyM/9Ybfrr:TDvifpXS+5mdfjUp6xQds/wqXbO3M/9I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646931006, "uuid": "779b704a-0ba4-4203-8fe6-81113a63187b", "value": 134572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646931006, "uuid": "3386f254-027d-40d2-8302-60daf08074c9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931006, "uuid": "4c122f51-0327-4ed8-9fbd-c705788322d8", "value": "mirai.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c4a05c3-a0ab-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646941892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941892, "uuid": "a474d9c4-dcbc-47a7-a29e-a3a470168f44", "comment": "Malware payload", "value": "deb099d0299594fe1dfaed9d21a5e9b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941892, "uuid": "485cbe81-b295-4ae1-8195-25c609061dce", "comment": "Malware payload", "value": "a48d57a139c7e3efa0c47f8699e2cf6159dc8cdd823b16ce36257eb8c9d14d53", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941892, "uuid": "e7f9b054-2f06-4ac7-87f3-88d0392fdef7", "comment": "Malware payload", "value": "f7d7e27617c34ae836b90a1e0cd63634e47f95c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941892, "uuid": "23d42b06-2305-4b6f-86e8-8f4c465dcbf3", "comment": "Malware payload", "value": "d7293ee1999bf9351d9a80543b1111fddf5b29d05e1a1a4c634ca407206a54e24efcd967ee37aa06074949a031dbed45", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941892, "uuid": "c92232a3-db29-4775-a1ff-be054c928ebc", "value": "T1E933B02F0B658C52FDAD1EBC20A1C94A6EF5E2A0A7CCC7FB31592054AF813C15511EBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941892, "uuid": "1099b5d9-8e7a-4d4b-8155-faefde0fc742", "value": "cb960e922555eb6197608684ec0cf0b4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941892, "uuid": "ddcd63a7-ca5a-4d87-ad78-239b0480740c", "value": "768:BnB41Fsg+9nufDNjk5BSiXKsNN2BLmU88U8akLVi59psfnLS/8w0CiSj+DUf2hwR:BnebnbNI5BOSKmUxX859pKM0CipDUf/R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646941892, "uuid": "d92e1eb7-584a-4c12-a5b0-c08c5cb8dc53", "value": 51017, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646941892, "uuid": "e4d2a34c-6b6e-4a41-ab4a-2a219cc1ceaf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941892, "uuid": "dd2eece6-ca19-4242-ae5e-bf4276586e3b", "value": "a48d-64.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "732609be-a02b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646886901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886901, "uuid": "5c750193-1c0c-4bb7-b787-da096c51b684", "comment": "Malware payload", "value": "2fbec97d44a5778deaa4f59157804e9c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886901, "uuid": "54cd49d0-67b3-4fbf-a2ba-ebd3efe882e6", "comment": "Malware payload", "value": "a494fb5a93e5600fbad85d8cddcf672d67569772f31c19883fdc3e4d909752f9", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886901, "uuid": "b949c1a7-c630-4027-8d35-c6b3541a8049", "comment": "Malware payload", "value": "0439d988ff4b5348cdbb2792ccb59fcd56c86cb8", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886901, "uuid": "8e7e3dd3-297a-4bc9-a5f6-d69b502566b6", "comment": "Malware payload", "value": "fbd55da8cf25fee1c03d205eece83cc5e8139cd807be8c6058e66ae7da701a57ac0b691f20aabfa3c726bea927db6fe1", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886901, "uuid": "9841829d-bf1f-4e71-a808-9164c244f179", "value": "T118F2B5967E228FEDF56D823447B70A21A7A863C523E19784E79CC6041F7034D586FBE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886901, "uuid": "bc8059e1-3203-4de5-ab19-4ff260bee509", "value": "384:ksATKpEx1vPs7sAr0aad370jLIpnKIHsVTeh/haeyJFVZaUMenmn7LxxYePG:kzsm+VMJgDIM0h5aeyJ1ien071qIG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646886901, "uuid": "3202a547-7483-4b4d-94b0-3531dcf6bcfb", "value": 35116, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646886901, "uuid": "2c84e60c-499b-4838-b543-535edc9f9289", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886901, "uuid": "e64d4bbf-7fff-4561-8c04-97af28ad7a55", "value": "SecuriteInfo.com.ELF.Mirai-BRYTrj.23405.30546", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcab4e8a-a064-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646911506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911506, "uuid": "b1627ce4-9d14-4bb5-b622-28f73229fe10", "comment": "Malware payload (Mirai)", "value": "ae3282fa9141ca6a4c9c3c0d43f7f1e3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911506, "uuid": "313a5128-aa8b-4a3d-8b83-80a5ed20258d", "comment": "Malware payload (Mirai)", "value": "a52029d70639a769a4e8157078145a4b3e80fcc2c7237df09d80682714507248", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911506, "uuid": "976dd094-7d25-4394-90ed-541f9b33794e", "comment": "Malware payload (Mirai)", "value": "955889c92568ea9fc7fba7850580c3a7fdf00caa", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911506, "uuid": "61b70bb0-e362-4526-ac59-2d7dbeb21a97", "comment": "Malware payload (Mirai)", "value": "1dcf8de4d2a35849dd7808f32f4b42f0561fbd5b4eeb6123d86508846e5d0ea6749487e3d155b9baca0a403a8a047964", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911506, "uuid": "bbdcc9aa-7526-4c5a-aa6c-ead85e6593a9", "value": "T1E9830A81B9819A21C6D517BBFD2F008E331657E8E2DEB3129D241B6477CB91F0E27E49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911506, "uuid": "2c29000f-88eb-4f5c-8c4e-5d2ab925da88", "value": "1536:GRnzUsYgMPjiyzCTkzwaOhxivH1rkMoxLqkyAMQ1kqeBmschIoi68ebsSz:5sYgWjcTawpi/tkMox2RXQRL8ebsSz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646911506, "uuid": "8ac85242-6ef5-4cd8-9275-8a0b765feb76", "value": 83244, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646911506, "uuid": "de730601-f839-4bf8-9027-3ca651f88f89", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911506, "uuid": "ba9559cf-27a1-402c-873b-2c79dcefef55", "value": "ae3282fa9141ca6a4c9c3c0d43f7f1e3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8435aebb-a096-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646932886, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932886, "uuid": "6c452098-3aad-4723-b318-1ac558f89ff2", "comment": "Malware payload (Heodo)", "value": "1a34d58f6b39f409ce5c99f17738d0a3", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932886, "uuid": "e3bbfc44-3ae3-4ff2-99fe-d1c1816863be", "comment": "Malware payload (Heodo)", "value": "a57e5c6efd553cc132515b585818bc9e0981e1d1734c0cbf00fa17cc6d8ce4d0", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932886, "uuid": "2303013d-ce55-4e87-84e8-75353ef67051", "comment": "Malware payload (Heodo)", "value": "b3e995bd57b278ae5f4cc0831af1fa4a89597980", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646932886, "uuid": "ef14e830-dd43-44f3-83dd-076bd7a395df", "comment": "Malware payload (Heodo)", "value": "4f1317d964dc985f3fa02b5e4e02295d68b4b85d20b43475bed24a2de946f5637a79d9ca54aed03862d1abe52832f1b7", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932886, "uuid": "c639ea21-3511-4371-a3c6-c73e0112765f", "value": "T1C723D01CE892B92DD3329D78C51852F4A60F23CE5054B16B1684F20D7F4BAE7478FA5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932886, "uuid": "42e0918d-078b-4c3d-b67f-6a81a9861ab7", "value": "768:W1kICkZNRvmHazrfRmUOcIIGq9hqN6994E3ewNXz8OP6AQPHWZinVd0VhkhB:WKItBvGazLRYIzhqOisNz8OP6Tein0Vo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646932886, "uuid": "8fe8fd58-cf53-436e-85cb-10cee7004918", "value": 45763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646932886, "uuid": "dfe83336-976f-4a85-b7d7-e5b70f0a08e2", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646932886, "uuid": "62700793-54b5-4196-8b71-3499685f9baf", "value": "Archivo 10032022.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0372b5dd-a07e-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646922362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922362, "uuid": "d6b53c1b-bc0e-43fc-90f3-04c2fcfbe4d2", "comment": "Malware payload (Formbook)", "value": "6dd23254f2dd6e3dc910fc0b9a06f62f", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922362, "uuid": "5a62f648-447b-4e00-b9a3-72aa125ac142", "comment": "Malware payload (Formbook)", "value": "a5a3f98324167be13b2cd903841ecce53f912d5149bf8359e210405f7a5b0c4e", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922362, "uuid": "21dd7b23-081c-4511-ba77-2275fc834eb1", "comment": "Malware payload (Formbook)", "value": "7c7be417bf74b74f760931e241c4fca115eecca0", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922362, "uuid": "1d80d2b7-b51c-4daf-a530-41ef0327293a", "comment": "Malware payload (Formbook)", "value": "e3afd898394577ec5933a8ad5471ef351b515e6ba840bec23e14f568ae2ee54f4412bee7276ce6a9491d9ebfa747d3a6", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922362, "uuid": "8118bbd4-fc36-4706-883e-4919e4cc8ee3", "value": "T1F5C4233F09C9D8F431980A6F172167DE267FE6D8D2AA1325B7437657B1B22E29E410CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922362, "uuid": "b3897382-2359-4470-98e9-1dd301cf87a8", "value": "12288:VRNhHkrpNC9RyRGDtwbgLPBRMA30jqpf2QVPDzNaeqAUwLDB:Vzl95D2bopRCk5XY8XB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646922362, "uuid": "716b985e-1b0a-468d-be42-936e7aa01fe5", "value": 554950, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646922362, "uuid": "784ca0bd-9ec7-49af-95ea-0813f1181d02", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922362, "uuid": "38f9409c-2093-4305-879f-6957ed389e1e", "value": "Scan_Payment Copy....Pdf.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "259d1f27-a0ad-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646942606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942606, "uuid": "b0906aa0-29d9-4b69-a1a8-ede18a037ec8", "comment": "Malware payload", "value": "810e12bed5a8ebad37cc58ebad38c98d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "Yellow Cockatoo", "colour": "#82FE98", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942606, "uuid": "b6961e75-9ba9-41c2-a435-a8037cc12b60", "comment": "Malware payload", "value": "a5aae18b76d196ba1c4904f557f6e3bae5574bd740150b2978e80de4cbc75417", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "Yellow Cockatoo", "colour": "#82FE98", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942606, "uuid": "895c378c-a0fb-4ff0-b3b9-736f1e9d9e4e", "comment": "Malware payload", "value": "b0535cb1c39548d2605f3ce913905cb0e49f931c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "Yellow Cockatoo", "colour": "#82FE98", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942606, "uuid": "14634883-d77d-4f36-a9c4-467b005c084a", "comment": "Malware payload", "value": "7b5005a61098a652c92b278ac4899ea8854142e16f326ccfdcad398a68ccc2ae855d48941c16a6814e0c5cbbdb80ae31", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "Yellow Cockatoo", "colour": "#82FE98", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942606, "uuid": "be9f63fb-5f7d-4acb-b551-11bed28d591e", "value": "T1E8E39181738EDB91FF2C9AF8B8521730E33450ABC512B36768B07AF99E555685B402CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942606, "uuid": "251ba546-e194-4db3-b624-3498ec2f908a", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942606, "uuid": "09bb5532-eac4-4b81-b626-2f04f4d71cd6", "value": "3072:Ktgbj1NH4vnR2wYpsY5/fV5wpEOqpEPZ0R/Si0KuK1yXH4w:4gbj1GvnRzYp1/NypLhib", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646942606, "uuid": "090c0067-4648-48a3-8cd3-c5e2a3a2afb4", "value": 143872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646942606, "uuid": "25d8009e-1f8d-4387-9c5f-9997c792bf13", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942606, "uuid": "5c5ae2d3-5a8e-4137-82ab-34cb2b9b575b", "value": "deimos4.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb5efdfa-a0b5-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646946374, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946374, "uuid": "a25c7221-cc20-4afa-800a-6efe629b5f44", "comment": "Malware payload (Mirai)", "value": "f9d7945bfade5198dbd76d18ea9cd85d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946374, "uuid": "584a6a61-98ae-44ee-a810-e3028531c3e3", "comment": "Malware payload (Mirai)", "value": "a600d0a0579454da0dc6720d4c8473c2bd9fc0fd5f54b8c39aadb4a00115a102", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946374, "uuid": "42f2714d-39cf-4dfb-82c8-600e6f24d28f", "comment": "Malware payload (Mirai)", "value": "c930b45ec28ed6af2cbefdf0c36ae88c02eacdd1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946374, "uuid": "fa6d9c4d-76d7-42c1-842b-312783c3d195", "comment": "Malware payload (Mirai)", "value": "bfcc53b6180e02eb2cfc95c0f3238a7bead6a3bd3d17c2b7badc7a31f1b6d91a5dec1824524e60c2244839fb9b1a6e1f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946374, "uuid": "b253f602-ac81-4776-ac29-7e1d6f1ab523", "value": "T18DF2E053B2196205D4AAD1318DAFBE850C50621C5A815BC2BFE5793F8833BF59B2272E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946374, "uuid": "ba711a9f-1467-4f66-9de9-396e483270c1", "value": "768:1tn+9TuCwv/I2vEy+MEtUTOGVopE7MN3mR3Adr0BW/2c0sZnbcuyD7UiyqN:Tn+RuLPE4EtuGp+I2Vw/dnouy8ZqN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646946374, "uuid": "63f9d899-d74e-45bf-a1c7-ebc98a614bc1", "value": 35008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646946374, "uuid": "b84c43f9-a09c-4fc1-b70b-dd4f66b9d6bc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946374, "uuid": "28eca390-2dd9-4406-a754-3e31d5f76908", "value": "f9d7945bfade5198dbd76d18ea9cd85d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1ca62af-a035-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646891382, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891382, "uuid": "1c171909-835c-49fc-aa13-45477b0a2c60", "comment": "Malware payload (Formbook)", "value": "97f0b51c3fb5aa3eeba0b3bac26d5dfb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891382, "uuid": "476e403d-393f-48b6-bb2d-a6a250e39266", "comment": "Malware payload (Formbook)", "value": "a7655f6638eabfbb8f8f1f2a1a06a3c7c548791e39587b0b9b8aaff68f5b8e5a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891382, "uuid": "034cbc91-00f9-4c0c-878e-72b4cddf463f", "comment": "Malware payload (Formbook)", "value": "54158521035e30fcfa5a3fa9947e210a009dfa23", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891382, "uuid": "979288be-560b-46a8-aa5e-06963c683ad2", "comment": "Malware payload (Formbook)", "value": "ec44e5423390a0a423ffb4243f0e0ce0b4e843453341b76e2820a4deeedb7451933c5f6f5caec8ec14dc0bdc1e8fff9f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891382, "uuid": "ee16fec5-4b3b-4517-aec6-6efd924389b4", "value": "T1AC05BEE0EF1C837EEC14723AC5A854B10EF52A9E3420BF1E968D11DD0967ECF58A652D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891382, "uuid": "8e581ad9-aa4a-4c92-88b0-999e711b97a5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891382, "uuid": "ad240ace-c5cb-4904-83af-9d9a784d66cd", "value": "12288:GNx+HpyCYLpRmzV4t9jf9TMrhuV+BFg1x1nW5Fm9bT3vfQWhe:GNxGipAkTMrhu+g1xs/63HQWhe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891382, "uuid": "e4e6019e-7adf-4eae-8559-38b7b1c3aa55", "value": 817152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891382, "uuid": "1f2234bc-35cf-40e1-a9f7-83168572ed6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891382, "uuid": "d8588bdf-6eaa-44df-8739-715494f8c6bd", "value": "payment swift.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce1535c3-a04e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646902086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902086, "uuid": "3f341e50-26c8-4b5e-af77-d766c5e8659d", "comment": "Malware payload", "value": "95c74a0536b77b9a68d693e965c8d9f3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "ocx", "colour": "#2B6846", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902086, "uuid": "eaba84d3-70e4-4f5d-a62e-c1e75505114c", "comment": "Malware payload", "value": "a7a8101f39027aea030996cf2abded3c2aba142014fefb91524e14b6ec9934c8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "ocx", "colour": "#2B6846", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902086, "uuid": "1f1da126-a3ef-402f-b74b-f76fb713fd56", "comment": "Malware payload", "value": "822feee354a3b04141efec4f891889374014b7e0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "ocx", "colour": "#2B6846", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902086, "uuid": "a1abf75b-273b-45fb-8fc6-7db81f345be0", "comment": "Malware payload", "value": "a92318cc6cbe1cef115d631dfadb0a1b9a2a366e604238debc6567423d665c3d694ff391b77ab11223eab027bf8a3bcd", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "ocx", "colour": "#2B6846", "exportable": true, "hide_tag": false }, { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902086, "uuid": "8b5a9dc8-8191-43c3-8017-6490b20480d3", "value": "T1CA24236F13BC706B431640D1EA2924B0E68F65C4BF4A1EDF0CA8D18BFF806941FD6664", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902086, "uuid": "6da1cef5-a5cc-4995-a2c1-e34b0ab0ef36", "value": "6144:dCHJuI7qG2+Ih1tTdMo5ISI2FtHQ2MuYBHn4K:dCHN7qG2+I7tISI2FhpGNV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646902086, "uuid": "d338a3b2-7635-41e6-941c-0d84e5dcb9fa", "value": 218949, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646902086, "uuid": "944836a8-7070-4407-a3b0-e2e7a1ac0abf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902086, "uuid": "ef037547-7645-464c-90ba-e5b7e916223c", "value": "rmmuesrosipus.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9610449-a05c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908145, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908145, "uuid": "7f3f51e1-6c3e-427f-9dcf-8567e7fdaae0", "comment": "Malware payload (Heodo)", "value": "81ed4239c5ad13fed772fb8ff9a3b28f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908145, "uuid": "150fd017-5878-4fc3-9ef8-6e540fcfa342", "comment": "Malware payload (Heodo)", "value": "a952ad95c54fb53e2565baea53e3994d17b19f3b5ddfae3b34945d6833802737", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908145, "uuid": "f342cd3a-8211-41c5-abe3-17cadb2f7e66", "comment": "Malware payload (Heodo)", "value": "74cd7dfaa980f4a6f3f9e0cdcfb1cc12d2519cc8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908145, "uuid": "fb19900a-37c5-4b88-bf49-c75e035cf8f7", "comment": "Malware payload (Heodo)", "value": "6618a77e01b2c21a4e06f3be67af9f1927a18a2f57375dbe7288b1b36a9b08754547d577383a6371239d4c91f9cd1d3c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908145, "uuid": "e00737c5-4af6-4f4d-9b95-a1b90c7397d4", "value": "T19AD46B2271DE4073CC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908145, "uuid": "0ad85c2e-c2c5-4e57-98e4-4cd83e803c30", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908145, "uuid": "9df02d67-51c1-4569-8c35-a8e4e3b37067", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAK:WRO5DDUmhnspspsqi022/OByw+iVifMv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908145, "uuid": "2f547f77-913c-4036-b8b2-2ee387523b15", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908145, "uuid": "ebd94a8f-cae0-46ce-80e9-d8bc78c0ce43", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908145, "uuid": "22e39eb9-ba00-4851-ba44-a9645e131c4d", "value": "81ed4239c5ad13fed772fb8ff9a3b28f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fa8159e-a061-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646910035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910035, "uuid": "289b421c-d3e4-4696-aca2-4fc0de8f7737", "comment": "Malware payload (AgentTesla)", "value": "abaa3caa6fbc619f9e06335326300393", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910035, "uuid": "16ba3d33-af26-48e9-94df-6561c21f3f4a", "comment": "Malware payload (AgentTesla)", "value": "a9c891c110715223d531570e61626740b384424c8834fc85bb266b1d827c009e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910035, "uuid": "bcae7349-9190-4765-8616-162897622b47", "comment": "Malware payload (AgentTesla)", "value": "049921beac0187216c623280edd0c88a2260c47a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910035, "uuid": "a00dcde6-6d41-4120-b246-b072eb29cd2b", "comment": "Malware payload (AgentTesla)", "value": "e5c28430fcdbd64921a42a9eaba7463a1449b3afae8a3776f59171f6c6390b1dfeb1c50ccbeff4cad799ab77fa1bb814", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910035, "uuid": "bc0f68e4-52eb-4e94-8719-f92b1d29de14", "value": "T1507422A4A4E1FABBD0911C752E719BFAC3AF02CD4FE51C7B47985F0A69690C38225394", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910035, "uuid": "6f524793-cafc-4619-8cf7-df72251485de", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910035, "uuid": "26d794c0-aa04-4789-88cd-5e7afa333df9", "value": "6144:rGiV5vopdN1eEKoo2kw37+29D/MWf6SRX5NUZMGBr8MIMDndD6:bAp/1eERp3q29DMWf6oTU5BI0Dnt6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646910035, "uuid": "a4a7730c-0b0b-4281-aa16-01471f4b24e1", "value": 363470, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646910035, "uuid": "fdd32d5d-57a3-48a8-af24-2b7d49671f2e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910035, "uuid": "92f5421a-a805-46d1-ac21-74803ab5c460", "value": "INV_10-03-2022_0011000530423.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9aebafb-a07e-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646922641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922641, "uuid": "d706601b-52ca-4f31-af05-55f8dcd1f322", "comment": "Malware payload (AgentTesla)", "value": "8ae3e5805c9c0c3e0904e5384c3ac01d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922641, "uuid": "c1586a35-cad5-4315-b1fa-854ffc22adec", "comment": "Malware payload (AgentTesla)", "value": "a9f7186d23b3978a524b4d0735d7d9308d68ca0a47f7bdfa3284dcfe9b1c6953", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922641, "uuid": "b31059c2-b132-4b28-9c89-987689b5a906", "comment": "Malware payload (AgentTesla)", "value": "4b598b4b790ff64d39b5dd711751057667231153", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922641, "uuid": "22072318-39e3-4c9b-ab2a-668ba17b112a", "comment": "Malware payload (AgentTesla)", "value": "286ba55d5ba4c09c8aa4b27ed28106ddd7c3578ac2f2e1789901bc729ba16ede214d0e26d68f7ea534ae368294e92a4a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922641, "uuid": "5b77d382-0c6b-450d-9bee-65ae95045be5", "value": "T10415CFE0EF0886BEEC15723AC4A819B00EF55E9D3810BF5E968D31DD0937ACF499652D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922641, "uuid": "44272dbe-474a-4acb-b279-7eb75c4a77f0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922641, "uuid": "3e4f47ac-6ddb-4202-911f-e1a0d07fc4f1", "value": "12288:JNx+Dpg4zGuqGfCUF5lJReCOa5KJx+FJlY4EHH24P0HBI6FUIjeQU7:JNxQVGuj6UF5TRL5UMJle2gf2U4eZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646922641, "uuid": "52b8b7c3-3edc-4db7-91a7-63359ccaf6d6", "value": 945152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646922641, "uuid": "be1b2890-1bd4-4c3f-bb49-4657538db949", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922641, "uuid": "9ba2d2d1-31f3-4693-93ea-e5203a52fe20", "value": "jBFjwiRWbFlSYd6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d1a885b-a042-11ec-9275-42010a9c0029", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1646896662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896662, "uuid": "11eaf00e-9987-4dae-875c-f555418eb919", "comment": "Malware payload (ArkeiStealer)", "value": "0430faa27ce9b4ba706ceb8c7406dc0f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896662, "uuid": "c4ff908a-6c24-4602-80bf-eb25dd700813", "comment": "Malware payload (ArkeiStealer)", "value": "aa487780c861e3475fcbe380b6e70c4f2ba8b5f613d9ce19b8705b6e5f2117db", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896662, "uuid": "e07c38d5-dff8-4ec8-8780-b95f4cd13dd7", "comment": "Malware payload (ArkeiStealer)", "value": "f5f824315dd3ee7c2acecfb308f4a04dcce811be", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646896662, "uuid": "7cbf3ad1-07db-443b-8588-4a5706443137", "comment": "Malware payload (ArkeiStealer)", "value": "1972b0b6a53384b98c49b6d76d569b064eb1ffb4ff941b4a01d9c41b293073724390023a3cf2f7c686e1d5d2367a0978", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896662, "uuid": "7deb4a5e-ac67-4786-9779-f9d1b4f18442", "value": "T1AC54E1223BA0C472C4A361306D35C2B4AA7F79326675D94B3798173E5F703C2AEB6356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896662, "uuid": "0f3f2627-4e49-43ca-9f91-85498a19e9cb", "value": "1bd024066a86f151729fa49bd4381603", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896662, "uuid": "920e6a44-e07b-4078-935e-149ac96ee58a", "value": "3072:rSq8H7LUNTVgyUs6TxFsy+U0yGlSl5RQI:udH7LUNTVgyU9dt+U0yBQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646896662, "uuid": "20f12a07-cfa3-40ef-97aa-18e6b7b4a06b", "value": 279040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646896662, "uuid": "9820c763-6291-4079-906f-85781e2ba3be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646896662, "uuid": "f37d16d3-9f98-4144-aef6-8c398c4c9bd4", "value": "0430faa27ce9b4ba706ceb8c7406dc0f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41e225ec-a093-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1646931486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931486, "uuid": "302c49c9-9aae-4e2c-9385-47a1a3e887dd", "comment": "Malware payload (RemcosRAT)", "value": "f48104b67daf3b52eacf9f446e840edd", "object_relation": "md5", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931486, "uuid": "ba22c104-382a-4aeb-bc08-baa906ba03e6", "comment": "Malware payload (RemcosRAT)", "value": "aaa0eecfc89750267abe3d4a1a0190d8a99a58e724a4d39d12ffe27adc65c762", "object_relation": "sha256", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931486, "uuid": "6288ac55-6153-4679-9d8d-92f5822e9d7a", "comment": "Malware payload (RemcosRAT)", "value": "d6505d512f7bd49e5cc9a3a207223479c6517038", "object_relation": "sha1", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931486, "uuid": "67688e13-2fba-4d5e-9f48-417bc8c6c02d", "comment": "Malware payload (RemcosRAT)", "value": "7476509a40285d98e48962e9844b08c882e02ac3736645e04f21d59c7f614c875fe325e68117d861ac3ad1567c18f071", "object_relation": "sha3-384", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931486, "uuid": "0a3fabba-86df-4248-a31f-3405063c6601", "value": "T164959C21B2A8575CD5F54BF19D20902013B73D596CB8E64A6CEE32DA3773F210A1CBA7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931486, "uuid": "1b6c9ca2-8e92-4391-afe5-b5f92b34b14d", "value": "24576:aeBwzABxxTfW75BjJQJQJQJf9ds5h3J7AlWDmHx3AHD//h:aeBwzABxxTfW75nWWWsXAlWaHxwT/h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646931486, "uuid": "4b3a839e-9e06-46cd-85ec-d6913d1653eb", "value": 1966080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646931486, "uuid": "e24406a2-c8da-407b-99c2-a089b8f23e36", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931486, "uuid": "cfa7cc14-c309-4339-bf06-6f245e2f65ea", "value": "usps_enclosed_008.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9840fbd2-a019-11ec-9275-42010a9c0029", "comment": "Malware payload (ZeuS)", "timestamp": 1646879233, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879233, "uuid": "ba79f694-7c51-4c87-bb93-3195f671a277", "comment": "Malware payload (ZeuS)", "value": "c0d8aaf863b7a451be03d7a11ddedda1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879233, "uuid": "4923f802-3868-4f39-847c-8954a8b4c9e0", "comment": "Malware payload (ZeuS)", "value": "ab55291b0ee6a9f6c84426d1cb2235e38f3ed9764cb36e92b259f056ee8bce8f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879233, "uuid": "14aaa3e9-0d33-433c-a985-e86ef87484d7", "comment": "Malware payload (ZeuS)", "value": "1538b64820f442a8e3df1d49f02f3a2f08dc1fb7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879233, "uuid": "37ec5871-5687-4599-b174-9877e2532a61", "comment": "Malware payload (ZeuS)", "value": "7b980cb8c349f659d85d7909378c026f1039c96131139be2638a1e22c38b07217eb6b553fbba41d9cf1919e9d8a99f74", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879233, "uuid": "ccbe184d-af95-4850-8c0e-2ef2aa1062d2", "value": "T11492D0FF525643BDC60AEE3F8345C843720E0B0DB9EC112C99A854A37962598E77C58C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879233, "uuid": "135f1f7e-a4af-4378-82c0-c2bd03f05d9c", "value": "f7bd9bd421c857ecb36df18fed6997b9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879233, "uuid": "447da0e4-7c83-4187-8f3c-b818b73f14dd", "value": "384:45xoNaSFsZcqHJTZ0/MvHS8qKCd/6cl2hf0L:CaNtsZcqHJukvHTO2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646879233, "uuid": "aeca9c10-e8d2-464d-9f3d-ff179fad1355", "value": 19456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646879233, "uuid": "bdc0ecf0-dc48-4437-99d7-398c1e84b129", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879233, "uuid": "73164393-ab5e-4127-90f8-1363ec55ac2a", "value": "c0d8aaf863b7a451be03d7a11ddedda1.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6608c5e7-a084-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646925104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646925104, "uuid": "7c2741a4-361d-41bb-96df-bab4ef7a9a55", "comment": "Malware payload", "value": "1414f9bbb37765d54ae1bc68f0b5834f", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "joker", "colour": "#3BEB24", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646925104, "uuid": "dc5dc366-3c50-4926-83a1-4325667b2f33", "comment": "Malware payload", "value": "ac374b73bac4deb39e30be49a5f943e6fa1e64cb19c092dc4bc20e1503c88467", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "joker", "colour": "#3BEB24", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646925104, "uuid": "4432e768-f223-4733-98d9-be2d2e816f1e", "comment": "Malware payload", "value": "884ffab7c78a5d37f95477926fd815c5fb5d2d47", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "joker", "colour": "#3BEB24", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646925104, "uuid": "23913a84-f0f9-457f-a380-fcc8119b4f90", "comment": "Malware payload", "value": "b04f6d698168f8a72ac070777ddf3a663e09c956c4988340f494fb88059a8771aae715909b358c8bfd53dd9aacea0e9c", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "joker", "colour": "#3BEB24", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646925104, "uuid": "91eb6577-4042-43b3-ba2b-8355217aef13", "value": "T1B2C6129BE798DC9BD4F28232C53A052330274E680247CB7A6649F13C59B39C25F49FD6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646925104, "uuid": "410c06ea-a221-43e3-939b-d6e1550d62ec", "value": "196608:9ZVx7OzQFftrWbebylD5NptR7/lm4Nq1fXBFx4+29ShvxE6N1mHnxaCyG9pHv4+:9ZVEMayWlD5Npj7/o5xFb29Slr6yU4+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646925104, "uuid": "adda14ae-4941-499e-a907-a83c86d227ff", "value": 12571973, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646925104, "uuid": "8af1fb36-0019-4875-b12d-849f15dbc77e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646925104, "uuid": "499b1487-d819-4a90-ac74-8118a4d47d40", "value": "Fast Keyboard.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a2d1e05-a035-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646891047, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891047, "uuid": "da9a76a1-5bf7-4cfa-b292-09c20aed992c", "comment": "Malware payload (Mirai)", "value": "147d956e488d0c9636604f4185f8da61", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891047, "uuid": "5ea80064-431f-45da-925d-f42d6343673b", "comment": "Malware payload (Mirai)", "value": "ae0185189e463c6abddf8865972dac72630b6e515e79d3f7566f0983a0eae295", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891047, "uuid": "568ebc9b-06d1-40e2-8f2c-94f0f12fc699", "comment": "Malware payload (Mirai)", "value": "9ec10995c06fcd47347eccd0260c8e7ec75074ca", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891047, "uuid": "fa6b4aba-a9bd-47e9-a7a0-f9d6ecc87b8e", "comment": "Malware payload (Mirai)", "value": "0664a43eb69d2cb8b9a6fb344c615b06d6c7d647bb9af954e57cb3d390430770bdb6c06305fdf493644f81f6891dd491", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891047, "uuid": "1bfd940b-cf1b-4b02-82ca-0dced29acb40", "value": "T18A33A64A3E218FEDF66C823547B74A20A79833D523E1D684E2ACD9051F7034D656FBE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891047, "uuid": "c258492a-5e63-4fbc-8d4c-fc16e058249c", "value": "768:ZQ4ytO1UteSgLQr5ebc6VquqfquqYqTqqq2ZPyEukv85w8q6sZYuyWG+Werw2BYR:Ztytt01PKkuKKHerw2BhLe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891047, "uuid": "28c357fa-a4af-46e7-b680-9c7350f3271c", "value": 52412, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891047, "uuid": "8e07e87d-c142-497a-8583-55e14b096c23", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891047, "uuid": "e7198dda-2c73-4cf7-ae56-8b2c3c03aa22", "value": "147d956e488d0c9636604f4185f8da61", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b312dbe-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903719, "uuid": "1b58b549-a6ce-4fbc-97d2-9f7b165c9e7a", "comment": "Malware payload (SnakeKeylogger)", "value": "5a78c6c26db9ef6cd42797b74fb089bd", "object_relation": "md5", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903719, "uuid": "b00bbdc3-b927-4f8f-bc12-54713e7b244c", "comment": "Malware payload (SnakeKeylogger)", "value": "ae5d9c5dc6df7a6e7e6fd17845c64f16814e3701a5548cfa1b80694de13864c6", "object_relation": "sha256", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903719, "uuid": "232e2dde-bdd6-4f9f-9be9-ffca93da93ab", "comment": "Malware payload (SnakeKeylogger)", "value": "501b67748f67cf24cf9e91f9fb9ef2166266eb8d", "object_relation": "sha1", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903719, "uuid": "ed2fdd50-6987-4a5e-b101-0978e1c55bab", "comment": "Malware payload (SnakeKeylogger)", "value": "12e7908831aaace35e3408704d3e33bb5b1f219500760b4f15aa416ce8d4aff9e3c165b4bce867d51dc8b09c710e8001", "object_relation": "sha3-384", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903719, "uuid": "9348f2bb-8854-4862-8142-a64c2c6f3b12", "value": "T1ACF4AEE0EF58C77EEC14723EC5A818701EFA1A8D3810BF1DA68E11DD0967ACF499652D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903719, "uuid": "10d9ca12-6360-4c5c-a140-a51868d180b8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903719, "uuid": "c5002160-f94f-4bb1-83e0-78cb515c1516", "value": "12288:0Nx+VHqI5XFFUQj8GeAvfDhzFWcZsWcJkKwlPy8xdcG53:0NxCHBU1GRjhUHvwhy8Ld", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903719, "uuid": "73d59559-3b80-45ec-a73e-76e8ca5d7d88", "value": 766976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903719, "uuid": "7dc9f2a8-18eb-44e3-a103-372754657580", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903719, "uuid": "717d6128-11e2-4246-9917-790659f76094", "value": "Einzelheiten.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11fa8365-a044-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646897476, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897476, "uuid": "14e05819-ca5c-4f6e-99aa-f22a092334d1", "comment": "Malware payload (SnakeKeylogger)", "value": "44dcca60b86b30077a71713cb12c0444", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897476, "uuid": "3dae549f-3333-48c3-9d59-810422e03191", "comment": "Malware payload (SnakeKeylogger)", "value": "afd69961356511c5eb31000c9af67ecc00639c5a4caac93ad5fb75e7c490679b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897476, "uuid": "66be6dc0-aee5-4331-b87f-29f2801580c2", "comment": "Malware payload (SnakeKeylogger)", "value": "ef031dbb5652e011dddf00912135df881b756da7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897476, "uuid": "09ce9342-1c2f-4417-9af8-5bf6150fd03e", "comment": "Malware payload (SnakeKeylogger)", "value": "8f67697e114556cd323fd80e7e6ef28786b3de231566e93ff68c39031ecf64ccf43a18d2dad57a4a74373c820c2449f2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897476, "uuid": "f5bd9041-5caa-485d-b7ff-d9f99a8a194a", "value": "T1C544023025F9252ACDD55FB4D8C437402BBCDAE2B4C9F64A8B34B4D269931D07BC952B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897476, "uuid": "bb62ec94-48e6-4bff-9a5b-c95b302abafe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897476, "uuid": "e854b24d-a7d9-4e93-9dc1-f40056a7feb8", "value": "6144:jtz2DwtZBMvBIqsSvtzxm9MY8CmFJ7oz/f:xCM0JvkuC0Mz/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646897476, "uuid": "c37c7104-5497-4fe8-a0b6-bece3eb23ca6", "value": 259072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646897476, "uuid": "510b5bec-232f-4659-8508-4d06f30a3664", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897476, "uuid": "d58b1056-b1bf-4472-a9f5-2ea59479f9ef", "value": "Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f0bb17d-a056-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646905363, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905363, "uuid": "95729ca8-c95f-47c3-9fd9-25c8c53fa998", "comment": "Malware payload", "value": "4b24cbbe5468e52c080faea824e0468f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905363, "uuid": "5dc60642-32f5-4f47-9254-eef153381c8e", "comment": "Malware payload", "value": "b025a17de0ba05e3821444da8f8fc3d529707d6b311102db90d9f04c11577573", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905363, "uuid": "aacc2df4-7f3e-43d4-a83a-24649db5bf81", "comment": "Malware payload", "value": "56026a7cc822227bc9078d95a081b0f57ce3535b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905363, "uuid": "2f53c3ad-41df-439b-b6f9-0e1fbf51275b", "comment": "Malware payload", "value": "eacbec2c43945d6b348d9d548d36119c407ad51a0deb726803b9b798d25e68c8d702abc5c355bc258ac78da949f71a39", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905363, "uuid": "0d3f5687-e462-4ca5-af4e-aadaa6eb4075", "value": "T126C3A548FA95932EC2E2B2FFEB9946CD733A4794B3DB7D328539021467853687539320", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905363, "uuid": "9501bba9-2e4f-45cb-8bdc-12f55aac243a", "value": "1536:R5bKXp6SzDAPGK81yVdEs95M99QDLKPCajD2B9WNvc2byyC/m5aJ2elqrt+e+H5k:R5bYlDsGK81GEsXDyCYFc2bQmolqx+/S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905363, "uuid": "f1700760-b545-47c4-8b72-e1820adbe368", "value": 122043, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905363, "uuid": "0f0879e4-1005-4727-975c-fb9e84dccd5e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905363, "uuid": "2fb1c07b-8d54-4bf2-a6da-d80957320377", "value": "4b24cbbe5468e52c080faea824e0468f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c36b0aa6-a08c-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646928697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928697, "uuid": "2d5f539b-dd57-495f-a541-bed2c4fd42b7", "comment": "Malware payload (SnakeKeylogger)", "value": "9ed1b161b93254d6a981b9121fb4b55c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928697, "uuid": "99cb7be2-2608-4060-82b2-042cff29c131", "comment": "Malware payload (SnakeKeylogger)", "value": "b0bf885d8534981dd430ff106215c5910917262fbc42b339d5f5b58d3f1af819", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928697, "uuid": "1a4959db-9935-4d0a-aa30-32a2ed09cdf7", "comment": "Malware payload (SnakeKeylogger)", "value": "62fb6ed1147da8afc03fc32a89c6008cf04a187c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928697, "uuid": "8a5f8be7-53ff-49bd-8d08-31253e7fd150", "comment": "Malware payload (SnakeKeylogger)", "value": "61a0315e41a4aa5cacf79db55045768bfbb487f65b2f5aa56d4a98a3b6432446438f2ef8832bcc867495bbb49b3fb868", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928697, "uuid": "003344f3-b71f-41b0-9b9d-04746bed5ced", "value": "T1CE1460D0E245ECF8E429443A85B9E539150B9B6DF4A84A3F24AA341D65F734360FBE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928697, "uuid": "ad1edaea-adb6-4a31-9540-3d0c6a37e40d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928697, "uuid": "47d459a4-8de6-43f4-bd3b-903df58d7252", "value": "3072:ByC4cCpFMaJEvkYYYPYZ5YYYYYYYYYYYYMRYYYYYYYYYYYYYsWYYYYYYYoYzYvzo:BkcqMWbbvjZR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646928697, "uuid": "3737878a-beef-4446-b29a-ec23568c6cfb", "value": 192000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646928697, "uuid": "32dfd04c-67b8-4232-a630-ad01eb154c61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928697, "uuid": "4c4d2662-fbf8-4bdb-ac05-31c876e37dc9", "value": "47890312.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fcc7e4d-a04d-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646901391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901391, "uuid": "7216a1af-5baa-4c21-8269-734f0b980360", "comment": "Malware payload (Formbook)", "value": "1af36bae9a5d401b7de75a356967f5b6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901391, "uuid": "b051766a-c13c-41d6-8fbc-b3d4687d949d", "comment": "Malware payload (Formbook)", "value": "b161e9594ef8849e7a1c09a801b5d248cfff6b08c65ed6459dda75b25fdeafee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901391, "uuid": "91e045ee-ab3e-46ad-ac05-4bc189889f52", "comment": "Malware payload (Formbook)", "value": "dad42b790567c462cc839d78ca28cb5ed9156487", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901391, "uuid": "30c4be5c-8384-4c4e-a4a8-4288abbd9f27", "comment": "Malware payload (Formbook)", "value": "91e2b0a6b0b9db050ce9315f074f00c0d9971895ed79a69e750cd7a6dfa573dba6e954d58025a15d0db236615bc4cd1c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901391, "uuid": "f805b150-b185-4017-a142-d5fecb364876", "value": "T148459E62B3C14937D5732A384C5BA3A8A52AFF152F285C877BF87C4C5F79A413925283", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901391, "uuid": "ed74c3f6-be75-4498-a1ac-775967b90732", "value": "f3ef87a63216dac1578ca750829fe4b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901391, "uuid": "7ffbf7d3-fe4f-452b-89f8-f16df2af4da1", "value": "24576:f4vPtIdV591Vr90+b5rdtftguklShhu7f:f4HtutddtAlSbm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646901391, "uuid": "b5963893-6902-4c1f-b5e5-a2984fd55555", "value": 1212928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646901391, "uuid": "112b257e-f6e3-4974-a499-ace79247b046", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901391, "uuid": "3fd7530e-d341-4718-9cb9-58911d24b7be", "value": "Scan_Payment Copy....Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdedbe3d-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903777, "uuid": "23970c4d-1a40-4ce4-825f-bb5e101c11a5", "comment": "Malware payload (SnakeKeylogger)", "value": "5a6eccb8cfadd46e15b4a21103ec960c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903777, "uuid": "8d4dc348-856c-4c92-b06a-f8af3c088679", "comment": "Malware payload (SnakeKeylogger)", "value": "b188bb830946acfecb6674b08fd89db34c8aa2be066205f7ee50c9f8fbbe3454", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903777, "uuid": "8282052a-5537-42f5-9512-c70325870e5c", "comment": "Malware payload (SnakeKeylogger)", "value": "b959af5e7d8ed4cce68ec304a860e9a6af57d51b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903777, "uuid": "86912e11-81a4-432d-8966-9070136accf8", "comment": "Malware payload (SnakeKeylogger)", "value": "741adaff55492a54c313c8a450900ec86f45cb515065f87204718c13d122e9dd3ea73792e38492aa6abbb91babc85331", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903777, "uuid": "be9c0865-1a9e-4c5c-a75e-6e9be46d2853", "value": "T1324309C37788429AC8044D7A2DB78E210F3BBF559C46B9053584FB5F2AF72D06A13E99", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903777, "uuid": "91616d38-8b05-4125-b196-85690ab2288e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903777, "uuid": "b526fcd3-69bc-464c-99b3-b166ebf55925", "value": "768:uM/DdljLozVYCtx4zNLEYD22HwSEEZBdA1t/k:uMLdVLoz/2mYtSEZA1t/k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903777, "uuid": "c3ebc02b-e78f-4349-8a30-d14fec684d24", "value": 59392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903777, "uuid": "2efb14b8-858d-4ac6-a177-1348171674d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903777, "uuid": "37accc8e-21fb-4fcd-84c4-2c8ad2a08443", "value": "2bakkkkk.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b748dbb6-a053-11ec-9275-42010a9c0029", "comment": "Malware payload (Socelars)", "timestamp": 1646904195, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904195, "uuid": "8beb14b7-cc77-4c61-920e-8e473414168c", "comment": "Malware payload (Socelars)", "value": "114b6ffe692298ef569edddf7e314838", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904195, "uuid": "697a1e5e-824c-4a3f-8bed-e8e745310e83", "comment": "Malware payload (Socelars)", "value": "b19af25956b82ec13059ad3241850c030a8fde603983624cb48316ffdd7003f2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904195, "uuid": "fef64f26-099c-446c-9814-ed32a758cb69", "comment": "Malware payload (Socelars)", "value": "f8ef9ce9e10d07ea99b7a32c69ce658e16eca083", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904195, "uuid": "8f9cc51c-b5ab-4689-af0a-260a544dc48f", "comment": "Malware payload (Socelars)", "value": "1e55d503b55ff11932af9ca4173d89507233af7cd85725d774a9ff9fc6002dc8bc56ec7f087ba0e62aa53c2a82818730", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904195, "uuid": "3dd7af87-6f8f-4994-9030-846cb5d7d921", "value": "T1BB659E11F6425036ECE310B3C5BF4AFE8D687E21031494DBE3C47A6A5AA15E33637A5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904195, "uuid": "b8472691-fb5d-419b-81f2-df01c3ff9bad", "value": "d69e4c13e25f0ad622344ac56118c0df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904195, "uuid": "24d0efbf-13c8-40a5-9d6d-7d0c1107abfe", "value": "24576:6XAgpBGV2HpWHuREjDnI2AuADZ8KvqC7ZH2dtDPc/MYaKFttg:XgpG57R8onDPc7aKPtg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904195, "uuid": "7d16154f-ded9-4600-a804-83b21e93bc24", "value": 1522176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904195, "uuid": "03b85812-3ef0-4fe6-8716-b23cf997b63e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904195, "uuid": "1a2b88f6-b798-48d5-879f-598b4a939546", "value": "114b6ffe692298ef569edddf7e314838.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7ae2f57-a064-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646911524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911524, "uuid": "c169ffaa-7b18-43ef-b832-2ec207e900a5", "comment": "Malware payload (Mirai)", "value": "5548d2e096281ae2beaf0d64b231b85d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911524, "uuid": "c9274adc-10f2-447c-9b65-fbc7b26fd3b4", "comment": "Malware payload (Mirai)", "value": "b3c78ae57c77276333f8d7b72dfe47768bf2bfb5691de4c3f632d6724604798b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911524, "uuid": "d61106cc-ca7b-43cd-a668-9925287664ba", "comment": "Malware payload (Mirai)", "value": "99272dd6189547ca5f8df69fed9a482a00ce9da1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646911524, "uuid": "65bf132c-1bb9-40ab-9489-bb9b3a105b56", "comment": "Malware payload (Mirai)", "value": "53d872444d893c2f0438eda92d8de6f471183fbaf3f2dd945e46a0bbcf375c276c4edb8216735a8c162cf3ac3e1daf0f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911524, "uuid": "70497b43-bfd9-4832-b3c1-36176b3fe47e", "value": "T1D453F981B882663AC2D1577BE99F148E3364A7E8D1DB3253CC244BA07BC694F0D67F85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911524, "uuid": "c0113d5f-4793-4d27-a2db-80b4140c5d29", "value": "1536:NfnVwPXsTfqCQ1KZSf9kAdxL6l/tcXTOPvhW85ZcW:ZnVwvLrLXTOhp5x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646911524, "uuid": "13f4e399-f7de-4b5a-ac0f-0f33b8b4e9fe", "value": 63660, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646911524, "uuid": "959fdc6e-98cb-4c5b-bc43-40c5ac7cf839", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646911524, "uuid": "4b482c50-4dae-4334-9ae3-97f5ef506758", "value": "5548d2e096281ae2beaf0d64b231b85d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3225bae-a05e-11ec-9275-42010a9c0029", "comment": "Malware payload (Smoke Loader)", "timestamp": 1646908913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908913, "uuid": "7719c62b-98eb-4f66-8775-4866b157e9a6", "comment": "Malware payload (Smoke Loader)", "value": "a0d1e6b7a565c9ab7acaa45bf5c9bb63", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908913, "uuid": "40f21e4a-aac2-47b7-a410-b31fcd4e9de3", "comment": "Malware payload (Smoke Loader)", "value": "b420a1d70c52807c02a54b46a6a45e1f13a3b877ea4ab39f4419951b175de97c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908913, "uuid": "ccfd1a7c-e7db-424f-bd30-b0302b7489a2", "comment": "Malware payload (Smoke Loader)", "value": "3aa0a1c51cd80a2a5b691afafc4a94053cc0dc6e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908913, "uuid": "869541ad-d89a-4f82-a46f-c1bf2844d70d", "comment": "Malware payload (Smoke Loader)", "value": "7210b3efac07f2ef1ad74dd4a8a85668336d9f28123f11d72765e5caa0515819f0ec68ec1536e2645020e860a2fcc9d9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908913, "uuid": "4e9d200d-d3e9-4a32-b588-22a24d11a681", "value": "T105220805B3CB8772CD554BB75CA3A3600330EF50C912D7AFA988755AAC31B544BE2B64", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908913, "uuid": "60259808-18be-4d16-b5c3-4f57727b55df", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908913, "uuid": "914aa4be-25dc-4082-98d8-4964bc2c78ea", "value": "96:IsRzwSxgr0uzXrq1ht+gEcYz3AyCduElgihRSL3k7YhwuQSOzybeNnQbFnU:Is1+D6BEcYzVIuESi+3k7Yh9OzybedJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908913, "uuid": "be2b1dfa-e327-4ce9-b52e-f767d7a3e5b2", "value": 10240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908913, "uuid": "ffa268e7-c430-4708-9e45-48d127d1361c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908913, "uuid": "7600ce84-a0ce-41e3-8cfd-737bd1da8849", "value": "a0d1e6b7a565c9ab7acaa45bf5c9bb63", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f2b0b70-a07b-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1646921120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921120, "uuid": "e3658f0b-a9f4-4d1a-82fe-2e2653ec1b09", "comment": "Malware payload (Quakbot)", "value": "d5fdfc52c2503aba734f09680a1ffd07", "object_relation": "md5", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921120, "uuid": "c9f19d8b-502e-4c66-b8a8-2d103e655cd1", "comment": "Malware payload (Quakbot)", "value": "b44864111aadd13d536db2c46c59d6c1d505a338763faa168e5be27604f3a5ea", "object_relation": "sha256", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921120, "uuid": "aae44eeb-a716-4d20-8637-d2ed497858f6", "comment": "Malware payload (Quakbot)", "value": "b8767024848b5d8603c9ad4646a1f8afddde27a4", "object_relation": "sha1", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921120, "uuid": "9c0a4207-87c2-4ba2-ac4d-c56730b1df58", "comment": "Malware payload (Quakbot)", "value": "e66f2a385c129064f2fb05f50ae381843040159d2c19bc256f5ede99cc68cb79721c7a8c62a44a77cc3589c9128bedd1", "object_relation": "sha3-384", "Tag": [ { "name": "AA", "colour": "#6339E1", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921120, "uuid": "8465ccac-2a18-4788-af4d-df8f2515396c", "value": "T145657E23F2C1887AD4761A3C9D1B739998BA79112D28F4C77AD44E8C1F37A433666393", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921120, "uuid": "bc624f5c-6a89-4c66-828b-69a6f0189da9", "value": "cf78a88c4b0403a976a85038ec51a351", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921120, "uuid": "b88109bf-14e7-4609-b962-9fad353b9098", "value": "24576:zP2GXxd5hyXOZk/R8SoMbEYN54UUrW/tRJfJ1OwU2SAHl4XoWSIgX4Te:zu8jI6kcYN9R1qKKgX4T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646921120, "uuid": "072a5326-29c1-4488-9a2c-60068cb9c9d5", "value": 1511066, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646921120, "uuid": "9b6ae0fd-c7eb-4c92-b163-24000bc21f99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921120, "uuid": "6371ae58-5cbc-4969-9ce8-fc4543b65639", "value": "b44864111aadd13d536db2c46c59d6c1d505a338763faa168e5be27604f3a5ea", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b35d0b1-a067-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646912711, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912711, "uuid": "08313dc2-6e59-49cd-a025-984546f073db", "comment": "Malware payload (Formbook)", "value": "ece94abdc2bafaaf6e9bf7efc38e3ea9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912711, "uuid": "b5e6061a-305f-4730-aa2c-cf46bc5adf7d", "comment": "Malware payload (Formbook)", "value": "b4bc1b06cda923911c889c35ae5b4ddc8b2a999140ae1a66a50844989e7d1767", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912711, "uuid": "13b0f37a-79b6-427d-8fb5-17fc93b8f811", "comment": "Malware payload (Formbook)", "value": "2bec8d6d5c908506cc64452b8601b51d08b45cb9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912711, "uuid": "681c1cd5-7547-4954-981b-52af1133fa1d", "comment": "Malware payload (Formbook)", "value": "0558aa01f1194ee68c99ff95143c69a15bed67851c3e6e2508fb010ab477181a37d55cc832b7639bce0deab7cfd84483", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912711, "uuid": "50495157-0729-42f1-91d5-82083a6540c6", "value": "T1CC94DF3B399AB527C702913183A3B1723E669C7D112F7A0E46AFBA036569F8707D053D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912711, "uuid": "6736964c-9eb5-423e-aa55-d5bc39d32ce4", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912711, "uuid": "da092a38-9dc1-4df9-8e6a-5c4f4dd23b7d", "value": "6144:TGiWU0CFgwE0Z3tsALWRcRWLKh344qXwI/D4IODV4Q2cXW9MUxcy7r:Bu0Z9FW4Nh344+wI/D4IODVnFXW9yyf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646912711, "uuid": "94b34647-1a90-42e4-98cc-f6235eca7eb0", "value": 445637, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646912711, "uuid": "accfa53a-15e4-4879-8d8f-6c264f8e8fed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912711, "uuid": "fded1b7b-118b-49e2-a9a2-726c7136a194", "value": "SWIFT_017447774775848493948849338283743_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1458fdbc-a08e-11ec-9275-42010a9c0029", "comment": "Malware payload (Smoke Loader)", "timestamp": 1646929262, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929262, "uuid": "8264067f-99c6-4865-bb92-1485c7c3e251", "comment": "Malware payload (Smoke Loader)", "value": "202fe8c4c8487ef235bded115448ce6c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929262, "uuid": "19161dff-f94d-4731-94e1-c3c66a53d968", "comment": "Malware payload (Smoke Loader)", "value": "b4fb544deebaebeeafd11cd467605cc2fcabe262f86b9bbe89ebaeb817b03eb9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929262, "uuid": "8896b3fe-432a-4849-a4d6-dc32f61af511", "comment": "Malware payload (Smoke Loader)", "value": "6f64c3ad579001e199d45348b4b61a69f6a5cc76", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929262, "uuid": "1f3f0714-9a83-4435-8074-3bbefcfddb06", "comment": "Malware payload (Smoke Loader)", "value": "2b055b74efc730d632df6e10b632138f4bef95c797621c0c75333b2b0b5e18146127e47756d67d85c1adc7f9d03d8d2b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929262, "uuid": "384d4d9f-67b8-4c2e-848d-8f457e72f2a6", "value": "T13734AE213690C432C4A365705965C6A16A3FB5B1EBBED9077B98073E0F313D2EB7A316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929262, "uuid": "574c778e-6842-4f21-b51c-ddbc036af291", "value": "d809bc338079e5d4a857f85f3782cdd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929262, "uuid": "b8fc7fc3-5520-41d9-bf0a-1f339ff682a6", "value": "1536:FuSlPW8QQjfRR81cpObF6vMklIo2+UrCmZ27twUhPRZx5CDhwts/BL8:cnqU/2OrvZ2lZRH5CDhTJL8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646929262, "uuid": "23fa1c26-68b8-4d5a-9642-560d05f59558", "value": 236544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646929262, "uuid": "312906ac-d612-4788-b070-4b2c8fa354cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929262, "uuid": "d7232e39-7035-4976-a48d-61b0597894d4", "value": "202fe8c4c8487ef235bded115448ce6c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b027fdb4-a05e-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646908908, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908908, "uuid": "30ea014b-9238-4b1f-aed8-0acd842bf9af", "comment": "Malware payload (Loki)", "value": "11e7a60236229974b50e694d6f1c45fc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908908, "uuid": "544a1eb3-a66c-44b8-bf8b-334e63e110ab", "comment": "Malware payload (Loki)", "value": "b5fb749600eaef62ea05186a048876814e4229b98b36b6c6f285b4d027782248", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908908, "uuid": "34a12f5c-42e7-462c-bf5a-6f9ee5de1b58", "comment": "Malware payload (Loki)", "value": "70b09b81c468282f409046c3d8bf3e127adf7963", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908908, "uuid": "6585b224-815b-4b13-aa9f-38d0a64b4422", "comment": "Malware payload (Loki)", "value": "6bf03319fd31a27533a3c36bcee7913ace4dad2f77fa82890f03f9b3e956debfc11baa77d18480cc088d5655afb70df5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908908, "uuid": "4ea0a7c4-e885-47b3-9bb7-8114c6a04952", "value": "T1726413028999BBFFE4611070067967B9E3FF95CF03122E6307462EDA2D257D3462D68B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908908, "uuid": "2a069c1b-8a34-4140-84a6-4e63c9e7c1f1", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908908, "uuid": "cd01fbed-87d5-4589-b23b-b5c9b73876c0", "value": "6144:rGiR6BagFi6IhRkqrvtDriiPbAEYXEuNL+n4dpdzfs:t6gg0bhRZrvtDriCbApUyin4LdLs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908908, "uuid": "628035d6-fa8c-4187-8dec-bd95aa70a0ed", "value": 309912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908908, "uuid": "991ba8a4-0947-4aff-b4d4-6c98eb63fe40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908908, "uuid": "cc35cd5a-4833-46d2-9f1e-3044e4534e5e", "value": "11e7a60236229974b50e694d6f1c45fc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4fa0f68-a092-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646931277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931277, "uuid": "b90179d2-ab06-485f-9e15-bb0835ba180e", "comment": "Malware payload (Mirai)", "value": "fb13e8d6f8965d201e3b32036d367465", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931277, "uuid": "8b4f7d90-7962-4a35-87fe-861a897a5b44", "comment": "Malware payload (Mirai)", "value": "b5fd44da30f749e6e6088f4613d4a147c027e1fa95f2dfac16ad4e8facd96add", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931277, "uuid": "cd68910f-340a-4845-871d-8390980730bb", "comment": "Malware payload (Mirai)", "value": "f02e906a921f792f28ec8be177bfe811f9f56242", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931277, "uuid": "c68b6022-6bd0-47bb-b34d-3b2e139039c0", "comment": "Malware payload (Mirai)", "value": "fd47ba53bae38600c83fd97d116856a2cea2bc19852c023abcd623cdc829619a0a1ee1ae40fcd5434bd07f01771e743e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931277, "uuid": "a5931799-e2a1-4361-be93-0bbb6336c0f4", "value": "T13F430852BC818A16C6E05276FA2E85CE3B2523E8E2DF73078D211F6176CB41F0D67D96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931277, "uuid": "261ee2fa-b20f-411f-98f9-30e2fd575c9e", "value": "1536:xuXJpW+QpwAqEn8A0uqJcMGDuJ2nkA2XhR:xuaP6uhXe2nn+hR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646931277, "uuid": "a94e4c36-77ec-4fca-b463-5d7c14f2a05b", "value": 60460, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646931277, "uuid": "4a96a236-6110-48ee-b062-048301be8637", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931277, "uuid": "6f7a86a5-cdd1-4a1e-947a-1f5b795b16d4", "value": "fb13e8d6f8965d201e3b32036d367465", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abcef839-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903747, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903747, "uuid": "91ecac1b-9264-46a9-bdb3-85954700b181", "comment": "Malware payload (SnakeKeylogger)", "value": "5ee08fbf80c6139813c1c6761d15e8fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903747, "uuid": "a6f45d03-9bf9-4f1b-87ad-862621082875", "comment": "Malware payload (SnakeKeylogger)", "value": "b83faa808c9a1787e40905e84ce5c5c615590dec7947b8d16d98f32d0ce05bc2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903747, "uuid": "d7a80a3d-dcdb-47e2-b3df-b4e45fc6b500", "comment": "Malware payload (SnakeKeylogger)", "value": "11c86346e82657fddd55f3a9313093a160e266ed", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903747, "uuid": "efdfc92d-9dba-40e0-8122-f4c892e99d27", "comment": "Malware payload (SnakeKeylogger)", "value": "75dd099f68bdfc116e45358647720f8f2c2aa06aaab0ffd5e1a321b9dcf585cc625b8d6223a00cac4ba44181c2fdf2c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903747, "uuid": "ff20f5c5-e6f4-44bb-abd3-e562fe8e1048", "value": "T13EF4BEE0EF58837EEC14723AC0E858710EF6198D3411BF5A9A8E11DD0967ECF58E692D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903747, "uuid": "d99ece94-2ecd-4936-9c29-0964220d27f8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903747, "uuid": "059c0672-992e-41a0-bd52-a08d053b52ce", "value": "12288:lNx+8f/q/GfFEoii/tJyoi8I/DzFXIgLTAaD9q61gbMEXxzTziSAJ1f:lNxpttE8yT1XIgLdo61gMEhnGS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903747, "uuid": "c0d7e342-07ee-429b-8aa6-8fcb9873e584", "value": 791552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903747, "uuid": "23d40616-b7c0-48b8-8fac-7221e0ea3975", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903747, "uuid": "854d8a2a-9deb-404f-993b-7101c4d37c4c", "value": "INV#23124567.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d94c5ac7-a099-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646934317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646934317, "uuid": "ee538e26-3231-4c3b-ba55-71c7ab391af0", "comment": "Malware payload (Heodo)", "value": "1c9b3e011b353518f282aa5c67a721ed", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646934317, "uuid": "a892cb4d-0c6c-4e01-bdb5-df487f2de3b1", "comment": "Malware payload (Heodo)", "value": "ba4de5ebbac6298738bbe7e61ddec8a396bdd0cfc0f987db101e1b2e2e3eb5fe", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646934317, "uuid": "ec887133-045c-45f2-b48a-8914e6738c70", "comment": "Malware payload (Heodo)", "value": "b04231c7a5fc0b12d3288da4e3d0e77c906e8b76", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646934317, "uuid": "f9e2a0ec-1bdd-4b84-89fa-72d45d60560b", "comment": "Malware payload (Heodo)", "value": "11125de143f3795a9a0327ff5960d402c6e9e7e4bcf8f7caa47d9e3a6f019c1ba538920ef3b050ea41dc0c8bf5eb7900", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646934317, "uuid": "4d075f07-adbb-4bef-b4d8-24b8994edd9e", "value": "T1DFD46B2271DE4073CC9A107C0911E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646934317, "uuid": "8c404123-22c4-4d41-81a9-3c318982d6af", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646934317, "uuid": "c8488054-503d-40f7-af8f-acdd3ab16316", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAI:WRO5DDUmhnspspsqi022/OByw+iVifMZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646934317, "uuid": "15649d9b-9e28-41fa-838b-c5b34e187f56", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646934317, "uuid": "7d404ca5-fb2c-4b52-a9c2-8d22a7ce9f90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646934317, "uuid": "4a47d472-1575-4d3b-8f4a-e23960ab44c9", "value": "1c9b3e011b353518f282aa5c67a721ed", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9633fba-a090-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1646930479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930479, "uuid": "df0d77c3-f296-4f52-b1ce-d413313c007d", "comment": "Malware payload (NanoCore)", "value": "03014e355bd29ed8c0af581adde7e56e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930479, "uuid": "5a0555fa-288a-4ac5-a6f2-e9cc1f462bc9", "comment": "Malware payload (NanoCore)", "value": "bba211fc515221aaab7b91a8ae465953cdc56787aeb50bdaa77cf3cda56a6133", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930479, "uuid": "f8c42339-7941-48d8-bb24-aa793937ba01", "comment": "Malware payload (NanoCore)", "value": "693c98543c9cd23ce32863d7f597b47bd15aec8a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930479, "uuid": "f51ee6aa-c115-467d-b6a5-ae2e16489419", "comment": "Malware payload (NanoCore)", "value": "d8dbdea9dc72467fbc2a5a820337f0a03edff462f4b968f06da8bc112d2a07f3fa133c3ce7a68d1b7af1ddb43a53f85b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646930479, "uuid": "39044924-7e99-4d60-baa1-e49d3588153c", "value": "T12D94028477B46F53DE3C43F5E6601AAA03F8726E211BD3362CF664D61C6A3015A12EDB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646930479, "uuid": "a17d79de-adbc-488e-bad1-94d0f6c4070c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646930479, "uuid": "f69a4a4c-0dd4-43cf-b2c2-d3a6d43007b1", "value": "6144:jXXcp3dI23L9Z+Vk5hUZvO5621xxHzIwPRvs+3+l7nrG11Rk963Cl3TlOjzNQeG9:j8dD+0hUGjtq+3+l7naw9fl3Tl0Nbkl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646930479, "uuid": "3d96f805-f273-4d3d-83cd-1f29456a96b6", "value": 410116, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646930479, "uuid": "f0cdf0f4-308e-4706-8432-7577260cc0cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646930479, "uuid": "9d311056-bc6e-419c-b823-cee0b9eba54d", "value": "03014e355bd29ed8c0af581adde7e56e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c31f7be6-a036-11ec-9275-42010a9c0029", "comment": "Malware payload (NetWire)", "timestamp": 1646891760, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891760, "uuid": "9a5714bf-2e47-42cd-a78f-4b0afb96f3bd", "comment": "Malware payload (NetWire)", "value": "6f594732f3c573d4238c05157b63aa81", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891760, "uuid": "e9143b54-76c8-40ae-9a45-944dfc8bb5be", "comment": "Malware payload (NetWire)", "value": "bbc5503e9511c3d9a4116c7c0189bcf33a0189cf61e02bc9f605b9beab320e91", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891760, "uuid": "e3394218-a6de-4605-8a77-2fc59a781fd3", "comment": "Malware payload (NetWire)", "value": "baab7f227ac417e97adac7d1d0dc388323a8d50d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891760, "uuid": "24e32639-f889-4f8d-a0d9-c313d3ebf891", "comment": "Malware payload (NetWire)", "value": "caf75cc47ebedcb51e9e34d342cdbbedaf10db64072436661e06a3f726226a99abeb783dbbd79bc7f0862af491422544", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891760, "uuid": "496c7743-adb3-47bc-8090-bc013a2632fd", "value": "T10084CF528982E82ACD24C874C92BDBF993AA2D0CCD9767070766FC1A37FE1E3C955417", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891760, "uuid": "8f745448-b313-42e3-aee2-3f8ddd464f69", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891760, "uuid": "b2d31828-a71c-450f-83bf-00ee058d0ce4", "value": "6144:JGimzhkaecdcXl8dxmTSDg3wvtTt7goPfiQ+1T1l9ca9EJ91lBZmN8VmE4gTrK7w:cdGl8dx4SUAvbip1quEJrlBZmKV8gK7w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891760, "uuid": "d14b39ba-618a-4174-b50b-ec9da6d6f8d0", "value": 393731, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891760, "uuid": "4e305968-9bab-4481-9704-b00716df3dac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891760, "uuid": "af1d8213-c2ac-4926-b8b3-52bd45d7cb4a", "value": "imege000.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fd27b8a-a036-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646891674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891674, "uuid": "bf05f12b-5054-4e6d-8df5-d6f94bdbd2b9", "comment": "Malware payload (Mirai)", "value": "48c9d34e3306ab28383b5b9a53ef8e3c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891674, "uuid": "cf5b0a51-b15d-4a9d-a207-3d5dd3f7656f", "comment": "Malware payload (Mirai)", "value": "bbfb2ab325f72aa5abdeb1479ac01a682637faf42fc409f41266519bd1e8a422", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891674, "uuid": "d6f586f1-5c27-42eb-947d-f931bd9a2978", "comment": "Malware payload (Mirai)", "value": "fa78350cad4191fc5f16960955c5790a30e95271", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891674, "uuid": "8cff435f-311b-4cde-bb54-c90c9cab4494", "comment": "Malware payload (Mirai)", "value": "e28a20dd125ef93e5e2008ba1d6fbd1e303b0eb9e563bfd62f7292a366d1d295fea638b31a163f8f9f388859e13e9dc5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891674, "uuid": "f96b50cb-7951-4a3a-8126-2f202acba001", "value": "T118136D21FE622D2BC5C5567A61F30335F6F5438A24F8CB2A3DA10E4DBF14A443257AE6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891674, "uuid": "5395f81c-8246-4fa8-bd79-93a81c24044d", "value": "768:+vE1kxRUA45RNQa74NzO+75/NmBEbK1tTESoK4ILN:+vE1VjNQ24x75/4thx4qN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891674, "uuid": "b1e932b7-485e-4673-b3d9-d63e5c5675c7", "value": 45228, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891674, "uuid": "4b32be2c-d7c3-45c3-9562-bd1789b6119a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891674, "uuid": "795ad01a-0ea2-4df5-bb4a-12a5451d241b", "value": "48c9d34e3306ab28383b5b9a53ef8e3c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdb7aee1-a07c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646921923, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921923, "uuid": "1d4ccc42-7191-4522-8ddc-ba614a38d516", "comment": "Malware payload (Heodo)", "value": "77e1c477b58c940817185acf810de7c9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921923, "uuid": "eed0459e-a2e3-4fa0-9fa2-d05a733be5f9", "comment": "Malware payload (Heodo)", "value": "bcd8001fd4ee532aaeb3aad00bd5fba7e6416d7c1770e85e819434aeffd78d58", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921923, "uuid": "36a8faca-92db-4156-a08b-8d582872ca9d", "comment": "Malware payload (Heodo)", "value": "8501891119c748a2432b9f6cbd6358c2f2ced5a8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921923, "uuid": "3b842af2-94ee-4fc7-88a2-6e6f27a0900a", "comment": "Malware payload (Heodo)", "value": "1808a4428e89a968bc7b5481008b52ace940526c0eeaf2d9db3b27e63ac3f8aa1bc97b3bf513d565537608a961ae2606", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921923, "uuid": "2f392049-1f24-4c5b-8977-32ffec24a39e", "value": "T13AD46B2271DE4073CC9A107C0911E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921923, "uuid": "5b74a2d2-21d2-49a6-a0f5-7e77a5dab51e", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921923, "uuid": "fc32c06f-ade0-4152-b46b-51c491c26863", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAj:WRO5DDUmhnspspsqi022/OByw+iVifMW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646921923, "uuid": "4c93384b-3415-4237-80ac-f025caa82a83", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646921923, "uuid": "ab520f3c-05a7-45b0-9d26-9963c9d68ae7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921923, "uuid": "6bce4d99-2388-4ddb-b231-6ba1c3510f49", "value": "77e1c477b58c940817185acf810de7c9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "499eccc6-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646905300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905300, "uuid": "054ed926-dce1-45ac-b528-1699d6578995", "comment": "Malware payload (Loki)", "value": "fa584c7dde1d79dec4aa83dc0da3d6c9", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905300, "uuid": "d06b99ef-bacb-408e-b70d-8fa6a24ebfb4", "comment": "Malware payload (Loki)", "value": "bdb5f7826d22a28b87bacc467b95ffa0638f0f19c09d3a1e3467fa47ef2b8f12", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905300, "uuid": "ea13b1a8-d352-4342-8c54-b186d64c9e6c", "comment": "Malware payload (Loki)", "value": "385afaeaca3385ec272a480a1f3656e1c118e52d", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905300, "uuid": "74c94644-e2e5-479b-928a-98024ca1620b", "comment": "Malware payload (Loki)", "value": "87145fd1e561ec50c1ba6165385c1f64af7ee0211ca0411ffa0723a8d3e64c22952997fad7c8ae65bbdca56cda6582ee", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905300, "uuid": "9797dd4f-3a8d-481c-b574-7b4f3a4038d6", "value": "T14D141224A837E96FE1D28A3E38AD1769F861DC004DC9515F2423FB9D5EB9E421CE124F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905300, "uuid": "ef9ea0d0-7c36-4053-9c42-413d3eef6aad", "value": "3072:QfgocwmxoDfpg5Kxeuo0ateF7KdzDfa1cHunfbrxWdt7k9cAlm1I:Rokx2fS5yeu3aAF7iHgcHuzrIJJ1I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905300, "uuid": "4a8d72e8-fb48-4ccc-83b2-471c49f77cf1", "value": 191336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905300, "uuid": "6ee14b64-6b1e-4b01-81fd-f4694690c8d4", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905300, "uuid": "6a2b2361-2087-4674-b330-22803f702eae", "value": "Payment-statmentslip123.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b18765c-a05b-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646907369, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907369, "uuid": "d3fee9ab-6e7b-4ff1-99ee-126546214aee", "comment": "Malware payload (AgentTesla)", "value": "66bb4c655e3a45d52c6e1e6b90a28f77", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907369, "uuid": "13a0f6ee-659c-4687-85f3-18a6e896b8b5", "comment": "Malware payload (AgentTesla)", "value": "be1997f8332bdbcdee6d7565ccd8a35d01c641b98dbdfa969f594654f952e606", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907369, "uuid": "803551e5-ec3c-42b5-b1dc-1cd58f461c87", "comment": "Malware payload (AgentTesla)", "value": "0f1bd6599b2125f94d3b4af545827b158db44d13", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907369, "uuid": "bdddcdd8-7019-4655-95b1-5110fceaa1ce", "comment": "Malware payload (AgentTesla)", "value": "f34b69514b4fc7f0a540f473ba606968796c85b6cc0c8885bfbeb343147028dbe788414940e2e598cf12e87382e3bbae", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907369, "uuid": "b1ba2e74-438c-4789-98c7-d9989f083c38", "value": "T18835AEE229EF501DF377ABB12FC8F8CE986AFA63251A34CB14510B768523A40CD61775", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907369, "uuid": "7598c502-8d0b-45b2-8054-4b38804ab77c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907369, "uuid": "41d6a72d-96f6-4b12-862b-1c21c3c0d4b6", "value": "24576:8D5kWj1NGF/k5LeenCaCB+X5p4pSZ+9nF9joQ:8D5kWhNGS5anaSwoSZ+9nFl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907369, "uuid": "7a56ce3b-2369-40c8-9468-c72e04889448", "value": 1075712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907369, "uuid": "5dd5d72a-bb23-42e8-9cf0-44041413a369", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907369, "uuid": "717cd307-dcdb-4451-8d34-573f4c2ec4c8", "value": "Bank Slip.rar.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dbb5d8c-a005-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646870571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870571, "uuid": "3adfb66f-dfb6-4ae9-983f-5444e772b346", "comment": "Malware payload (Heodo)", "value": "2c87855cb295c8ef674b938e3e61c009", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870571, "uuid": "76b90a66-5e1f-44b4-9b7c-b854db293cda", "comment": "Malware payload (Heodo)", "value": "bf5d064a1e1bbfb82e160c00e6ee68839a74d48d7f86ff871696ea54a6ec18cb", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870571, "uuid": "84df364c-39df-450c-a1b2-ea39700d8fa1", "comment": "Malware payload (Heodo)", "value": "bb6995f61f6b654c381824ca32c06580e4a23bb2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870571, "uuid": "d5fbc5f1-7501-4f1f-bc8e-a2e4b57a35c6", "comment": "Malware payload (Heodo)", "value": "305a6037bd29cb70bf5b4f50077ea108210b3f762eb9f741ae67e7072c42fdfb25b0e2592bb4af7f60dcd10864df9b37", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870571, "uuid": "b7f98208-4c0d-4115-b79d-ca3083c8e623", "value": "T19A156D113781C037C11B3C3286AE937E62EA9A314FA5E6875F9475BD8E345C2DA3DB06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870571, "uuid": "f5bf0ac2-962d-4ce5-90c0-c2ede78f4562", "value": "a517173f90c43414bccc160c37653529", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870571, "uuid": "fbec67a4-b410-45d3-a30e-ba70f9340563", "value": "12288:4mZ2fbGh8Nggu3uTkIKD56pInvq0fPJ7/2fdwVW4SWPje88koKiaCx:4Bu3uT5KUpInvPfodwVW4SWf8kiaCx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646870571, "uuid": "3a7b0ba8-ee21-40c1-b063-84a275def2b9", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646870571, "uuid": "99b4e10e-77ff-48cd-a1e7-175d65af903c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870571, "uuid": "ebaed4a0-a73c-48df-bd5f-74b9f9d6640b", "value": "emotet_exe_e5_bf5d064a1e1bbfb82e160c00e6ee68839a74d48d7f86ff871696ea54a6ec18cb_2022-03-10__000246.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d684a286-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646920139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920139, "uuid": "f0625579-ab47-45de-b44c-2cadc4126c34", "comment": "Malware payload (AgentTesla)", "value": "c9c442f4448c37c9223fa71f952e2508", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920139, "uuid": "0d7373cd-95d5-4057-b805-ba986a32b84e", "comment": "Malware payload (AgentTesla)", "value": "bf8f0d03349d2a678a720729d7107c7e961688de2eababdc38344e197bffb56a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920139, "uuid": "35643061-b7ba-4bc7-a6d1-7533f3ba6867", "comment": "Malware payload (AgentTesla)", "value": "f27bff7c1a12de91a55ff5cac8f029083e326caf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920139, "uuid": "88a90b79-fd6d-4c29-a7cc-4b37c5b29fe1", "comment": "Malware payload (AgentTesla)", "value": "d95e8bdd832c7e6bafeb353130a0227ea4c910570033afb5c5a91f25688ce9e715860e23f190c4bdd61ae1f054ae1ebe", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920139, "uuid": "d555cc39-d1a0-46e1-98c8-75fe7060b9bd", "value": "T16F74234006C2ACFBDBD19DF102F2A3B4F77F169896D554C38B580F5FA962AEA0913702", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920139, "uuid": "3be34ae4-2fed-4e05-a083-d28bbb0c6179", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920139, "uuid": "935b018c-ed0f-4ddf-9d38-922414899b6c", "value": "6144:rGi94A51eCOXXs+9BP/QWj2BbfQJe+X1bUY8RDbs20Am/lHsJXxjrkp2Eixd:N51erXXH9BPfj1YuYYgn0hlHshFE2Eij", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920139, "uuid": "c04bb988-2464-477c-bcc0-3010a2539918", "value": 363979, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920139, "uuid": "e4eae823-2f73-4739-8837-80a05567396f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920139, "uuid": "af04bcfd-3b72-42e1-b770-5234aa487fe8", "value": "shipping document_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a8a0176-a0ab-11ec-9275-42010a9c0029", "comment": "Malware payload (CoinMiner)", "timestamp": 1646941836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941836, "uuid": "374069a9-6db5-496f-b8a9-9bf98dd27cb9", "comment": "Malware payload (CoinMiner)", "value": "e8f8c67a8f597b9a88aaf095a6e0787b", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941836, "uuid": "93213317-ed86-445d-b739-5b5952b2b38f", "comment": "Malware payload (CoinMiner)", "value": "c04dfc2917dffe8977dd0e59c0750b6a088960b0c1302ee825e56b8f175ff33c", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941836, "uuid": "65fa816c-5bd2-4f0f-babb-6c5c143daace", "comment": "Malware payload (CoinMiner)", "value": "5acf61bc061aa39c25858d10e3658d45ded45bcb", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941836, "uuid": "38cb8fce-eff1-45a1-a5b6-dc59baa8ce31", "comment": "Malware payload (CoinMiner)", "value": "88bb7bbaf8547ac0029313d37ac3eee7fb3dc98d9a01051e6a06164ff43beefff67ad60191a527a4e4b6026528a48c33", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941836, "uuid": "4fac25b7-7afb-4d4d-957d-a1215415088f", "value": "T1E8D423E753903424CADB6DB451EEAD139FB587B4BDC085A79128CCE2C9415F2362CD2E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941836, "uuid": "64b53a86-2914-4293-bbd4-f134331e2232", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941836, "uuid": "5f97c375-e244-4680-80de-c8438ebc6c92", "value": "12288:F8J+qsZC8dFDbglgfq/1ElaimomQS03ULaHNqrxlKIQNoBEqolY3NVzrEe/Y:FKsZC4FDbdFlzmPkEaHNYK367oy3NVzc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646941836, "uuid": "4b7ac849-09b5-425a-9580-9b1c81964222", "value": 604976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646941836, "uuid": "b54a739c-b44a-4402-91a1-f5dff484e915", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941836, "uuid": "2f79774b-9567-42d8-a9f3-257b9ab4e72b", "value": "SPYCX.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01933b30-a088-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646926654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646926654, "uuid": "7d18c2ae-0b11-449c-a653-9f045986a1e0", "comment": "Malware payload (Formbook)", "value": "f351838b3712296ef57231dc2a375199", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646926654, "uuid": "c257e615-ecd7-4070-997e-c4ccacf10ff3", "comment": "Malware payload (Formbook)", "value": "c08090499272c9eb85fa61570bfd62799b3c3bd1441b1a86f2720bd03a17dfd5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646926654, "uuid": "f13dcef0-28ed-4c50-8f63-64a732fc7592", "comment": "Malware payload (Formbook)", "value": "90c89c8b8643533d5f4c68fbe8ac851739cc84b8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646926654, "uuid": "03478cad-d73a-4eb5-be20-0fb68843a7a4", "comment": "Malware payload (Formbook)", "value": "0de5b7be9ac76be5d960aa8a12fcaf2152d63299d58c44e81bb1a30c54f6c4c8ec0429efaee6c963844036d2b5c7908d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646926654, "uuid": "e67a0f75-9b85-4cc5-8861-4f681c652a71", "value": "T11635DFE1FF0C877EDC14323AC0E944B01EF05E9A2422BF6AAA4D11DC0557ADF5AA752D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646926654, "uuid": "2d9398b4-858e-4430-89a7-6774b72e106f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646926654, "uuid": "ca62a80b-cc80-44e2-8302-dc5f5d3f4330", "value": "24576:rmBUxQQlO7hRiUKpDvwkuG59Jst4V0mQ1B:rmBLL/iUK9wpT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646926654, "uuid": "11390f03-2f82-4a16-a785-8bfe50249c08", "value": 1061888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646926654, "uuid": "95216837-3254-4506-a3f7-e9ab64c31abc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646926654, "uuid": "27222434-3ca0-43b3-939e-dbb43223ca06", "value": "doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d76fa0df-a06a-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646914128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914128, "uuid": "78a96b82-77d5-479c-9d6a-996295e8fdf3", "comment": "Malware payload (Heodo)", "value": "cd76110eb42269f273338680d1cf701d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914128, "uuid": "728775b5-7548-442c-9cf0-e5791dac7a91", "comment": "Malware payload (Heodo)", "value": "c275c7b0a80bcbfd49077ffc1e48f1de76dcc2a8c1fef47564d70f90c56ad661", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914128, "uuid": "dd0e87da-03bb-4614-8da6-7babf8f8aefe", "comment": "Malware payload (Heodo)", "value": "8386a82ef57c6a2e33544236208602de3e609a50", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914128, "uuid": "884e40f5-98a5-4116-9bd0-083e894fedee", "comment": "Malware payload (Heodo)", "value": "0f918bc8775dac5c5893808f0c7949099013509c4c682732aadee426a3333872f81e95669b526017ea8c627361290c24", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914128, "uuid": "e11d29de-1108-4617-967b-490c3f77320b", "value": "T1E4D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914128, "uuid": "7d878acc-67f8-4dff-93c8-8325b70eb9a4", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914128, "uuid": "d19299d3-5332-444c-8180-c91e9af4a8e8", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArA9:WRO5DDUmhnspspsqi022/OByw+iVifMs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914128, "uuid": "53a5ecb3-f3a0-41a7-a8d5-de309fbe428f", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914128, "uuid": "c01f9c23-f52e-4e09-a306-544a85217dc8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914128, "uuid": "8aabf1a7-b8d2-4e7e-9795-e9a3901c174d", "value": "cd76110eb42269f273338680d1cf701d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82c87f58-a019-11ec-9275-42010a9c0029", "comment": "Malware payload (ZeuS)", "timestamp": 1646879197, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879197, "uuid": "d0ee4e39-f556-42d2-adef-10c6d7156e1d", "comment": "Malware payload (ZeuS)", "value": "3a32a36f720a1964caefd3d314db6e13", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879197, "uuid": "67b3bf83-3e11-4d52-a99b-5b39a7a84ee6", "comment": "Malware payload (ZeuS)", "value": "c2a939d4d9c6cff6e3aa069cb50ec292313fa38f83d2a5d99ae97b0a6ff01356", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879197, "uuid": "a2a03a2a-1dd3-4f1b-9468-85ecefee9213", "comment": "Malware payload (ZeuS)", "value": "1b891db7bf9caf6a856b38360337672c62d663ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879197, "uuid": "e958f489-46c0-49dc-ae57-366a187326ed", "comment": "Malware payload (ZeuS)", "value": "76d5924fb0b34dd0f9e1a56944ae28757a091704bdc0edc1b8f9851ef7118cf2e9b8f33497f13d7b55686f2c79b36f77", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879197, "uuid": "3adce364-3656-480a-8bb6-8bbd9b1adac3", "value": "T151B423D82B884AFFDD284A35C8609F1B4BDCEE545958AEFAC6A344DF0B2D5D050271CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879197, "uuid": "020a63fd-3a13-4af4-bc7a-d941a06f8622", "value": "0c1e0b4890cc87424a0fd0132621e9be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879197, "uuid": "3f54bcdd-b390-4fc1-b5d3-f19d144fc2ea", "value": "12288:saijmo+gcvwpjFs/LGojmgJbvKQFSfDN5QMt:saikg9BFdEmgIQFa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646879197, "uuid": "44b4a824-52fd-4352-8b17-31c2f444e826", "value": 517120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646879197, "uuid": "062292d3-66a2-401f-972f-bb9051888162", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879197, "uuid": "3398c837-ace2-4ab5-bf1d-04d7e98be1f0", "value": "3a32a36f720a1964caefd3d314db6e13.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1e6eacf-a06b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914602, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914602, "uuid": "37b14d6e-2b54-4ca9-b112-12e50380170c", "comment": "Malware payload (Mirai)", "value": "ab22df0ec8ba18181dafad567f5856a4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914602, "uuid": "f9e25ee7-00a0-4e06-90b8-f65fab9c5b07", "comment": "Malware payload (Mirai)", "value": "c42caf59ac5f2612914063ab0994095a367ffed3d5f8a0aee6e2ddbb021e1308", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914602, "uuid": "e5d03295-1a70-4b34-9600-c3e799df69cb", "comment": "Malware payload (Mirai)", "value": "57a4b7f2387c3704b0496acbd009b367b9561e7d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914602, "uuid": "b4bea5ae-5c90-4eb5-8036-a19f1eb60732", "comment": "Malware payload (Mirai)", "value": "4aa15fc83d01cc89083a221532ad69c81279125b885e7858a3ea29a74612863a526c382d77e6338be566551e7aa1372f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914602, "uuid": "82c7661c-4bec-4025-a291-b01df1c95e11", "value": "T1C7C3F731E8044B1BC2D223F6E75A469E3F351E9793E733115A3879B06FF27992E29520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914602, "uuid": "072abee0-4ab6-436b-838c-0a39db4dce5d", "value": "3072:6jVlyaL5JCrIpv04s5bttiEiTmP46aQyfPlfKsNb:yoCJCN4s5bHemP46aQyfPlfKsNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914602, "uuid": "8d8d3deb-f0f9-40d1-ac4c-9de0ca598603", "value": 129898, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914602, "uuid": "b648f210-c77b-459a-a3f5-e50464a15c61", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914602, "uuid": "54ccaa00-f5c9-45ef-8c07-9a20804728d6", "value": "ab22df0ec8ba18181dafad567f5856a4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f6dfc5b-a070-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646916450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916450, "uuid": "4ecae539-6313-42d8-aa44-d2ced5fb5488", "comment": "Malware payload (Heodo)", "value": "d3dc9cb5dabc07a504a650a9daebf996", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916450, "uuid": "a76c33c8-8897-47ee-ab63-ecac8c52fde2", "comment": "Malware payload (Heodo)", "value": "c45a18e9298059ecea1e5bc398db2f0f79919582b688cf83eabf87160988cf79", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916450, "uuid": "f8359473-dcaf-4205-9fb7-7ab5455eb60f", "comment": "Malware payload (Heodo)", "value": "d855ff28e6c21a3bd0d127251ad2e6661fe8753d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916450, "uuid": "a8b5f1e1-01ac-4028-b52d-48533ac47e99", "comment": "Malware payload (Heodo)", "value": "28e5bbb51db1cf315abc7a5e89b07490d9d9c48e7d2d98312e0e8bdf5ce89ea9cb22c71c9e4c705b88904366fe0e4746", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916450, "uuid": "0084ea3a-131e-4682-b6d4-3d133c220695", "value": "T1A7D46B2271DE4073CC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916450, "uuid": "11718d29-233d-4529-b5c8-49d68756b8a1", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916450, "uuid": "0db4d815-b5e6-4477-a11a-60ed33d99597", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAU:WRO5DDUmhnspspsqi022/OByw+iVifMF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646916450, "uuid": "fcba8187-679f-4fc3-8ff3-936a27305f9f", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646916450, "uuid": "ff3764be-127e-4cf4-840e-11134ad0b311", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916450, "uuid": "ae51d2de-130a-4cf8-9511-b52fc3f0ec94", "value": "d3dc9cb5dabc07a504a650a9daebf996", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c51223f-a072-11ec-9275-42010a9c0029", "comment": "Malware payload (Gazer)", "timestamp": 1646917330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917330, "uuid": "12cf527d-0621-4e44-928d-f5007e59e5c1", "comment": "Malware payload (Gazer)", "value": "b29ee2e39e31d3938238a6bcc517011e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gazer", "colour": "#91C3BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917330, "uuid": "ee756c52-f5f9-4317-9234-6181307f4982", "comment": "Malware payload (Gazer)", "value": "c5db84fe0f762ebc2abe484d59d51fdf35a37f3a32e6f44d8197b1e8cda98e84", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gazer", "colour": "#91C3BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917330, "uuid": "6c7b7ebf-8404-4565-8ec1-8d01be05eac3", "comment": "Malware payload (Gazer)", "value": "2dc3f4bc761e41191419862465b58fba9092c319", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gazer", "colour": "#91C3BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917330, "uuid": "5646f1e5-1b13-4ddd-b739-d7c5a994b0de", "comment": "Malware payload (Gazer)", "value": "6671ced32de043c6a01a39b7c8698acd0371a600762d586eb0a49cdcd4844a9c4e9eca7504bc74d14c9a7cbd02a16a39", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gazer", "colour": "#91C3BD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917330, "uuid": "5cfbf03c-6f40-4d40-9f15-1d98476c30bf", "value": "T16D845B1232F5147EF2F72A705BB397165EB7BD501821C45F42883D4A98F3A86EE29327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917330, "uuid": "360c40ab-88d1-4291-8178-413de5837518", "value": "b0095e22735d357ddb128c7622371b25", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917330, "uuid": "5adf1ffb-1750-433a-8228-6cb678fee632", "value": "6144:qvDjmMZn66J0wf5R+BUUzYsdPPDfTT/+15ZFWajNyLG:2DTZn3JFaJ86jn/+PqiyL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646917330, "uuid": "d121cf77-9adb-434b-8cf0-97df9ea4cdb3", "value": 403456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646917330, "uuid": "5dfda04f-5056-4eb2-89c1-4b7b9be74eec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917330, "uuid": "e55fd87a-a0a2-491b-bede-9b1c7b6fb5a7", "value": "c5db84fe0f762ebc2abe484d59d51fdf35a37f3a32e6f44d8197b1e8cda98e84", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04532c40-a05b-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646907331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907331, "uuid": "da124d52-06e5-4820-af77-92bfa23cbb7e", "comment": "Malware payload (Formbook)", "value": "dcc2e9422f388e3ee41f1b3a6aad8729", "object_relation": "md5", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907331, "uuid": "5a0597ee-4af8-4e94-8280-f4902839f9d3", "comment": "Malware payload (Formbook)", "value": "c61a915c345d7574f2730043bc34dbed169ccc9041205546bab4e60d5c0f21e1", "object_relation": "sha256", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907331, "uuid": "551935f6-3517-49d9-8843-2d5fcaec012d", "comment": "Malware payload (Formbook)", "value": "8e617028809fb303b9634e264ae6b8c1508f33c3", "object_relation": "sha1", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907331, "uuid": "4ea799a8-2820-4bdb-9e48-dbd53480accb", "comment": "Malware payload (Formbook)", "value": "7ea6d212dd50a198083d5719ee0f666ce68f7088559fb5261b0c53e419a0d12405facb9f5e4c0f2a211230f19c6ffe29", "object_relation": "sha3-384", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907331, "uuid": "a9207fee-82f7-4231-81d2-a6adcc965d9c", "value": "T1736422494AD0F57BF6D288B300F76726E3B2A596029741236F528F7B39B51836D2C2D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907331, "uuid": "bae21e1b-e238-424f-b1d3-689cbc892617", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907331, "uuid": "afb7a7f5-8db7-42ec-a188-2629ef11cb44", "value": "6144:rGizIg5U7Hx7/erZ6h6YcetJsI7dvexqVKiqwB6KpB+LVO:P367YM6l7kZeouDZLVO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907331, "uuid": "53cd5103-2fb3-4ffb-a3cd-d86e41643b70", "value": 313316, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907331, "uuid": "ba78a369-88fc-492b-a0b3-cc37d16e2984", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907331, "uuid": "69951775-20a0-4535-a7e9-fc24fdf8ccc3", "value": "Zahlungsbest\u00e4tigung.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d6cc7a6-a054-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646904420, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904420, "uuid": "2f8ce7d0-1e52-4d79-a4c1-c99ededb8f76", "comment": "Malware payload (Formbook)", "value": "94ddfc9d9d5752781251d19b0c385f1b", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904420, "uuid": "6879931f-4927-4033-88af-4707ec4f4d38", "comment": "Malware payload (Formbook)", "value": "c72ce9660d3791a38408596ac1a3ab98ebf02ff911d06a057882d80c7c25deb9", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904420, "uuid": "03a932b0-01f4-42a4-b0f2-b20d1ee1bf82", "comment": "Malware payload (Formbook)", "value": "535ad5bf0f5e534befbf3b32293905ee03a6ec4f", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904420, "uuid": "d36a7463-3720-4fd8-a351-4c7c0bc0aca2", "comment": "Malware payload (Formbook)", "value": "72b2695e3c388d28a93e9c789bfa7c1b07cd52e457fd178481f49a7275cbf438cd0132f5207b6a1431f7d13807632aca", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904420, "uuid": "c60b710b-0276-4faf-a240-bfe083e53012", "value": "T174141223F7A96221C2C735BEB1109A395AF5BE85E48C453F2167B7DA2277D304A24C0F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904420, "uuid": "de8f073a-dfe4-48f8-a76d-feb366924c8e", "value": "3072:s7uz+pgCEbJsztTR2fKDjLM89ahhvzmB2sJ5eiW23sXN/9OXyUv10yeiI:fz+pgvJ0tIK/LLamBNJ9W23s9OX11G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904420, "uuid": "abcadd30-4e5f-4f35-bbb4-da01175e956f", "value": 190376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904420, "uuid": "8a89177a-d943-4b0f-aee0-98f9c110633e", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904420, "uuid": "baa6ad09-de20-4518-a321-95d21217abd3", "value": "d_20220310.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c226f6a-a043-11ec-9275-42010a9c0029", "comment": "Malware payload (NetWire)", "timestamp": 1646897278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897278, "uuid": "2adf7264-8f9d-4198-af16-7bd5d79d2e86", "comment": "Malware payload (NetWire)", "value": "78ed9a451070cc0e956613f3985f42ec", "object_relation": "md5", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897278, "uuid": "edcc601f-11e0-4ca1-9b35-e1800d77156b", "comment": "Malware payload (NetWire)", "value": "c81f92de083fd474e70153c2a8f50069f18d54a756a707d5be4a2b71cd8f185c", "object_relation": "sha256", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897278, "uuid": "ba16ef02-529d-47ae-b8c1-0413dd5b7db9", "comment": "Malware payload (NetWire)", "value": "7153d6bb6529aa37e17a1dbf4a98b0ef256f1121", "object_relation": "sha1", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897278, "uuid": "210b6f66-ecf0-401b-b3ae-1572b0cc06a4", "comment": "Malware payload (NetWire)", "value": "ebaf9ded1371a083cebda59fca4dd5a517057b70eab02283ef49abb48b654c20af08864ca6cc999f2f33d27e11c87143", "object_relation": "sha3-384", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897278, "uuid": "4da9b87d-115a-452a-99a6-01a97ba4ff8c", "value": "T12B45BF977F5A4262DD600F7C3AB2AF6C1B06FE64BBE6220724587AF527333CA3850455", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897278, "uuid": "216d0bdb-4498-40eb-890b-968c1b1a91db", "value": "12288:rdWufnVwi3AQZEDm0D0tZ4egf40ROB2GdDH:DV5wQZE+Z4egf40Ra3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646897278, "uuid": "9c4bf1a7-6aef-4202-9a09-7904b9bd5731", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646897278, "uuid": "d2227132-65fc-43f2-b52e-af7571524a1c", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897278, "uuid": "626f0373-1413-4e4b-92eb-3c4f04111564", "value": "PaymentConfirmation.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9543b518-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903709, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903709, "uuid": "9e6113c5-e6ff-4501-be06-145115b7cf79", "comment": "Malware payload (SnakeKeylogger)", "value": "a4b9c6ae29d8fe0ae24543ae897c8ac0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903709, "uuid": "cc163771-6515-443b-b742-356de38324d6", "comment": "Malware payload (SnakeKeylogger)", "value": "c8ad6e1afcdd99af6e2950ed01f1bbed02936c0f685e0ae343001ed115d77ef6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903709, "uuid": "3cb522a2-0427-49b1-ade4-37849ac49b61", "comment": "Malware payload (SnakeKeylogger)", "value": "56ca2b4286300577f98817a8472df174726f215a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903709, "uuid": "b67bcd7d-5f77-48e7-a9f1-9df8578f1450", "comment": "Malware payload (SnakeKeylogger)", "value": "9aaf8d8123a7f2b5bb4416fefd024bc77946e263a5987f20fc6d8ed007a86ab212e99e8d804a72f4c01479de06d20866", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903709, "uuid": "011a88f5-64a5-4c11-8832-d644451591e5", "value": "T119C4BF8172241F96F57E9BF4502608550BF23D6FA279E14C6CEA30DB2EF2791061AF1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903709, "uuid": "b3f16765-19ff-49fc-ba0a-5d14a0256f01", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903709, "uuid": "447611c2-a6bd-4093-bd98-6c13e6fd486a", "value": "12288:HS6K0dDHk/gz4/6P2pD+lpM3JMqTyZQvYPxXBpwNkO1IIi+g4Hf/8FveW0:WvYh0qO1bng4Hf/8FvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903709, "uuid": "2adbc9a0-30b6-4272-a50d-dbabe825c93a", "value": 578048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903709, "uuid": "c3159daa-984f-4ebf-92bb-d1cbba1e7a34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903709, "uuid": "d7d41a26-3e07-4272-bcd7-b62a40893cdc", "value": "2209408669905434567890-098765432345.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e60472f7-a053-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646904274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904274, "uuid": "e21ebf71-8ad8-43a8-a9f3-ffbea80822d3", "comment": "Malware payload", "value": "d7187ce16486988e3ed3334109f929c5", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904274, "uuid": "93dbfd4d-fe3a-4658-9307-bd3b85343d39", "comment": "Malware payload", "value": "c8eae990a8f2cb84f0544a83830027fd37f19ae7fc961ba61b89ac17673d82c5", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904274, "uuid": "c6d00323-bc7f-4c14-ac22-1f5fad3c7099", "comment": "Malware payload", "value": "4e0983a75657087d2e859b63a0b2fc9507879654", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904274, "uuid": "bbfd851b-ca25-47c4-9caf-d5c5f08175d0", "comment": "Malware payload", "value": "7103713f4f79f03670230f859234b4c11cf7c0b5be5417449988bb98a076a84eef199a1fbc439bf2fcb7d71a90fa9f9f", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904274, "uuid": "71bcb5ad-42c0-469d-8aa4-11ad01a14431", "value": "T1ACC3AF26B3D1E435E46911309C69CB700A7CFD32197A6463F7402F6A7EF53C2A029B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904274, "uuid": "89b020e7-2f40-4cb5-b9f0-f88c7a675893", "value": "139a04e311484d910098f5943255b605", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904274, "uuid": "c5c3e7dd-6e50-4491-bc8c-8cb2a03df464", "value": "1536:BnS4e6/2T0BjhVkB2M/LdKuF74u0vrm806J3MX/RPd6pCZKcUIb/QRPwpekEc:BnEkhhVkBHFz0Rcvj2CZK4cRPwpN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904274, "uuid": "52ea9cae-e8de-4a64-b8ef-e28ea3680465", "value": 121856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904274, "uuid": "409b09b8-51b9-4765-9957-5b13a5534b35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904274, "uuid": "379a13b7-f5bf-45b0-a800-794b25b92e3a", "value": "d7187ce16486988e3ed3334109f929c5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04eafede-a0a6-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646939544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939544, "uuid": "5ba6cda5-8440-470a-85fe-597492e1a7d6", "comment": "Malware payload (RedLineStealer)", "value": "b7b527dbfb09fbb38e7d6a58f0e6cc37", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939544, "uuid": "806be80e-827d-4794-8e22-673e7271c987", "comment": "Malware payload (RedLineStealer)", "value": "c93f83abdd864cf1addb61dbab099ab5f9e5fa01b27d9dc74a6175476ca30bc9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939544, "uuid": "37c46da8-2a18-401e-8362-a8331084e367", "comment": "Malware payload (RedLineStealer)", "value": "598e8a2e7bd1388b628d7b3081961bb17bb9b3ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646939544, "uuid": "b87e1269-5834-4460-afa8-9270dc4956ca", "comment": "Malware payload (RedLineStealer)", "value": "b5378e07672f1a8e0166df5ee9613ed391b37b2025147f4e33baf8606060fb4d876f1661523813ed9988d210c6015a2f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939544, "uuid": "3a33bbca-a066-4dd2-9853-16f8a67c3801", "value": "T13284F120BAA0C077D192A67169B2C5B06B7FB8315A32880737A51A3D0F713D1BBB7756", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939544, "uuid": "facf7949-cad0-4c04-bf39-a69dba447353", "value": "b5fc65c435a5f7cd1e727ba5ea41ae9a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939544, "uuid": "f14c3b87-a5aa-4f23-9e5c-e9d5c1cf5e6a", "value": "6144:BaUqqg+ca9jcFUx4Q86gklHJLGkyHa5aT+yvT5Y3:BaX+X9jcFotgklHFcHa5aLvN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646939544, "uuid": "8f30f887-740a-4927-b5a6-aa68a4c81a3b", "value": 380972, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646939544, "uuid": "45ee50fc-0790-482f-aafe-dc07e4d7005b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646939544, "uuid": "9ffaed97-cf1d-4587-9030-47a90c2086a6", "value": "c93f83abdd864cf1addb61dbab099ab5f9e5fa01b27d9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "551648a0-a02d-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646887710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887710, "uuid": "46c5566c-2916-45b7-b807-106132881609", "comment": "Malware payload", "value": "8c7557e74ec56c074e845e7e4db46d1e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StoneDrill", "colour": "#327298", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887710, "uuid": "6495e1fb-6d73-4c79-8a8d-b3ab96b61c92", "comment": "Malware payload", "value": "c9de316342aff789e9dcd725b893f48256f381c936ba19a7ccd9336e1ed9cace", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StoneDrill", "colour": "#327298", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887710, "uuid": "69f683f8-b911-482e-81f8-68a56e9c2fa3", "comment": "Malware payload", "value": "5e4cb892da1dc386e408096a34f866f31e9d041f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StoneDrill", "colour": "#327298", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887710, "uuid": "afb83fc2-6a44-44fb-89ac-8260d892a982", "comment": "Malware payload", "value": "90602b86083fe1f593d88dcf36de0fe19e47bf0af1a8f0713ef5125f8a52aa4f81ff7cd2ada8d8a54a92352fbcaad534", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StoneDrill", "colour": "#327298", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887710, "uuid": "2b3a0674-0fc6-42d3-ad93-77990ed39113", "value": "T1DF848C22B680C072D49325719AA9DB75497EB830232169CFFBD90A7E5F647D19AF030F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887710, "uuid": "ae504674-6626-4a5b-a586-9fcfc32d6e44", "value": "e598f7d62f78837365f795794c131eb7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887710, "uuid": "2fb06b54-658f-4808-888f-a7ec3e504039", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sF204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646887710, "uuid": "16ff4294-5871-4548-ba85-986aaa69143a", "value": 396973, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646887710, "uuid": "8dfcbe68-0067-48e0-a8ae-337dd59e9981", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887710, "uuid": "4cc648b7-7c62-4c78-b0a8-f84cd1b3caed", "value": "whynot.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61066038-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646907057, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907057, "uuid": "8da28c06-2755-410f-bf15-22baa099d9d3", "comment": "Malware payload (RaccoonStealer)", "value": "d7dfb559cf70658feb93fbe6910f186a", "object_relation": "md5", "Tag": [ { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907057, "uuid": "f51b6f67-eb2d-4e1b-b759-37ef9c5edc70", "comment": "Malware payload (RaccoonStealer)", "value": "ca5b42fc1bbeea762b2170cc94b124ebb3731c68e445e78881fb2cc8fa6b1ccd", "object_relation": "sha256", "Tag": [ { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907057, "uuid": "ea061cdd-f80a-4aef-99bb-d8d238f16a99", "comment": "Malware payload (RaccoonStealer)", "value": "83bf08e538b051700740bd6e83779fcdd925cdd2", "object_relation": "sha1", "Tag": [ { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907057, "uuid": "5b51e2bb-0925-4f01-bf80-071a6c0fa96a", "comment": "Malware payload (RaccoonStealer)", "value": "364a8e75315f785a0eb67e7aaf4c8d878387734cfe4ccc3046cc2ae9990e047580ece97c026921d57c388287ef138a94", "object_relation": "sha3-384", "Tag": [ { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907057, "uuid": "c70894fb-f6ef-48e6-8305-b73f1e84ddd0", "value": "T1F6D4AE57F6E77A65E6AEC1BAC6F1C92C66B3309612B0C3CE774055492D22392483DB0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907057, "uuid": "aed042f6-10e8-43e7-9bc1-78f31909f2a3", "value": "f20a8db3e4a8c03c1ab177b2660fdd78", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907057, "uuid": "69875f45-59c0-48f6-87f6-e6f847ce6e76", "value": "12288:NzLjlZHAt+AZrkOCH8bzbBSrekOi1uWD242S6+4U67T:NzLhltAdkjcX1PDWeS6Zx7T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907057, "uuid": "07cfaf29-5bde-413e-b82a-987afd8fee5a", "value": 615424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907057, "uuid": "deb07a9a-b9c8-43eb-a184-6038815e7dc2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907057, "uuid": "e9820974-cedc-4e7c-b5a9-1e68826d1988", "value": "0002_S2-13037.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd8f0f30-a070-11ec-9275-42010a9c0029", "comment": "Malware payload (Gazer)", "timestamp": 1646916688, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916688, "uuid": "7b5e0e13-cf50-46f6-af69-c5ad531202d6", "comment": "Malware payload (Gazer)", "value": "b515d390a0029ae24969f1580780d216", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gazer", "colour": "#91C3BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916688, "uuid": "4c3d5922-4a8e-4497-af3c-3229be8b511b", "comment": "Malware payload (Gazer)", "value": "ca9e3ea2e21483612ec2d9ff4a91693e97ab24175ac00ccb52da89e4b89230c9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gazer", "colour": "#91C3BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916688, "uuid": "03aff931-2f20-4123-a65e-630edc0af3bd", "comment": "Malware payload (Gazer)", "value": "fb38a021eef9032e12c6f562c17e474901f01e8d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gazer", "colour": "#91C3BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916688, "uuid": "4f1aaf28-b590-45d5-a163-bd56f9fcdfeb", "comment": "Malware payload (Gazer)", "value": "966f47717ad374d87444edb0bc281adf5f2c2fe3c74d8c904dca924682c095830d29c2c6be848642fd2cdcb2bb4f7a85", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gazer", "colour": "#91C3BD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916688, "uuid": "83ee1369-e5ae-458b-a187-64a2efc2a9da", "value": "T1B9433B36B3E440B8E5636EB8DCB28106E3727465077187DF0260C6691F736D29E3AB69", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916688, "uuid": "3e98aa52-884f-4424-bf0b-a8868079e44b", "value": "4281d78d031898a1c70f618d474cda79", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916688, "uuid": "c2c9bf95-e704-4f06-88c8-c89fd755011e", "value": "768:T2IXeqpTET5ccHkeS1KIf8ZvwVIchvmCVY8ipWjdLq6+BdlnCe+0FHMXa1+IOURa:VI5ccHk6QpD+dlCeFhtSFlSI2Kl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646916688, "uuid": "0b05967b-e4a9-402d-ab03-d6ab3c8b685e", "value": 57392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646916688, "uuid": "b8d5373f-4b54-49a3-b8f3-6d29b483088f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916688, "uuid": "096c3cfb-b027-4b42-a78a-8d78e3231d20", "value": "ca9e3ea2e21483612ec2d9ff4a91693e97ab24175ac00ccb52da89e4b89230c9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0aa23c87-a019-11ec-9275-42010a9c0029", "comment": "Malware payload (ZeuS)", "timestamp": 1646878995, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646878995, "uuid": "428eea6a-9204-41a0-b554-d6a5cfb1aa9b", "comment": "Malware payload (ZeuS)", "value": "409eeaaee81773d3ac3e49441284edd0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646878995, "uuid": "6c95bfb7-4cd5-47bb-b2a9-7dce68207f2c", "comment": "Malware payload (ZeuS)", "value": "cb484f57d79564c8f7b685c7c7c578c4eaf5ca29e8616fd80f633fe7f9c75b58", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646878995, "uuid": "d0e7f220-a9bd-4ffa-a905-7805ca32177e", "comment": "Malware payload (ZeuS)", "value": "35a1c79a5810e6fc00aa988fed983cdcb76dfd05", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646878995, "uuid": "a6eb93eb-dc7a-436c-87aa-be6f158f9e65", "comment": "Malware payload (ZeuS)", "value": "4cf8f0ca52dbb4752f058b7434e4b25391455ffde5135d454e793e55e49bf47eb41bc311765553c4b27cd4baf55949bc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646878995, "uuid": "5b06138f-b3a2-447e-9440-9dfef02e4ffa", "value": "T1475402C765AD0FABEF6202726180E60266D7FC71453BDCB7C26901EB03B1985527B2DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646878995, "uuid": "3c8a73cc-b836-487e-a6cf-0ffea6e1c328", "value": "0c1e0b4890cc87424a0fd0132621e9be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646878995, "uuid": "08f0a5c1-bbbe-4716-9a76-b095b79639ea", "value": "6144:nBZ1dg/Br0z//V0oo1Bcp7ZRSQ3I6uZDjkRTLmZcPt0baY1B:nnagl+cp7GscQ1mZWub7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646878995, "uuid": "baf63c65-6756-40bb-970e-5c209b7e8e6b", "value": 282112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646878995, "uuid": "c204ead6-0833-431e-a103-8b3037d7f328", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646878995, "uuid": "9b0c71f2-f6e9-4e79-add1-f92634090282", "value": "409eeaaee81773d3ac3e49441284edd0.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a4e1c4a-a054-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646904469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904469, "uuid": "d5d95bff-982e-477f-8070-12fd2d33a1b8", "comment": "Malware payload (Formbook)", "value": "6779a1cd73b627ac61bfb07dd8f99c49", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904469, "uuid": "95d5eb4e-9ab9-4668-b9f4-4855fbc210ce", "comment": "Malware payload (Formbook)", "value": "cb52e748506966a90bc07b1f70fe5c56ff3c15c172ece9e6b36af880e168a1ac", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904469, "uuid": "ebd17c0d-ebd1-4785-9b59-fa6d35a553b3", "comment": "Malware payload (Formbook)", "value": "8d12225da2bd590e7accb92a8e8a2a12238a0f40", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904469, "uuid": "b9661836-9e0e-43dd-8ef4-3a0ed848126f", "comment": "Malware payload (Formbook)", "value": "915c0ada774d816ff94d257a05c0bd6b12b7db5775df294dddd4c9a1107ff66e9d4889550e517f2b6f161fd711d9eb5d", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904469, "uuid": "dc70c2ab-ceb8-4271-840b-fd6f91531cb2", "value": "T1B014124068F08556DB403774DBC10F42AFAEFCBD6604220AB7A9B5193A7BF4B41CD6E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904469, "uuid": "0b4d28c1-7a48-41ef-9b67-d62a4b9c4738", "value": "3072:CGTos46r1TlhtTEe3D023CcMqc7Qni2NkHKV1EzQCdUWwIGuerHIC:lTJ4Wlht4oCc5eQLHzMdUOGvjh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904469, "uuid": "e7af4af8-8959-4cd0-9c28-a91703494dc6", "value": 191192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904469, "uuid": "b1612ea3-43df-4174-ae9c-7cf2e606b308", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904469, "uuid": "7a42421b-3b72-40dc-a9f1-8b0cf9f5a9d6", "value": "Order list.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21114f04-a03c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646894065, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894065, "uuid": "c975d04b-a78a-4999-b577-4999b21e9086", "comment": "Malware payload (Mirai)", "value": "7eed37ad820de2997065c0c16a48ef1e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894065, "uuid": "c3606dfb-690e-409a-85a1-417eea3fb755", "comment": "Malware payload (Mirai)", "value": "cb769f304fb85862a1633fe5b032e53ff03229ff5aecae846faae38ce709fdb2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894065, "uuid": "5db9d9a6-a0c9-4013-88b1-174def9fb54c", "comment": "Malware payload (Mirai)", "value": "b6a823bfa83a990afdb06f9caae47b24723b5ebd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894065, "uuid": "b00b1c41-5f20-4781-8b33-b42b3058071e", "comment": "Malware payload (Mirai)", "value": "6d58c06b708a2b8d29f4119acdded2130ab880ac06ed855e91b47d30d2da575cda20fb9932bf91dbd5f3025267f77e53", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894065, "uuid": "8701de21-39ac-4ee6-8823-848bf23f28c0", "value": "T11C73A80E6E618FBCFB5A823487B78E20A65833D627E1D541E15DEA111EB034E741FF98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894065, "uuid": "30efe314-40af-49f5-8ec7-b58d2476d963", "value": "1536:YZIJO4rSB6x4qzEIjCRIxuF9IJajZvGIyv:LPOBxqzESxxuF9IgNvde", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646894065, "uuid": "dffef0d6-0e56-4766-91a0-05a3312d9139", "value": 76612, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646894065, "uuid": "111ddf13-cafc-4696-9315-4c643cc06909", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894065, "uuid": "6fe0275a-d883-483e-9641-bf9602104600", "value": "7eed37ad820de2997065c0c16a48ef1e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53662ae8-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646905316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905316, "uuid": "dee881ef-ce47-4524-a7f9-9a5dfa2c089b", "comment": "Malware payload (Heodo)", "value": "5bdd9e43fd7c288e38a8fa00f2e1d35f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905316, "uuid": "3941ddfe-de60-4c63-b42a-522edef25769", "comment": "Malware payload (Heodo)", "value": "cbdd8fa2a32c21ddef1f429548671104c2ce48cdf16f3eeead93da8ac6363c0a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905316, "uuid": "e010331b-efb9-4e65-a84b-60a6dcebc1ff", "comment": "Malware payload (Heodo)", "value": "f75351e103d55c7bed633137a171652a46d64318", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905316, "uuid": "7b6c8bf6-7266-4c16-a02d-ca3e6efd20df", "comment": "Malware payload (Heodo)", "value": "bae9f1c77fdfc79564eb7575b02d2a9805494576fed879c53f870d39aa0f953f7f4cd72df01a27aaca5ff6e6031ad7f8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905316, "uuid": "41538d57-32c8-43fb-8838-35dceb898b0b", "value": "T1A7D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905316, "uuid": "5361bb69-4378-40fb-9a50-e9b1d82cb66d", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905316, "uuid": "41e18ff4-2881-4d5e-9abc-b228b70e6f03", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAO:WRO5DDUmhnspspsqi022/OByw+iVifMT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905316, "uuid": "e1040025-10ce-44f1-a2fe-0fe05728cd4f", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905316, "uuid": "b45eeb9a-152b-4c16-9eec-5a9663be8fa3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905316, "uuid": "4793b795-4334-442c-8355-1ccdd07c9599", "value": "5bdd9e43fd7c288e38a8fa00f2e1d35f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4b57c54-a0a7-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646940349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940349, "uuid": "0923ab60-560b-4569-b8f1-e672e4659365", "comment": "Malware payload (RaccoonStealer)", "value": "88e7865bcab79c6e0908b795f453cb13", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940349, "uuid": "5481c3f3-f361-4df9-b69c-f3ce311e1e41", "comment": "Malware payload (RaccoonStealer)", "value": "ccae525e68a279ad432d07a3e1ea6f2d89bb68bd73de544d6c44b3689a185d15", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940349, "uuid": "7f0230f3-3203-4b30-9683-398e166b98c1", "comment": "Malware payload (RaccoonStealer)", "value": "62f8c52d7efc321555962a98cbbec8f9dc28d7f4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646940349, "uuid": "725c6e41-220b-439a-8f0c-c288d4b741e3", "comment": "Malware payload (RaccoonStealer)", "value": "94bacf1f93b8ecfee3ac7d947d4f9e4ce73a69576609d830b0ca485f32b7ca674366376bb6a015f86099b3f9e33baa84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940349, "uuid": "b3ceeb65-0fec-4410-a195-88f7fb6a3df8", "value": "T13EB412217A40D972D02798360B65C7A46A3B7B314E70D78F3FA80B6D2F312E1E679B45", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940349, "uuid": "eb438ab8-29f2-4ee7-8eca-9f1c6167c760", "value": "b5fc65c435a5f7cd1e727ba5ea41ae9a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940349, "uuid": "f71c47ef-452a-4593-a784-8397888b14d7", "value": "6144:+gGpyIAxiGtoJGw1wtbq/E+Pv9MO+FI5WdTWUIotd2PAJP2fxo2D+HVKNyapFHEn:+gGc3xmJj1w/+H9MwMzgU2fxFkhabA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646940349, "uuid": "523627d4-555d-465e-ad6a-74c558c2b958", "value": 527872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646940349, "uuid": "e873f670-b301-4d91-b303-8993f103c26c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646940349, "uuid": "d3a7ca3e-a492-4deb-b01a-7bbe7be9e661", "value": "ccae525e68a279ad432d07a3e1ea6f2d89bb68bd73de5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69237c8a-a090-11ec-9275-42010a9c0029", "comment": "Malware payload (BitRAT)", "timestamp": 1646930264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930264, "uuid": "2c675761-01c1-42a0-a0ad-41a266da7ed5", "comment": "Malware payload (BitRAT)", "value": "498cb9df0390bf0d1eb8e3cfbf4eac1a", "object_relation": "md5", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930264, "uuid": "79afc268-0c64-4e36-9b1b-810018218b3d", "comment": "Malware payload (BitRAT)", "value": "cd1369c97b66846b85c446406496572fec8d4403762d0ffc421f32d5bbbea362", "object_relation": "sha256", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930264, "uuid": "3b98395d-2335-48de-8f7f-0bc9f220d85f", "comment": "Malware payload (BitRAT)", "value": "1dc52d19b79316d5806c1630c3fddfb5c0b321db", "object_relation": "sha1", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646930264, "uuid": "c0b7d05c-fa56-4f21-b9c5-6aa34cc07fea", "comment": "Malware payload (BitRAT)", "value": "9f7ab104e7a6091c860eb3418a7aeecbccc2928287608bf134281c15f4fceec78b1636bec786cddfc270f86b15d47f39", "object_relation": "sha3-384", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646930264, "uuid": "db955557-32ca-456d-bf23-d8f7c6150d13", "value": "T1CE9533BA33C127ECDE10A1F945F147E0C73CA968961D0793DB69AC00ED93A9CEC5395A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646930264, "uuid": "ac8ebe2a-655a-47bb-8bfd-5c5068c56024", "value": "49152:gEcd08AjJsRKw/OEE3eeBJKbZ5dnrO6yMo:gEOCjwRJEuI4bZ5ZiMo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646930264, "uuid": "612f4dff-2bf2-4c93-941c-49a2ea7be84b", "value": 1932648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646930264, "uuid": "4e811dd8-15d5-460b-9bf4-5874e1f10541", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646930264, "uuid": "b7bf4d11-1db0-4af6-9c9b-b7838d2dc5cd", "value": "Invoice.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cebf9d5-a02d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646887803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887803, "uuid": "fc0450f8-4575-4174-996d-6f5a839220b0", "comment": "Malware payload (Mirai)", "value": "eeaae3eee556eff7d08db7f3966b8197", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887803, "uuid": "ac8c8f76-cbf9-46f9-94c2-7772313f5fb4", "comment": "Malware payload (Mirai)", "value": "ce0376cb0c5bd6566bd8929fe601acc8784958048b78f47b5c01ee9888cbf429", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887803, "uuid": "84b76eca-e97c-431a-bf93-095d0582d203", "comment": "Malware payload (Mirai)", "value": "509729d7305a1dc61f3458d6175fe56fe1df58ca", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887803, "uuid": "29067a8e-e85f-41f0-878a-ba773cc4be04", "comment": "Malware payload (Mirai)", "value": "e044b285bcaf8158a8a9b394400e32e634c989bfcb1c7b8766bde4772d2a8465fe27de9f89cec30899489780f0c77d23", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887803, "uuid": "c4042a29-1abd-4dbf-8a61-c42450ae4148", "value": "T1A263175AFD80AF01E9D525BAFE0F018933534B6CE3EE72129D205B2527CB96B0F76416", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887803, "uuid": "b8770e98-f945-4f2b-98fa-e3653c77d825", "value": "1536:PBnt1ErVRWqUlaVUjgB0p79l1ZiyuS0WgY7EBhm+:tghUlaVUjgBwhuS0WgPBhm+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646887803, "uuid": "bee44278-89f2-43bb-bc22-c5dd89a36ad4", "value": 66852, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646887803, "uuid": "c2005960-b0f4-4d2e-8fe9-f2d7a5d4dea8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887803, "uuid": "f66ca878-d288-4313-96d5-c3b60e177a0b", "value": "WW9mdWthc2hp.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "efa997cf-a0b5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646946381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946381, "uuid": "93a50cae-22a4-46b9-9a71-4482908cbee3", "comment": "Malware payload", "value": "783bf636a47d4e39db04208fa729551f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946381, "uuid": "f75a2ac8-7464-41e2-b0d6-f3140c0113af", "comment": "Malware payload", "value": "ce6835e42684cff80a7ec214439f99756d5a54bfc915f61d779b2fbb3eb8c964", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946381, "uuid": "b4f34af6-4e98-4825-9cb0-4859774fd269", "comment": "Malware payload", "value": "57faf5c953b0d215a879baadd4427edc956121f3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646946381, "uuid": "72714aa4-d069-41cc-a53b-9b8315b20f6a", "comment": "Malware payload", "value": "836a9f31662708f4aac7bee60b103cd7234148d2ca47fd0f42a0f42427186f42ab76e6a0fba8a393e4f0e8b583ab08bc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946381, "uuid": "4364bf7f-bded-4e5b-85c9-d002dfdd8a7c", "value": "T16503E170EEC453F1EDD15F32F819880E529AB3D042FAFDE1673485A42B135E1F6A9282", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946381, "uuid": "88843cf1-e2be-415e-9ca0-683c9ca53dec", "value": "768:ViSxH2GLZwJdoT+fZXBBXOXQB8VQ0QFq2iEny23UWAK:l2GSoTUBXOXDq0DsnyU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646946381, "uuid": "293b1a69-0dd2-4854-bf37-997a562b004e", "value": 37744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646946381, "uuid": "15789f4c-9344-4749-a26d-6f295d2c310f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646946381, "uuid": "3bcec855-92e1-42d1-b8b3-f06215c598b2", "value": "783bf636a47d4e39db04208fa729551f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acd61767-a043-11ec-9275-42010a9c0029", "comment": "Malware payload (NetWire)", "timestamp": 1646897306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897306, "uuid": "d3b0118e-cda3-4863-8c36-d457c4ddfcff", "comment": "Malware payload (NetWire)", "value": "d13f122b07e969b6040e8d441d590211", "object_relation": "md5", "Tag": [ { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897306, "uuid": "86a46b91-9b5a-4037-bc12-139ed6a5e0e1", "comment": "Malware payload (NetWire)", "value": "cf901039d6fd83236fd6cac45b976b5e41094b6faf97518526c13e69e74ba14f", "object_relation": "sha256", "Tag": [ { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897306, "uuid": "2c2a238c-4246-4575-8a2a-58834c082dd6", "comment": "Malware payload (NetWire)", "value": "f9fd993e47d21f99793004fb0c585e28377ca0da", "object_relation": "sha1", "Tag": [ { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897306, "uuid": "ec04aba8-d778-4910-979a-f62193083fd4", "comment": "Malware payload (NetWire)", "value": "88f002ede2b6343b63cf26feb90b413cc2448880d96759f47aae0961ff0871c9f96e3c194b97a1f5acc271121c36ebb3", "object_relation": "sha3-384", "Tag": [ { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897306, "uuid": "1f0769e2-0ba5-4b09-8ddc-0ba4db0ce987", "value": "T1D9642377FDE68E4A2C68F6A683B290BD3704DA46A21E141578C812DF305B054F2F80BF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897306, "uuid": "94f703a2-60ae-4776-aace-968d6adb5818", "value": "6144:LGbPwAs5QUV2IVmSrsdu3f+J85MX2rzVa+gCzqVDmdGeih1cmtq+8g:Ly4J2IVLSyykV3g1idW+Gq+8g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646897306, "uuid": "0d001fd3-450d-4c97-8092-44ce9430bf8f", "value": 308646, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646897306, "uuid": "c25689df-a1aa-43ca-b71b-1c23d5f8a532", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897306, "uuid": "0bc7339f-9618-4bbb-ba86-c1beea161878", "value": "PaymentConfirmation.R00.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46181cf4-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646905294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905294, "uuid": "b8f7388d-cba0-4b55-9858-9a3500492c29", "comment": "Malware payload (Loki)", "value": "eee8b3ecd307a8b2912bfef7ce3822ef", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905294, "uuid": "7186ba2b-e9c7-439e-8beb-2128efd3efd1", "comment": "Malware payload (Loki)", "value": "cfb1e055ed73a15f9ee207033b9baea37353ca595d415c6d2e660b1006941031", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905294, "uuid": "29fd767b-9402-44c7-8754-8e5410e061eb", "comment": "Malware payload (Loki)", "value": "fb2004f954fa0312c5b1dda9a154c6f5b53dfd3e", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905294, "uuid": "7cc94c48-c159-43d9-82fc-abdfd58df3db", "comment": "Malware payload (Loki)", "value": "d79b1ee880732324d0a66f97e0f17884a58b5607112c82360ff2392feb47c5a2aaa26b0b0c5194393687aaed68b437e1", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905294, "uuid": "6ae007e2-10d6-4423-889b-142b5fbeb66e", "value": "T16514027D31ECF6C6F4A2673E2AC38843D2C79C0F5FB9B4152591B3CA08F98156069B69", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905294, "uuid": "f523ee61-8ef3-4e54-a26e-f552dbe5b3e2", "value": "3072:KglrPG01wbCX5Elg3VofB7FxvQoY9w9+xHAZupdiVv9VbgChsITGMU5CGDMeapa:Vlr+wECpEl7DxvQoY9d/dEv9VsCp0yLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905294, "uuid": "ccbf65e4-7a04-49e1-82a7-5e7a14eb3bae", "value": 190568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905294, "uuid": "086e2f6b-aa70-4f10-9398-1dfa8967ede9", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905294, "uuid": "defa672d-676b-4339-adb4-eae3706419e9", "value": "CI PL.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61e8fa1b-a044-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646897610, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897610, "uuid": "fae6c8f9-02d6-431e-b433-0743ea2c8fbb", "comment": "Malware payload", "value": "976c8320d86bd9989697b16e9acde266", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897610, "uuid": "a9382539-21a7-428c-a4dd-31fa87481290", "comment": "Malware payload", "value": "d164bebad32990adaef86446eb1dcdff56f21dd54a9722517bd17deecc4800a2", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897610, "uuid": "f5668ab8-746c-4a9c-a28d-5c2aaa5171f8", "comment": "Malware payload", "value": "aa9d4348dab38027eca3d85121d43d8bcffd0b19", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897610, "uuid": "9f538b73-9143-43de-afdb-b7be1aa1cc29", "comment": "Malware payload", "value": "867ec204ab4af4543ccbeca0767ef0ff13cb2a9a81a9a39bc8c1e5e2ca7caaab1543d83cf93dc8cb32fa1d532c0357d3", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897610, "uuid": "03527c79-a64a-4a85-97c8-5d656b5cf4d8", "value": "T195A107B91B082C67E34382F1D55ABD575167F11785CB0E89B2ADFDB00B1F221A635E42", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897610, "uuid": "ef9b3805-a4df-4067-b949-6d765b26d895", "value": "96:cXWzY+6JJX4lMYLO2sDjVtAM/G4hqrsR8yKHN+rJ4njbXGY5GYiIA7odVF+CqDTg:3MvkSNjVG1yKHN+qf4YiIA7odpl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646897610, "uuid": "69e21df9-b9fa-49f6-953c-e58c973c0a04", "value": 4812, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646897610, "uuid": "eeb6be96-a89a-428f-a05f-a95e5cbe496e", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897610, "uuid": "f87ab425-4ff9-4a21-8f51-8c7ea281428b", "value": "Pricelist 2022.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26305a35-a04e-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646901805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901805, "uuid": "310ced51-7b91-4109-9928-b8b737f5c594", "comment": "Malware payload (Formbook)", "value": "00c17935ea84043692ddf743e1dbaed6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901805, "uuid": "449487f4-564b-48b7-80c0-cfab26600bca", "comment": "Malware payload (Formbook)", "value": "d1d9a1e96a6f7b46b3634ec6454c07043c26fdc8455c949738e51b712340022a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901805, "uuid": "e1a37cc3-a06b-4035-986c-6bc6914c6499", "comment": "Malware payload (Formbook)", "value": "7207a444eda465004496a83893e6a255067e007e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646901805, "uuid": "9e31b0fd-1f9d-4d92-b3ec-8113aac52efa", "comment": "Malware payload (Formbook)", "value": "38589aa88235d3d593ece3f31c34ce21820c2656f806915f6d05fb6c012644a97f3dcc491f6b27f8b8e872eba13f58d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901805, "uuid": "74e95b4d-aab9-4d53-9e9f-e0b09fb53817", "value": "T130459D62B3914937D5731B388C1B63A89429BF043F289C4BBBF87D4C5F7A6817925293", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901805, "uuid": "dc0e4957-9c76-48a7-86b5-e6ffbac9a04b", "value": "f3ef87a63216dac1578ca750829fe4b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901805, "uuid": "39668ad9-56a8-405a-a157-59e39f98483d", "value": "24576:f4vPtIdV591Vr90+b5rdtftguklShh57f:f4HtutddtAlSbx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646901805, "uuid": "98af4cd7-acad-402f-8372-f32ef2cccf2f", "value": 1212928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646901805, "uuid": "8bb30c55-92a2-476d-b423-1872b809b539", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646901805, "uuid": "b4b1a28c-0dbb-4ed5-80fd-acb388a491a5", "value": "Xivnstjpmyklydnklbqunmshijgbnudqtx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa077186-a03c-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646894295, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894295, "uuid": "7858cebb-9ed2-42d6-bf02-6f1699216f03", "comment": "Malware payload", "value": "e94019e38eab7ac4945d70e3a34ac247", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894295, "uuid": "03fc0309-629d-46eb-bb8e-e568f79ae8ad", "comment": "Malware payload", "value": "d21247ac6e88340118d5773239f9e7cee22aa4d11a543c16f7c6e9bb5ba0afb4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894295, "uuid": "c714c7e2-46d8-4009-b229-b38e3b0d0225", "comment": "Malware payload", "value": "36b61dfa15ba273a3e099cad14c8797086c0254d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894295, "uuid": "feb2fb23-2cc6-4a93-bcb5-04944e3b5cf1", "comment": "Malware payload", "value": "74bf1f4648579bd16be340320f058dfbc9df0553c077e8e7d23b796b80681588272e2fca60b63c0506368e189b3009a9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894295, "uuid": "1b0c70b4-0616-4c95-a85a-a04c87cc09d6", "value": "T175E312E21834A830DE79B7F298842D31E97AD7CE98F63701ABE4C84477C453892F7568", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894295, "uuid": "53ebb025-46b6-4ab5-bd83-71bdefdc7ab0", "value": "3072:YjMb3tS5iTEJeIGxCo/3M836N6egHEfzqq5LLx/n8keM+eO1xLFV83vcMF5U56cq:fQiZUW36N6egtmkI+esFV8/cxIz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646894295, "uuid": "de6b7f7d-10b5-495f-b69b-e0311fad6cc5", "value": 146909, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646894295, "uuid": "706ab832-b133-4c51-8865-0990de482510", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894295, "uuid": "e85b11a4-866b-4613-abe1-11e6f4dc4865", "value": "Download__Main__File.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "876f86b0-a04f-11ec-9275-42010a9c0029", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1646902397, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902397, "uuid": "fb593f57-84a7-4399-8420-25b94ec4b010", "comment": "Malware payload (ArkeiStealer)", "value": "f947a0c2119e7c367677c97b6c335a32", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902397, "uuid": "ac7261a4-d3e5-489a-b864-8abac3470186", "comment": "Malware payload (ArkeiStealer)", "value": "d2212cabc4da0107627727c4138a08581480aaf1597b624d8607ee583ac0c33e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902397, "uuid": "2df549ed-5ee8-40d1-a25a-9d85c1a2b0cc", "comment": "Malware payload (ArkeiStealer)", "value": "14a065ead38cc8dda4cf8499372552eaf6be5714", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902397, "uuid": "636942f2-3d89-45ee-9e00-c533dbed167b", "comment": "Malware payload (ArkeiStealer)", "value": "589a6a00f441aa1224825e58b8bf41e611fb784016f32e41dd0f22cd6562fe8291c9470896e7a956f2a43b24031e40e8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902397, "uuid": "742c27c4-e4e4-4fbe-8a3d-cc949239a57f", "value": "T18754CF2237A0FC72D19355705834C2B1A67BB93256B5D90B7B880B3A5F313D2B67A386", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902397, "uuid": "d50ae199-c455-4a48-a28f-04d3a3f9de00", "value": "1bd024066a86f151729fa49bd4381603", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902397, "uuid": "0f91a08f-7be3-487a-a272-e2c63fcad0a2", "value": "3072:BShsHuLczE9rfEsAASx28BCAu5Aezxx/7mCl5RQ:ciHuLcgB/SxJwAu5AQx/7myQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646902397, "uuid": "a1d1c797-b9d5-4c0e-aae3-46fe9b536ac1", "value": 279040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646902397, "uuid": "5653ecd3-97ed-4572-afda-64c406543ecc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902397, "uuid": "cdb6327f-b717-4381-a88c-9ee179a1bd34", "value": "f947a0c2119e7c367677c97b6c335a32", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63fa87b0-a098-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646933691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646933691, "uuid": "7e614346-db5e-4f04-a6b1-dde9c6076ea2", "comment": "Malware payload (Heodo)", "value": "62222a6624bb2b3ba74976820df6967d", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646933691, "uuid": "8cedf1c6-4913-4573-a3fa-b0954bec385c", "comment": "Malware payload (Heodo)", "value": "d289d4f4e55e82fda447f47a1cace90202395682cd8e8081f75b64984fbe7929", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646933691, "uuid": "4442bc39-f17d-42d4-9715-99f8895856d8", "comment": "Malware payload (Heodo)", "value": "1498be1203cf15ad3c13ce5a9f600f3e69fa2e44", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646933691, "uuid": "af62ae05-e63c-4f11-999c-95d6a1ede773", "comment": "Malware payload (Heodo)", "value": "74650b5f329dfc2b3389b0f412b6c444049a42fc9961d5f5ec2660a214d2a7cab23fa79fd058a2c35bff7b11750b33d8", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646933691, "uuid": "93ced66c-252b-4e59-965f-116ddc20a9d9", "value": "T1B613D02CE65B3119C6359C7D561CDCF56E0821975409DA8B2848FBCC2EC1BF722AF19D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646933691, "uuid": "b5ab8d5d-0889-4ff7-a455-234417fb1ef5", "value": "768:pCToSyUnZpOw+pyZfQCwBzii1H/KNsH7meB1Id5qXkm1qVw0je7:pQsUZpOw+pyZfQCezfCNRejIdcXheRj+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646933691, "uuid": "9f6db677-b186-412e-b506-cf592e943e9c", "value": 44632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646933691, "uuid": "04802dc6-e5f6-4bd3-87f5-65943f945ccb", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646933691, "uuid": "21f3b34d-6c29-4fd7-b5af-65ace31d240b", "value": "SCAN-09032022.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "114d3127-a02a-11ec-9275-42010a9c0029", "comment": "Malware payload (NetWire)", "timestamp": 1646886308, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886308, "uuid": "db0769ee-a76b-4ead-a8ea-0385d28e5feb", "comment": "Malware payload (NetWire)", "value": "a8956431106c4e1d5585d8049303dd07", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886308, "uuid": "39211399-fafa-4b44-b77d-96abf6825c25", "comment": "Malware payload (NetWire)", "value": "d2df9078d5a72c5212ef2423afc8a6b04f50ab4f4c79f63f270c2d8249ebd3d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886308, "uuid": "b99c778a-f70c-4779-9a34-dc7bd572b42e", "comment": "Malware payload (NetWire)", "value": "597820936213ac60146291fa24c90e4f2539693a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886308, "uuid": "be998694-7bb7-4a09-bd41-d81623cd3e74", "comment": "Malware payload (NetWire)", "value": "1b5cff053f46d2b23f87ffbce8cd3db03c0afaa2c8d9e6d42ce7257ee0424b3718d5de41b57165225049510a6de45deb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886308, "uuid": "71253258-c5b5-4f76-a94a-e46887b34874", "value": "T14155BF52E39EC2F0DE165172BA7DF71A2F3F3C254530B956AFC52D3AAD21021112DAA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886308, "uuid": "b12d6bae-74d9-4683-b3d6-7f6f24b7e710", "value": "afcdf79be1557326c854b6e20cb900a7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886308, "uuid": "7ff6b89c-7c84-4c4b-bbc8-161365927329", "value": "24576:Ku6J33O0c+JY5UZ+XC0kGso6Fa720W4njUprvVcC1f2o5RRfgUWYb:8u0c++OCvkGs9Fa+rd1f26RaYb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646886308, "uuid": "a9b488a1-fabc-4458-b209-d597369ede30", "value": 1389184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646886308, "uuid": "ff24e070-5811-4113-85ed-323ab143516c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886308, "uuid": "1fda8dfa-7c7c-4f42-827b-7559dfcd7534", "value": "paneldecontrol.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0952991a-a073-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646917647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917647, "uuid": "38375b4b-265e-4c67-ab0a-aa62c91e22f4", "comment": "Malware payload", "value": "8aa476f7cf8be87e05d5a14875481e2e", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917647, "uuid": "2b0b9e7b-77a0-48b6-a1a9-dc684e5359c5", "comment": "Malware payload", "value": "d399d61449841a32c89d7b5896fef6aff3883669d08a5ee45bb2bdaa1caeae55", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917647, "uuid": "b4682909-915a-493d-8e30-53ef617ccb35", "comment": "Malware payload", "value": "37cdbba629fb3a4e90775ce84ce2d2bba70882cd", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917647, "uuid": "4046279d-1ca4-4f3a-9053-8677f45f17a5", "comment": "Malware payload", "value": "ee42d1106289aa03cf37a3d1481f0058c5ad15b326552f67f24c10ec0ad793ded10a40ba89a34e0b7efcc1ddc07240bf", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917647, "uuid": "9ec4bf06-1c2d-4a7f-b1b0-93332433f1b3", "value": "T1ADD533EE984F6EA7E7C8ECDE1C6C1174909CE3175A5E9A4578B0E097C93B2F66312007", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917647, "uuid": "41053853-0a18-4f5f-b890-0f23c4a96aa8", "value": "49152:HJ9XXTwvHK18t9A06U24x1GbC/E+7ZXFrUP09dUlBcqW2Sh3URCjteiXtzIxTcF:p9XXTwHn/7Gbn+tVrlqW2Sh3URStesSi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646917647, "uuid": "264d314e-e3c0-4888-ab54-08e9ad87c8d6", "value": 2768248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646917647, "uuid": "f2805967-b825-4289-9c70-da1c6684437e", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917647, "uuid": "342ff145-40db-4758-828e-873316511922", "value": "SecuriteInfo.com.Gen.Variant.Application.Linux.Miner.3.9884.25136", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c1b6957-a043-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646897036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897036, "uuid": "b4f69058-5e74-4277-a143-151c5ea79c0a", "comment": "Malware payload (AgentTesla)", "value": "6449d4265b9f6fa65177e1f9ccff6a10", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897036, "uuid": "93a21214-add2-465b-816b-292a69305b5a", "comment": "Malware payload (AgentTesla)", "value": "d435de2630e98516d3dc4622e72632a9585e4d3e97011ffe316d362fe24cbb2c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897036, "uuid": "8a89b94b-e5b0-4c90-bf8f-a9047dfa1867", "comment": "Malware payload (AgentTesla)", "value": "33f8705fdd4b7d04dbaf92d7dbf98f30d6c261c3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897036, "uuid": "e1cd078a-05d4-4b7f-9e35-aab1f432a799", "comment": "Malware payload (AgentTesla)", "value": "e8e581ace7f05f763b793a77ac105bdf42d62329d77744a6dee60f6b1daa88b9c14b36956e2b369882798290de5afa98", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897036, "uuid": "7f6de748-bfaa-4052-b47d-3f9489c926f8", "value": "T159C4231C12D8DBFD6CCE33A8E91726374610F8FD6E9B69987C0D2EB0E596F259E46004", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897036, "uuid": "273789ab-0680-4ed6-bf3b-1d00f27ffd70", "value": "12288:DyzCrDOkgW5lPj5F+lGbvp+AwiHbtglgjCEQYfAJfMlQL2znSH5kgw:8oDnPP+levhClWJIJf+5znjgw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646897036, "uuid": "9019cbf0-782e-419a-ad5a-bed216ca6ee7", "value": 561905, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646897036, "uuid": "cddbb5c9-e8e3-4d82-a327-1299a851b9c9", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897036, "uuid": "d632454c-1141-4200-836b-7dbc9b1786cc", "value": "BL 236125209.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da6ac95b-a05f-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646909408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909408, "uuid": "55f7b093-f306-49e0-be72-9423f597df4e", "comment": "Malware payload (Mirai)", "value": "718954055d3038be5821f96139af1f46", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909408, "uuid": "b37a9ab5-6d1b-4c48-91b8-8e7fa8ad6258", "comment": "Malware payload (Mirai)", "value": "d4f5b7936db68818f88db49a3ffd25d06f44bb6294fc6d1a1505fbf020959dc7", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909408, "uuid": "fb52d463-5ba5-403c-928e-fd34f258d74a", "comment": "Malware payload (Mirai)", "value": "dd39a98e0a7e400d9e967d3b3f71da0254eda736", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646909408, "uuid": "9f8c45f5-4c37-4acb-958b-65c758244dde", "comment": "Malware payload (Mirai)", "value": "907764a798c6c96e33eaa39d6683bf6fa6d7de49756149d316e7ba3f9609b418424e9ff6b9d05c8ab6bdf22b73a08d1e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909408, "uuid": "1eaa3dc9-be9e-4295-8452-be18fd509144", "value": "T1B2630881B881AA26C2D1537BFA5F008E371457D8E2DE33138E255FA4B78A91F0D67F49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909408, "uuid": "134f2fc6-b130-4adc-b5b8-b56f54def166", "value": "1536:sEoiW2H2sYdDtKpq9o9ShyMS6mz0QRM8fhWtg5GDse:sEoiPFjR0QRrpWg5E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646909408, "uuid": "6bc46853-98bf-4479-a0f0-a64e40a03898", "value": 72836, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646909408, "uuid": "e051dec2-d337-4031-9e8d-fee39ac9ad37", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646909408, "uuid": "ee6f9780-bdf0-4216-9163-20e8e2deef05", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0cc5e42-a034-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646890897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646890897, "uuid": "684c95f4-07c8-418b-9d61-6a7b8f16eebc", "comment": "Malware payload (Loki)", "value": "92d8de2da55803629eb7b1a092d8ee0f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646890897, "uuid": "e55bf235-58e6-48ed-a007-0422248ecf37", "comment": "Malware payload (Loki)", "value": "d75e5eb2f058829381b2ee6d0abdccdedda09a25b51ce575ecc728be29445ed9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646890897, "uuid": "f4438a69-05e0-4aad-993c-4bb589579a93", "comment": "Malware payload (Loki)", "value": "dccafd8588c9159dcb35784d5fa977b5ddc72fb9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646890897, "uuid": "fe5539de-8be1-49a5-840a-624064097fe2", "comment": "Malware payload (Loki)", "value": "a2ffc77a5132d238dcad796dc45da1150ad97390ae9e38661c1ba4a3e64b9a56cfa1cfb9b5cb3d42927b94974d8ff98d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646890897, "uuid": "52dc0f3f-c6c7-4685-877f-8594345aa0de", "value": "T166641284F8E68857E6A544345FB6B2DEE6F08205D33DDD2B8B74AE7F3CB58950218243", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646890897, "uuid": "15a9cf8c-ef8d-49cf-89a5-a520266545c9", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646890897, "uuid": "64c8366b-d8fe-484e-8f66-cebb26dc3da6", "value": "6144:rGi2IuOgrffe9Fh9VKk3doxP0V0TmROOrbRJ+/Qvq:puOMIfKcdoTisOrbvq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646890897, "uuid": "666e5dc5-52be-4655-9b01-bb94b706832b", "value": 307318, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646890897, "uuid": "1fe7956f-0c26-4bba-b9b9-d0a286e6cb52", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646890897, "uuid": "f88c433f-2bc5-43bf-82ee-f11bd6922562", "value": "SecuriteInfo.com.Trojan.Siggen17.22566.8800.21029", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5be3687d-a019-11ec-9275-42010a9c0029", "comment": "Malware payload (ZeuS)", "timestamp": 1646879131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879131, "uuid": "f56889d9-1afc-4bad-bb22-1d567e981151", "comment": "Malware payload (ZeuS)", "value": "a7627dc3fecbf2ea9f0f4fcab7d50664", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879131, "uuid": "d4f96d85-6b58-4ffc-8593-ba25f24acc3f", "comment": "Malware payload (ZeuS)", "value": "d903fe1ba67138993ca3f1f4d86321610b47a068ad9bbc6245ab1f8e79778034", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879131, "uuid": "86fdb441-93ad-4458-821a-1dc0775d8c51", "comment": "Malware payload (ZeuS)", "value": "1b16aea438e22010d8a81e06b14a08cc902b3bf0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879131, "uuid": "539d8124-8722-4336-84be-d6e04a7679a4", "comment": "Malware payload (ZeuS)", "value": "bd94aa51ee71ab764cd379c1a09fbed0c05688890b1147f4f5ecbd1e6673309df2cb2d1093459c377a2bfb678753c34c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879131, "uuid": "a44088ba-c6e0-47a2-87b8-6a3293cf9f14", "value": "T12BF423157D2207FFFC78873A2669AF3916E0EA9060EC9D9B93C304D70E75E58529348E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879131, "uuid": "ad6d0067-160a-439d-9d74-23fe81eb808a", "value": "0c1e0b4890cc87424a0fd0132621e9be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879131, "uuid": "5a1e5892-5713-4824-8210-76c7aba12546", "value": "12288:fUD8h+ScWpenqX0tnEOZpzu4WV9/lyk140AAwDGQXpbOuE9RhY8Ql64Eu2dv6H:fUD8hMWjCS4Wr/bwrpbhERFS64kvC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646879131, "uuid": "9f5a2ca1-7a92-4758-a0fb-b5d31b44ec70", "value": 793088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646879131, "uuid": "4e15707e-466b-4783-8f96-119484684cb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879131, "uuid": "ff4a31e7-6500-44bd-b291-e55ce76d10a2", "value": "a7627dc3fecbf2ea9f0f4fcab7d50664.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23ddc601-a03c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646894070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894070, "uuid": "f65cc850-81cd-4a72-8c70-aa84109163fa", "comment": "Malware payload (Mirai)", "value": "7e1ed51d5e95a09ba9fd3c9b7a0a7460", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894070, "uuid": "5bd95d1b-9495-4cd4-ae3b-23b75f811855", "comment": "Malware payload (Mirai)", "value": "d90ac411304ecb3e2181bf29bac35c671d83917305b174b74960e4ed5375cb81", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894070, "uuid": "a2763998-48a4-4c7c-8fd6-3181cbf313d1", "comment": "Malware payload (Mirai)", "value": "5edbbf9c965225bc0115ab0592f760d0dbf5cf3e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894070, "uuid": "a88438d0-1f86-40a3-88e7-5f00118d2414", "comment": "Malware payload (Mirai)", "value": "559b0e54580901ff938dcc35853626151209f4fa7588cab79bb44ad9244acc1803306a528a8c2f553a69ff6f252f76fa", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894070, "uuid": "7d9325bc-ac5f-4b9a-98e2-d7680771dd08", "value": "T101D35B06FB418F13C4D617BAF9AF424933229B94E3EB730659285FB43F8665E0E63905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894070, "uuid": "d3166e8a-3a38-42b7-90f8-2c65240b70a1", "value": "3072:TDvifpXS+5mdlVvfqEJ7/itr6xQds/HQq5QEbOmyM/9Ybfrr:TDvifpXS+5mdf3Rap6xQds/wqXbO3M/S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646894070, "uuid": "01b4e139-c88f-4290-add5-4ea7dc109d68", "value": 134572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646894070, "uuid": "f152c1b6-aa98-4fda-8584-129303bebe72", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894070, "uuid": "0e422faa-6b40-42c3-b43c-5ffa24c00bff", "value": "7e1ed51d5e95a09ba9fd3c9b7a0a7460", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "241f02b9-a019-11ec-9275-42010a9c0029", "comment": "Malware payload (ZeuS)", "timestamp": 1646879038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879038, "uuid": "aa8ff915-0920-4938-9023-9382b013cec7", "comment": "Malware payload (ZeuS)", "value": "558519842397cd667aa032b992192d9c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879038, "uuid": "8b7f993f-e523-4ce7-83a6-4e144eb05670", "comment": "Malware payload (ZeuS)", "value": "d91dd9570b91f6846291a727b5ac816e627b11cd9772a40b8dd66ba06503a585", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879038, "uuid": "01e67176-949a-4c4a-b618-a6e9c7667594", "comment": "Malware payload (ZeuS)", "value": "7f7689b1c8b9e26c65ad6a81e65188bc31c3642e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879038, "uuid": "ecd49a74-a307-415b-832c-17d0cecc1a14", "comment": "Malware payload (ZeuS)", "value": "937ed8d3d63a14ae941395b08444cbcd704e76662f8a052adb525fae0f58da28404adde72a8ffc795702255e2bba5848", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879038, "uuid": "16771ee8-18e7-4e6f-8462-7b3864359008", "value": "T12C1523C339E95C9BE142A9369834EE014687F991143A06762BF7A9404FDFD43A13BDE3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879038, "uuid": "b7321ee1-c2cb-49ff-a4c7-dc3155ef6d83", "value": "537d3eb6362f5abe548a0c15cc2f401b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879038, "uuid": "8e45fbc7-cd97-4fff-ae02-1f07b25f6ce9", "value": "24576:4OTRCvFtM5unKR26qG2VXBHWTB1y7w2rGd5Z+MJh:4OUta5unKJqGzl13tvZ+Mz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646879038, "uuid": "bc41053a-7928-4888-ab53-d27a2b456b73", "value": 941056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646879038, "uuid": "e452442d-effe-41ca-a17b-af24508a4cd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879038, "uuid": "0bbaecb2-d0ac-48c1-be10-0ea5ab0ea22a", "value": "558519842397cd667aa032b992192d9c.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cf47e27-a019-11ec-9275-42010a9c0029", "comment": "Malware payload (ZeuS)", "timestamp": 1646879079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879079, "uuid": "c0bfac93-915d-4838-952b-915ab7754708", "comment": "Malware payload (ZeuS)", "value": "79d9868a2769e6174f34bfa692949f4f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879079, "uuid": "5dc29f7c-9199-428e-bb13-781c5092d6bf", "comment": "Malware payload (ZeuS)", "value": "d9b129c1eb6c4e4aba085a039b13d7e895938c04e2ca8e6d4afe3f8317faa96d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879079, "uuid": "0495e5a3-167c-43a9-8f2d-aa5a3dd95f4c", "comment": "Malware payload (ZeuS)", "value": "61dbc7e9c3df2657a50e833506b546314724532d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646879079, "uuid": "9f95a286-43b3-4384-8816-cbcd78ec8572", "comment": "Malware payload (ZeuS)", "value": "7a0fcb244864da42aa77c57b62282e2a60cd827cc62c6d3b2688545dab91ceafd77881ee4377bb54d9429b6c6b14af26", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "prg", "colour": "#337559", "exportable": true, "hide_tag": false }, { "name": "ZeuS", "colour": "#3A348E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879079, "uuid": "bec22fb1-4c42-4a98-8d55-c6e60632dc93", "value": "T15C8412C333EE1AEBF1B246719920A91543E6F82404770CBAA1F40AC98FD5D55B14B6FB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879079, "uuid": "64f9b7e9-787a-44c3-a4de-87979a7e6e71", "value": "368db323dcfc70861e0aa3f7ea0217f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879079, "uuid": "7cc0fd73-023f-4422-a35f-b875060379ce", "value": "6144:6BmG9HJbeXswbKPdMM05hPtyPdVptNPpFalqqbhIKE4m3vsI/4zeQQD5W9:6zJbeXlGdd05h0ltZpFGbh4N3vsI/chj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646879079, "uuid": "8f88f6e4-3d0f-402b-b0dd-c594e58d69ad", "value": 387232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646879079, "uuid": "a0962504-86ee-4ceb-a1db-57598cd4d00e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646879079, "uuid": "3abd204a-ffce-4ce6-9b78-267f43c672de", "value": "79d9868a2769e6174f34bfa692949f4f.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87e336fe-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903686, "uuid": "1d048c51-f480-4473-86f3-8cd503ab0019", "comment": "Malware payload (SnakeKeylogger)", "value": "1657c3f68a44312e7a54dca79c27aef0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903686, "uuid": "d42bcb98-0c48-41b1-8e8e-85db89eba061", "comment": "Malware payload (SnakeKeylogger)", "value": "d9c3080d262ce878565455b1d34ab1ed0c45e470cb6651de7e168150807c7d1c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903686, "uuid": "ca9e4113-a0f8-43cf-a4d5-3f3cc80f8be9", "comment": "Malware payload (SnakeKeylogger)", "value": "daefa85b43940965c2c4e700a21572a9af9a8f5c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903686, "uuid": "7498366f-c1ac-4727-8d77-99aceded5ab9", "comment": "Malware payload (SnakeKeylogger)", "value": "1f576a1d567d5452f0491292e34d2c9084830bcc3ff7b5aa1ebea11e502993c29dd0592cc7fae9bced8c6669f238113c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903686, "uuid": "ecea83e9-0045-49a9-8ccd-e02ff4269026", "value": "T10A84128578C2691BC5D432F43A7062AFA7396CD94225C147AFB43F397972293CDC90AE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903686, "uuid": "414c0a8b-93d1-4538-9805-efc61a4cf41b", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903686, "uuid": "8c8a2942-0225-4176-a388-50ed81044d57", "value": "12288:vRrcAdxWlUtKm6CyhHFYd8QajDeBkW8+e:vaWxQm6CcHFQ8QajyBkW8t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903686, "uuid": "b5ab49eb-0330-49a5-aa89-04c8ccb8e19b", "value": 403539, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903686, "uuid": "056a2f9a-6c26-49d6-8bef-a97ac10aa4ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903686, "uuid": "ad19743d-3fff-45bf-b569-8182a7390bcc", "value": "89000987.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4358ef29-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646905289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905289, "uuid": "b325ead2-3c0c-4c86-8eab-cca12a1aeb93", "comment": "Malware payload (Formbook)", "value": "4faec043133b55c58dc11f4de6be3464", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905289, "uuid": "41afbed9-7ae3-47f0-a183-c8797b5511b1", "comment": "Malware payload (Formbook)", "value": "da827e5a98fd961581d03d379ecb28caad74938909950278a824b56ff4c5c5ad", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905289, "uuid": "c80c9f0b-2fc3-44f1-8f7c-b939c6fc833e", "comment": "Malware payload (Formbook)", "value": "3342bcabbd3cced9230c807618f85344e7ba5df6", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905289, "uuid": "dd753638-a383-4537-9336-b623e2317b91", "comment": "Malware payload (Formbook)", "value": "b6333e55ac01e5c02b91bf2cb317f882a260fce022793450038fc4a823731fe27c90f86fc054b1371a9fb8bd6863a13c", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905289, "uuid": "4e5412dd-9650-49b8-af13-46f2987a7ce2", "value": "T134140235B385B226DC508770167B98AB2633DC497E626A93639435F8EF34B3326570F2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905289, "uuid": "a1729611-7acc-407f-89a9-9d7ea567afad", "value": "3072:vIJVLlPnaqM/GJbKXHMgqzqHDVaTwSLt0ZNYGxLyVnNrRtjfZnhBITwUCyyb4Sy:QtQsFzWDA8Sy3YGxLCVtTpUGtb4Sy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905289, "uuid": "2d652b98-c7d6-42f7-b3d4-72190b116467", "value": 190760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905289, "uuid": "e5a604eb-88a2-43fe-a1c5-87132b4f6e3c", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905289, "uuid": "e9521d4c-009f-4329-ab61-9d6e41776656", "value": "Payment Swift Advice USD 85,000.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5af18c12-a0ae-11ec-9275-42010a9c0029", "comment": "Malware payload (DCRat)", "timestamp": 1646943125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943125, "uuid": "fdc6f6e2-93b5-49ee-b544-333e0ba87f62", "comment": "Malware payload (DCRat)", "value": "9dc243113052bcdd6add2f3ee2535b7b", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943125, "uuid": "4191c5a1-a359-474b-8081-21953516d9ba", "comment": "Malware payload (DCRat)", "value": "dab47d33a292ab6b5b8aa525857160906629f9fd1b8dc1e3a37f62247d7ce8e0", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943125, "uuid": "374a7981-1ac0-473b-a3de-f68eb38d2d4f", "comment": "Malware payload (DCRat)", "value": "8ed4fc1f0cc794771796b6dd569bbcec60f7e434", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646943125, "uuid": "db3506e9-e310-4787-82c7-e821e947ce69", "comment": "Malware payload (DCRat)", "value": "ed3486ab62f514f9b9ae4a3543085a6a0fc73b23953cc2c0e4d4db67a1037909a185880341164f6595a191319d2ffc1c", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943125, "uuid": "0a225a58-52bd-4216-be07-7707ab2195c9", "value": "T164A53344943EB97DFAB90E37D2C93FB7049F2942A06327EB176DDB6B3886444C665E00", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943125, "uuid": "df9275c7-4c0c-484f-aa75-8db1080c0404", "value": "2e5467cba76f44a088d39f78c5e807b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943125, "uuid": "52a57e24-7f9a-4cf0-bb9a-e45014dfb11f", "value": "49152:vsGYwZKxupDKTk3y1lu9o5LMgNzvBG5f+5T3H7ir3hb6UBE:jkmZCI9GLNzZGWh3GV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646943125, "uuid": "b1d16d4a-d21d-4314-a3c5-6847a7a43246", "value": 2097664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646943125, "uuid": "07745947-0475-4073-9034-630d44702a2d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646943125, "uuid": "c4d9ad91-7bdf-4915-aa47-ee0e00595faf", "value": "dab47d33a292ab6b5b8aa525857160906629f9fd1b8dc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6b8b8e2-a08e-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646929588, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929588, "uuid": "5998be42-f89a-467b-9a2f-60f19cee0dd1", "comment": "Malware payload (RedLineStealer)", "value": "637d210df73ff5f59bb2453e0f29fd7d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929588, "uuid": "fb0283b8-880c-4128-8fb6-9296fcc84724", "comment": "Malware payload (RedLineStealer)", "value": "dcc4e87f39108014864f82b22a34773dd6d7c9b0da4a32f6682e63b5d16e8066", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929588, "uuid": "64b55b50-c198-4cb7-8a04-b4747177fc2c", "comment": "Malware payload (RedLineStealer)", "value": "08b0b68987f4b73344b285e9feffef9ceeafa2f1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646929588, "uuid": "090018f8-819e-45f6-85da-3383918a98f0", "comment": "Malware payload (RedLineStealer)", "value": "47ff7df2ea951be6c12987083994ad9b69e3b9cd960bdee406969b532607384cced376fe97763f7a96ff3d6eed1211f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929588, "uuid": "3d61d6e7-323f-4cd3-a49f-f5d75b03cfb0", "value": "T195C423D65740B4D4C78E57FC2A517FED9A1A673ADBAC514AD06643021ED0883F83C2BD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929588, "uuid": "b46b583b-4154-4ac7-a407-33aa1ed4f728", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929588, "uuid": "96416372-539c-4b98-bcfe-75544cf5d9ca", "value": "12288:1k4leSOXIJYw8+5WNZ0iyQS03ULaHNqrxlKIQNokg+aVsidnGuP:CAXOXk8+ADykEaHNYK3jHEnX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646929588, "uuid": "926e1b78-057c-4e35-8b4f-f620132f23c5", "value": 570368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646929588, "uuid": "3a2def0a-b8c3-4628-a1eb-6213f534bd8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646929588, "uuid": "f394fa0e-ff84-44e1-8022-3c052c8a7f70", "value": "637d210df73ff5f59bb2453e0f29fd7d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6214795f-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646905341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905341, "uuid": "68f59860-39aa-45e4-8f74-86c943e6e18f", "comment": "Malware payload (Formbook)", "value": "b7a2d126e4daf8626851e15e7e5413aa", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905341, "uuid": "2247a378-cd93-4659-90c9-0e804e63981d", "comment": "Malware payload (Formbook)", "value": "dcd9dac790e7690944b79d2341fb3ae0d6798d1129a2f02e045ff2d5dd1f37ca", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905341, "uuid": "0a7ea890-dcec-43f5-94f5-308595aeb487", "comment": "Malware payload (Formbook)", "value": "f6c2a6f0fe1674bb3b3f4fe58fa4d1804fc72446", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905341, "uuid": "e8cfea09-59fe-49b6-83be-2a9ea673220a", "comment": "Malware payload (Formbook)", "value": "faa0a3091fd231939022f7d7b439359ac999c2c16917198e7a5c7d03133715d1c40bef355897970a01b67ad046e23cca", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905341, "uuid": "66c029ac-08ff-42ad-b6fe-e649cb302889", "value": "T1D714028C37D51AC9EBD01438DA59B8F0C17A7D9667E99373E079327C02FCA19A0398D2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905341, "uuid": "b9d6fd89-1113-4905-b697-a9df5754e030", "value": "3072:TcpurCbkAnH26tUP3+VPStkA4KUW7WZH0N/p7KVuR6s8K1pfyMFqcuCnBh/W:Urb7HHHqvpN6sRGVuR6s8O9/qcxv+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905341, "uuid": "24cdbf61-e634-4398-9a38-bea399349f12", "value": 191240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905341, "uuid": "1b77af81-1112-42cc-b180-e1feb976461e", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905341, "uuid": "ca6c0027-a245-4d04-9e15-b02e91916ef8", "value": "INVOICE HP1652304340032004.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "289108b1-a0cd-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646956355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646956355, "uuid": "b51e99ad-530e-4d11-81ae-bb30e6471f04", "comment": "Malware payload", "value": "a4e30b7c7f05dd40caebc47c95971080", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646956355, "uuid": "1935d7b2-1c8d-4fde-b7f8-423c032a1163", "comment": "Malware payload", "value": "dcf51fb55020930d3b0349f43e0f53099c3329bb181387419f8fa28040cee35a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646956355, "uuid": "39906949-e976-45c2-a2c1-b82cebbacd1f", "comment": "Malware payload", "value": "22315c601c5b0a97cc921e2fb70f5521750ca4d7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646956355, "uuid": "8f6daafe-e3a8-4181-b31f-5529e1e6fcd1", "comment": "Malware payload", "value": "babaff7672bddaa5ab1ac4f27772135b936d6931261a0325422f5f6393d2f9f6f23d2029e61040c62fc581a33811a40b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646956355, "uuid": "e80e9a5b-8360-45c3-ba71-80c0ed91d546", "value": "T10594BE10BA90C035E5F326F855BA936CBA3E7EA19B3454CB52D46BEE56346D0EC3130B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646956355, "uuid": "8bc170c7-fa42-47f4-9030-22d49df8fd37", "value": "79308deed746567d711b667ee2d6efa1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646956355, "uuid": "1c49c863-6360-4a08-9d91-30f90432495f", "value": "6144:Fn7vye1hX9DYGBjgQhR7cG+sgkokddTZ1aHbP1/k4Wy/adMgDRy+DoK:F7hTXFPBjgQhUsNPdv1KVPR/anNf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646956355, "uuid": "45de5802-56e9-4008-ab27-1c72d9d9820d", "value": 426013, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646956355, "uuid": "dfdb16b4-758e-404a-bc49-32b64e1df37c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646956355, "uuid": "31527916-af53-4f02-aac8-32217c82ae8a", "value": "a4e30b7c7f05dd40caebc47c95971080", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75cf4abc-a02b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646886906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886906, "uuid": "ccf5d2c2-5ed7-40db-857b-e08501309762", "comment": "Malware payload", "value": "ad15e7e720fde50c4e11312fea958725", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886906, "uuid": "22580c25-9277-4b0f-a6f5-53829a6b67b9", "comment": "Malware payload", "value": "dd528233258972f056b84108ddf23e7f069a5b41ed53945b7792925782123d52", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886906, "uuid": "98e74ec6-ad88-45f0-a622-88f6172051c3", "comment": "Malware payload", "value": "8bbf600746387b583626f754d69d64739dada050", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646886906, "uuid": "7be6f82f-ecc9-4c3d-81b5-5d4c4718034f", "comment": "Malware payload", "value": "003fa8691e7c7678510f23bd14b468719acd35473927152a40029b44b4839a045ab80ab4b3b2d0340e481750bd0db9b3", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886906, "uuid": "ed3051b0-18ae-4797-8daa-9e2c2c249865", "value": "T12DF2D606EF854EABCC6FDE3342AD075231CC958712B4372A2178D93CF65A5478AE3C98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886906, "uuid": "72ecbf0b-7bb3-4ca7-9792-fe293fe3e314", "value": "768:UujH8mKEHwpoYFejXiGWKe7AGVde3eIjG6XzINT8:5HqLkFLOVduXjGcl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646886906, "uuid": "5545df5a-e8c4-4029-aac8-62041430a46a", "value": 35084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646886906, "uuid": "145d70ab-d805-45b9-9157-330f3f8080c4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646886906, "uuid": "0877edd2-4e66-4b6c-864d-0cd08839aa55", "value": "SecuriteInfo.com.ELF.Mirai-BRYTrj.12903.4317", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf119060-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646920127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920127, "uuid": "70cb935e-06aa-4922-a9cf-28eec55f7d80", "comment": "Malware payload (AgentTesla)", "value": "dded38e17616e56cd7be75c5473323fd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920127, "uuid": "b2006b80-9400-469c-a694-98be27c877c2", "comment": "Malware payload (AgentTesla)", "value": "dde3e7b720d4412f6b7ae708044a827a16f395e8ab1770ad3f736d703d625905", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920127, "uuid": "85dd984e-0434-43a1-9ec1-66b97c7e9f9b", "comment": "Malware payload (AgentTesla)", "value": "76d1e727301c5f7b5ef4a7f0cc9bafab9b77f60b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920127, "uuid": "3261efa9-3a3c-497f-b14d-6359dbe39cbf", "comment": "Malware payload (AgentTesla)", "value": "70c98599a96b311dcb79e79a718a5c072af4eaa48fda5be09d42da47f3d4796c5c1e9ad38f2518263c24f50fd9913fd7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920127, "uuid": "4d799ccd-ad41-47c6-9cb3-75e73e1727fc", "value": "T1EE15BEE0EF5C837EEC14723EC0A858701EF56A9D3811BF1A968D01DD096BACF49E652D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920127, "uuid": "c49adb85-58ad-4cd3-963d-ebad80890d3d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920127, "uuid": "a4347814-1440-4bef-8d8f-9b968daae3a8", "value": "24576:HNxLLnsWqMES/+a/R6B5ZiP2KJ9zWru8g:rLnFf/+a56B54P2y9zWru", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920127, "uuid": "5574c0cb-4dfa-47a5-b538-0647a15e9bc2", "value": 877568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920127, "uuid": "b6789e14-3370-4228-9ee8-3dc215f84db7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920127, "uuid": "8be75de6-d85f-4923-af94-861d6892bc5d", "value": "AWB5032675620_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "423b6940-a070-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646916454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916454, "uuid": "4e17f863-b1fe-4d3a-8db4-ce26a5df5d4a", "comment": "Malware payload (Heodo)", "value": "b7c729786feb1b3031333338d7e63bbb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916454, "uuid": "3c6a9dd1-dffa-409a-a580-c0a07873a431", "comment": "Malware payload (Heodo)", "value": "de6eaa1527bcb04cc631bc94a2b5171e4f1c1d302adea0df86fc475ac14ff368", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916454, "uuid": "5e930aac-f94c-4e7b-8317-16422be6a8ae", "comment": "Malware payload (Heodo)", "value": "e4cdbeceb7c670499ba669193257a525924f187d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646916454, "uuid": "841a5147-9114-4e30-aca5-e0913e2febcc", "comment": "Malware payload (Heodo)", "value": "358bbd44dcdb026dabfde3fdfa867215430414685e24f4c43ba17aac7631ac45b1419caf3f9bfede377907719157a09f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916454, "uuid": "c0e6445f-c925-4242-8394-3bbcba04b607", "value": "T1C9D46B2271DE4073CC9A107C0911E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916454, "uuid": "704e8276-bd19-4d0b-bc66-450a6a261f64", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916454, "uuid": "394d87f2-e2bf-4b82-9009-9c3a6bed4c53", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArA7:WRO5DDUmhnspspsqi022/OByw+iVifMC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646916454, "uuid": "4409083d-ffd9-444d-99ee-2de32129c1bf", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646916454, "uuid": "246dec52-271a-4aee-bda1-0e5f9b8dec1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646916454, "uuid": "f15b2b4c-eaed-4cdf-9c62-2975c92c213f", "value": "b7c729786feb1b3031333338d7e63bbb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6b44c9e-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1646920113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920113, "uuid": "8ae6168c-ea11-46df-9ffb-4e4fd76742e9", "comment": "Malware payload (AveMariaRAT)", "value": "24e994208a7cc0e3757fd7a92751024e", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920113, "uuid": "c717427b-29fa-4843-acea-905e3e8be63f", "comment": "Malware payload (AveMariaRAT)", "value": "de90a8abb29cc8bc78ec1fd5e909e0f2c015b9e904c8589203ff35c900b1c0fe", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920113, "uuid": "b0c6808e-c390-4cfb-a1cb-a77f6afd20e2", "comment": "Malware payload (AveMariaRAT)", "value": "dba9eaa1d7d261057279aa874c24eba185062060", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920113, "uuid": "cdf45ae1-e212-492b-bd46-ab2a9bd4c2d6", "comment": "Malware payload (AveMariaRAT)", "value": "68d771debe51ec1d489d7cc4153f63e8de065a68ed3b94e5920516db45ec5d23826a36e22059fc416aee35c2d72d0f35", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920113, "uuid": "55b7f654-73ab-41d3-bd3e-25877f4b3014", "value": "T15515CEE1FE0C877EDD10323AC0E904701EF51A8E3822BF5AAA8D51DD4957ADF499B42D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920113, "uuid": "40caf27c-689c-4cb6-905d-21c60963444f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920113, "uuid": "0ce447f8-3050-4a2c-8976-0bb19da77da0", "value": "12288:ox+NgaonXnTbkrnMWWplf5rNChnYBkyOZKAjCJnQj31P6wqxnAR2gWHoaudXs/:oxyg3XTdWSlf5r8CKoZe1nwAVeoj4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920113, "uuid": "9e4570e9-4289-4a19-895a-a6d5e33bccbe", "value": 937472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920113, "uuid": "474f557b-cc31-40f8-b959-7276bf5c037e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920113, "uuid": "65426955-5fbb-445e-a475-43c4d1b72a87", "value": "0000000508.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f26af0c6-a05c-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908160, "uuid": "7e427d2a-abc0-439a-965b-b435b958c8ea", "comment": "Malware payload (Heodo)", "value": "be40ee9a592c0b6e584e7ee06a1de27d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908160, "uuid": "42265ee5-087a-4d1e-90fd-83a6ba833adb", "comment": "Malware payload (Heodo)", "value": "df418f4df9422a48f0389c722cb1049aa3112d8ff831baf28ed1739ec8fcf0a9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908160, "uuid": "939ac048-3eea-440c-91e8-9a8c17414346", "comment": "Malware payload (Heodo)", "value": "71df53a78d8762554568ce8676d87872905d7c90", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908160, "uuid": "9fbbd7d3-8765-4533-aff5-64c20436242c", "comment": "Malware payload (Heodo)", "value": "55cf82470ba6bc40a82d0f075a50663258e0f0e23edcd43da566063777e9757d2f8935b719002c959fc7a16b96d802f4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908160, "uuid": "f02e811f-8002-4ea0-93f0-15bf82558031", "value": "T12CD46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908160, "uuid": "6306bd4b-3d87-486b-ac85-d57f61e83f50", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908160, "uuid": "e393e058-03d5-4eab-95a2-19b21ea45833", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAw:WRO5DDUmhnspspsqi022/OByw+iVifMl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908160, "uuid": "069ce53f-342e-46f1-b6f9-15d4e49bd2da", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908160, "uuid": "ada5dd23-628d-491a-b78d-2dd7b4c26486", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908160, "uuid": "6dd56563-9296-417c-a42b-5dea9e0df743", "value": "be40ee9a592c0b6e584e7ee06a1de27d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f13e3db1-a073-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1646918037, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646918037, "uuid": "bb5050ab-fd41-484d-88e7-c56085cb606f", "comment": "Malware payload (Quakbot)", "value": "b6d8eb4c271bb6c863c5b36443172f62", "object_relation": "md5", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646918037, "uuid": "344574cc-8b5d-47d8-9df3-b9107fd5c47b", "comment": "Malware payload (Quakbot)", "value": "e054fab1e717839ed19500cc6b05c613528b3313829ccadc92c00dfa3f040ade", "object_relation": "sha256", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646918037, "uuid": "a622a51e-2642-4706-9d07-bba5f7b5520e", "comment": "Malware payload (Quakbot)", "value": "e5cbfc1959df1beb592cc47a7c834b55f090688f", "object_relation": "sha1", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646918037, "uuid": "fdf8ca24-ba0e-42d7-9f7b-7d689ab38656", "comment": "Malware payload (Quakbot)", "value": "5b836cac0121ed618ddc7379a54e72568b0dbbcc994dc3c2fd5d605ec5b1e371af01e301f58ee172d5479ed708423d43", "object_relation": "sha3-384", "Tag": [ { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646918037, "uuid": "5fdf7e5d-be8b-4f96-b895-ae71a880adfb", "value": "T13A34E016162451B1C2EDB978720B0DC192EF707EE906F9254B5207FA7F013FA8D6D2AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646918037, "uuid": "767646c6-647a-4e9a-8d43-4fa6440ad039", "value": "3072:CmpvZ+51+mCVdcmF/9OZNCsRCbOI59VzmWBgXEnkZtPaq4LwTGPCXViq:vpvY1MzcmfO4bOe5d/OIwTHp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646918037, "uuid": "dc6a610d-b6c4-4bda-acb4-530ac9e712a3", "value": 242873, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646918037, "uuid": "f019c55b-0067-435d-b312-edbb275d479f", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646918037, "uuid": "766a8ab1-636b-4a98-ba7d-c27d258a1fc2", "value": "uiqaeuiaqt.xlsb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "972e0313-a0ac-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646942367, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942367, "uuid": "ea098393-d982-46c0-93cb-fd8a83936758", "comment": "Malware payload (Heodo)", "value": "988fc043fb24d5322ec5851f77b8584a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942367, "uuid": "c2b48dde-e952-4b7a-8de2-35d66e73f86a", "comment": "Malware payload (Heodo)", "value": "e10f4b11e3b0d5feda48ed9627179eb42500f5f3613845c640be7aa135ab66ef", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942367, "uuid": "3e6554ec-8d55-4384-9f36-ffdb1ac2004c", "comment": "Malware payload (Heodo)", "value": "117d21cc2340f6bc8cfdc0905246b8f2a3b19757", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646942367, "uuid": "dda52efd-b91a-4aea-898d-f6c88e440a07", "comment": "Malware payload (Heodo)", "value": "73f5a0906b6275eacced10c340e00618c6c29931fac30ea151241ee4afc55ff032ff5545456a4e19c2cfe8c6ade6db62", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942367, "uuid": "3e631406-d47e-4418-86ac-da48638036b1", "value": "T18B94DF007AC6C433E1AA063949A7879467FDBD52ABF5C74FAF807E4D5E314828A35362", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942367, "uuid": "fc53e34e-d6a6-424c-9b8e-2ee0e0db2d0b", "value": "60acb5dbeebc778b5879492b3afca208", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942367, "uuid": "5440fa0c-c437-488f-8868-20105fbcb80d", "value": "6144:aH0RW81UplEIb6hRAOf6DXyhCra8MCtS08OB8xS4GE/mFCo3QkgqbqAT:tFpMOfeihCra5uiS4zCCo3QkvqA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646942367, "uuid": "b181d04d-ba31-4908-bb90-0a32a5bde0b2", "value": 421888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646942367, "uuid": "e7b6d67b-97e0-41c2-81c3-9b43fc3b3ccc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646942367, "uuid": "32a3757a-fd5e-4ed6-89d7-3dfb4a05b826", "value": "MFCCALC.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be4c5ba4-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1646907214, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907214, "uuid": "ebff2876-0225-4113-a039-e8efc9d249c3", "comment": "Malware payload (RemcosRAT)", "value": "8c6bd375e09fed816cc4e495a955c3c6", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907214, "uuid": "98767225-2320-44c3-a9a3-1a18e900e657", "comment": "Malware payload (RemcosRAT)", "value": "e12fdcfde01952915157328b7afec8830f172814db0ce8d8658d427088b728d0", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907214, "uuid": "d21d5697-5c61-41b4-95fd-4e8917901dc7", "comment": "Malware payload (RemcosRAT)", "value": "440df904aaa0be5be4077f9210f373150045529c", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907214, "uuid": "a1c9a5bb-4b74-4158-b655-9957e7ff18b5", "comment": "Malware payload (RemcosRAT)", "value": "4741b153fda7e8f2a53e97b4156755e2973beb755f825897237d854adc6078a60692cfc1522527da295d40e0b8c6d549", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907214, "uuid": "5be88587-6eeb-4b5e-9af5-12cfe1340f8d", "value": "T10941FC4A79AB796852323EB2AC0F485DE6755393E138C2537A0CC3D9CF3659CEB8080D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907214, "uuid": "701a7168-585a-4f2e-96c0-4cf560eeee2a", "value": "48:TqSmKAA9V2764d7lSeOo/e/gxyCuL06PIQ+hGfg0BdO:Tpr9q648o/e/gxyDLXEhYgr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907214, "uuid": "c38f5c1c-da63-4967-9b15-0cf073462be2", "value": 2275, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907214, "uuid": "7b5b99b7-ad04-4834-9848-7b0ffc8466e5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907214, "uuid": "d2f3e3db-2069-42c7-a052-df3b8255c5de", "value": "NEW ORDER 3102022.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7de41cc6-a051-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646903240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903240, "uuid": "913118be-14dd-4a1c-a602-db6587644954", "comment": "Malware payload (Formbook)", "value": "d6024dba029f9314995aa2822e008ca5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903240, "uuid": "30479876-a87d-4982-9101-a500c0a5947b", "comment": "Malware payload (Formbook)", "value": "e1754d3bb2df3b1c3c8b6448afd0e7e03b65e4d4a9fa331df40acc0acc38a408", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903240, "uuid": "792d8a9d-e511-45e9-a044-ab6cea9fcd09", "comment": "Malware payload (Formbook)", "value": "674e7f33e1218ab7d4bd097d64e4581097b00923", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903240, "uuid": "da155e6c-f0a3-4354-8554-1c83a6a74bd1", "comment": "Malware payload (Formbook)", "value": "1cc5b8ae0a5423dacf21bbbc9874aa1b1eec0a0c7d60a1448861a42a42411571f71afa17fe7d61491762295da3b71879", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903240, "uuid": "009a0d0f-23ad-4148-9cec-ee7480fd6bf2", "value": "T15D05BEE0AF1887BEEC15723AC4E848700EF61A8D3411BF5E968D11DD0967ECF49E652E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903240, "uuid": "2719fbe7-9b72-4dfd-9c82-e0e7c01d5bd8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903240, "uuid": "9a4bc214-c626-4e81-843a-6e6dbc4b9893", "value": "12288:CNx+h45U8lBal4aW/J4yW0LKXXZgH6BqOn7QEXQUOdwx3MOoLfMnjvnE:CNxWeQyJC0aXaqq3UavzA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903240, "uuid": "05301417-150b-475f-b7ae-3f7b3a0ac16a", "value": 829952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903240, "uuid": "2eec271f-2ca1-4724-bc18-5198b6fd9163", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903240, "uuid": "3ea27b45-d305-4f9c-8f57-417cee2c2663", "value": "0098767IJYTU0987.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c2521b5-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1646903694, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903694, "uuid": "0f42e5d1-e324-4c59-afd8-f7d1395fc59d", "comment": "Malware payload (SnakeKeylogger)", "value": "148ad779d0917b552a4ece34c1a8b055", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903694, "uuid": "f3e12951-b809-4f09-b97e-a5922a9576c0", "comment": "Malware payload (SnakeKeylogger)", "value": "e194196280d540edacd1b1f9f4777b1fa6c81b0b1daa54535fcb249c3a7f26f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903694, "uuid": "2d9a2481-b867-4589-ba7c-9dd566feb2d0", "comment": "Malware payload (SnakeKeylogger)", "value": "8a2142db4131fff7e7651fdcd1bc234dc9899d1e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903694, "uuid": "66e63d6e-3c7c-48ec-b5d1-11837eba97e7", "comment": "Malware payload (SnakeKeylogger)", "value": "6c82f0fbafc8fed99877b61ff7074b4c00b8c0ddef483c1c2dafe1e6b1b191118c4b6fe8a1203249db43c120d87a63e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903694, "uuid": "590da1fb-cbf0-4514-ab79-f242666dfaa3", "value": "T1F10512877341CAABCCBC08B2143F9570A5F56DAC81E161CE32967B7E19F1B23061E71A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903694, "uuid": "18fd3dc3-a8ae-4653-9e3c-d2038d41b72f", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903694, "uuid": "71c54fc2-dcb3-4f79-9a28-b9a8cc1bb709", "value": "12288:uAoFgF+AvJ3ByYrPkx2VJNeMT6h4FnfHyhtnSBUtEMYxhFB8NJVvtW6Rc5tNv/Q+:uX0+SZNpVJN9T64Ff4JSBUt6F8T0FYz6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903694, "uuid": "a9af7e1d-76bf-48c2-8db2-21aa6a202b9f", "value": 835961, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903694, "uuid": "f133c52d-9434-4acb-aa07-5691dee22347", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903694, "uuid": "0d93816a-c679-4448-859e-1ba4db614841", "value": "SKP8656789009800-65.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "284915a6-a029-11ec-9275-42010a9c0029", "comment": "Malware payload (DCRat)", "timestamp": 1646885917, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885917, "uuid": "d256dea8-3dbf-4a17-8427-74053a4f466d", "comment": "Malware payload (DCRat)", "value": "8e59de3d3874580e14bf9e57602f4b47", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885917, "uuid": "f2dcb172-14b8-4618-8c81-f1518f1c9d31", "comment": "Malware payload (DCRat)", "value": "e22bc0f5a53d0bb00be209379ab79cbbc31d16d02338098cf172430218d996da", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885917, "uuid": "2a967b26-db8d-4cdc-a305-a92f9b254b83", "comment": "Malware payload (DCRat)", "value": "a2e4075f1a019e2282e469c6ed57d935b4574640", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646885917, "uuid": "f6c04fc3-1e3d-42b7-af43-51a4db9a7720", "comment": "Malware payload (DCRat)", "value": "343ea3c6d7d30344532037b33906aa6a1645249c0c8bcfc994c3152bec12a617322390f125dc3d64155984688a018f9a", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885917, "uuid": "28a1d0fe-66bb-40e0-ae5c-298ef9510635", "value": "T12E95BE13364CC982D4291637C6FF889457BCAE427B22D61A7EAF379D26123A71D0D1CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885917, "uuid": "84d3cbf4-26ab-472a-abb5-515521878cc1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885917, "uuid": "3684458a-1dd0-4fe9-bc69-bc962c68875a", "value": "49152:0gXTaUrBp3uIYhRrHjEAJ6Y3oFANPPhjHtwsL:bYzrHoAJ73oF2PpHtV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646885917, "uuid": "cdbf5748-f13d-4882-b626-3b9011150640", "value": 1946112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646885917, "uuid": "1ad833b6-8b12-4d53-ada2-8e76d21d2bfa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646885917, "uuid": "6398174b-4bf7-4a72-8c50-eb1888ae3c92", "value": "bcuz.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a3f6f10-a06c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914669, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914669, "uuid": "f491fbfe-7c22-4b7d-8dbf-b77be982b5db", "comment": "Malware payload (Mirai)", "value": "fcc454ba6ce92002c8dac7544af71dc1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914669, "uuid": "c58c427e-93cc-442a-a5db-763d979394ec", "comment": "Malware payload (Mirai)", "value": "e338237e1ac96263c235d206cd59e00c04d0a5f5b4588d3465cb91f9a84e3ce0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914669, "uuid": "7f35fefd-d752-4585-b7e8-42e5c86b7ea6", "comment": "Malware payload (Mirai)", "value": "b8bfcf47e26eddac1e88bcde545dfc202f1158d2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914669, "uuid": "4e029838-c158-4119-9689-015a4d63b8d0", "comment": "Malware payload (Mirai)", "value": "3edcb8dd3d71f06667e2593b1937c182ebba1e63c6106cffaf5e73a52af3ad557daac3804c35cf625896ec786d04ff55", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914669, "uuid": "f0f704ba-38d3-4b73-8604-bfcc2b50b003", "value": "T121B32A37A61C0B43C09B55F02DB77BF24F69AEA313A611C46609FEC04B73AB22551F99", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914669, "uuid": "bef34af1-acdf-47da-ace2-234b96897eb1", "value": "3072:pC/4rdZHsXsZwwR9DNk5mm/QcuLmHniPNb:pCwrvHwsZwY9DOmm/QcuLmHniPNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914669, "uuid": "13bdd273-0604-411a-972f-c6ec4a3cac67", "value": 116786, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914669, "uuid": "7e797ece-a1b1-485c-aeea-d9c71706050f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914669, "uuid": "dd614b5c-aca8-4154-a411-0936efdd61e3", "value": "fcc454ba6ce92002c8dac7544af71dc1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa179833-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646903744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903744, "uuid": "456924f7-7c74-4249-9535-9d9d5cd979df", "comment": "Malware payload (RedLineStealer)", "value": "64f4bbe857738a09a874b276807ab110", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903744, "uuid": "7a715ad5-391d-4b95-a126-a5fc8ddcd81c", "comment": "Malware payload (RedLineStealer)", "value": "e347cd6db9c802638a546510c858928f9e69325d092c937ef3f33497d7d8c844", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903744, "uuid": "750004d7-c1fa-416d-bf8d-1c6b20355093", "comment": "Malware payload (RedLineStealer)", "value": "9bb080185079c4f666b69013f706077e5c1cc8c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903744, "uuid": "a289de95-1b2c-4916-8bdb-d767d3c3e1ed", "comment": "Malware payload (RedLineStealer)", "value": "51136a82b160d5176dc3ddf33f1b7c3ce1a90482b9e244f145b66159e1590e5174e70b91415d7a7476eaba5f72f3f1d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903744, "uuid": "6634b7b5-5b52-49a0-b7b5-57f25118bc9c", "value": "T104E412408A899BD9F80E30F5D63B58BD0B2BF4221AF91BFF61920A69D175F21DF25D00", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903744, "uuid": "65eeae1e-e2dd-4649-a6fd-29dcffb0d3de", "value": "a89696abee85b04d31fa3bb3f5f2a441", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903744, "uuid": "13f6ee55-61a0-4dc8-b7b1-0f9dad0b4560", "value": "12288:UWO6Mrzzi4Med3tfHKvxvJSyRk2a/eX6SY/Xo9ny79DWB/BeZOHv7Z:kziuWRk2a/8Y/XV792/3v7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903744, "uuid": "7efecd2d-ddcc-43e1-88d2-2786d7a87584", "value": 664160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903744, "uuid": "9512171a-e79e-4683-8ac1-d39ef930c456", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903744, "uuid": "ad516a9e-720d-42e7-a760-f686462e1baa", "value": "e3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e98074da-a09b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646935203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935203, "uuid": "d329708c-2d87-4466-ad3c-84153e50dbd3", "comment": "Malware payload (Mirai)", "value": "4c7a12eb69427319b1224212778717e9", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935203, "uuid": "c3640384-29c8-4a57-9961-b0399a13e702", "comment": "Malware payload (Mirai)", "value": "e3b01953821a4b515faabe8550b9113ebdd089e173e7f4f2d3f70f55e02f9daf", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935203, "uuid": "53d7a3de-e2eb-4f37-9125-0e0e2602583f", "comment": "Malware payload (Mirai)", "value": "8b654bd66f9f5ddc49f20cd8fbeb9b47b6172003", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935203, "uuid": "6afa1eb5-2ce3-4a96-8aaa-2fa42841a4ff", "comment": "Malware payload (Mirai)", "value": "3b1e604771af1b104e76f6c6dd6e801a51c1bb37d586e4bdf4bfe65ecdf42488ecf88a9d67309a7543258195dc80f570", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935203, "uuid": "786a05a1-5738-463c-9027-09bdf918f1d9", "value": "T1B053C697A44152ECC186C03C66BBA43BD837FDFF1239B5961B84FB312D22D612E19E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935203, "uuid": "3298106d-59d8-413a-a1c5-7bfbeb2c42f9", "value": "1536:39bZlkw2RieQdUnDAHe0kvVV9dj6FEkWWUgIEhEA:tfFpzdaDYPkVz5ISA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646935203, "uuid": "591c3a2a-758e-4251-a0cc-c08e43112ea1", "value": 64704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646935203, "uuid": "a2baba2a-fa4f-46f3-82b6-1b55ba20cf7f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935203, "uuid": "07b995f3-0332-4ad4-9840-f77e803572f0", "value": "mirai.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d66f57d-a035-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646891052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891052, "uuid": "31f0e2d4-4a08-4910-a425-f074f2459c86", "comment": "Malware payload (Mirai)", "value": "8bca9e1ab0f4876dd72e2dc832d0349a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891052, "uuid": "ea2ba766-e63f-404a-9fff-0eb1c0f7694b", "comment": "Malware payload (Mirai)", "value": "e3bd8abf5a0be0193b96e22846aae934c40086ce3f40139e607840240298bed2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891052, "uuid": "197e6014-9946-4f7a-9189-27c807f5c17a", "comment": "Malware payload (Mirai)", "value": "7510ddac141771d9c5a89b51d62d471c34a7c8f5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891052, "uuid": "f48f71a3-f015-495c-aa9c-cc8c4979c307", "comment": "Malware payload (Mirai)", "value": "54604e917ba4ac9a41550fb3d9fca11710bd42092bbfe996ebcd53f37026af5d5996eff0a715c61cc34457aef2d86464", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891052, "uuid": "12f1705f-959e-49ea-9c37-9d14bb44c199", "value": "T16033189AB9819F01D5C155BAFE0E518E33134B6CE3EFB3169E246B20778756B0F3A406", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891052, "uuid": "70b1945e-df39-4625-b85a-6833d6a4cef4", "value": "1536:Fhn2N6oTaJXZawqjL6IIi/1XOTl056bg57Y/h/:6YDa51XOTl056bgFUh/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891052, "uuid": "66ecb67f-6b4c-4276-b957-7fdfff130e24", "value": 54396, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891052, "uuid": "9b2d8691-7d2d-4615-8261-bd8bd4f7525c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891052, "uuid": "9d07c99b-4eb3-4dd1-badb-5f34d095cf81", "value": "8bca9e1ab0f4876dd72e2dc832d0349a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05976bc4-a00c-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646873403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873403, "uuid": "77b5226a-3cfa-4d98-b817-c9c9bcdaf979", "comment": "Malware payload", "value": "a6d233a76cfe724265fb864047186fd5", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873403, "uuid": "26fa5603-49aa-4d56-a483-10f162ee6c7f", "comment": "Malware payload", "value": "e44fbd6b7c79defa22d4c2e2211b86e764d12446d437824ff40d37c0c6e9df0a", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873403, "uuid": "7f783eba-9ce9-4f7a-a38f-87fed388ccb3", "comment": "Malware payload", "value": "9179989a98a9c8f0c2743d9dd669924aaf499f88", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873403, "uuid": "bc9aaa0e-df73-4cb0-b985-073591bc7e96", "comment": "Malware payload", "value": "4bfac44311f13141c0a0b469e8a3616ed96dbe87f7c64182b77ff9411512bef55f72e24407b5e838414705a4b14e807e", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873403, "uuid": "a613dddc-50a6-4c08-aa85-42fc09299982", "value": "T1D1C23C27745090BCC9EBD27C4B56E6359A33703913D2725833E9F526AE9AD222FEF101", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873403, "uuid": "cba38e64-cf07-4bf0-b6f7-944cdd96bfd5", "value": "768:im68eXTWUVWqQ+XzHoK/z53LkHBIB5555555555555555Q:H/eXiUA+XL/yh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646873403, "uuid": "b25aaa40-e8d6-49c3-8457-01c00e6ed027", "value": 27200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646873403, "uuid": "a6633389-93dc-4c2e-8a66-03e7c9ede06b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873403, "uuid": "f6173000-97e8-44f3-b1ed-d20f222f9d82", "value": "shloop.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36574412-a054-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646904409, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904409, "uuid": "61c645e1-dd9a-4ef9-a1d5-f9394e0963ee", "comment": "Malware payload (AgentTesla)", "value": "8ef0f4d170ba9ff0c5c0118f46928492", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904409, "uuid": "dc102d63-9cb6-4500-8de3-631e6aa70029", "comment": "Malware payload (AgentTesla)", "value": "e457e004df795a6ff48ea865ea1584a67c2aa4b4bb31580dc81e1a0f97926643", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904409, "uuid": "5f4e3d23-450d-48a3-a3ba-932888f0ed59", "comment": "Malware payload (AgentTesla)", "value": "4001326e03f8c6a50c364ae42cc0a76bb6d1c13d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904409, "uuid": "d9a34feb-b32d-4a92-b8d2-1b5227c73314", "comment": "Malware payload (AgentTesla)", "value": "9fb453bf750aabc216145cb6f5b5900bd0004cce34faebde3004ef8f2a8516eddecd0c5f29a1422ebf93a5e717cb307c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904409, "uuid": "2b13db8d-2822-438e-9f71-e669e49bc2f0", "value": "T18C553390FAA0AE11E78F743A23575D6CCAF42CC21300D35FB69A3B5D50B0BB2B695758", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904409, "uuid": "58d1975e-0182-428f-a0dc-7ecd825757f0", "value": "24576:PER0yIrkbDNIt7O1he2t73TXAWd/hNUK2g+c8bWteQSjfuEWMPs8mDF8:PErIrc06feyd8K2gBcWteQtM9mW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904409, "uuid": "9040fb85-de13-45ae-8391-37ca48515342", "value": 1322056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904409, "uuid": "1800c897-27db-4396-9b8a-5d9cb8cb3a0a", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904409, "uuid": "66c18f0e-10f4-4330-9849-a378815f019a", "value": "Official PO 0201a-2022.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7d7f591-a0b4-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646945831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945831, "uuid": "610f10fd-3b89-437e-9245-c1f51e4d2c4d", "comment": "Malware payload", "value": "0b2fe184ee505491e6e54a3629e59f81", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945831, "uuid": "03a6048b-7ae7-48dd-8009-cbe9654add8a", "comment": "Malware payload", "value": "e520c63cd570545d010458b392100c1a95d79027842047f23e8a7f512970b75b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945831, "uuid": "527cddd7-64ca-4feb-9691-dd2f2d25108e", "comment": "Malware payload", "value": "ed18c9c3b5b0b40a02453a16fe9eeb9d0d901d8b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646945831, "uuid": "807b2db4-12f4-4523-aa51-a8fe76fab45c", "comment": "Malware payload", "value": "6a3216f6ec3d427b839e65cc9b8998531b8f2a9978ecf47217b25421acdb1fc396163ff2b785c2191f9ba8da9cfb4088", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646945831, "uuid": "31a0c60e-2b0d-4298-9c59-0962a2501ab3", "value": "T1F503F20E9B9341ACE6695DBC81E723603DFD09743297C44A7905DAFA2F970146C5BBE0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646945831, "uuid": "cae8843c-6ece-4403-8795-3842474a6204", "value": "768:rIZRqeFhq59wVJxryD+/vzY5DoCzhoj2m/t1WzQ4WuffrrJgGlzDpUYsB:rI3XFhqnwHlu+0rMWzQatVqYW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646945831, "uuid": "8e8a5e57-7063-4dd8-963a-bfb38750e933", "value": 38216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646945831, "uuid": "65911eb7-749d-479f-bfb3-9a8ee2092528", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646945831, "uuid": "0501a8f4-69f1-498a-adaf-b67c1530bdb4", "value": "0b2fe184ee505491e6e54a3629e59f81", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59670dce-a07e-11ec-9275-42010a9c0029", "comment": "Malware payload (Hive)", "timestamp": 1646922506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922506, "uuid": "e737c563-514e-4d9b-b8a1-b8be2f58d61a", "comment": "Malware payload (Hive)", "value": "1882f5cf3217b844adf0660586acb52b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hive", "colour": "#21FFDD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922506, "uuid": "7ca3376a-58f9-4793-bedd-ff221a12262a", "comment": "Malware payload (Hive)", "value": "e56c0b10c1198db5233d0baedb716234d69d4dff2bbee327919a3aacfeb88f54", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hive", "colour": "#21FFDD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922506, "uuid": "361a165d-0da4-4b5d-ab15-2e31ae1d807f", "comment": "Malware payload (Hive)", "value": "ecb36ada627c7a0d6957e1e7957d3b74bcf6c448", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hive", "colour": "#21FFDD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646922506, "uuid": "00cd5eca-8e87-4cc9-9473-3bf71b752f2f", "comment": "Malware payload (Hive)", "value": "18c1b6591c7fc6e69bd90f56fdb68e3fde69083fcf7b03ed7ef7d45e25fe3f5ed7a40ee98ba507849c445b8979d3d5ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hive", "colour": "#21FFDD", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922506, "uuid": "1a71a395-08d4-4876-ab3a-e3e573d0336c", "value": "T1B9D5331AD7BE073EC1958FF2008F71B81B8E8E137041A958BBBC1558F5970A48E9C79E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922506, "uuid": "23f367c7-7c3e-48d5-a1e6-353773cffcf4", "value": "9aebf3da4677af9275c461261e5abde3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922506, "uuid": "ca5f36c0-5d5f-4aed-96c4-b6961cd99069", "value": "49152:QJa/xTycojNFywTCoI8/TY9dedwCWMToYOGqOqSSkv0V/TZyhBbZJ5Pqh:QMmFWoImYSdwCWMAOqz3/TZyhDJZg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646922506, "uuid": "cbad4f32-0bb5-4963-8766-43a6d333e449", "value": 2913792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646922506, "uuid": "06f38fa0-cff9-47d3-b504-f3d4782c1879", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646922506, "uuid": "3f6348e5-847a-46c3-aef9-ef2b540e6e7f", "value": "1882f5cf3217b844adf0660586acb52b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be9670c5-a0aa-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646941574, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941574, "uuid": "0b4865bf-c9d6-478a-9912-cd6e99911e64", "comment": "Malware payload", "value": "269c6315d57d72ce6af6d5cf440c5616", "object_relation": "md5", "Tag": [ { "name": "agent", "colour": "#33525D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941574, "uuid": "2732b4cc-50dd-4acd-b35d-1bd9e665b719", "comment": "Malware payload", "value": "e5dbdb10daaac1062db5f057ea29607bcd58ddeb14182d5556f7bc6988603aba", "object_relation": "sha256", "Tag": [ { "name": "agent", "colour": "#33525D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941574, "uuid": "41971d0b-8168-4552-b4db-7e6a24952c7e", "comment": "Malware payload", "value": "6d8af8210cc2a1bfbfa7da532a8da96c19e97e7d", "object_relation": "sha1", "Tag": [ { "name": "agent", "colour": "#33525D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941574, "uuid": "fecca059-66de-4876-bc2f-9cfc4a12eac9", "comment": "Malware payload", "value": "dd617d075e147f54bd5350c7f283065e1e03dad5d99aa5c45f0309c9eb1da04b99f19908653f3e70d84ce6ebfd61dd0a", "object_relation": "sha3-384", "Tag": [ { "name": "agent", "colour": "#33525D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941574, "uuid": "9a791a07-15c1-4fe0-8ad7-f875c558d0e9", "value": "T1DD257E43A9CCB576CB9B02372A94DA3811E82190D7484B02FBFD397ABFC6AD1354E355", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941574, "uuid": "9a3437d5-91e5-42b1-88ca-5096f200f0b7", "value": "4753904c40d638a1bc745c65b88291d5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941574, "uuid": "ea717670-e6a3-4359-8120-4ddb10fa1966", "value": "6144:2qVYV9VYVUVYV9VYVIVYV9VYVUVYV9VYVhVYV9VYVUVYV9VYVIVYV9VYVUVYV9Vn:", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646941574, "uuid": "b28ad5c6-5c22-4bdd-a80a-64b53150f1c1", "value": 1048576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646941574, "uuid": "36f61f26-88ac-4e66-82f5-c21b06d5a9bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941574, "uuid": "bf923425-3b74-4bbc-b740-1eaf5074fedc", "value": "agent.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4415d79d-a063-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646910874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910874, "uuid": "f5162d06-9670-4c7a-90c6-9bb41ce53198", "comment": "Malware payload (Heodo)", "value": "be783b459fee97957c3d4468bfc82246", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910874, "uuid": "4364a3cd-4d78-4f59-ae54-c5990e311cab", "comment": "Malware payload (Heodo)", "value": "e5ebbd764a9304854343b9ef7cec5b00d87c3468bacc34cdbe758468c9f4a81b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910874, "uuid": "f2d655ca-78ca-4bad-ab58-eee009b9829f", "comment": "Malware payload (Heodo)", "value": "b920f8c372d0ab43d0352bd6e1ca71c762be90e7", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910874, "uuid": "30960d8b-5873-4c54-911b-536a72bbbcb9", "comment": "Malware payload (Heodo)", "value": "0003619260ceee18c91a6c0f3e2add1d084fb99a5835275036c731edace4fb67a1ddce12aca407bfa309607f8c2334b3", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910874, "uuid": "8f13ebe2-fb27-435e-8fff-174993aaa34c", "value": "T15A23D01CE892B92DD3329D78C51852F4A60F23CE5054B16B1684F20D7F4BAE7478FA5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910874, "uuid": "abc217df-0dfb-4605-88c0-a9b029cca90e", "value": "768:C1kICkZNRvmHazrfRmUOcIIGq9hqN6994E3ewNXz8OP6AQPHWZinVd0VhkhB:CKItBvGazLRYIzhqOisNz8OP6Tein0Vo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646910874, "uuid": "053e8ebf-aef9-4636-bc58-6ae9f50b8279", "value": 45763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646910874, "uuid": "b2d82b44-d6ae-4ad4-9933-8c6e383f88d5", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910874, "uuid": "e4fc8a13-94f3-4474-9e34-c156aeefb02c", "value": "detalles_1003.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "117b0cad-a03b-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646893609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646893609, "uuid": "2ee4c9e4-7339-43e4-86e6-d0747d74a07f", "comment": "Malware payload (AgentTesla)", "value": "9b178281e4e1e4ffdd94aa2041307270", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646893609, "uuid": "4b35800c-7642-40e1-85ac-e75e5e2af991", "comment": "Malware payload (AgentTesla)", "value": "e6fa6e76da6b2d199b7ebaf92d182f0da227768c42b2ed172914216742015b84", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646893609, "uuid": "d86e9288-b52c-47a6-97ee-4c383069ea83", "comment": "Malware payload (AgentTesla)", "value": "7c72c796d6304441041f08a5b7dc73311a6febfb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646893609, "uuid": "9874c31f-7a18-43b0-ba2c-f7fc2d81aa4e", "comment": "Malware payload (AgentTesla)", "value": "1e968b0112bd5b24da90bbd61aaf71c4b9a94aaba4ba85adec85768f3c65544490e28e71e9556c8f791be1f6ef3b3f8f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646893609, "uuid": "e5bf62e5-66ff-46f2-9436-3ca3117318d1", "value": "T1FEF45AAD322075DFC867CA32CEA81D68EF907877930F9217905715ADA96C89BCF144F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646893609, "uuid": "90baf72e-e9f5-48c7-ab67-0ce1ea41eac9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646893609, "uuid": "f996e1a0-1a54-444d-bf40-60b372b2600c", "value": "12288:kzb/qlcfJEEEEEEEEEEEEEEEEEholUI8s04GhzQnbdajlnhXAlZO3b/8DPHeUTkQ:k3i0EEEEEEEEEEEEEEEEEO2U0psnxaj/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646893609, "uuid": "7f587a0a-77d8-43f1-8a90-0dd2fbdffd7c", "value": 723456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646893609, "uuid": "37be106d-055a-48aa-9068-52cd4efc61c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646893609, "uuid": "800925ae-c1ec-4557-aa37-4732ce3fc59c", "value": "TELEX.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0445620b-a06c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914633, "uuid": "49224694-56eb-40d4-baed-72693c9802cd", "comment": "Malware payload (Mirai)", "value": "d49c18eed68eb5144fc166ed5277e230", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914633, "uuid": "0d9c36d7-2683-4890-adfe-7248d22f9975", "comment": "Malware payload (Mirai)", "value": "e79e835cb362b007f49c4244053ff3450b9bceee52fc49a0cbd3c3c190d93dcd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914633, "uuid": "3fcffd78-e59c-42d6-b57b-e7a6c69d210a", "comment": "Malware payload (Mirai)", "value": "95276c5610c3aa1bfb0f5e55c6427032b92748c9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914633, "uuid": "910de3b8-f699-4956-9efa-b92dac3ba136", "comment": "Malware payload (Mirai)", "value": "66192b8a6102f0c1261422c51762af12f57816c7c5350c23540d70ac1edf64f7a8a34e3bc4b6be62a00408304dd0190e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914633, "uuid": "7afbc502-8a14-4357-9a1e-2ed7e1309f6a", "value": "T188A3F831A641C973D04305F212A7DB660D32FDBB1A6AAE56E32C3CB0DE360C5B565E9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914633, "uuid": "101efef2-fa3f-4b64-84de-fe7d990601e2", "value": "3072:VK1z13U6HzHoXRtmTUhQogDEmmFVcqq0GnDZT:VK7DDeKlogDEmmFVcqq0GnDZT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914633, "uuid": "2dfcd803-34bb-4366-9d02-22e2e12e4c6c", "value": 100042, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914633, "uuid": "61d6fc37-be87-426b-b571-8488b0d4a20f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914633, "uuid": "3c0065c8-98ab-4bbb-b166-cf6be42a09ff", "value": "d49c18eed68eb5144fc166ed5277e230", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0519c95-a067-11ec-9275-42010a9c0029", "comment": "Malware payload (Smoke Loader)", "timestamp": 1646912774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912774, "uuid": "67956812-a2c8-43b2-98a6-b01de3d5a813", "comment": "Malware payload (Smoke Loader)", "value": "d022366c38f46ede7054b4d17ab0c95b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912774, "uuid": "7da410d5-3006-42a9-85cf-032991868d44", "comment": "Malware payload (Smoke Loader)", "value": "e7bb1b9f00d73a004fd3d3ff94c4739cd7faa13a1ecffcc55087b57b542411c5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912774, "uuid": "4d4df703-982b-406a-bfcc-12566e50c003", "comment": "Malware payload (Smoke Loader)", "value": "9118acc408cff74a5f13bd8cddc0c9ae47992d64", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646912774, "uuid": "60661710-6e68-4ff9-8206-26cfe3fccc18", "comment": "Malware payload (Smoke Loader)", "value": "1e075b597344de816e1ee95cd64a6c78fdfd5e9ff4c9f85bf7be9344bb4a8292cd574cf27c0dae24b6efdf5e7f97b0d2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912774, "uuid": "b4a0b431-7d92-4c56-bcdf-6a1d0194ebdf", "value": "T1C5548E00FA90D035F4B71AF8567A936CB53E3AA09B7454CF53E46AEA57346E0EC3121B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912774, "uuid": "717f301d-5d89-4162-bec6-d04b50365dcb", "value": "84687f670e164d04162ddc34d132c83d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912774, "uuid": "5cd8ec20-ae8c-40dc-acea-d27efd8a228b", "value": "6144:WzdJXef+3vXL6bZqtY4jqdRRYAVe65BtIRcYE:yaf+/b6b4tIdRGR654Rk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646912774, "uuid": "b0ad33ee-8be1-4c1b-86d0-086b40531e90", "value": 287744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646912774, "uuid": "739bafb8-17ca-4976-8419-de3cf1d6879b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646912774, "uuid": "3b0d7c86-e2d1-4df6-824c-3ea96f8af3d6", "value": "d022366c38f46ede7054b4d17ab0c95b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "262ed166-a080-11ec-9275-42010a9c0029", "comment": "Malware payload (njrat)", "timestamp": 1646923279, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646923279, "uuid": "f62da537-7c54-4ddd-a3a8-9215d802b8f1", "comment": "Malware payload (njrat)", "value": "db4c9eaeacb8ec716166f8f6624fb042", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646923279, "uuid": "e9cc1a6f-e592-4580-a017-68a693f5d9f0", "comment": "Malware payload (njrat)", "value": "e8fb415ae6ba9004a086f90ea85a8fb26105596d78d8f1f37b9967b34023d469", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646923279, "uuid": "ad7d6816-8845-4e18-8fec-977cb924422a", "comment": "Malware payload (njrat)", "value": "0772116a8735f5ae3e769196634474e4a478873f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646923279, "uuid": "fff17598-0577-4bcc-b261-2b130316c6e0", "comment": "Malware payload (njrat)", "value": "e23c5cc1a17bed144a2543bad393b551fcb8bc0709fc790ee7fcbe138c62a1a54ebb969240f0710a0081bb365e675dd6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646923279, "uuid": "69950991-ba47-4f1c-b7e5-dace788e44d9", "value": "T14A8633D20537C0B5FCB8907D246FEA82BFB060549EC39D11E6E068972A2DD6EFD06761", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646923279, "uuid": "9ce92ccd-5a3d-4c68-947b-b703a1b550d0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646923279, "uuid": "d8adda74-387e-49a6-a187-1dfa7e7872ae", "value": "98304:ym/kzh2kW74IP/cm/kzh2kW74IP/Tm/kzh2kW74IP/cm/kzh2kW74IP/r:+zUPMIH8zUPMIHBzUPMIH8zUPMIHr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646923279, "uuid": "379202d6-c26d-469d-9bd7-30140daead64", "value": 7925248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646923279, "uuid": "bdd4e475-a34f-4a7c-9df9-3212668e1833", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646923279, "uuid": "21afacaa-e59c-4058-9c2c-48c2f094b328", "value": "E8FB415AE6BA9004A086F90EA85A8FB26105596D78D8F.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71b12136-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646907085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907085, "uuid": "da435921-e93b-46de-b468-5499742fc0e0", "comment": "Malware payload (AgentTesla)", "value": "c6fb8421795d9a83f3b967a95b317f02", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907085, "uuid": "8db42b4c-98a5-4a82-83bc-a04514dd8248", "comment": "Malware payload (AgentTesla)", "value": "e962ce1aec4803d4c30c0d9f0cee0bf91e461ed27e4330f88eb2e1591bbf5562", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907085, "uuid": "81d6cb2f-f389-4d4c-ae70-9cddb492b78b", "comment": "Malware payload (AgentTesla)", "value": "29cb89bccf58f965fdb2947568a2054f875ad98e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907085, "uuid": "c6b37799-ae7c-44f9-b63c-ea1e01f20769", "comment": "Malware payload (AgentTesla)", "value": "a39a0cb3a7d850d4db7c3c9a0bdb7f6694a3b97ae00c17d5582a503764b40f83c4b02a8d24e82feda87c907bda1d1aec", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907085, "uuid": "90190416-1000-4226-aca4-7e98e39361e1", "value": "T173A423DC825E7EA09747366238114187B8A3D955DE1573CC46B3D0B581FFA8A0EAB83F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907085, "uuid": "861e4aeb-1472-4dc2-89b2-8bfb297043f0", "value": "6144:xeVTvd77qIjIiyVqcyVNfJRGAS90ulP5Tccc8Q2I+XmwD4ZxgSRwyQpaN2Mut/:oTBmYdmbyVNxRCPBT9HvmgwEpqTy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907085, "uuid": "d1f3e898-8490-4973-b54b-23db8411139d", "value": 484101, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907085, "uuid": "89dbc50d-7bd5-4421-8fd2-27f4d673ff81", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907085, "uuid": "5da3c906-fd04-454a-b3c9-579afe7ecb91", "value": "NewOrder2213456778.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04f9b88a-a02d-11ec-9275-42010a9c0029", "comment": "Malware payload (Taidoor)", "timestamp": 1646887575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887575, "uuid": "3fae23f4-bfff-49b2-aab1-77714ff9f9c7", "comment": "Malware payload (Taidoor)", "value": "b12d988a144ec2f60c9c1c8be5318379", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Taidoor", "colour": "#9C9C1D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887575, "uuid": "cfb77a06-4e68-4a88-b322-16b4082d8b01", "comment": "Malware payload (Taidoor)", "value": "e9734b79eed20b86568926ab2d5851af56bec512c974daf75d433f45c41d2f14", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Taidoor", "colour": "#9C9C1D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887575, "uuid": "556c55d7-830e-4d96-9df4-faf97fc79d20", "comment": "Malware payload (Taidoor)", "value": "ae55428ef7c215778466d440668b078259d03cd9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Taidoor", "colour": "#9C9C1D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887575, "uuid": "ac936b39-182a-4b05-828f-9f71d0f49d28", "comment": "Malware payload (Taidoor)", "value": "b1f061d42b88ae9e9a69bedaf1bedf3f4eb594836e30a0f49de0d4ec9e78afb4365c38d70d89bf9979e925d9543a64a7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Taidoor", "colour": "#9C9C1D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887575, "uuid": "7ad991aa-7022-49ae-b9b6-5b12352da8ae", "value": "T17A43DFE646D4A66AC37BA7B4D871C3C3ADEF3CF42F55B02143991E6819282D0E132767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887575, "uuid": "da7a5b14-ec12-4a64-84f3-4f7f33581e6d", "value": "59fcf8e5b9f472815ad488343099f36b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887575, "uuid": "d91789eb-716c-480e-a4f3-7e291bf5779b", "value": "768:GqxeWFcfcN9pq53X1QERyWRbQI31Ich7vzEnDf0MXKLxZ/5Z4qoRuRb5y+w6vAhO:G/IUWERyi04IQzEnYTn5Z51dNL05s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646887575, "uuid": "a7abdbf0-9e37-4ee2-b1e2-42492d2eeaf6", "value": 57150, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646887575, "uuid": "c910c658-48a1-45e5-b65f-4a4fc5edd2de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887575, "uuid": "253a856e-b3e4-407d-8e5a-19516c66f425", "value": "FlashUtil.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e33905c-a03c-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646894275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894275, "uuid": "dbebe9e6-24f2-43f2-b1bb-2f0b2fefce91", "comment": "Malware payload (AgentTesla)", "value": "8422f288ba02473fecfd988db3b9ac0b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894275, "uuid": "592ed477-4461-4cde-9cc2-1bf2c807f93b", "comment": "Malware payload (AgentTesla)", "value": "e99c8b02943e2ee6cd089e51eff619f63f9c712c7413b9304fda7e4748e8b523", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894275, "uuid": "286fc070-987c-4d69-9498-4b6e94a6b9e3", "comment": "Malware payload (AgentTesla)", "value": "26842de7113e80064d6454f940881d560e23f0ba", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894275, "uuid": "7da6b4c1-f064-4758-8e88-0d7e429bc3cf", "comment": "Malware payload (AgentTesla)", "value": "4a35cc327fc741407b64cf6c1cb66dbb665d9a408242d1c6e675e7a14c391912bff4ea3647132decc614234feb6b2c5b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894275, "uuid": "523b55ac-63b7-4ea1-815a-96e4c8186622", "value": "T1BD35BEE229EF500DF337ABB12FC8F8CE996AE673161A30DB11911B768523940DD61736", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894275, "uuid": "39cf6c83-4631-404d-a0a8-5aa1673e4c78", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894275, "uuid": "15e5703c-a185-462c-8d0b-de9d098fed24", "value": "24576:/D5kx1llsIJgLOW1kfFDSbQeyMC0XlqfBz2:/D5kNOyBJ1YS0Xlsz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646894275, "uuid": "a50abe86-450d-4136-ba36-5a6e4a365556", "value": 1121792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646894275, "uuid": "9a867207-d736-430c-a5f2-832a2b1ffbd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894275, "uuid": "ae16c1ce-2aaf-417f-a0b1-00f44492deb5", "value": "Quotation Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f430a6a8-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1646920189, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920189, "uuid": "8dbb82bc-d0a4-4f33-9803-f21645bbb72a", "comment": "Malware payload (AveMariaRAT)", "value": "c14cda6d7f3a968b85b1d61b4d280fe3", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920189, "uuid": "d761c201-32c0-4358-934a-c88d9b0d4966", "comment": "Malware payload (AveMariaRAT)", "value": "e9d16c9dc6a46b65db4b6b515226ee1a630748ee8d6f69bd8f66744a231733d5", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920189, "uuid": "167b6807-7e3d-4b98-82a2-2b2baa654225", "comment": "Malware payload (AveMariaRAT)", "value": "c8efa9739258d4fc40023030b7d9552e2c2e0875", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920189, "uuid": "188941fb-1b2e-40ab-9039-07697908dc53", "comment": "Malware payload (AveMariaRAT)", "value": "496f399053d984af0ee6aa755d0348f98a1ced4c7bd82833875846fa3d0e3a7b89c539a20fdc372d6f666f8d40a96d43", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920189, "uuid": "7fa7bf3a-d16c-4eec-a5eb-d84b191986f0", "value": "T1FB259DE629FF501DF337ABB12FC8F8CE986AFA73161A20DB11511B368522980CD61775", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920189, "uuid": "bb1d5b0b-2220-4019-b53a-5d97ccc7d943", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920189, "uuid": "7401ceff-81ae-4dd4-94a7-3600fee667cc", "value": "24576:cD5kooujO9VbgpL5G6sSrvcMtvjVVv4x0gPLK6RvNRP85Aa:cD5kolYnsFtxVwqGtV8Wa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920189, "uuid": "d4d5cf31-4fa0-4405-a0b9-1dc8f3b72c39", "value": 1002496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920189, "uuid": "3699eef2-7c2f-4806-a0ec-d35378151305", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920189, "uuid": "ed56ce84-7a40-44e5-9da2-a0a5a076c942", "value": "0000001103.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbef05a1-a06b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646914619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914619, "uuid": "b9670cc3-41e3-433c-a1b1-a2f3680b87a1", "comment": "Malware payload (Mirai)", "value": "bc2c949de98b8238b9551c7ab357c0b6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914619, "uuid": "bb777c77-4249-4b18-8c69-097efa6f91db", "comment": "Malware payload (Mirai)", "value": "e9f6f08a643fa66bec6210f590168a0c8169946335f27859692cecb775f845f7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914619, "uuid": "f635346b-8816-48b7-9ee2-c081ffeabc1a", "comment": "Malware payload (Mirai)", "value": "deb7002baf8aa57025dd85abe7a70afa36d80729", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914619, "uuid": "6c2d2f42-3bd4-4025-b9a8-c4ea81935f13", "comment": "Malware payload (Mirai)", "value": "ac0df5e0b6bab66f1a542a6233f52da47632add912bd6ba5398b8c79aa89c0f718c7c463b155c55a3a68f59f8f5a11b2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914619, "uuid": "c152c935-fb77-453b-a329-cc26498d313f", "value": "T156E38536B7619E77D81ECE7305A985121C8CD98702D92B6BB2B4E51CEB6BC4F08D3D48", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914619, "uuid": "a38a59cb-126d-447e-be6e-34e2fdffff9e", "value": "3072:dgZc9h1jlnLA2PiXYeyCc7VNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZ7VWDo9mrThPaLEnvP5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914619, "uuid": "a3359531-b4f0-4642-8a9e-1067562a40ac", "value": 155476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914619, "uuid": "7eb4440b-ea5f-480a-ba5f-2ea57a85654d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914619, "uuid": "bc7adbc2-1791-4508-9003-5aac6ebda946", "value": "bc2c949de98b8238b9551c7ab357c0b6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b57bc09-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646905330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905330, "uuid": "823dc832-e886-4dc8-be09-c0ea9e6d5fd7", "comment": "Malware payload (Heodo)", "value": "8dae51f53c7162f83bb10a8a8b3eb500", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905330, "uuid": "a7afd0e0-8eda-4b46-9ad0-ae6cf0f08104", "comment": "Malware payload (Heodo)", "value": "ea37af589e8d5dd5170aeaf2ec6f82cd4acd575d530a952303de6fdd76293747", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905330, "uuid": "0d5d2cf1-8d7b-4480-b1e0-df8c0960d2d0", "comment": "Malware payload (Heodo)", "value": "cce92274eb0f6bc15473f8e0944624d2d88264e7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905330, "uuid": "929296f2-9edb-4c2e-877f-ce5f1adff46b", "comment": "Malware payload (Heodo)", "value": "a0f552812edb5e7819897c8f3a95f4e8f1ae0c0bd6b097bbc924113ae92cc603f6f432d49ae4856f9180a6624358058b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905330, "uuid": "624ccb4f-d381-4d85-8826-3a649cc78d4b", "value": "T1B8D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905330, "uuid": "80c3c77d-5e8a-4197-9468-4b152039cbb6", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905330, "uuid": "ba0c6a2a-088a-4dba-998d-eb0e7f110112", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAd:WRO5DDUmhnspspsqi022/OByw+iVifMo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905330, "uuid": "184bc65c-df39-4abb-9d25-9be921bafcfc", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905330, "uuid": "40a7881e-5793-4a94-a9ca-c11445bd9d3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905330, "uuid": "b47b1915-3083-4db9-85ca-16ba4a5d4d71", "value": "8dae51f53c7162f83bb10a8a8b3eb500", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02daa2da-a07d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646921932, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921932, "uuid": "8e59d164-8576-4cdc-b116-cd0b97541369", "comment": "Malware payload (Heodo)", "value": "a0880dc0ceeb63560b2f2378338f7ba2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921932, "uuid": "ab508ba0-8cb7-4b60-9450-f59fb64f7ff0", "comment": "Malware payload (Heodo)", "value": "ea4440c1dbf22affb174fa93e7abfeb0e58db904fac9b92cb74d6a74b5e31197", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921932, "uuid": "370da652-eef5-49d6-b759-6ad4dbe49644", "comment": "Malware payload (Heodo)", "value": "a64804617d396547c16bcd15566d0a7d889a2920", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646921932, "uuid": "e1349748-f257-4740-bb5b-e107dcfd18d3", "comment": "Malware payload (Heodo)", "value": "6953b3bee8cfeba8001e8fadc5a24f497a8cccb0793e6722accc3ed715d169624fcbe4de9fab9643fe1bdd61ce889ece", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921932, "uuid": "b401e0a9-af7b-428f-b72e-2118dc3bc9b2", "value": "T139D46B2271DE4073CC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921932, "uuid": "ce674193-fa80-45c0-8d52-67aa10b66df9", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921932, "uuid": "60ef74da-5876-4aef-ae47-0cf3d7efc61c", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAr:WRO5DDUmhnspspsqi022/OByw+iVifM2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646921932, "uuid": "699b0036-022c-468a-bf01-f0b592583186", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646921932, "uuid": "a305d952-9658-4f27-b4d0-bda37fd85897", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646921932, "uuid": "97267745-3bd8-409c-b54e-9dfe3eaf7243", "value": "a0880dc0ceeb63560b2f2378338f7ba2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb38bb64-a0c5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646953272, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953272, "uuid": "10ccac1f-fc56-4193-8c39-49d856c12dd9", "comment": "Malware payload", "value": "aed86e9ad1c962796404c17113ba3263", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953272, "uuid": "54fc6c07-effd-4247-b4db-365ff6a56ea0", "comment": "Malware payload", "value": "ea909574bcde6613b53c6b08441cc2e36c6ec4e0ee532ba31d2282851a5ebd05", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953272, "uuid": "02d368d6-9677-47d0-ad2c-5d18ba496d1a", "comment": "Malware payload", "value": "3519b2fcfa3a4600b4a7a29f802ee2fa5d3cf383", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646953272, "uuid": "ed9ab38a-27c9-4769-9f97-5fc57e53d7b5", "comment": "Malware payload", "value": "d89500044eca843734e1058e796f81dd8fae4b03703147d8aa692b22d8f0abd7a4a6d56ea9012136ec48a70f65f11b92", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953272, "uuid": "68027b28-7961-4401-92f9-68d0e96ded31", "value": "T1E3D46A40B5A3C070D3E7313846FD23CC67F9B9A1D7BB412B7A99954D6D3C8920B79A22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953272, "uuid": "750c1396-5727-4445-b8ca-206e344e064f", "value": "cfe3f54a8e794cfc54f47ecbce05971c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953272, "uuid": "32a8d4f3-85ea-4de0-ac9d-859fb4db3c09", "value": "12288:ivpO7ru2TDuk1tYTwwe5AnYq2JaiMMMXdgir7OOBgzgENENENEn+ITITInTKTx4o:vru233dweOnYq2JaiMMMNgir7OOBgzg+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646953272, "uuid": "a6aaffaa-1ef5-44f5-a972-d161a17934eb", "value": 655360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646953272, "uuid": "3a8da2b7-5d23-4ca3-8d9d-5fe986185ed3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646953272, "uuid": "c627314f-e92b-4f47-8505-79642eb999dd", "value": "emotet_exe_e5_ea909574bcde6613b53c6b08441cc2e36c6ec4e0ee532ba31d2282851a5ebd05_2022-03-10__230107.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b88353b0-a03f-11ec-9275-42010a9c0029", "comment": "Malware payload (NetWire)", "timestamp": 1646895608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646895608, "uuid": "bf75de61-d310-488e-a31c-15e40dedf1f3", "comment": "Malware payload (NetWire)", "value": "b02939a0dad7c1daafc83d63275a45f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646895608, "uuid": "8de616f6-2cd3-4f40-950d-82d76d71a55c", "comment": "Malware payload (NetWire)", "value": "eabd094656b8aa6e945cc435a8acbf2d772255646aa389a398ae37b9049c081d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646895608, "uuid": "47add4f4-8db9-473a-aec5-86fbfd319e39", "comment": "Malware payload (NetWire)", "value": "12768210809060fb2ab3c4d1a183793d410f3151", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646895608, "uuid": "ad17d697-93b0-4846-addb-e03597237034", "comment": "Malware payload (NetWire)", "value": "b8e953f699c7747fa19d41b07d7a9f40849088e145f612c5d14de00f387ba0b42af7a934b369e26d824a90636197f149", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646895608, "uuid": "0153d189-145d-4781-b849-91e33a608242", "value": "T1EA05BFE0EF58837EEC10723EC5A858700EF65A9D3420BF1DAA8D11DD0967ECF49A652D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646895608, "uuid": "9b9c2937-6f73-41de-bc2e-a546f8e8bcb5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646895608, "uuid": "f619ef14-4b9e-480a-98f5-6279a44c6bc8", "value": "12288:8Nx+TZtBZCRM87OKAI63wrgFV4weBwALC6LvMpkar0fyEq0v+v/n2rQEI+/tdh:8NxitBZcOs6qUZnnvo1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646895608, "uuid": "d216b612-388f-4ec7-a42a-75c571077adb", "value": 835584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646895608, "uuid": "a8c839f5-029f-4e2d-820d-7b6b323740dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646895608, "uuid": "7ffe1388-94ed-46c8-89fa-7f11ac01910c", "value": "ProofOFPayment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3b03093-a05c-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646908135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908135, "uuid": "92b4e752-b382-4fe0-a369-a605f1faeef3", "comment": "Malware payload (Formbook)", "value": "c961fcde5d17604cc66454d49df2cce4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908135, "uuid": "da5c63f4-b023-48a8-b510-defadf98331a", "comment": "Malware payload (Formbook)", "value": "eb6a3606545277e3af8270d85b4940be7a710dcaf11c7351755675d81ce82d02", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908135, "uuid": "6bc044d0-bc5c-490c-8d61-327df36fbcbe", "comment": "Malware payload (Formbook)", "value": "2a36990e22318e6794597a47e8843fd65dd56ce1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908135, "uuid": "fdd2cb54-022e-4dff-ada7-2057ffd589d2", "comment": "Malware payload (Formbook)", "value": "fd61fa9bb5de461e19c453587c14ec28c4f371ba69db4c8b6cb89efa8326c44402e5afe34511677dfba8dbe73e622f43", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908135, "uuid": "c89a7aab-b0a9-4ab8-8e02-2edcf5173def", "value": "T11664120B66D1CABBC182837B037F9BBEFBF5B1D540DA090B5BEC0B6B95A4646C1185C1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908135, "uuid": "ac899a64-150d-4ac1-be50-292130a8e2b9", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908135, "uuid": "63b44228-6755-46f9-b7da-d983aac0ec69", "value": "6144:rGiko9Al1iqDsAkONYosCxEi9W8A7MmHuvVw0UY:rSl1idGJx/zABuvVw09", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908135, "uuid": "0a71c43e-5fa1-493a-b971-39b26b51ef8a", "value": 310633, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908135, "uuid": "0c3ab345-6e4c-4c68-a88b-12034bce3da9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908135, "uuid": "dc9cbe6c-79a6-4245-abb0-ce00491fe288", "value": "c961fcde5d17604cc66454d49df2cce4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3e45576-a09f-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646936805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936805, "uuid": "86f2fa88-cd8e-4fe7-a389-1ad474a01a34", "comment": "Malware payload (RaccoonStealer)", "value": "cf3a653adff65b3aafc3b0a10e360cbe", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936805, "uuid": "86751b77-f193-4029-a99a-ddf5a901c27e", "comment": "Malware payload (RaccoonStealer)", "value": "ec642b740a50f40817b916be127f134645b403ddb31c014bd1e85b4ce785d9a7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936805, "uuid": "4242f6ea-ae46-40cd-9d93-de7c748a9257", "comment": "Malware payload (RaccoonStealer)", "value": "ae8fc3b9943df6c056ee71c648dfd0baf94daa40", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646936805, "uuid": "44ec6923-bdcc-4f7a-bf68-ea38026d4d34", "comment": "Malware payload (RaccoonStealer)", "value": "a8bfb97043e403e9c46ba5b5c3256f2c40d3f4177a059785db21c3243552474c5d50e1b27dd8ca56450f606be79df553", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646936805, "uuid": "0c4ede20-e457-46e1-b47f-3a06a7fa116d", "value": "T1B2D412317F88C037D5678930A122CB60462BF471B6B49D473B69172E9FB17C1EEAA325", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646936805, "uuid": "9f4b8d55-877b-496d-ad45-4f9887f2acc1", "value": "d809bc338079e5d4a857f85f3782cdd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646936805, "uuid": "b708453a-330c-4bd6-a6f8-bb092fe73007", "value": "12288:VWH1sYUXt9ccFPAfN/x0q9CoY5XTDxCfcgtEAYbblW1u7:QH1i9pFPArHSDDU5E/X7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646936805, "uuid": "2c48f603-c87a-4fda-94bc-cff98d0b007e", "value": 643072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646936805, "uuid": "c669efef-3089-4185-ba85-80b86fb74a0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646936805, "uuid": "dc5251d1-6192-4811-8cd7-6441cee264ad", "value": "cf3a653adff65b3aafc3b0a10e360cbe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb02f7f4-a08c-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646928683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928683, "uuid": "61324bba-d93e-445a-b8b2-c5948c0168e6", "comment": "Malware payload (RedLineStealer)", "value": "27a77a94d11a03a1e42ca73e056b0c03", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928683, "uuid": "df994daa-3f38-42da-b72a-ffbda6591db4", "comment": "Malware payload (RedLineStealer)", "value": "ed1cbf6a5d93c943d06ae292fb5a99984f555a15fdce4ae4bc12295f89cbcc59", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928683, "uuid": "7ae523ab-676b-4a22-b3c6-ea13b1f57d06", "comment": "Malware payload (RedLineStealer)", "value": "838be66a427c92529d207d88e75d7465f114aa25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646928683, "uuid": "de60cebb-0810-4d97-b757-2a1280e20708", "comment": "Malware payload (RedLineStealer)", "value": "60c3408d5c3248a74ca3f1044407258b0df0bb38761a36adabaa5c69795d9ef3dbe9227720d77370a43669edbf298f72", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928683, "uuid": "9ee445da-4c1c-447d-8ff1-c6fecded596c", "value": "T10A646B243DEA501AB1B3EFAA9BE4B496DAAFB7733B03945D105203474B23A81DDC153D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928683, "uuid": "e6943572-6f1f-40bd-b29c-2c8290d78af9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928683, "uuid": "855ade38-5a24-4f14-9b4f-09ff6cfe3d16", "value": "6144:ba6pfq9IYgX90TV1oY6p3GivJ7vuZdHUo5fEeu1L4mtI2B:Dq9IYgX9051oY6JGiBzuz0o5ceu1L4m1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646928683, "uuid": "2598ebe7-e8ab-4c4b-a48c-715fd22deb00", "value": 314880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646928683, "uuid": "701ba0b1-6eeb-4dba-9435-47ab5f4fc0d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646928683, "uuid": "7d924933-7122-487e-9af7-d703660f4e68", "value": "27a77a94d11a03a1e42ca73e056b0c03.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4bd7a22-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646920083, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920083, "uuid": "3fa864a9-2bab-42dd-b025-847cae84314f", "comment": "Malware payload (Loki)", "value": "72d291d4fe60a5219a2f9ec4cb19fddf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920083, "uuid": "db8335be-7dc1-4158-9823-ca369086bc6c", "comment": "Malware payload (Loki)", "value": "ed87b9dfabd0eafc5a11bc05d70837345f75d1648aeea59692e1f16d76ed6d91", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920083, "uuid": "6e8bc7fb-006f-4c3f-8d05-de58c7a0b324", "comment": "Malware payload (Loki)", "value": "cc2f42c47161d8d2a28c59bd66588d2abd9a0202", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920083, "uuid": "bb56cd51-6cc1-499a-ac74-f56a479c2856", "comment": "Malware payload (Loki)", "value": "11e25fea2be5266200504f6c2647988bc35622237ebbfb25a6c7ea9821dc08a46565d762e22531613a455bdbeefbf2ef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920083, "uuid": "456650a5-758f-476b-8b99-456d33075cc9", "value": "T15AA4BCC31DFCD4EFC6558237017767099EA6AE8A2925A60DFE073B73367A78E4138601", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920083, "uuid": "4eb4623c-0785-4908-9ef9-28b12b87fe52", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920083, "uuid": "d8f76e18-9fc4-42d8-90be-f9c8b94fe0ce", "value": "6144:yGidmZW7pirIA0oBzVWUWR0uFOceN+AFoEYxtu5KmKWGAHx8pP2g8:lAip0DUA0vxTYao4GYCpP2g8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920083, "uuid": "bfb4dfcb-3995-4f7c-bdc2-0d72f0495dc8", "value": 475843, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920083, "uuid": "44e19315-1a95-434e-87b3-bfd32e4b4d08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920083, "uuid": "7baeb5ae-3901-4aeb-a992-5cedd3ee9fd0", "value": "IRQ2107798.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "209f678e-a043-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646897071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897071, "uuid": "4860515f-d93d-460e-a023-20e6a517ea09", "comment": "Malware payload (Formbook)", "value": "985e02db98a4af9579976bc5db34ece3", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897071, "uuid": "f2a715c3-0583-434e-9d67-eed3d13745f2", "comment": "Malware payload (Formbook)", "value": "ee594ac9f8095a603d6e6f85f6debcf8102cb3d094236a450bfee5e375e5ef4d", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897071, "uuid": "30073b7d-28ab-48bb-8300-0d3270444e76", "comment": "Malware payload (Formbook)", "value": "58f5e9ff4702983db08385e0217669f7cade2ec2", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646897071, "uuid": "3ab235c2-9085-4940-b979-7f09aad3a8c6", "comment": "Malware payload (Formbook)", "value": "cce04e705eb46b96cfe92ffa0ad4f656aae29236b5171cd160cb19d2919f0f94bdc23613c976d9cae8ccba5df50c1d32", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897071, "uuid": "ee93f754-3612-4fd4-86c0-41a603e5f74b", "value": "T182E43383F2CC4783DA115D08953E4FBED6EA1462C297DED9DC8C6AB0C88E43B15CE529", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897071, "uuid": "77ece307-9c7f-47b4-9036-7d56ad6cb20d", "value": "12288:YgtHcnjT+2vk/fVbeuNOXIfFzwZWo/9Mgl6j+4nFA9sZRA1a:Y+8n78VbpOXIK0I9MG4FA9sZRAk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646897071, "uuid": "75ebc693-858f-4bb2-a371-a51fb34fc397", "value": 660569, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646897071, "uuid": "536b357a-93ec-4371-b6d8-4c180f1b5ca0", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646897071, "uuid": "ac223d18-b947-4356-9a44-873963d99a2b", "value": "payment swift.r15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0658cf5f-a00c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646873404, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873404, "uuid": "9c0ec663-f121-40f6-a09b-ff85deb8c47e", "comment": "Malware payload (Mirai)", "value": "1092d879645447425f6520ad51664ae5", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873404, "uuid": "28a54c7b-7073-46a8-9c74-5f1ea7ac4953", "comment": "Malware payload (Mirai)", "value": "eed36179fc9f5b8a789937403f9d6941e2d706e36c1c53b14f6fb199d583a7d0", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873404, "uuid": "941a909e-d263-44cb-beb2-c6d2dbf329c7", "comment": "Malware payload (Mirai)", "value": "91267d29c13fb8f3dbebdf76d802469cc36c1f3f", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646873404, "uuid": "f2141c3b-2274-411a-9cb7-c6f60c22211c", "comment": "Malware payload (Mirai)", "value": "e01de512df1f978f7c72b1260a8c35571abce9b364280fd94151890b70b97c8286f8e55dccbc6fd2063ada3c7917229b", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873404, "uuid": "202dcbe5-3f60-434e-a513-55b4948eb6e7", "value": "T1D133095AF9806F01E8D524BAFF4F124973534B6CE3FE72119E209B2523C6A6B0F76415", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873404, "uuid": "37f20a85-a668-465d-bfe4-d9dbd2fd522e", "value": "768:RRnizQ43whavm/dQK4hrsalsNiCKxbyUkMvd2fntBduYiKe9I/H:RRniAau/fGwalsNitxP9l20YiKOm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646873404, "uuid": "2f8f1777-654a-4ad7-a5ed-b7dcf71079ec", "value": 53808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646873404, "uuid": "2d2896b3-7362-4e80-999f-a275f3d2ceff", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646873404, "uuid": "ff0b0050-760f-4104-ac07-37671fd3dd2d", "value": "shloop.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e975d32b-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (GuLoader)", "timestamp": 1646920171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920171, "uuid": "3c56a784-83db-4cc2-8705-53969364ebd7", "comment": "Malware payload (GuLoader)", "value": "2c244abd4a15b781a1ceeb7d4f206306", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920171, "uuid": "f342b6e0-8c6e-4d99-a829-694bcb51bcea", "comment": "Malware payload (GuLoader)", "value": "ef8aaccdb70042a1247648e2448e61b9b11b78e5ed7fe300d5cc4254a0f00f83", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920171, "uuid": "3b3cbfad-28d6-4c80-9b0a-f084432b95f6", "comment": "Malware payload (GuLoader)", "value": "ec7d023946afc104e462e0a61593c2657b50ad47", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920171, "uuid": "d2ffd109-a53b-47ce-80d8-b3dd3e32712e", "comment": "Malware payload (GuLoader)", "value": "11a88a707d386486926d0acdc1c04319e233222df9eb47892f3541ef800a0315def4d9f4cfd590d4586a2f57625ab0fc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920171, "uuid": "86f46463-e064-424b-bba0-cc18edc5b345", "value": "T133942251A650C9E2FAE37F31E2398EB656E2DC279119170763E8BF907DE1542E80D3C1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920171, "uuid": "6fc28761-435e-42d1-b533-d330fcff2018", "value": "56a78d55f3f7af51443e58e0ce2fb5f6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920171, "uuid": "69ebadaf-ceaf-47dd-98ad-7f8fa1921dcd", "value": "12288:iNcdkJ0y+CrBRMNUUPF9WMKEOBanxSlTFZZjG:iNcdkJ0dC4zP+TTFDq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920171, "uuid": "05ca1e43-27a7-4313-883d-457983bbfbfe", "value": 440112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920171, "uuid": "cb7e270e-334d-44c6-84d2-6ee063b6b6a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920171, "uuid": "a706ec9d-b208-4c63-83e5-ad8f1a4334d5", "value": "CENTRO DE INOXIDABLESONUBENSES - Oferta OV2202898).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e97ddde-a03c-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646894222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894222, "uuid": "6276f0fe-e479-4a5f-a9e0-864da90c4de6", "comment": "Malware payload", "value": "25e5fa6fabb84536e269fc7b5883931b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894222, "uuid": "fd42f251-444e-431d-9571-109771122be1", "comment": "Malware payload", "value": "f13bc278e7a56cc6c74c6c1e769083abd8f092a99d0090157d201d9f39ea6bec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894222, "uuid": "ae036a16-c964-43eb-a6ca-be3889565164", "comment": "Malware payload", "value": "2ff20e64b21783091737ed00ce0fafbb031a4028", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646894222, "uuid": "e7ceaba6-6981-4d33-a986-653242187346", "comment": "Malware payload", "value": "883a0e46e512d078034b10644881d72e5ea4a0c278cf0dbe0f50426f11807c2dc1a8583f4b7481eb1133fc4725608999", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894222, "uuid": "9f53c34e-7070-4549-a8c0-8717ec9f9d84", "value": "T1831502AAB0F9781AF6A943BFDA801C37EB3D6090CB95F8474D1151B65A83A0C9FD3434", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894222, "uuid": "3a041429-4d2f-4e63-b750-e281bb772d1e", "value": "3072:gP0045DxBkMaiHaz1Gvc+U+U9PzwJOBiMF+m386OAa0szcz:gM0gDz7a5ZGvc+e9Pak7FB3DOxIz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646894222, "uuid": "a7947785-fdb5-4077-9630-212d69c90968", "value": 883801, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646894222, "uuid": "fa24882b-be81-4b60-8bbc-b0a50418d94f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646894222, "uuid": "50c2c6c8-46ae-487c-81cc-5083e5322aff", "value": "Archive.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "694c1f9c-a076-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646919097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919097, "uuid": "63125a81-de97-4668-8d8c-ffa527732bc1", "comment": "Malware payload (Heodo)", "value": "aba0832383bd2ff62a6ef309260ea4eb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919097, "uuid": "c7ce2d83-d3b7-4d9e-bd3f-c1a4547fd30d", "comment": "Malware payload (Heodo)", "value": "f187ad855812792c3fa2d9d2a4f983a7ca545d4e9d39cb4f14266bd1760af13f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919097, "uuid": "4eb81f45-0bec-4a9d-9f7e-f85006a48413", "comment": "Malware payload (Heodo)", "value": "c2ff51dbb5221c31430db7e0825f7d77fd1d0412", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646919097, "uuid": "d7efcde2-6605-4bb2-a1f9-9e361264f2f1", "comment": "Malware payload (Heodo)", "value": "3a0dacc6ea7dfaccd853ed11560feb364fc8a7b5b3c7a00cb8653f5f2835aba87cb2bc9ba528eb74981fb349334affae", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919097, "uuid": "c88a2ad3-a722-4bf7-98b2-04e9f8fa80f2", "value": "T1CFD46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919097, "uuid": "0672c3ac-9cdb-494f-8700-6b5c371a32ff", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919097, "uuid": "4a5a97b0-b0d4-4614-9fa7-9b9acfd85fcd", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAa:WRO5DDUmhnspspsqi022/OByw+iVifMX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646919097, "uuid": "7222691e-5aad-4964-ac8a-4a4258cfdff0", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646919097, "uuid": "e7bdebb5-7a5c-4c12-9575-4516e6c3b4aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646919097, "uuid": "fa7367b1-6ed5-4996-8600-0c1244f9f3f3", "value": "aba0832383bd2ff62a6ef309260ea4eb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bba142a5-a05b-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646907639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907639, "uuid": "13b8d61f-d54d-47cc-adf9-86f9b21b6344", "comment": "Malware payload (AgentTesla)", "value": "d2aacbeb1f6cae8378d58992879a8def", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907639, "uuid": "6830e55c-0d6f-43e9-b66e-372c3cba4c4b", "comment": "Malware payload (AgentTesla)", "value": "f2ec3f96dd5e6825cb63d798455c7b587fc1c4ae2b56accb606f0ecf0c40d597", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907639, "uuid": "69d461d8-ef95-416e-be6e-57cdf0e2fccc", "comment": "Malware payload (AgentTesla)", "value": "db3fc9fe20871be9e447df7a5995ca8b5453c6ee", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907639, "uuid": "2b72b5de-7bf1-48c3-ad0b-a8d23810c403", "comment": "Malware payload (AgentTesla)", "value": "48379a8f282ed882398248eb220e9e4f4bcfe09a1bffa15cb8216b60d0a243dc7730500a8d580120bf904573bdc813b7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907639, "uuid": "a35acc0b-27fa-4258-9b73-37cc19307d7b", "value": "T1A02412007A209658FCD255FDAF33D68E31F8FC945A456E922909FF6A627EF5F4480238", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907639, "uuid": "79172b05-5fa6-49e2-a4c6-4cc5de643810", "value": "3072:1JUlKWyJD1grtRAySZ9ey+WNeTM1mo0mbtgYKgLUEhkfLhYJUvrjeeaokvtshmg6:AaDChyP9ey+nCmTmRFKgIEhMaaToFg6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907639, "uuid": "a019a912-a4f0-490a-8a46-2ebb8e59ea15", "value": 218856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907639, "uuid": "aa987a5b-b966-4583-b287-65f2a8078e7b", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907639, "uuid": "91b6b417-872f-4987-b9f1-7edc7055a778", "value": "Arrival_Notice.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26275acc-a05d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646908247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908247, "uuid": "591d9345-8d41-443e-825f-1e1718551a1e", "comment": "Malware payload (Heodo)", "value": "d13e1268970b17e3fa67c9276362804b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908247, "uuid": "52f3aada-5abe-4bfb-a768-5d9d6f0e622b", "comment": "Malware payload (Heodo)", "value": "f319146f49a1f94f21e83729ce5f8a8771fe9e19c93739422cc846c7e5f69fd6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908247, "uuid": "5477c1b9-345c-4cf1-bf47-792b784fbb9a", "comment": "Malware payload (Heodo)", "value": "ef520f49991eeca440056980e9a501f5a72c5d4a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646908247, "uuid": "4c28e0bd-6192-4d26-84ff-c65328d07606", "comment": "Malware payload (Heodo)", "value": "c7bf480762b869a01809b0e2c2fd8f292ab70f14edb289cfc17fc4e31b54d39f8025337b48deec8e61afab1b95c67141", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908247, "uuid": "1f10de32-11f8-4735-9281-7a8215d6b705", "value": "T1B0D46B2271DE4073DC9A107C0811E59FD59EF978F627E84FA298AEAD2EE13C94534F09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908247, "uuid": "afc22125-1ae7-4d7b-8e6f-fb7276e94831", "value": "53dedb5b7ba9393b690bb5ddcd3da470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908247, "uuid": "61eeb677-3fa5-4ee8-861c-d0bd22bb43ae", "value": "12288:PeRO5DDUmhnspspsqi022/OBywMbiVifM3SD2tVQQIggVurxFbVCCKUggfArArAV:WRO5DDUmhnspspsqi022/OByw+iVifMo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646908247, "uuid": "d1cf3513-14f7-425c-87a4-e9faa2167b15", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646908247, "uuid": "e7860ce0-6b5a-4ea8-a012-0f050e7fa4c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646908247, "uuid": "d8e311b1-7bba-4573-8562-de0a2babda67", "value": "BrzR7WpjEbb7nktG.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7df2550e-a06e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646915696, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915696, "uuid": "42002454-7698-4a64-88fc-9ad037f9fdcf", "comment": "Malware payload (Heodo)", "value": "a8ff3639a46cb6bced180f96bb4d8f62", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915696, "uuid": "04e4627d-477e-4bdf-a48c-7e5e0788acaa", "comment": "Malware payload (Heodo)", "value": "f4d5d13ff11cd35241d0f432c00708deffb565b723fe27b1c17fbe3fa623fb80", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915696, "uuid": "7f5e5cdc-9875-47ab-82d9-73fad1e1b46e", "comment": "Malware payload (Heodo)", "value": "83d1f29642b342171711b65e3838e822104c7053", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646915696, "uuid": "34cd03c2-906c-4e4a-8e6d-ac1a5df135b9", "comment": "Malware payload (Heodo)", "value": "d2e62efbc4b6e1b3581ff1821c9fd68b6490aa0df5526cc2545ececf6d498b928d6e9fe0996783a9d588afd8b536c60a", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915696, "uuid": "bacb5b75-56cc-4ccf-99a9-caa8356cc270", "value": "T14023D01CE892B92DD3329D78C51852F4A60F23CE5054B16B1684F20D7F4BAE7478FA5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915696, "uuid": "bbfb64e4-0c1e-4858-80f6-b837418c41cf", "value": "768:y1kICkZNRvmHazrfRmUOcIIGq9hqN6994E3ewNXz8OP6AQPHWZinVd0VhkhB:yKItBvGazLRYIzhqOisNz8OP6Tein0Vo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646915696, "uuid": "b31390ab-a23f-41d6-be15-6d89116cb585", "value": 45763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646915696, "uuid": "bd2f29af-26b0-4b1e-8bf3-f4425e9306c7", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646915696, "uuid": "8b595087-8057-40e2-8f5c-6714be405f65", "value": "Notice 3562596.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5c3d57c-a093-11ec-9275-42010a9c0029", "comment": "Malware payload (njrat)", "timestamp": 1646931734, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931734, "uuid": "c938368e-0d81-4329-96de-da21af576901", "comment": "Malware payload (njrat)", "value": "b01dde946c92d5dfdbe9b98e7175ced8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931734, "uuid": "9166eb53-0d88-43b4-967a-8dc6799b40dd", "comment": "Malware payload (njrat)", "value": "f5303df68c9bb51a1f92b9ac511cf3aceebc7cf22e24c9c9c4facb14986676b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931734, "uuid": "a1e4b60e-9a7b-4883-9a92-5092fb3152a6", "comment": "Malware payload (njrat)", "value": "d20e8fa6784b09064e18b04bb8ceec746a6bb4a9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931734, "uuid": "927977cb-a00b-411e-b666-a0c6fe71ebce", "comment": "Malware payload (njrat)", "value": "7c5c20de185d408ae84f30db986f7fb8943e8330c92a192e09ca248652bc7a076946514355f8d7b2dba4242dd110319b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931734, "uuid": "ccb5932c-28bc-4887-a4d3-595199e41674", "value": "T100C2E72D37B68232D2EE067F4562EA5043B5E54BF223FB0E4CD954DE4B1B3860A41EE5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931734, "uuid": "25916a9c-2523-448d-a5d1-c7b9c8485c8d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931734, "uuid": "0e763903-e77f-4b4c-96bf-9acfccfd687e", "value": "384:vL8MXFWP0CDZwnXmIQXkj90jEwmFterkSuldsP3NBa6Mo7AQk93vmhm7UMKmIEeY:DwRICoo7A/vMHTi9bD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646931734, "uuid": "18086fad-7301-486f-af9d-7f7c60ae4be2", "value": 27648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646931734, "uuid": "b5ca3885-c930-4c11-9b1a-1f14c2a7ab87", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931734, "uuid": "ee446ffd-4317-434d-9926-b6004212b078", "value": "b01dde946c92d5dfdbe9b98e7175ced8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6585ecfe-a0ba-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646948296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948296, "uuid": "46e4429f-5a31-4a20-a14c-fbd94df2d8e5", "comment": "Malware payload (Mirai)", "value": "04ba8139f5298c506611a8094cb875e3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948296, "uuid": "ab4e07d0-8ce5-46a3-9e2a-8bd6eeeea54a", "comment": "Malware payload (Mirai)", "value": "f5b0a2ec0ee62d902ca58c93f0fa66db8f6776a5bf430e571fd39b972ccb9185", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948296, "uuid": "477ed7b2-a864-4a1c-b050-7b59082aaf83", "comment": "Malware payload (Mirai)", "value": "3029a7dccd8fc7e3a65f34d8f56881b8dfe10a72", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948296, "uuid": "b67e397f-a193-43b7-a96e-1a7f6dfc24a3", "comment": "Malware payload (Mirai)", "value": "2bcbc72e290e1bb1006ae362b90128fd9977d12eb982339cbd890e56bc6defd4e9b1d2bad289b25e11bfd75e7b4d1b67", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646948296, "uuid": "aefb711b-a104-49b8-b5d1-3942ff908d98", "value": "T1B6B2C0B17011F8A7C7A100B79AEDDB83FB800AF890E873395469199DAAD5D42AAF1107", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646948296, "uuid": "5382542d-3e6e-4bce-9daa-a6562f89854f", "value": "768:/X9nxn8o9wnBoWzEQf2EjKb3pjkn4Ps3Uozr:/tn+o9wjfBAZI4Czr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646948296, "uuid": "16f38fdd-5516-406a-89f4-c35aec3c92e0", "value": 25012, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646948296, "uuid": "794e9e7e-8ba1-47a8-8113-a57b85247b25", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646948296, "uuid": "1d074818-a366-479a-8d25-7b3f84ded38f", "value": "04ba8139f5298c506611a8094cb875e3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e393eb9-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646907026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907026, "uuid": "3a590556-d010-4566-8871-92ad70f2e4fb", "comment": "Malware payload", "value": "84e56d122baaf386d664e1d8a870fc11", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907026, "uuid": "d2e12642-a8ff-4f74-ad95-1ad4036d5502", "comment": "Malware payload", "value": "f5b21463a182d5debd6033dffed7722e261516b5b0e86dc629b8fc8a487bcdff", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907026, "uuid": "b9a05fcc-49bf-43ee-bfa0-3aa1f430a134", "comment": "Malware payload", "value": "c99631d6b470727819800bd97cbe80582c019923", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907026, "uuid": "f6c47b89-6949-4f12-9cda-0a2f72f6424c", "comment": "Malware payload", "value": "608f987aa6d98e5adeecbe9ffee4061d158e4fcaa706b4c8bb6842df005bb00bbde5adb8e563821737f19eeff9f56e7f", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907026, "uuid": "443d481a-9ccd-4710-9ff3-87c25cf34ebb", "value": "T112E56C23F284A63EC56F1A3A5537A3549D3FBA6165229C1B1BF44C8C8F364813B3E647", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907026, "uuid": "d402c014-2af6-4a0b-bfc0-6510cfc69a62", "value": "49152:6ed0u8EF2nTjpYSERv+YDH531s0OeG1HiTx9BGYS3A:eFn45qHeBGYOA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907026, "uuid": "fc4dbf9e-05c3-43d0-a3ae-b3d17e2a33d2", "value": 3251712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907026, "uuid": "9e41af6e-eff8-4dea-b60f-3d52f4204335", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907026, "uuid": "27228b5c-5bb3-4d33-a7a1-4e85900915b0", "value": "Arch.EndesFact2022.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d34b53c1-a0bb-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646948910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948910, "uuid": "1168e59b-1f17-438d-94b8-8fe376ae6ab1", "comment": "Malware payload", "value": "525b4377b31f7888feaa2e4c6dfa2fc8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948910, "uuid": "a3ce92e9-31eb-47fe-905d-4ce597df7e91", "comment": "Malware payload", "value": "f5e9384eb694ebdf4fe35e2b0566346327dd808165cb641f4e58455bd3910001", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948910, "uuid": "9005b212-f48d-49a8-b35b-7c319497d49c", "comment": "Malware payload", "value": "8ed246f4deedd65a3504ea641026060affe3daca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646948910, "uuid": "dd0023c8-535d-4ab4-86d4-92e9b2d849c9", "comment": "Malware payload", "value": "abb2dd413ab79f2f884d49978a5fe74c81e92d17f7fb79494e93b7f5ef4ef90e82873416c998a3e863681151fe8370a8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646948910, "uuid": "327bedce-c698-47eb-bf3e-1e2f63e65201", "value": "T164F4019D356432EFD85BC8B2CFA82CA9EA60747B831B4113D01715AD994DACBDF250F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646948910, "uuid": "a3239ff7-7591-433e-9d6e-cbd115fa7a8b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646948910, "uuid": "1a6f34b1-00ff-4028-a016-83f2a589bd87", "value": "12288:JxefD0S0N9jrVKzWn7hOtksNq+pPaRH1npTrq++b6a+e2LAziKwP/a:Kwp7YU7hOtB0c+VVraT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646948910, "uuid": "d42c2723-cb91-462e-9f69-c7186ad2858c", "value": 737792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646948910, "uuid": "9d3775d0-aefb-4edf-8c88-049fcecc64df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646948910, "uuid": "05ab42b5-a47d-4318-99f3-bceb96217528", "value": "YQej5ECHOEK6FA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d13d8c6e-a06a-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646914117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914117, "uuid": "e4cd61c2-31fa-498b-869d-e8a07586ccaf", "comment": "Malware payload (Heodo)", "value": "be1cbd622b17c0d50324052e81aaec3c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914117, "uuid": "c1d2748d-16a4-4979-ae89-92d3b5a3e13b", "comment": "Malware payload (Heodo)", "value": "f5ed4bb6694be4236e1c91460268e326114b68c2cffb2bb69d777cee62939784", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914117, "uuid": "dfde0c06-45ff-43f5-969d-00c3262cc2d9", "comment": "Malware payload (Heodo)", "value": "c1f5b468c69f4439b7ea003acdbd7841929772e4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646914117, "uuid": "eddb9eb8-5ad5-4c63-9321-a41c36e9abb6", "comment": "Malware payload (Heodo)", "value": "363fe6c1fff575c7fcadad85556daaaa45601b06d5ebcf55d2db3c45eb3b9289716fd5c734e17a9dc6d1b5fe0920bb1f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914117, "uuid": "d62d0f1a-91c8-4bd6-85e7-02fc7eb43299", "value": "T180156D113781C036C11B3C3286AE937E62EA9A314FA5E6875F9475BD8E345C2DA3DB06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914117, "uuid": "74b8bae0-a27f-471c-b5c8-9417fc634f4b", "value": "a517173f90c43414bccc160c37653529", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914117, "uuid": "1ad13b16-f690-414e-8690-beeb66fd64b5", "value": "12288:4mZ2fbGh8Nggu3uTkIKD56pInvq0fPJ7/2fdwVW4SbPje88koKiaCx:4Bu3uT5KUpInvPfodwVW4Sbf8kiaCx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646914117, "uuid": "69256f75-cd4f-4cff-8130-023527e9f2f3", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646914117, "uuid": "fab032c3-e2e8-4cea-9352-6a53529aed4b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646914117, "uuid": "30926acb-d453-48e7-9b97-809ad1a15548", "value": "be1cbd622b17c0d50324052e81aaec3c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b649625a-a012-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646876276, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646876276, "uuid": "e1fed0e0-f6be-47df-8e05-765020128d43", "comment": "Malware payload (Formbook)", "value": "f54d03b318c791e8bce6efd33db325fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646876276, "uuid": "1cf83a7d-9b47-4909-b544-c8e8c416fc8f", "comment": "Malware payload (Formbook)", "value": "f6eded82cc4688c6e98c3d81abbca12aa49417af9ce3ce29cbcbdab0bcaf741a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646876276, "uuid": "b1ed2c18-9725-4d72-b07c-640109aa9e86", "comment": "Malware payload (Formbook)", "value": "692afcf6dc530837acb7a49d60fe59862642469d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646876276, "uuid": "5767ab68-2b5f-4059-aafa-c80211427dc2", "comment": "Malware payload (Formbook)", "value": "b48c169257602e85e6dd1784b3f17e6f08997edf26d3ebc4d1436d7ec835622fae9c629bb752e26e6fee3057a7563053", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646876276, "uuid": "db386243-964a-4f59-ae5f-5caca6fb3af1", "value": "T11B8401027DC1826FF59146711B63DF79F2791CFC3A9678234B64BEEE2E362C24612119", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646876276, "uuid": "3b40ac89-eb78-466e-86da-f7debb4c9517", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646876276, "uuid": "a62020a9-b72a-4b7a-8b12-abeee3e87f74", "value": "6144:TGiWTkWZGJfYquI3CYrS/B/5TqZRVyLmEBWML+iBez0orWf69qQIsaIjzU1be:KTNZtUDup/hqZ6mod+iB1oSfyYsaIvU4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646876276, "uuid": "d8a0bfa9-c92e-4e20-81c4-70d9c780ed71", "value": 383142, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646876276, "uuid": "575fd587-3aed-4c5d-a820-b8623b0dbc30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646876276, "uuid": "dce79473-e457-4859-9bc1-3441a98d1601", "value": "Purchase Order SFOWRN5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2078bdc0-a047-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646898788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898788, "uuid": "154bf805-c8a2-4913-acbb-4e6175124a03", "comment": "Malware payload (Formbook)", "value": "7a9bad9d95cedbf02cdce65d63c12d39", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898788, "uuid": "52e5ed16-3da2-441e-a5dc-470c6f68d29e", "comment": "Malware payload (Formbook)", "value": "f72d7e445702bbf6b762ebb19d521452b9c76953d93b4d691e0e3e508790256e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898788, "uuid": "f9006133-cc10-42d8-9192-08d1176755ae", "comment": "Malware payload (Formbook)", "value": "f433853bafa04eaa43739cfac668248554a7f4f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646898788, "uuid": "c3005c26-0e39-46d8-b4f0-c14d3376ac51", "comment": "Malware payload (Formbook)", "value": "84a3963f46d87a52a99c54573dcd84e383d103953bfc642ef87c5ae30b7da8f64999085aa979538985143e9805f49760", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646898788, "uuid": "d4b4e1a9-b028-4c03-bdbf-0f563ba73daf", "value": "T1DB459E62B3914937D5731A388C4BA3A8552ABF153F28AC877FF87D0C5F796403929293", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646898788, "uuid": "6711fea7-16d5-4e32-9f73-ccb9700d8d25", "value": "f3ef87a63216dac1578ca750829fe4b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646898788, "uuid": "cbc0be4d-fa34-4f48-b11f-3d7544b21fac", "value": "24576:f4vPtIdV591Vr90+b5rdtftguklShhQ7f:f4HtutddtAlSbM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646898788, "uuid": "49cdf8fe-9fcb-4d62-8ee3-79759d2f63ac", "value": 1212928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646898788, "uuid": "3c149743-cf26-4f85-8e76-1aee58363ca6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646898788, "uuid": "3f688901-1d28-4723-a4fb-7f02f2ba0f7c", "value": "ORDER #098124669.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cd8f489-a005-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646870570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870570, "uuid": "a08b31d9-1528-4e0a-bcf6-31a38dffa06b", "comment": "Malware payload (Heodo)", "value": "f906ace31df3e17de551deff15aa32f4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870570, "uuid": "d11d9488-11ba-4cc5-9b32-b11ed8f0c3a1", "comment": "Malware payload (Heodo)", "value": "f765f6f7c3aa7865aad22a4285fbdd5422317092caed4a851c2d402f212a8d0a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870570, "uuid": "fde4d152-5711-4fcc-8326-785ef86fe302", "comment": "Malware payload (Heodo)", "value": "a82fcbe6cb24a555f6782234fc74f9eb1efc29f4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646870570, "uuid": "97a896d4-aceb-4473-a37d-c87f6487309b", "comment": "Malware payload (Heodo)", "value": "fdd133c20499fc8fa36326dd596cd08761ed63d91ef2ffc977f54226c49ca13ae88ab71351ad084caa605af889c1690e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870570, "uuid": "3facae4e-dbe2-44f3-8eab-3d89cfd4363e", "value": "T105156D113781C036C11B3C3286AE937E62EA9A314FA5E6875F9475BD8E345C2DA3DB06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870570, "uuid": "15a69eb6-936b-44d3-9c95-85056ebadab4", "value": "a517173f90c43414bccc160c37653529", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870570, "uuid": "c3b34ceb-6857-4dcb-891b-4587251d16e7", "value": "12288:4mZ2fbGh8Nggu3uTkIKD56pInvq0fPJ7/2fdwVW4SqPje88koKiaCx:4Bu3uT5KUpInvPfodwVW4Sqf8kiaCx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646870570, "uuid": "933b7e85-d6ee-4784-8086-0cb22bf10852", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646870570, "uuid": "9be571dc-4c53-4087-b34f-4b9f87fe8bc7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646870570, "uuid": "bdcc580e-9c2a-47f4-985f-c445c8ccfd3c", "value": "emotet_exe_e5_f765f6f7c3aa7865aad22a4285fbdd5422317092caed4a851c2d402f212a8d0a_2022-03-10__000245.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39bae8c2-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646906991, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906991, "uuid": "6eb49329-3354-429c-993c-2542356b7986", "comment": "Malware payload", "value": "a9e8a57d92b6f0f373472678ee70ed7a", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906991, "uuid": "39c2c903-55b7-4b8b-9a4c-061137724ed5", "comment": "Malware payload", "value": "f79d1e9f89d7a5b4112195703d457cd97ab2f77ab1b84c7642c107cbf4485177", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906991, "uuid": "624a8261-c44f-4367-80ff-30a7fa490aac", "comment": "Malware payload", "value": "0c71a58295cc495355cae0b6515a0dbd3ee0fc60", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906991, "uuid": "72bcbb7f-48df-43f5-ad72-99adfb32ffdd", "comment": "Malware payload", "value": "fad037106875231661a0b086b25583f831071e9e9c11003ecb2dd442e7d0efc8da73e88e517d296eb0659ae7ec08813a", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906991, "uuid": "de4a2550-f266-46e4-8393-91e1ed3815da", "value": "T167066D23F388BA39C46F0B7A4537A358993FBB616512CC1767F4094C8F3A6407A7A617", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906991, "uuid": "096c79c0-55e4-4558-a724-77bb06dd1ba1", "value": "49152:FDjCyJQ/hYHr3l52SuLlN/6vutBYZyxCRSTzQ1RwGYf3A:FCyJch+3pGUZCGYfA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646906991, "uuid": "32c751ef-5ae6-4794-89b9-8d91bcbc989c", "value": 3825152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646906991, "uuid": "5c302de5-f7a6-40f6-a2e2-59c2d066f4ff", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906991, "uuid": "9c4192be-345c-415c-9190-a2f2451a640b", "value": "__[mhch.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5cea85d-a053-11ec-9275-42010a9c0029", "comment": "Malware payload (Smoke Loader)", "timestamp": 1646904193, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904193, "uuid": "45faddbd-0c6c-4054-90f0-7852177a8268", "comment": "Malware payload (Smoke Loader)", "value": "670433efe42de993e9df99ebcbb083ed", "object_relation": "md5", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904193, "uuid": "4b328c1e-b06b-4867-89d6-888d1e358d48", "comment": "Malware payload (Smoke Loader)", "value": "f83ecb4f14af221b78be6670174e22434c65a49586fdbcd65f0b75df529aa947", "object_relation": "sha256", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904193, "uuid": "4bc70f2a-6f73-4ba8-bb50-bfccec748334", "comment": "Malware payload (Smoke Loader)", "value": "2d0cd33873641333b3633a474f2bf1bf08bacaa9", "object_relation": "sha1", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904193, "uuid": "9e223579-7b31-4781-8b13-3a052c3a0ddb", "comment": "Malware payload (Smoke Loader)", "value": "1afb5be74989f12d9fc1ba8a016d998af6705cf06baedec9690c0096335c7351d5ea6034f95d15486b8434776acb7f73", "object_relation": "sha3-384", "Tag": [ { "name": "Dofoil", "colour": "#47EB3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904193, "uuid": "e26569d1-65cc-4453-a22e-bf81dbfb4c44", "value": "T11C34B02276A0C432D49395745824C2B16B3F783296B5C90B77980BFD1F713E2EB7A356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904193, "uuid": "cf4b0764-0e83-4e62-92dc-54b49c9cee3d", "value": "1bd024066a86f151729fa49bd4381603", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904193, "uuid": "a0c08def-716f-4b53-82d0-18874589874c", "value": "1536:pSVZLe9wLGRHtRRPZELo6mP2kA/oXxXR33gBnpgsa8i553doq9mcTdEUHuSil5Rr:pSzRYn6LtVkxXR3QpYf9mIsl5Rg7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904193, "uuid": "6add644c-6faf-4e14-b0ce-e78bf97500a9", "value": 238080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904193, "uuid": "ff607bb5-d90e-4e29-a1ce-864fbaef7705", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904193, "uuid": "93eec3f6-8195-457b-a7a3-7d1c2e0a7d77", "value": "670433efe42de993e9df99ebcbb083ed.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b293d02-a054-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646904497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904497, "uuid": "20bd660e-9848-4e10-b56c-9540d7e07739", "comment": "Malware payload (Loki)", "value": "348109ddccb0913b12d5231c7f7dabf7", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904497, "uuid": "a3211fa5-f57e-4523-9273-d0a13139f22c", "comment": "Malware payload (Loki)", "value": "f891a65f3eea3d09a94bfb0ca54c7703e5f87df9d3cca6e41ce0a6c3eebb6939", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904497, "uuid": "4659dd06-7e6a-4311-a2f8-b1501adff258", "comment": "Malware payload (Loki)", "value": "6eba327e56f17d56cb9721f1375c419a8b41b839", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646904497, "uuid": "b7eaed6a-01ca-4627-bb82-3da01f5f9fbf", "comment": "Malware payload (Loki)", "value": "76dc5a167891bf5dc34ffdefd4813662353313c8eeccf0a1e74fcce83abcb8c9d557007fb8eb06279883230c57d71184", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904497, "uuid": "17ba286d-2122-4216-b450-9628cf5e231d", "value": "T17A14128D7BED498BE0B205BFDAF94F456151EF01FE640E43A232B79106B4534E9188AF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904497, "uuid": "03b627f7-1cdd-45eb-bee0-4d7c3d956aae", "value": "3072:w3PFeL+NB60d7Es4soQMr3VEa8dT2XfGdh3EoY6WEpq1+4i5pPJ:oNE0d7gPDOa8dTwOrnnWv7i7J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646904497, "uuid": "ac6c05ff-797c-4960-8328-a2258ae27f69", "value": 191192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646904497, "uuid": "51782974-a065-4a10-b1fc-01d352e7a35b", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646904497, "uuid": "2d30f5f2-b69d-4f55-bbdd-89564db5b5d7", "value": "VN22A01737.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "239a1564-a0b1-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646944320, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944320, "uuid": "0a615249-ed23-4b6d-9d0c-5944751b6105", "comment": "Malware payload", "value": "e6250e480ed13101bcbf5e207c09c105", "object_relation": "md5", "Tag": [ { "name": "PowerShellSMTPCredStealer", "colour": "#927F9B", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944320, "uuid": "d54ae452-722f-452c-891f-abb929b4064d", "comment": "Malware payload", "value": "fa87b5c4cf1a1b3cc4f4f4b6360e93fc64166f5004130b4bda28b3f86568228f", "object_relation": "sha256", "Tag": [ { "name": "PowerShellSMTPCredStealer", "colour": "#927F9B", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944320, "uuid": "9242a578-8f2d-450f-a5c9-9649ad21f16d", "comment": "Malware payload", "value": "dca72df222ac1b3adee35c70060f46fe77c7b95f", "object_relation": "sha1", "Tag": [ { "name": "PowerShellSMTPCredStealer", "colour": "#927F9B", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646944320, "uuid": "79a3f198-1a2a-4a59-9174-2b77cbe6c261", "comment": "Malware payload", "value": "c6e52aab6a4574ed1bd28b06ce5f371c532ffd82f6b46b974716f5ded1d5610e0c45cea5ff7de1ba46f62ddee27b395c", "object_relation": "sha3-384", "Tag": [ { "name": "PowerShellSMTPCredStealer", "colour": "#927F9B", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944320, "uuid": "ce152ba4-9ac6-4d9a-ac68-fd20b0c338a2", "value": "T15A316501A109F6A28870314BFDE56985B10A041705277E58D0FD85A3729E6E1B639FE7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944320, "uuid": "26ed399f-64a0-4eae-9d5f-10a233d14ea6", "value": "24:nubGnoWaoNMWZIV07eoFYxojBM6pMKcCZNLEE9+rDpL79BDtS9dCdx2jdCHptNfH:nNoANFSV07eoFYqjBbpMBCQFxVHL2jMT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646944320, "uuid": "58476e00-bb8c-47b1-b635-c8b94bebd122", "value": 1529, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646944320, "uuid": "20fad95b-33ee-4aa8-a454-7ab598ba4adf", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646944320, "uuid": "d4a965e9-5392-4f96-a76b-bfcd9f9611c5", "value": "Nhks4giM.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ead191fb-a09b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646935206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935206, "uuid": "8f5efa07-236a-4c87-8b84-e990b47ae2ab", "comment": "Malware payload (Mirai)", "value": "4402375af2dcf877e6df88fcf413bb23", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935206, "uuid": "2236b76f-08c9-4df0-8a3d-933c783be997", "comment": "Malware payload (Mirai)", "value": "fab16cf8d6979f5b954c09a8ca34aaa7cc5cd8d3503b2e150e8329634924e9b3", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935206, "uuid": "1e686143-7137-4130-bd21-e07d15340632", "comment": "Malware payload (Mirai)", "value": "150500ce0975a16f5474a5fe78495289ba9deff2", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646935206, "uuid": "73e63f58-c8d1-4405-bc79-dc8c655d62cf", "comment": "Malware payload (Mirai)", "value": "f840c0d7eb463937d3d4b7def08765a50b84621be20f36ed1194972cd16fd26747f41a93a6c119e918baa530df5d63d4", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935206, "uuid": "1d3fe1cb-3fb8-41b5-9fca-cf603c390423", "value": "T12F430752BC818A16C6E0527AF92E85CE3B2123E8E2DF73079D211F6176CB41F0D67D96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935206, "uuid": "2ef49743-33f8-4ed9-a4a4-462a16f0270e", "value": "1536:Q64i29YzaK1r5mTPAzHcEe7x1suV27c1hMDHs:Q6ia7du1b27Chq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646935206, "uuid": "bd1c3ae4-eeb6-470b-b267-47ede2bc1884", "value": 60444, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646935206, "uuid": "272e86b6-adcd-4682-aa7d-879c90ebbe2f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646935206, "uuid": "2a863269-967a-4d8d-a221-66d7a0e1ce79", "value": "mirai.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d72ebf9-a02d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646887804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887804, "uuid": "2d03fb35-8d7c-4dca-8e95-c2f69aa4c0e1", "comment": "Malware payload (Mirai)", "value": "fed6a8928c4c47301b1161dc4ea06929", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887804, "uuid": "a49e8a10-f563-49bf-bc2a-235c76d98bf8", "comment": "Malware payload (Mirai)", "value": "fafff55d6a6e789f8b11ce3498daee716347195a4695f086b31879b30fb2f878", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887804, "uuid": "04bc6637-4132-40a5-8a8c-9116ebe58323", "comment": "Malware payload (Mirai)", "value": "4d534a26868285fae002cbd7d886915a1e08d1b7", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646887804, "uuid": "32cd74a1-df53-4c60-ab92-0d636e987638", "comment": "Malware payload (Mirai)", "value": "3ef890e3806d5715db17fc35c71db33e6918ff11921393522546c14d8d5fa73d2ce0ce54b959286882f9c58ea2603ffa", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887804, "uuid": "c7847dc7-6f09-48f5-ad06-5b05b5b7418f", "value": "T145133995B9818B07C6C152B7FF0F828C772613A8E2EE33039929AF11378756A0F7B555", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887804, "uuid": "441de3ea-dbbe-4c33-bf7c-78dfd9514fc9", "value": "768:yconctd7eTgwP//D4T49MwDtHSc0eHHD5BTppVSvWv9YKTI:BZtdq8wPkdwfVnD5BTHEWv9hT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646887804, "uuid": "51c72a82-f804-4740-927a-186d88d20a9d", "value": 42696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646887804, "uuid": "27dd004e-76b4-44c0-973b-97f3f751e160", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646887804, "uuid": "3c3d6657-2759-494a-9ed2-df4e41c84516", "value": "WW9mdWthc2hp.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5610659c-a04a-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1646900167, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900167, "uuid": "4578f365-2a47-4df8-b0bd-f63785b34178", "comment": "Malware payload (Heodo)", "value": "9df0e6caf4b66ad8b0f2a1f13f4e2ee1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900167, "uuid": "0f359a1d-3df6-4db7-abd3-16c5ec9c3316", "comment": "Malware payload (Heodo)", "value": "fb15a075b0a2b3f4e8c0fb1a61e5268ab8ce9274b2434105d6efb52f31f32753", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900167, "uuid": "2eeb21ae-0d0a-4e69-84a9-64fd3ab84a65", "comment": "Malware payload (Heodo)", "value": "cb5582fd6b495c063182fcd2a9d10c6b4bd3e91e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646900167, "uuid": "f81bf486-cabd-45b5-8782-f84e04ecc2d6", "comment": "Malware payload (Heodo)", "value": "dcdc01807831f6bfca73eb074a6ba74b169ec3e1c05db8e9c3f9384785d651c7da407b50b9f81b92f3d55983fe3b3a40", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900167, "uuid": "9dae1197-f5ba-4c73-81ed-9fdba3e7033c", "value": "T12D158D5077C1C0BAC25E31B80926A37952EDB9709B3897CBB7D45ABF6E740C1993831B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900167, "uuid": "276264e5-ebf9-4b22-b326-a0e31b6ce1c9", "value": "cca9170027b8a1c09e4e49e3efdfdd6a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900167, "uuid": "fe85c034-3afe-4cd1-b9e9-ac3dbeabdeef", "value": "12288:JzpSPnEifD6xu1XRiTFIy30ZKm0XksD12m14x:JzpSPdDBQTFIy3mFWka1/mx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646900167, "uuid": "8e876ad8-f1e1-4132-b96d-cfa7e496718b", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646900167, "uuid": "dc86c154-78f5-47e2-a3ff-70a95611f549", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646900167, "uuid": "950721af-4496-4be1-b62e-ba305e043752", "value": "emotet_exe_e5_c0e4bc68a17f83c6ced93a095401bd8f7b3a18086107bea905c2b45f83a2dc42_2022-03-10__081602.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "febcf38a-a057-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646906033, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906033, "uuid": "b35e1e20-846a-485e-8a50-d2e1758c3cdf", "comment": "Malware payload (AgentTesla)", "value": "31317fefb20feaeb678bb668e9e9360f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906033, "uuid": "7d83478a-faf6-4eef-b90b-4d390ee57e34", "comment": "Malware payload (AgentTesla)", "value": "fbacb89eed477a112b4d97e76f9ffe958a78e8a116742009c467a5de11cd7c8b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906033, "uuid": "db5f677c-21e6-4be6-8269-5e7110f77b12", "comment": "Malware payload (AgentTesla)", "value": "892521633dfe9f1728adc10e9f6078a1dded4bdd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646906033, "uuid": "de1b5ab3-23d7-4f23-9b6a-3ae57c9670dd", "comment": "Malware payload (AgentTesla)", "value": "1271417be12b9d6ec0b381495c67a1d40f04aecd81e0a779a6e8f3f18d135dce22d55a89814480f02a22c86eebe9dd42", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906033, "uuid": "23cc17a6-266c-4fb8-84c6-dbeeff601587", "value": "T106F45AAD326075DFC867CA72CEA81C68EF90747B830F9217905715ADA96C99BCF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906033, "uuid": "625496ab-1fad-419e-8617-b580a00ca689", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906033, "uuid": "7a822645-41c7-4e34-9d5c-9f25f15fe51b", "value": "12288:/r3UVJEEEEEEEEEEEEEEEEEholUI8s02K/HhVmfBDIdAKmcHLJqmlTmlovGW77eO:/r3UEEEEEEEEEEEEEEEEEO2U02WDAKm7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646906033, "uuid": "72410169-bce7-4d05-9b2d-656d84f8abb8", "value": 723968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646906033, "uuid": "b67a1934-008e-4fe5-892a-21e703ba6102", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646906033, "uuid": "94935188-28de-4a0d-a051-8ff14e629755", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "692c8e26-a056-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1646905353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905353, "uuid": "f2a40bbe-4bcf-4f20-a375-4f84dc73d385", "comment": "Malware payload (Loki)", "value": "b1fa6136696b36a91dfeece883e795ba", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905353, "uuid": "d8b649ff-5bca-4989-b842-3a6e0c4d8e52", "comment": "Malware payload (Loki)", "value": "fbdcbbb2f548a408f7299a7e470e18e513c9ed42a48cdcb118e357a9927f82f2", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905353, "uuid": "87e9f76d-f797-436f-8cc9-aa530656cf34", "comment": "Malware payload (Loki)", "value": "3d38986799b8a6e5e24c9b812deccce37b0c5ac8", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646905353, "uuid": "0fc8f972-dbca-4675-a2fe-43bf85f52247", "comment": "Malware payload (Loki)", "value": "21f952cdab404d3b6bc3f0adaed6938526c6329dcc2eebf4f8bc372466ef89eb421d1c41cc426e07da998aec542d6ea3", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905353, "uuid": "1ef44124-f54c-4a17-9924-4336a31db1ed", "value": "T1A614120D7A4D8705C3BE0F3A2D299B3006CAFE15F95D018630BE325895B7BCB356B59A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905353, "uuid": "e7fdb0f0-e577-4483-8529-5150173f93c8", "value": "3072:E+KwNJxnxsc6kljaAGxSC8heuOUEZyWyzbadBeNUcuQZh7ed5ltY3vzmGzaL:fzjnxF6CeuOUuWad8NWQ/U5vY3vi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646905353, "uuid": "27a45543-2b04-4a19-bd4d-a950be74dc0d", "value": 190616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646905353, "uuid": "9fabfce3-747f-4322-994c-d9e264e60933", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646905353, "uuid": "85e9639c-dab7-4a68-851d-73a2f4f084a8", "value": "SPARE PARTS provision.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13cc50dd-a035-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1646891036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891036, "uuid": "36fad6ce-4e67-4a16-8411-2c20a165d110", "comment": "Malware payload (Mirai)", "value": "3126f4405ddcfe159b0a78795f378d96", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891036, "uuid": "ca989d4e-7634-4d3a-8fc2-ac8f3e420ca3", "comment": "Malware payload (Mirai)", "value": "fc729bb9636d98149dcabc31427920bce6ceae990487fdd136b46ae65e708d6e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891036, "uuid": "d056c54b-2194-43cf-bf78-045c38f311a0", "comment": "Malware payload (Mirai)", "value": "3778995c6698ccd3f5192c11336300309922cf01", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646891036, "uuid": "4bc738a0-5e9b-4a54-a359-fcce00dfe7ba", "comment": "Malware payload (Mirai)", "value": "1b70b938368c80080b52d0e75dde392507bca9141ee02c9738db4d756edbd58ea7d09bed0b6244b712fc7d19d35afda6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891036, "uuid": "c8e19046-f390-44bc-83e2-48d95639c23a", "value": "T1F933E706EFA14EABC86FCD3345AD0B4235CC954612B43B7A3574D438F25A98B4AE3CB4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891036, "uuid": "b26d4b4d-af57-4cd3-a1b2-aed4e1204ea3", "value": "768:dksJO2mtevqgYE6eqleJwVfTwQhdHUhiIRghD0hpXiFEYMY1eF/v/dUTcYYK9I1N:9mmqgSjlqD6vQUiY16/NGvh9C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646891036, "uuid": "cafddcb4-2e19-4f6b-8211-8cc53a28930f", "value": 52636, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646891036, "uuid": "cd24b9ce-8ba1-4487-91c7-f95dadd8ad06", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646891036, "uuid": "e4debbb0-1761-4cd6-8ed8-685abc19df26", "value": "3126f4405ddcfe159b0a78795f378d96", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc77e4af-a062-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1646910673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910673, "uuid": "8080a8b3-3187-4409-a068-75b882e3a5ae", "comment": "Malware payload (RaccoonStealer)", "value": "503cb3a027cd593a651b07f3b5206221", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910673, "uuid": "3751839e-d6c7-45b2-b03c-113e741cfee3", "comment": "Malware payload (RaccoonStealer)", "value": "fd27b423af903ced7fb330011ba124b59b60cbdbc64b533132a22ecf983a437d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910673, "uuid": "5ebaaf58-a0e4-4dea-9daf-c7680a63badb", "comment": "Malware payload (RaccoonStealer)", "value": "1cbf8ca9d7179e4cd75c086b7629cbd1a7e09cd3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646910673, "uuid": "9563e380-1ce5-4010-a3b9-348090ac6b3c", "comment": "Malware payload (RaccoonStealer)", "value": "0c14af93949e706b0f8e6fc169ceb672a31bfb049cbf31770a98ddb31580f9d92000ac9127ab87909591d5f9071df1b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910673, "uuid": "143fb87a-55e9-477d-8514-bf8cfcea3a74", "value": "T170D412617B50C076E683D4B09435D2B4666FB4336BB5E94BBB29133A1F763C29B62303", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910673, "uuid": "06ee3dc0-7cee-4642-914a-bdf4a284bdc5", "value": "1bd024066a86f151729fa49bd4381603", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910673, "uuid": "e278b86b-80a6-4847-b08c-9dda96e014ec", "value": "12288:Th8Y8vazQikNVOcAwmdOzScSOYFYP6nQpJy:luy8trO3zFrQpJy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646910673, "uuid": "fd2df701-d8e4-42d4-b731-3a2a6c4f4793", "value": 642560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646910673, "uuid": "5679679e-b705-4e08-8f02-10108ec5927e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646910673, "uuid": "d77ec836-d0b6-41de-952d-4818caa1b5ca", "value": "503cb3a027cd593a651b07f3b5206221.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1049385-a071-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646917097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917097, "uuid": "3f3c5e4c-92d8-4268-b683-f9df829fa5e1", "comment": "Malware payload (Formbook)", "value": "e7fe65b757ef9bba172aa92db5bafe98", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917097, "uuid": "86b61ab1-43bb-43ad-a778-2df56eea8c03", "comment": "Malware payload (Formbook)", "value": "fd56e2246a9054a8981dd48ce0858a9dc5aa92115b0d27d1192e9005cd27f7e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917097, "uuid": "efa1d6e4-c2e8-4352-9f7f-4e1cca726304", "comment": "Malware payload (Formbook)", "value": "45ec7272878a554fc2d258d41910787894d2bc75", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646917097, "uuid": "ee563dd2-9e24-4b60-afa7-5797f9e73d65", "comment": "Malware payload (Formbook)", "value": "b4e25086255a8ef6aa89086af285e42d9c8c1b171cfd908e634520911c133f270b22d0aba1c935ee2b033c9868a80ab7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917097, "uuid": "84e48e1d-a11a-4002-bce6-27c7ce0b0ea6", "value": "T173458D62B3918837D5631B784C1BA368692AFF053F285C876BF83D4C5F7A68139252D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917097, "uuid": "a42a097c-7215-45d6-860a-ee9b56dceeea", "value": "f3ef87a63216dac1578ca750829fe4b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917097, "uuid": "7f0e08a7-ab83-4ac1-b75d-d3eab4a6ab76", "value": "24576:f4vPtIdV591Vr90+b5rdtftguklShhZ7f:f4HtutddtAlSbR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646917097, "uuid": "8ae282b7-c69e-4c83-b454-6f58c246b3b6", "value": 1212928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646917097, "uuid": "12fa11cc-036a-4e41-8346-5c35220091a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646917097, "uuid": "862544bb-f746-4beb-9556-e25da1f1a678", "value": "DOC_0292816416.DOC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5e3960f-a092-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646931305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931305, "uuid": "44b95da6-ef43-4191-a96c-f38cf21bda96", "comment": "Malware payload (Formbook)", "value": "4fedc673e4a3fbf168c71b0a6e4a8303", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931305, "uuid": "1778ae38-b76a-4483-ae81-2735ec56d265", "comment": "Malware payload (Formbook)", "value": "fde58c8e44d682a5859d2666c413bcc1e70fc85d3e2ebeaa1fa9a524b33e3568", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931305, "uuid": "8410f0d3-624f-49e1-ad13-dda2fe8d664e", "comment": "Malware payload (Formbook)", "value": "85cf17881d0811df03198c37e19c3a520bba3da4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646931305, "uuid": "d32ded9e-8fa4-4e71-b7bb-8f31a35f9567", "comment": "Malware payload (Formbook)", "value": "52a31ab76473a1bc5ed5df124ac5b77226a33b547c8b118f02c4411ca4daa544fc9e32ea2da30310c10034a0edada0be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931305, "uuid": "0e89f07c-745f-42c8-afdf-9940991fb25c", "value": "T17DF4BEF0EE18977EED14723BC0A819700EF5598D3411BF5A928D01DE0A6BECF58E652E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931305, "uuid": "f87ad5d3-6d2c-4324-8135-9280918c8888", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931305, "uuid": "0a1e9c2e-27fc-45b6-b550-5e056481e1f1", "value": "12288:ox+5fgdXc6RMUbH7aBQNMm4Zi9GD39h7l5sJe9H8pzLkC373wepeY+syg:oxy4VL7aBdnHPsJe9HqXEKeYIg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646931305, "uuid": "3e32c25d-8ca0-4385-9541-d80fc6aab4df", "value": 791552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646931305, "uuid": "692d747f-4e06-46b1-a2ab-50027f46fe78", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646931305, "uuid": "6d89f446-1574-4189-85c1-4b8843b14eda", "value": "Invoice31022.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1b0fcdc-a078-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1646920104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920104, "uuid": "d264247b-2c05-46b4-bd09-8e648af1879b", "comment": "Malware payload (Formbook)", "value": "349efc7f5785ab4354b2f2170625fefc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920104, "uuid": "1b2717bf-13f0-40d5-bf53-5d44421dc158", "comment": "Malware payload (Formbook)", "value": "fe33b33180603139db5159571d5f6ab50eb7b1f933751b3172ce45af2adb3d42", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920104, "uuid": "fbd018d4-1e1b-401b-80d0-b736148e77ec", "comment": "Malware payload (Formbook)", "value": "c8f1d0ecaa961f39b112714016446122b4d8d9f5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646920104, "uuid": "58f797f6-693b-4650-aeaa-4d0c54e45004", "comment": "Malware payload (Formbook)", "value": "6dffa761cfc2dbea442b61775a0c7f216353c5c80eec08c7674b89a0b2cc9823803dce62a591974c3c21321dedd5e1d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920104, "uuid": "35f2d4bc-372c-4954-8b14-c4eb5de63534", "value": "T12B8412C36CD1A973DFA006F015B757A7CFA90F08942D343A4BACFD6A7E3A29A8C15550", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920104, "uuid": "28e5a508-2624-4126-8a36-e6385ec943ef", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920104, "uuid": "966bd59e-a44c-466e-a558-e9e04e5d9916", "value": "6144:TGiISz4JgUKS26KyD5+KLishjV3W0H6lgcU6TvB1jEh6J+PlE5cTP3fUP9VUcpLD:3Hev5RishjV3WQqU6TvBda6J+PnHUPHb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646920104, "uuid": "cb5771f8-f6f4-4852-a50b-22587495403f", "value": 380553, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646920104, "uuid": "aee0b533-1122-4cdf-bdd1-170e36b4b85d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646920104, "uuid": "9c1fb061-6b6d-464f-8d14-ef57b011cfa3", "value": "Swift Copy 3102022.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99760812-a052-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1646903716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903716, "uuid": "9ba8c18d-b277-41b5-b98e-c5f794649a97", "comment": "Malware payload (RedLineStealer)", "value": "80870828193b5db147d1870c6309d21b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903716, "uuid": "b4e06f6a-71ca-457e-a720-cae5bbdeb662", "comment": "Malware payload (RedLineStealer)", "value": "fe70df25ff51d307014734c458e1e530c885c23a92c2f0982ccc4ffdd343342a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903716, "uuid": "16ab57ba-5c66-4f8f-8dde-a9fe92920b8a", "comment": "Malware payload (RedLineStealer)", "value": "30040c3808ad282edfb4b59794462fe9947dfaf9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646903716, "uuid": "71d10122-e4c8-4947-9737-738099745fcb", "comment": "Malware payload (RedLineStealer)", "value": "eea50d62b300e0de8ffb3f4bda39a8ab2c03fcc299b71da7062c2bca3e92c2372d9c8553c6c85cf3b5dc781954aecf5b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903716, "uuid": "71b930c3-d292-4ec5-ba77-920c91270656", "value": "T103558E667300EDF1E85918B14956C6A005A07DADCAD1522E31CCFA1F9AF335228FF9DE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903716, "uuid": "56cc86a8-90f9-4a2a-8197-136e8b2a04cd", "value": "0f611708e16cbb24e6ea2bed85f667bd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903716, "uuid": "078d6c40-f43f-427b-bfb2-e047372a9bf2", "value": "12288:WcwFzuhO41AL2QHJJrnIcycSb6WSojGdR3Mn17IUaX+7v3/a/t4:WcizuI41ACQHLjq6WSoydi18UaXs3U4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646903716, "uuid": "6b4e866e-92aa-4485-b541-2840ba5cb920", "value": 1283184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646903716, "uuid": "4c7ae0c0-483a-4858-aa13-4003a1884728", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646903716, "uuid": "893b2eff-1bfc-4172-a722-624165f493e5", "value": "fe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40a6e041-a05a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646907003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907003, "uuid": "174f6fd9-02db-4003-85b8-85776818a47f", "comment": "Malware payload", "value": "5d1d6479a95114c5c5a2ce4ce0b7d675", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907003, "uuid": "73569c05-e31f-4313-badd-65d2f7509d6c", "comment": "Malware payload", "value": "febdc63fddeb28a43ae8133ae95308da8c834ee9d90583e7e4c7245d8ce0bdda", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907003, "uuid": "c3e5e29c-14fa-4238-9f72-3cf9c5798d93", "comment": "Malware payload", "value": "10216bca1f347f35f04b77b73e5b9e9f8d87c5c8", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646907003, "uuid": "fb5fafbc-ece5-4014-9f30-338f55ee0523", "comment": "Malware payload", "value": "cc28f611350e646a1b69d5b9a397fc2fe973bbdd24af044ced37546014fcf0395ec2d68b0243568c5572f0bd9316af41", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907003, "uuid": "2f1dfa5f-171f-410b-ac02-29633567f19e", "value": "T17BF56B22B385653EC0AB0A365537A3DC9D3F7A717A2A8C1B57F0198C8F365402B3E657", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907003, "uuid": "44f56ac8-f4c5-413c-ad31-bfe00be8388c", "value": "49152:ZgbGYEgqy5I93Wx+L9SJxh75CuVwGXUKW9FiBAOgjToH/eMbPtUA:6GYXqQ+a5Cj2UKW9dcdtUA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646907003, "uuid": "9ff25604-2bd0-4e58-b527-f1d4dd93ef49", "value": 3644416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646907003, "uuid": "544bf6de-5b18-4e35-81a2-b4d9df995cd1", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646907003, "uuid": "dd887698-d4a0-4438-ab01-0b6ed162ca15", "value": "Fatura09837748.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0679fd00-a0ab-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1646941695, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941695, "uuid": "d55e278e-60a5-408c-80fb-3101685cf097", "comment": "Malware payload", "value": "8bda6245723ab710d4d604c7753aa70e", "object_relation": "md5", "Tag": [ { "name": "Barys", "colour": "#D49C03", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Generic", "colour": "#12E30B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941695, "uuid": "a07e95e6-e3e2-4180-b75b-d532893c8de8", "comment": "Malware payload", "value": "ffb4690c459877211f5faf7934b5c8cd4803a8f58badaa8fa8c917a61b5e4676", "object_relation": "sha256", "Tag": [ { "name": "Barys", "colour": "#D49C03", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Generic", "colour": "#12E30B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941695, "uuid": "098ef76e-ec75-4ea1-8254-3498071a437f", "comment": "Malware payload", "value": "95f5e56fb6fa1ba7ec59afdfbd115e6e8a10002e", "object_relation": "sha1", "Tag": [ { "name": "Barys", "colour": "#D49C03", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Generic", "colour": "#12E30B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646941695, "uuid": "f07dc5df-eb9c-47b9-a16e-ccb4f7e81654", "comment": "Malware payload", "value": "9fa5fc559008ce905497e3f9d19ea39febc1c89d8920f37bfa0c89d2fc06f850adbf32f50a12409c7e56d3ba317e0816", "object_relation": "sha3-384", "Tag": [ { "name": "Barys", "colour": "#D49C03", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Generic", "colour": "#12E30B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941695, "uuid": "6f2f365d-9786-4688-a1a8-e8e11bec4f7d", "value": "T175D42387B90B14C1F5D18B7DB467F5DF7F2480205705CA472388CB11BAFB286AA6635D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941695, "uuid": "f767e0cf-a0b7-41fb-b720-c828b7d4f466", "value": "f11f87642badc84e7fb44e3ac9b293a4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941695, "uuid": "2c1422e1-e429-4322-9ecc-d6bf65f15c7a", "value": "12288:GsE05umZPem7nAW04hrr5peIiqI7tZXq3LFr23HppQTpROdw:hZ5u8PemjFrzpY5q3LV0HpmTpr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646941695, "uuid": "7b47d387-375f-47c4-82b2-65a0ca71827a", "value": 616593, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646941695, "uuid": "f6b36edf-ef3e-4500-b927-275135d4d71a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646941695, "uuid": "aafc1391-1ce7-41c9-80c3-04ce610a261a", "value": "GEN4676.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebeb246f-a04f-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1646902566, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902566, "uuid": "1d03aaae-a681-4175-b8cb-beb1f3c6587f", "comment": "Malware payload (AgentTesla)", "value": "fe14c85a435108fad716ae59eb70b229", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902566, "uuid": "89e57a7e-dad5-4425-b1a5-795be1bd1db1", "comment": "Malware payload (AgentTesla)", "value": "ffde6b0c44943a199cf6197dcd235c68f6d811b74d77a592cd0797a10e1f4891", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902566, "uuid": "e31aed6b-a4a3-40ca-8762-b748e36badbf", "comment": "Malware payload (AgentTesla)", "value": "0588ae07369f38e99e7e4e53e18cd383f7dea6af", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1646902566, "uuid": "6a629c80-7376-4b29-ac44-8d698e04861b", "comment": "Malware payload (AgentTesla)", "value": "a6ae2289398041ecba1d72bd49a16889bbaf425ef7fd4a98902e0ce8d4bdd44f04a5cbb3d1971fdd02440dd619af393f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902566, "uuid": "b61c982e-4150-46cc-9c82-35563a7437dd", "value": "T1DFF45BAD326075DFC867CA728EA81D28EFD07877830F9217905715ADA96C99BCF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902566, "uuid": "29bd051a-5f0c-4a90-ba0a-cc26dc88eb9e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902566, "uuid": "a78272cd-7e87-424c-ab7f-b5e65532abfe", "value": "12288:VgE2iAnJEEEEEEEEEEEEEEEEEholUI8s01N0CLckgCXoz1a+/vWhNp7LB5XVYORB:V52igEEEEEEEEEEEEEEEEEO2U01N0bka", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1646902566, "uuid": "08580184-846b-4ff1-87a2-537d6426f7a9", "value": 734720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1646902566, "uuid": "08c93859-ec1d-4c99-a989-30c5381ddfed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1646902566, "uuid": "cb4d4502-ec11-4c22-918a-86c39886fd3e", "value": "SUPPLY, INSTALLATION AND COMMISSIONING OF EQUIPMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }