{ "Event": { "published": true, "date": "2023-03-24", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-03-24", "timestamp": 1679702582, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "2dbe8f87-67b2-48e2-b1a3-dda117e321dc", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fb5796a-ca90-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679695641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679695641, "uuid": "d4a8aaab-595d-4383-9894-85682e6e2dcd", "comment": "Malware payload", "value": "a89c9ad818ee4f4cdcb5114d0f5d10fa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679695641, "uuid": "976fb518-a0d1-4001-bb0f-c6253818bbb5", "comment": "Malware payload", "value": "01407e324f0b8090467eded47a97acbdb3ef42d0f12820cd57b0bc5b87ffe510", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679695641, "uuid": "9a04d347-2220-4d22-bc11-e5e306a0f746", "comment": "Malware payload", "value": "d331d0e8ddaf4cdc0e674b2729df3cd43612c556", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679695641, "uuid": "b64f8bdf-f15a-4936-a011-aaf4177eb738", "comment": "Malware payload", "value": "313739dac9d92b3190e878d73800c328c5ff9a16d46f182a86a1bab7b24b5b3e92c87de0feadc8cf4aaf5aea554c687a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679695641, "uuid": "0fea2694-eacc-4590-8874-6875f35626c2", "value": "T1DA0309CDB7D51224D5BF66B14563D285C3F0A7632E37DB1E98C8219A2B9BE804086DF3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679695641, "uuid": "0c7a1618-ebe3-4ffb-9d79-4e816b299e67", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679695641, "uuid": "c90acbe8-3a85-4d32-8f05-de475ddde897", "value": "384:HwIjEsjDjh60TJvUAwqf3aSDmnCwRVkCN7zuPggsKx493yBtrLaWGPjxLCPOnsSW:BEmDVfvUATvHe37zg2Kd3ynDSRl/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679695641, "uuid": "eb1279be-a931-49cd-97a5-0c165f90ab9b", "value": 40960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679695641, "uuid": "efe1c6d9-3b23-4ccd-b617-4e8104b15edb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679695641, "uuid": "2903078b-6d8a-481e-9bb0-b863f9058570", "value": "bKOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3f43a3b-ca58-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679671838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671838, "uuid": "fc07dbc0-a8b0-42d1-846f-84351f847ccb", "comment": "Malware payload (Amadey)", "value": "74de6a06696c18ba946b6a155886c6e9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671838, "uuid": "7ce9afc2-c07d-40a2-acc6-023040dd362d", "comment": "Malware payload (Amadey)", "value": "01a503d1dd46bbb4e8f160d957dcc4ad008d262c641b3dc63da3066f2002c8d3", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671838, "uuid": "942f3bf9-610b-4229-89e6-7c566f36cf17", "comment": "Malware payload (Amadey)", "value": "63f0c72d0780a112a76f7efeae5429f6a6548085", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671838, "uuid": "06c851cd-c8c2-423f-92a5-06ffbba97eb2", "comment": "Malware payload (Amadey)", "value": "9be50b56493a3e0a4a129ca4883c3981dc94986f7c9a6ec1cfc615800696824a9ee42fa7fe871fc4db49ddb354a3b457", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671838, "uuid": "6f02a18a-94a7-44a5-84b0-804646eea8d3", "value": "T180252383DAD8D471CAB54B712CF6138327367CD35D78AA6B2385951D28B15E08A323FB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671838, "uuid": "7671ddce-0fd7-456e-9963-6042a9fb133c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671838, "uuid": "60d8c5ad-9a6e-4f55-8677-bd53705454fb", "value": "24576:Yy5JeDW7G30Wn9i/vZNMYsybjOKpXtWAHE5Pnd3jZn32CZjf:f+qBWnc/xNJxbKwLk5PndzR32C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679671838, "uuid": "519b589f-28d7-4535-9a4f-4bcf469a5e19", "value": 1037824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679671838, "uuid": "74137eb9-751d-4cef-8e63-df9fe947039b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671838, "uuid": "850b832d-684c-4f72-a6c8-f809b70bb65e", "value": "74de6a06696c18ba946b6a155886c6e9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67f0ccc0-ca47-11ed-88f6-42010a9c006e", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1679664355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664355, "uuid": "98d5816d-6116-4d86-aa28-66ec1fd6b2fe", "comment": "Malware payload (AveMariaRAT)", "value": "11cd657c254419a8c8ef767933aecaf4", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664355, "uuid": "1fe50e2c-ba64-4141-b6d8-82124b2a5f96", "comment": "Malware payload (AveMariaRAT)", "value": "01eec7722840af58f30e5f24fa5820a75cb3d5eb4691b0e163b3a9d3e057ec52", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664355, "uuid": "1ef72caa-d934-4bb7-ab9f-1f0adfdcbbc2", "comment": "Malware payload (AveMariaRAT)", "value": "7d8ff5a09d4d9036d023b05ed5ecb54ff466d7a5", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664355, "uuid": "a3efbe89-86ba-4340-abe1-6a7ee02b21e2", "comment": "Malware payload (AveMariaRAT)", "value": "348682e31a53fc8ff9a12cf1aff8c3f6417fad28fac1c966d231c02f6e4cb63c7966f594b0c81c4e0693ce497af46a10", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664355, "uuid": "fce8d723-c8bf-46e7-87ed-de439a2ac6c2", "value": "T147E49F26FAE08537D2371A785B0BE265682E7E313D18698E6ED00E9C5F363817D253D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664355, "uuid": "30ba1bd2-2b73-4412-807f-3118285bb7bc", "value": "5bc70cfe08c997903cb9da5ebbb2cc95", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664355, "uuid": "1c026f13-4748-4c51-9ca3-738ef9ea1cbf", "value": "12288:FEMabC8uxlpPYZcQbLcopr+R1UhLmmK5hCjhVzwUfNO1OpX36jM:6M+PklOZVbLc2rW+LIiTzwJG36A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679664355, "uuid": "639639fe-3c1a-49a2-864c-f17a6aabc54f", "value": 680960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679664355, "uuid": "db884f1e-487b-4ca6-be2e-80a958dcdc0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664355, "uuid": "b2fb93fe-abb8-41fe-a58e-6763c329835c", "value": "PO82734-736CTC21022008210.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f02ef906-ca24-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679649551, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649551, "uuid": "1c5d0c50-a9f6-4669-98c2-7aacf06d0656", "comment": "Malware payload (Gozi)", "value": "97d401c4154a474c56203c81d8e299cb", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649551, "uuid": "bf5976e4-12c6-40aa-a7a5-4e2c243a21ec", "comment": "Malware payload (Gozi)", "value": "0213971a3d402c07a26439d787bd58dcf84be64906e2e9177d7ec584fad119b4", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649551, "uuid": "cfdd5792-0c15-47f6-a5ce-b718b0573b0b", "comment": "Malware payload (Gozi)", "value": "96202e5dd5b3996f88bb700205138fb8f2ef0d2a", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649551, "uuid": "7ca10e87-5127-49dd-b400-bb73ce0cdaa7", "comment": "Malware payload (Gozi)", "value": "f73c59fba8ebf0402a26af76ab0637d69b0f57221011b6e1f40745b32e95a2b4e0eb9520f53b7ead2396b3e0144f31c1", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649551, "uuid": "613fb652-5f69-48ec-9b36-57b13ac7f7bb", "value": "T1FAF055308C75871ED62BC2FEB25A3664E6A298C89A208293AB39B3B01C016CA0610315", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649551, "uuid": "0e04df0a-1fff-4a50-a231-26ad2c201fa0", "value": "6:5jMuHXEFFjDaP5aYgHU16TTHq5NRwjUL9PYV+tT9b9bqSeEA4GFZlUbibxsl/:5j1EeaFU1sHMNRb9PYAIRFGMxst", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679649551, "uuid": "fedd272d-884f-4616-9e55-0cdfa683c776", "value": 476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679649551, "uuid": "ce823485-5919-462b-b683-7f951552ff2c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649551, "uuid": "9a2fd192-db53-432e-8d11-73102f51a17d", "value": "Azienda453.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66fcf698-ca11-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679641160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641160, "uuid": "9016c3c0-4004-4d16-8c7c-5a483054b960", "comment": "Malware payload (Gozi)", "value": "0c3f7c2aa0311bf8c761b9b4e8b33d45", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641160, "uuid": "a92adafe-a75a-4008-b8ac-82df0c76e632", "comment": "Malware payload (Gozi)", "value": "025f536aab4e91765785e1d0897b55674f217b871e2afe0dba10ad1c5a9f1417", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641160, "uuid": "410358d8-8e25-4519-b3f8-ae464104456b", "comment": "Malware payload (Gozi)", "value": "4eaa085327b0cd857d43aacffdbc7963a67523d2", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641160, "uuid": "65d56f57-b7b2-4e16-8c8e-414621cb031f", "comment": "Malware payload (Gozi)", "value": "77736d5e3cfc9e6b54fb7d547945cdd6ec0b29a3cc0856a0e3becafd3290ee57879f7c16295bbbdb83d463996325f8a9", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641160, "uuid": "3fe21f18-a317-4bf7-a54e-c2044783bfdb", "value": "T1C4C02204870D80A9C042480A9058BC08AD0EB04419EAC82C2280DA8B5DC00CADD08ABE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641160, "uuid": "3d59e0e4-0c8a-4c0e-aebd-0bdc5d84959f", "value": "3:HRAbABGQEb5oQsQaGafLlAXWkAoIvycAI9RyJ25YdimVVG/VClAWHn:HRYFJb5bsZGgu7NIvyc1yc54vVG/4xHn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679641160, "uuid": "cf6343af-dcc9-4039-8d0c-67b59c9be51e", "value": 189, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679641160, "uuid": "429bd509-7c54-47ba-ba67-2bd59fd6fd50", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641160, "uuid": "347d098f-5879-40d3-a26e-91912dbb9ad2", "value": "Agenzia url", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a09502fd-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679640398, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640398, "uuid": "e82f62ab-5696-44a7-b7ea-5bbdd933c425", "comment": "Malware payload (SnakeKeylogger)", "value": "0858268f3b83634a182ae13cce53ad86", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640398, "uuid": "6a01c790-1bfb-4010-bc73-18bc6bf5c9d0", "comment": "Malware payload (SnakeKeylogger)", "value": "02ee87012effdfa84c909b301c1c997f5ed0489c72f5cc3aa90acb9271ca9283", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640398, "uuid": "f3f5338a-b350-4a03-88aa-85a803e30319", "comment": "Malware payload (SnakeKeylogger)", "value": "1f83852f6dbdc3d5742e63d27b56ad1c5b591bd0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640398, "uuid": "82b6b4a0-d01f-4360-b212-927ec18c2540", "comment": "Malware payload (SnakeKeylogger)", "value": "895c750d3dc38de3aa6fef5a0cf78494cd3005364efd32023299f2ff233d84c5176dd7ccd27f81a936a7ee7bc9b296c6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640398, "uuid": "837cde13-23f9-44bb-9bac-d23933bc724c", "value": "T115F4DF10AEB90F71F5E4C3F51520237A13A9BB660461C5088FBA69DE2DEBF2345D0A5F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640398, "uuid": "408e3b75-3cd0-408c-966f-95eaa4b21914", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640398, "uuid": "1e426d98-001d-45e9-bbe1-bf7133127d93", "value": "12288:aZ4HZwdHvnxQXYrfLRVj2BhFGk9SznQPx/BzyP86mZEVv0g1Mf:aZwZGHvxQIRAEkUjQp/Bzk8tZEVjQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640398, "uuid": "c6394d10-9343-49e4-9085-a414374c01f9", "value": 794624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640398, "uuid": "240bfb21-9ff6-4c83-beef-de12539b424c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640398, "uuid": "54ea23c2-54b3-4882-99b4-83681c4e4c42", "value": "0858268f3b83634a182ae13cce53ad86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7d84263-ca4c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679666717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666717, "uuid": "2cc3bf69-0251-4d08-bee1-a4b85167f224", "comment": "Malware payload (AgentTesla)", "value": "b712e5b792a3708f988e4722047b9dab", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "uue", "colour": "#208DA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666717, "uuid": "5ac74b56-debd-4d72-9a9b-64f74241869b", "comment": "Malware payload (AgentTesla)", "value": "03930d16891d231b5e7fe01122a5bf279286cfb048d376f6aee83a9cbebca9c3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "uue", "colour": "#208DA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666717, "uuid": "0f8e9b73-0b4d-4245-aacd-e1464af1d995", "comment": "Malware payload (AgentTesla)", "value": "e5db04c0fff2d270d1f24ca0393d8c6b385b53d4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "uue", "colour": "#208DA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666717, "uuid": "34606d8f-4dca-453e-aefc-b7f608a3c905", "comment": "Malware payload (AgentTesla)", "value": "0a77ab06042c4478a0dd1938c4f91ce90e369f74f8b4e62fbd3f90baf6fd7861b3498955a00262f8f36542efe068876f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "uue", "colour": "#208DA2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666717, "uuid": "439bd28b-bbf4-47e3-af8c-b8bb5b3a60bc", "value": "T1EE05337B0E061F2D4326878988C0EDDF98F01092D693FE65913FAC825E9DF4985B395E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666717, "uuid": "591ddb0a-d885-408c-b3e5-b6204479b996", "value": "24576:Sc2VCckhe8VJgc3+pANdLMeaN5HvmD1NhN/:tlckhe8F+8hYNlaPR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666717, "uuid": "c8b2d659-0710-459c-9c66-79ea6d570cfd", "value": 863473, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666717, "uuid": "6b219e09-543d-4881-84c4-2fbd61674042", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666717, "uuid": "0bb020e2-ce9d-4b87-8aab-59477430514b", "value": "nEX771623605317.pdf.uue", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19922f9b-ca5d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679673672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673672, "uuid": "ef38dc73-777a-4f3a-8e6e-efd4d49c3b56", "comment": "Malware payload (Smoke Loader)", "value": "32cc1df5fe9859d67610873a8d5d7170", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673672, "uuid": "f0593a77-8105-49f6-9f9b-75e898483dbd", "comment": "Malware payload (Smoke Loader)", "value": "05036ac71bf027f9ef288ea7917cb3cef413a9baad83dd1c95885748169917a3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673672, "uuid": "bf183cfc-6df3-4ca6-a956-07fbd34d1b7a", "comment": "Malware payload (Smoke Loader)", "value": "9fb622aee95f548fb930b690b8910b0f3eeda965", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673672, "uuid": "1603d3c0-cb19-47f8-81ee-09a588ffe7d2", "comment": "Malware payload (Smoke Loader)", "value": "c96be73ee1a943f222a5015cb39ab485cbb4976276631d41cfe2dcde1c9f3651fa9333e369028922e4c8baa8fd3ad373", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673672, "uuid": "3275655e-12aa-4a01-83b7-fad84d7dae43", "value": "T1C4448E1273E1F960F12787328E1EC6FD663EB8E1DE55BF6E22459A7F0970261C662304", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673672, "uuid": "eb98dfc7-4b78-425c-9814-19da2abd9c92", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673672, "uuid": "bdde6673-20a2-42a7-a80d-3d940b77e37e", "value": "3072:63gG+qRq6d4gZKce0J5gAWH/XY9EWJZM7wn+4HWS2ISORf8n48GPyWN8aeDr:2J+dJxjEyKAp4x1On48GPyva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679673672, "uuid": "ed4e6a3c-6a1a-4815-86aa-ecb7921176f2", "value": 254464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679673672, "uuid": "28dad13f-3f0c-4e99-b890-5741c06bad71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673672, "uuid": "a2d270f4-4a96-4f23-b400-01cb544403db", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ca2bc76-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Nitol)", "timestamp": 1679640284, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640284, "uuid": "b10adce1-7d25-4303-a71e-4a8316ff91ab", "comment": "Malware payload (Nitol)", "value": "15d18d8bb2288afb5db8da96b5c7239a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640284, "uuid": "fef22046-f23f-4670-916c-59cf237cd2b0", "comment": "Malware payload (Nitol)", "value": "052b9b9cf574b73e2806d4df775813de606f5773af477dfed3cbf736656b1050", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640284, "uuid": "0546ae8a-c222-423a-a912-c19784410db4", "comment": "Malware payload (Nitol)", "value": "679795fde037d3846882169a2365317e86f445a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640284, "uuid": "42ef2ebf-23e4-446a-81b5-971492f3e6cb", "comment": "Malware payload (Nitol)", "value": "7de876391f64b1e76c90d6226f6a710744332face2dac263b73c9280e458f47878d9f6dfbb23c180bbbddcb623abb490", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640284, "uuid": "43806019-f7f6-46e5-b350-54562fab222d", "value": "T1394523A1A7459142E7C5CB359CC7C20A3E39ACC281165A53F066C63FED26BD534B8E3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640284, "uuid": "54d69b3f-4435-493a-9082-a8f2598f1e80", "value": "4de6f77def86f68ea6fcd69718b02d01", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640284, "uuid": "44317cc5-b944-494d-8d6a-178fe6dcaeb7", "value": "24576:I1eEjVWIh7ZjIHwZwXBsns9ng7/oD+7kI:I19jVWIhpr2ysxg7/oJI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640284, "uuid": "8f0c96a0-8fda-4145-b614-9048827e1274", "value": 1220608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640284, "uuid": "9371be67-323c-40fd-8ec8-1d26cfcb4b25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640284, "uuid": "72368e84-ebfd-4c2e-a7ca-2b8ca3718a68", "value": "15d18d8bb2288afb5db8da96b5c7239a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "689e82df-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (WSHRAT)", "timestamp": 1679646317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646317, "uuid": "149b5237-c60c-4247-9b53-0b6f21dc9cb8", "comment": "Malware payload (WSHRAT)", "value": "b9b3e4668655d88e66f69019111e7759", "object_relation": "md5", "Tag": [ { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646317, "uuid": "8c6b84b3-0ab7-4ea3-8f69-8f9571042e22", "comment": "Malware payload (WSHRAT)", "value": "054706cc7d98f9199d4605c873a6755218abdcf5b6157c60c8dc3c2e44f3bc57", "object_relation": "sha256", "Tag": [ { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646317, "uuid": "c06aad42-37bc-4af9-8898-de6e28424e27", "comment": "Malware payload (WSHRAT)", "value": "a1f423d07a2d0581d63548ee5e2a658daa29e349", "object_relation": "sha1", "Tag": [ { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646317, "uuid": "496809f8-0569-479e-9688-06a4865e4c3e", "comment": "Malware payload (WSHRAT)", "value": "c79509e7164601c7beb15bba62cb84955544e86a811368c09fba4748f4f765f8110e176466d625d256447a5fae5d0ec5", "object_relation": "sha3-384", "Tag": [ { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646317, "uuid": "fd5ba74d-5e43-4044-9df3-daded0831963", "value": "T108F1BFE812FA5824F5FA42F6F0714FFD2E9C2824E1DB78C27882F460195547D625DEB1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646317, "uuid": "eb80496b-aa80-4970-8705-0363dca2dab6", "value": "192:3foz0tQzWSYBRne7zCLuFkKsWa409Y9m/mXWs1CESlhtuNR5NDNnqzTjbafBi:PozLYjenCSSih98ufA5lhtuNRozTjm5i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646317, "uuid": "5d2b5159-3016-4ff4-bf54-474b0d47dba7", "value": 7895, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646317, "uuid": "95937abe-add6-4856-b96c-7fd7b1290d71", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646317, "uuid": "e5054476-a59c-4f0c-9bd6-3a9ce7c2da46", "value": "ORDER_230323.pdf.xz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5cd26cf-ca5c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679673585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673585, "uuid": "2a08ae1d-a805-4993-a993-bd4f6b08d5ec", "comment": "Malware payload (Gafgyt)", "value": "f34a4a055792dfc137a30620c37ef056", "object_relation": "md5", "Tag": [ { "name": "DemonBot", "colour": "#874AB3", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673585, "uuid": "0285e581-a737-4e84-ba2f-32cf01ae9759", "comment": "Malware payload (Gafgyt)", "value": "05cb8d507a2ad6634c97bb6de28a091033967c8c800e4c67619a2f9d4fd45c40", "object_relation": "sha256", "Tag": [ { "name": "DemonBot", "colour": "#874AB3", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673585, "uuid": "f4dd67a6-d376-4168-8e8e-755b4333535f", "comment": "Malware payload (Gafgyt)", "value": "e845c65153a3b1280d26b25a9dfaff85c96ce3ad", "object_relation": "sha1", "Tag": [ { "name": "DemonBot", "colour": "#874AB3", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673585, "uuid": "2d2852c3-943e-4db5-a634-640fd1cf5255", "comment": "Malware payload (Gafgyt)", "value": "a829576cca3d4cddf1c0b3a4a472dbe661176a3f49a6e4502339e6c8dd3a473fabb9c9eb369d89b94aeafa2b93b853f8", "object_relation": "sha3-384", "Tag": [ { "name": "DemonBot", "colour": "#874AB3", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673585, "uuid": "ba578d2e-0665-44aa-b9bf-a82117deb79b", "value": "T17BC3D53379B2A3B5C067B3788BFF42006376F67C0F257147923028A19FB95AD4D6196A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673585, "uuid": "ebe8a213-40a2-4678-8233-877bea1012fc", "value": "3072:ZkWN08oIKxp7UvBLphajjGnOrtByHjqg9iumXhb1mbYe:poIKP2LphajjGny+Og9iumXhb1mbYe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679673585, "uuid": "cd30f3bf-c9e4-4deb-908e-84f7cbb3298d", "value": 127208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679673585, "uuid": "d11cc501-9af7-4a23-9d19-5f5bc1dddbad", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673585, "uuid": "43b42c37-5a45-4d5f-abc7-d83dd7dcdad8", "value": "Terry.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec688cdd-ca2c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679652981, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652981, "uuid": "b8281b23-b8d9-49ce-9a2d-43e4795e1c05", "comment": "Malware payload (Quakbot)", "value": "fde8277305bcb78badd2b11cd65050a8", "object_relation": "md5", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652981, "uuid": "89fb6981-eeb1-4452-94ba-a2cd4ecb3b63", "comment": "Malware payload (Quakbot)", "value": "06262ffe1a329e668738ca278fc8bd1af36d057302aa314303fe41e9d66bb7f6", "object_relation": "sha256", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652981, "uuid": "0be7033b-2367-4ac0-b16d-e9cbbd8acd53", "comment": "Malware payload (Quakbot)", "value": "2014e8859cf4b5532e9c7cc8a6fc0e253baa1ee1", "object_relation": "sha1", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652981, "uuid": "5ddccb30-d154-4abd-a4e0-6efaa27443d5", "comment": "Malware payload (Quakbot)", "value": "a32ce4fc38a57983b02084c7c666b912e1b3960f873b167449391e804dda7ada9c0bf71de7fd19f5b66aca1babee0f93", "object_relation": "sha3-384", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652981, "uuid": "8a6c3bc4-32dc-4db8-88cb-a5de850131a9", "value": "T134B36360C5439C22970B79EB0A6CA810B66C0B875A55FF07B45E7201FFCFA8CC5E86B5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652981, "uuid": "de8284ad-6638-4247-a5f3-76967a8347da", "value": "3072:hssesJCwnqYS84YKrirKuSwH4CjK+hVt+2NsDP:hssTJCwn07rirKM4CjK/ksDP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679652981, "uuid": "395b3679-e562-40b3-b1f2-6b063e9ce2aa", "value": 108702, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679652981, "uuid": "6bbd320d-568c-497a-9087-1ab01a7e932e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652981, "uuid": "3405bb47-2796-4370-bbc6-a4530f9a107e", "value": "ggh.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71242361-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679639889, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639889, "uuid": "51052b5d-7b2a-4d66-90d4-85682b38893c", "comment": "Malware payload (Loki)", "value": "bdcb87e544cf11768ca0c83289218a0f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639889, "uuid": "f2cb98f2-4ee2-470d-a96b-c75bd4dbb467", "comment": "Malware payload (Loki)", "value": "0643d9151be45b3ca83fdec91392d05085c6e959c0d4badedb419775b4220eb8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639889, "uuid": "f617b01e-7d2c-49c5-9a2c-526fb1f7449c", "comment": "Malware payload (Loki)", "value": "a9d61aff2172c4b95da9cb8aa86f04b189efce14", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639889, "uuid": "9c212765-fcb1-463b-a241-ccefd0ed476b", "comment": "Malware payload (Loki)", "value": "24f09944ef49f69179ed135305452024759cb98cdf26c5052b5b842dd01d96ee2fd8a4b38231d26314b40698bc651867", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639889, "uuid": "0b115a2a-0f96-4615-8b6c-3901d8dd0f7b", "value": "T19EA4C26AE7F69ADDDDD53F344465810053F98F9DAA32D77CE97331202BB26922A0D203", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639889, "uuid": "363e146a-15cc-4af0-abd0-60d0bc232339", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639889, "uuid": "48a63358-b359-433c-a9ee-4aa1758dffe3", "value": "6144:0/jTmMPCCDDsxavrq08bsBD+IxRhBi77rqjS7+5rdTxJs91IoTyb5:0fICDwxaTkbs9+kRhYySaHJs9SoTy1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639889, "uuid": "a4124bba-1360-4831-a24f-cd459952d410", "value": 455680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639889, "uuid": "9c9ccb90-43fb-4dee-913d-dfdf71ef1f7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639889, "uuid": "7997627a-40b8-4a7e-a6e0-9f446cd4bbb2", "value": "Siparis_listesi_P.O._nr_30596130.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "292e4b0b-ca6d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679680570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679680570, "uuid": "9807aff4-f005-4d47-bb7e-689c8099d14c", "comment": "Malware payload (Formbook)", "value": "0bd3bed010219c2e46415ecc343cefa1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679680570, "uuid": "0cc1457a-32e7-4554-a03f-0b74d8e82808", "comment": "Malware payload (Formbook)", "value": "064913ff8fa1ee140fc8b6390a24c81f24774d8318ddcea986d41c941ca4cc61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679680570, "uuid": "f9f23ca2-24dd-4b36-bf24-da795799a93d", "comment": "Malware payload (Formbook)", "value": "1e9af952b17e0f194debdd53aba1266b6eed4fd7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679680570, "uuid": "2ad63b4c-a330-44a5-abcc-9be69333abd2", "comment": "Malware payload (Formbook)", "value": "696153bd7d1f67dcd5fdcb598de427e049bc7507b0ff648a1ede5db848452a8ce304ac3b7276dc0323ba2861980aa0b5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679680570, "uuid": "9f02840e-1f39-4f56-aeed-79bb83522696", "value": "T1CC0523593FBC0D21E37D07B830A6D1DC83B139177740DBAA28D621CDCADBA9496427B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679680570, "uuid": "dcab01b3-cb4f-4741-8803-5028877619d0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679680570, "uuid": "8e67853a-49d2-43db-82b0-cfc01aa10ba2", "value": "12288:Kvv2SUvKN/Pyr3vOVmS5Cv9OGMMxjA7xjWfuZC3Wngo0PvV8Oz+Jcb7OV9l:o+vr3BpOGrxjcCe0tscmHl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679680570, "uuid": "460150b7-c200-4481-8271-5af4f3689b68", "value": 841728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679680570, "uuid": "73da87fe-0a55-4349-a99d-0aa20768f743", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679680570, "uuid": "1aa28634-0b32-45ae-ba19-3a681893eab7", "value": "Quotation_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14072f98-ca51-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679668509, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668509, "uuid": "264ce852-cf57-47e3-8a2a-926f2ea28950", "comment": "Malware payload", "value": "1dc49de091d11dd75ff77444e1b2e286", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668509, "uuid": "e01f2b4a-62d2-41fe-a64c-e3c8bd543f0f", "comment": "Malware payload", "value": "067874627d98163c43bd4626c24911e4eda83dc42dc5940addbd17abb493d5fc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668509, "uuid": "285aa720-adcd-4093-a87d-23694216633a", "comment": "Malware payload", "value": "b0480365adbdabfbcd0e1f40cdd10a460218eb6c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668509, "uuid": "32221c07-b6d3-4163-a9f6-31de8abb8716", "comment": "Malware payload", "value": "8c8fd89be87a5ec55819dad56b71fe2dbab057edc8834a70f62828cf2936c9e769ce2c74c230d902c154e14220dfd745", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668509, "uuid": "d328d5fd-d51f-41c0-85e5-7d56a45e130d", "value": "T10CE34A17B2E831E4E636C536D9A0C406FB33BC655A219F5F1654866A1F323A1FC3CB29", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668509, "uuid": "73456a8f-e8f7-4cc0-aab4-13cf3b37a957", "value": "5834ed4291bdeb928270428ebbaf7604", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668509, "uuid": "fe51e2bb-5494-46ba-a539-f1b9dbf13cae", "value": "3072:a2ESa+9yVb9w6k00pHT3g1n4M7RJtsE04rlod8I2sWpYl7k1E4I1bTMq:a2ESa88ILV3g1nTlo8pO4C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679668509, "uuid": "166317e5-b1b6-469c-acdd-dac1da425adc", "value": 155648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679668509, "uuid": "8e185d6a-dcda-4697-8364-86f37b57fa47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668509, "uuid": "ecead2d3-4402-49ac-beed-3078c2d9a14b", "value": "SecuriteInfo.com.Variant.Ulise.388589.4058.30084", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd9c6cd0-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679646460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646460, "uuid": "77165624-1aee-4941-b98f-b9e3af61a649", "comment": "Malware payload (Quakbot)", "value": "23e352fb854dc159d47a81aadedf1c1e", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646460, "uuid": "9ea2c7f3-97c5-47db-8e88-bd2b69718197", "comment": "Malware payload (Quakbot)", "value": "073979544d9a43f5b13b198d9e3f4f40e91ca8b06ae8c20adafe22d052269da2", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646460, "uuid": "042fe103-69e5-439b-b8ac-048fab24fd75", "comment": "Malware payload (Quakbot)", "value": "22f9aeda7074f3c3f5d45228ee89f661cc417505", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646460, "uuid": "d8557ddc-fe07-44ea-a9db-2f9c9177b950", "comment": "Malware payload (Quakbot)", "value": "cc3cbccbf22eab6705b182588bb51ce48a740623d44f36154a6a1f211251a3d7bf1c6b5ca280c2733cb7fd5183c43b9b", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646460, "uuid": "9ebdef8c-cc5d-4fbe-96fb-f4adb897fc87", "value": "T11191AB4F1D17B89CC70496269E36686EEF23858E21EB9C80F8B8B09CFB5451CDD36C44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646460, "uuid": "5283e778-5496-4c01-9aaf-6b0c95e6f77e", "value": "48:0xHO0uQ91hrFtRFyuOxdZ+rTI6VcY64WQzaFEf5Omfj8q88nP2XHVIYD5EVTt6lV:0x1hrFtCvYGd8i8n4VIYFEV6dWfhM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646460, "uuid": "4f07d428-f131-4790-9dd9-7865a62da156", "value": 4221, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646460, "uuid": "f1eb7549-857d-4a3f-83c2-d8ae161e971e", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646460, "uuid": "d7cfc57a-b1c8-4103-8880-e1c920feb654", "value": "Nihil.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0bf6233-ca2d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679653364, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653364, "uuid": "409177e2-60bd-4327-96c3-39aa8710b714", "comment": "Malware payload (Amadey)", "value": "b8db952f956a726bbc47acce14e22713", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653364, "uuid": "f426d225-dacf-48d6-9c16-c7fbb2399169", "comment": "Malware payload (Amadey)", "value": "09067d57922ac1e23a480ade3ac764f2b24e7dc40eaa4002d7e256508890297d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653364, "uuid": "c7908d78-eb73-4411-8034-5c485ec35420", "comment": "Malware payload (Amadey)", "value": "f618b1c239a399d56e27c8f13d95e9bfbbedfbe4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653364, "uuid": "ccd68b2e-8901-4b78-94c0-d430d91a0ab8", "comment": "Malware payload (Amadey)", "value": "805a6498ebfcb398dab970d381ac403dcdb2f4458c83210e50ab7aa2ed4cc0a15e96096e39650608312fdb20747e5fce", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653364, "uuid": "39e685d7-44eb-4143-b0c5-1702fa200aed", "value": "T18B252316D6D86973ECF41B74A8FA871B1A307C609535C22B2341A99F0CB3680B675B7F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653364, "uuid": "7f07b710-c402-44d5-a276-332c5384a086", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653364, "uuid": "96da876f-4868-4cde-9b5f-dd187c406cbc", "value": "24576:Oyb/D2priXcICNeGQ2QaVbXVsu4DUWPqK2x/HXJ:df2prTRNLQ2J9lsu4DUED29H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679653364, "uuid": "90b510e1-8b04-45ac-b6dd-230de33827ca", "value": 1034240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679653364, "uuid": "90c82ee2-3d3b-4f93-9372-0094a6d8399f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653364, "uuid": "0c82ebd3-ccf6-46f1-ba54-0a29a57c629f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1383c5f-c9df-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679619810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619810, "uuid": "f070a5c1-7009-4f5c-8800-ca1d87ac7f85", "comment": "Malware payload (Stop)", "value": "aadfb89eeb5738378e1c322b4d226494", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619810, "uuid": "99b25dd0-e871-45d7-bd56-0f7e1dc760a7", "comment": "Malware payload (Stop)", "value": "099f958fb2f5294e668b1f1aec49a344018e89c0250b9a787f7ca130469111eb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619810, "uuid": "454b0189-f808-4813-a121-51f799218690", "comment": "Malware payload (Stop)", "value": "723721a239997b7aed0a47d2e7fcb30a416be878", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619810, "uuid": "0741b45c-eb96-4c50-9857-0f81f666e111", "comment": "Malware payload (Stop)", "value": "d9f1a626be9b90692c4e7e1b7c6ea9250f2d2d0992cac38e7cf2812dee298423dde2fd9f06446a0aa8d083eb27fe7a08", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619810, "uuid": "662859df-889d-43f8-b3eb-3ea3aabb71f0", "value": "T171F412512AA1C072D5BB4C748565DAB4E7BEB9329380884B372527BB6D703C1EB3634F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619810, "uuid": "92689d30-fd23-4d2c-b4af-79b45455585b", "value": "7ee3b46132081def1eef23677c216c0c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619810, "uuid": "be2f7a4c-1106-473d-9e2e-98a9fae2396c", "value": "12288:iiSeahQUS7a7Va11DMz0YLWVEsVENy/dpXJbmdnX+2kM74s:jNaVg0aIz0YyVEzNgLOX+2kA4s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679619810, "uuid": "74c02b42-46fa-44e1-b67f-564be87e29f6", "value": 733696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679619810, "uuid": "08adc3d5-a3c5-49ad-af62-14c6c6bd080a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619810, "uuid": "30b2b00a-89b9-4664-a879-d0f89f715ca5", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59f2ae09-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (IcedID)", "timestamp": 1679639850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639850, "uuid": "96f7c300-58d7-4566-b005-1bc93fcfc9ec", "comment": "Malware payload (IcedID)", "value": "4bc433a2119001680cf41b0f452f1765", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639850, "uuid": "2644087e-da03-430c-9017-fd669ada0fb6", "comment": "Malware payload (IcedID)", "value": "0a34ca695a121a9757c72fc0b78101eefba974896da6913d87c2a0575d15bc9f", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639850, "uuid": "c0941a97-d584-417c-8c84-ec7e278b8989", "comment": "Malware payload (IcedID)", "value": "7d82e6b9f0821806bdb1d20a9fdd8c1576059843", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639850, "uuid": "2f7ad539-8ed1-42c1-ac69-ad6ee9158141", "comment": "Malware payload (IcedID)", "value": "17c2ae5b17f3e4089d6dc98e8243b6731cdf61d9496d3ee97971f3eb60e49aaa41453f5fcd9e623650847d99fe669c49", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639850, "uuid": "26a76ca7-f9a9-45d5-a45f-0ba96138c3b1", "value": "T18E44F193841A185BD9A3877C8DE24B18FB1BC8C18346CF6D7D9160AA1D2F3B3D857A4D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639850, "uuid": "3fdf6ee4-7f30-4035-bdf1-8cd384580af2", "value": "6144:PkIk+ai6laI6ggUOqa1fmioLyVmWgs6kI:kaI6jF1fmYESu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639850, "uuid": "e084a1ef-8d9e-42b7-952b-dd0ea6818a09", "value": 258256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639850, "uuid": "eb7a836a-a262-4101-9523-93c2fec19f63", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639850, "uuid": "a043d2e5-2612-4eb3-9033-8540b45ab27f", "value": "hipsaver.doc.03.23.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94a03eba-ca17-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679643814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643814, "uuid": "5dda9c3a-4167-44b7-9428-d1ceb7bce13e", "comment": "Malware payload (Formbook)", "value": "52b7c68c8cdb4fd3ebd710cc386c45ba", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643814, "uuid": "03534d74-e286-49e8-a7e2-9d8a1db90c07", "comment": "Malware payload (Formbook)", "value": "0ace246a5e84665f04d18849f84748a0ece2092b155197a8be1374d082507511", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643814, "uuid": "aae1d9a3-7fe0-4558-a322-d179b82ab23e", "comment": "Malware payload (Formbook)", "value": "0bcb5c3706543f69493926d36f4ba1374249e1b1", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643814, "uuid": "5f182346-c225-4624-b810-90d15eab88bc", "comment": "Malware payload (Formbook)", "value": "e835a827351cb9f46b247d3503e9c152618fe7b53db6041f059e4e59c500b2a6421c3f517f51e5e38b07e2aa197cf436", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643814, "uuid": "74257e11-b3bb-4210-b88a-f25123bcdc71", "value": "T18E44239D964A562627845ACC83C11B774A13F648FCCF2AAC064908DF14D4EB1DCF9EBB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643814, "uuid": "61e0d05b-1b2f-403c-9595-c76d90bd5b57", "value": "6144:Rk+QnJIj8JZSzYrplBX7E5x1qX2aIZnnYL905SB7mJl3:++QyjGhdE5x1o4Znnyq5rV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679643814, "uuid": "1c685c0f-fd27-4cb3-a831-67bd8f4bd9b1", "value": 261148, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679643814, "uuid": "5186bb10-d539-4e6a-bcfb-2da5cb382451", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643814, "uuid": "cbd0ddaf-149e-4c1f-98c0-60228d6908ff", "value": "TELEX RELEASE BL +COO_pdf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff027de6-ca4c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679666756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666756, "uuid": "4c1399d6-35a8-4ff9-a71b-1d72a80b5714", "comment": "Malware payload", "value": "7c55b67e49a80bcaf89b13139373bbdd", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666756, "uuid": "173892ce-e15b-4cef-9f55-5d8c22d779c4", "comment": "Malware payload", "value": "0b0f66f910c80516141c4d2ccc2eb034d0dca086641734c9e7d8422e6f04b4e3", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666756, "uuid": "21570f9e-82c1-48b0-84c1-bf95f8a14f6a", "comment": "Malware payload", "value": "2ece827a42a78427daec0230606ee36cc8a8b5d7", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666756, "uuid": "6305b7dc-f709-40d8-a102-760f835f20a4", "comment": "Malware payload", "value": "0d85c56f841dc2882b20cc8aff023a7fbb275320d93501e8cd029e04c6e2e44c0979ef3863c9719ecc14e32d9609c32a", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666756, "uuid": "5950b0b9-3100-4f37-8c94-d99f225c3e1b", "value": "T18C16230A7ADA8339DDA21F72A3CB47145373BD3886634127739C662E3ED2094A5F36D1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666756, "uuid": "4d9e3171-7229-4859-8629-6d482ad4ada2", "value": "98304:nY5AsXMxoZLd9VB/TsKf297fUj5mgzNt/KkFmSdDjLWXddgoRw6:uXMxo9QK297s1xzHKkXljLMdGh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666756, "uuid": "9cd9a659-3d02-4a6a-b059-847ab2ee9fee", "value": 4265984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666756, "uuid": "c70bf6ac-c8b5-4317-9202-a320136561a2", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666756, "uuid": "c8845a88-56b5-4063-b472-1b5f32784af3", "value": "z2PEDIDOS-21032023-EXP.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca93931b-ca74-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stealc)", "timestamp": 1679683848, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683848, "uuid": "159168fc-8507-4e45-b192-65b9557e8dcc", "comment": "Malware payload (Stealc)", "value": "88237c1497f87b1130ecb5411f1485ec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683848, "uuid": "e413d0ed-5c85-4645-85e8-7d758568f992", "comment": "Malware payload (Stealc)", "value": "0bb7f0642c6047b8e2d8e0546d43ee88d0f025670d04d0c6862f1a3d5fc3a818", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683848, "uuid": "12467328-d49e-4869-b365-b14a5dd8c19c", "comment": "Malware payload (Stealc)", "value": "e5cee8fe59884d3415c6c9a11d479e8ae28d5986", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683848, "uuid": "648fd368-f90d-4dce-a3c1-72f6da01a42f", "comment": "Malware payload (Stealc)", "value": "cfd777f7cade0a9e5d65fdf282c92e4186694c18a7d89e08b5a07dcb4830a72208bb6c9cfdd276a94bd0a18b3de9146b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683848, "uuid": "11be259b-b7a6-46bc-9e4b-8b7981cbe402", "value": "T191548E1273E0F960E52787328E2EC7FC2A7EB8E0DE15BB5E1659593F0D702A1C662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683848, "uuid": "4358d6fe-3e25-446f-a27d-e41508620f4f", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683848, "uuid": "564b81aa-d594-4f58-af1a-7c63f7b008a4", "value": "3072:+oazXP2B3igqE0CwzsLMpsvtkZpTyro/+eWVQf9DuG89VIWN8aeDr:Xq/+JbMpsbro/gVQfQt3Iva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683848, "uuid": "7d3c4784-d761-48f9-a326-5087ccc5790d", "value": 283648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683848, "uuid": "2a4b5e17-e4e3-46d1-aabb-4214daaf788a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683848, "uuid": "31e0300e-c862-4022-964e-812486b98de7", "value": "88237c1497f87b1130ecb5411f1485ec.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89521ee8-ca2e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679653673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653673, "uuid": "ebdaadb2-b14e-42c7-bd6a-30ab8ec88b5f", "comment": "Malware payload (Amadey)", "value": "0224f432f7d5f09caa2ed45eb41db773", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653673, "uuid": "aa3fb34d-2c62-4230-ac4c-b95c4620d41d", "comment": "Malware payload (Amadey)", "value": "0c26ec308dc78ef090ebec907e1eb15d6dfdc28a85fa27e0a945fc5354a3e5f9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653673, "uuid": "e03f861f-b250-4a14-9521-0bfb2e1dbd5c", "comment": "Malware payload (Amadey)", "value": "f57f9aac26664809272f724f6b7cadb8a47a0f77", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653673, "uuid": "389f035d-abe2-429e-857a-f244d65beb5c", "comment": "Malware payload (Amadey)", "value": "dc86d13a5effe29512572c76833502e4f10a933790ebb954aed72ece5084315635f2662a98cfc773097da655ac2fa607", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653673, "uuid": "4a07ecf2-d595-49d5-8213-f7de19de3add", "value": "T11A347D1273E1B960F52687328E2EC3FD6A3EB8E1DE55BF6E13455A3F0870261D662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653673, "uuid": "2df6f66b-e8b9-4c66-a5dc-e78b6352eb8d", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653673, "uuid": "d453a71a-223e-45d0-b1ba-15a20b41957a", "value": "3072:lEXj+uz3uHaTMdtKQTvVGbuDz5BPKJ9orqS2aEjmKzIZFWNObVq:K+sfat5tOoJ2aPWIZFj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679653673, "uuid": "07df9127-94a9-4abc-9299-dcc724681a43", "value": 252416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679653673, "uuid": "70ffab0e-0d16-47dc-9c49-d05e602832b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653673, "uuid": "07b355fd-0808-4b20-bb48-df9e98349da3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9300d945-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679672158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672158, "uuid": "7a035aeb-e84c-4b1a-a109-69995c2cde73", "comment": "Malware payload (RedLineStealer)", "value": "4c42520a02966a874eb4fbdc0a74e208", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672158, "uuid": "5c1e33b2-9a42-4ed3-93c3-6dff83d5bfc8", "comment": "Malware payload (RedLineStealer)", "value": "0c71cf525042e6cd8d338248d66081495cbf35be2f28d515965fa15f1ad7432d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672158, "uuid": "9166be90-f9f0-4a82-a7e3-c8b18e2834f4", "comment": "Malware payload (RedLineStealer)", "value": "8c17320204683ca1dcf81c0a031a6e6c0d679d84", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672158, "uuid": "87791999-2061-4efa-98b5-b93203720375", "comment": "Malware payload (RedLineStealer)", "value": "f0ceb3c6957a5cedc65480a42457f4a27b4aaf7775bb644be5e4a79f3045a9b9f2fb4997193adbf79b8358b5acc748fb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672158, "uuid": "d5095dee-bece-44ca-bbbd-86a2cbf4f59d", "value": "T14715E74BA199F9C3C36C9636F7C9BEA5AF64AF048922E71776B41BB72003342CD13465", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672158, "uuid": "e5876cae-7b61-4545-b01f-1dbf4164b9b8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672158, "uuid": "2da38b35-9f95-408b-af2f-66bf4bd5f0a4", "value": "12288:q2q6vb3D/Lnzv7XjbXApWwDrOYxfl0BDOUn8cIajfjo6ENMCCa3zw:DbXoFOY/SuaCMS3zw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679672158, "uuid": "37c5561c-726d-4330-97ea-c4c9e6fe2a7f", "value": 919552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679672158, "uuid": "2782341e-417e-4e5f-9b92-5c792b1405be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672158, "uuid": "cb418276-7a98-4611-ab37-3625ecc4500a", "value": "0c71cf525042e6cd8d338248d66081495cbf35be2f28d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bb62e48-c9e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (TeamBot)", "timestamp": 1679620875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620875, "uuid": "7d293d49-6ee5-4b4c-bfe8-cbce0dccf48e", "comment": "Malware payload (TeamBot)", "value": "d1861a36f3f52128284a71957dc509f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620875, "uuid": "56016635-6e67-4ab8-8b6a-4bfdab213942", "comment": "Malware payload (TeamBot)", "value": "0cec683000fbbba67a387f8e508a5ffd167b0cfdb76fc4009ed820b0eb8ae09b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620875, "uuid": "60aa6c4b-df99-48c9-83d2-3c12a8623cf1", "comment": "Malware payload (TeamBot)", "value": "99e898ea74f6bfa19f62f47b6f7e6508f4617a5a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620875, "uuid": "9c7302fa-44c1-4d5c-a522-8d5481d38f30", "comment": "Malware payload (TeamBot)", "value": "02bd6778ba8e12d8cabc8c87d08a89b255302baf856ba7a040f9bf381f28f8e91b7fdaa60eeb783be2e5381d3e64960d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620875, "uuid": "b785d021-b41f-4590-92df-8068267d754b", "value": "T1D744DF22B6D2C472E557057A4821C7F46A3BBC704F5186CB2B9466BE4E307E1EE3934B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620875, "uuid": "9ef34245-cdd9-4f6f-a320-9ef5eef14182", "value": "1a1f360ce6c706ec6136d71fd36c1fc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620875, "uuid": "41a06cfa-3c5c-41c2-b10e-5da20e100a59", "value": "3072:Si3wQulF+VQL1Al9ugEAlWDWZYaU4yr3FiLpqMKa6mTSd5RcR+E5:hDVQLSlkOlhU4wUvKaL0u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620875, "uuid": "5993c9cd-a0a5-4b36-be11-5fd98933b3c5", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620875, "uuid": "fb16b9a6-2afb-4aa6-90a0-278eab9f2d54", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620875, "uuid": "1e7c6f95-900b-483a-ba20-53c736291161", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89c2eba5-c9f6-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679629622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679629622, "uuid": "705d37d2-1f30-45a7-88c4-fac971eb8f9a", "comment": "Malware payload", "value": "8844985fcd57b0311d1d4cb2ec13a1ef", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679629622, "uuid": "71f35773-4a62-4ab2-b2c3-efb21def4498", "comment": "Malware payload", "value": "0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679629622, "uuid": "52bc22e7-4afe-403e-a94b-c052b472c53c", "comment": "Malware payload", "value": "a0c07fe897515e5575a72f94f9dea8c077a410ff", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679629622, "uuid": "39b940f1-1a9c-4891-9705-e80f93ab5ee5", "comment": "Malware payload", "value": "da7f9d7d77e16522a6be5ce7ede40954323fb29b41e5dc75f091cf8b71cb37cbe3a924b5189d66236c0b1731bd58993c", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679629622, "uuid": "c0d22aa7-bc8c-4f05-9f52-af036382fa1b", "value": "T18F23E196DBA8B087D47BA3B4C6A40223A6A950E0BD32FFDD4518583884BBF95DF4491C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679629622, "uuid": "74aac2c5-5e4d-4cc4-9b32-7666e6bb938b", "value": "768:D0EbFuW7/Xyz6PXQ0YycGWIt03WP8SUZdaPW+8VDCyJzjHYbxsQcZULe+vop5tLE:D02F6zoXXYuWN2U/EB8VuyJzjkW3UXwG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679629622, "uuid": "fa627091-5a29-43eb-95c5-5e4e7f7bb4de", "value": 46525, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679629622, "uuid": "0bafa885-9746-4f57-8fb6-3fb67bd69a9a", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679629622, "uuid": "d732f113-2e50-43a8-a64c-06b78bbfe1f7", "value": "0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257.raw", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e51896e1-ca4a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679665853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665853, "uuid": "5f94463c-92eb-41a3-ad56-cc0a150147c7", "comment": "Malware payload (Smoke Loader)", "value": "828da5c5e48ee133ba24586cdbb4f6ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665853, "uuid": "c44ca4af-9188-4391-acec-ae711109f31e", "comment": "Malware payload (Smoke Loader)", "value": "0d6e27d9d750122def144001c6dbb3dda6da964f35df2b634ac8ea7620a3d183", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665853, "uuid": "339527e0-9371-451d-9de2-0a69f81ce4a2", "comment": "Malware payload (Smoke Loader)", "value": "e7ac3183292fd51cb7f212b66793e674cb6faf9e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665853, "uuid": "13d9bcc9-33b5-4847-85af-422eb4eb2d4f", "comment": "Malware payload (Smoke Loader)", "value": "943000f5cdf055298f7f84efc744fe37141bb33b2efafb2831b40be6855294b6f78bb0e5827de2e4219f11cd46d4088b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665853, "uuid": "7cbb7779-746e-4c43-a83b-7872e82adb7e", "value": "T16E347D1273E1BA70F51787328E2EC2FD663EB8E1DE59BE6E17455A3F0970261C662304", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665853, "uuid": "f6c50a43-906c-4707-a2c2-015d42785655", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665853, "uuid": "0f06cd65-c362-4135-b246-8b12621dbbdf", "value": "3072:rxI6OqRqqdiwjKcceJ5IyyM/XXXzWTXZJg+cS+RwB2fgoqiBv4lYEWNObhr:91OdDfVGaszKgXR4oPulYEj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679665853, "uuid": "6295e7f9-d3a6-499d-8f59-b42528da8bf2", "value": 252416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679665853, "uuid": "41014210-f04e-4b44-81a0-b86e41bcc4b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665853, "uuid": "b0ded63b-36a6-4701-8da7-94d35317fc38", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4155b9b2-ca42-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679662143, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662143, "uuid": "abef454f-d8aa-4580-a5a6-f543385fcdc5", "comment": "Malware payload (Heodo)", "value": "bfbe074cd95ae548f1711f1cb8908220", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662143, "uuid": "cfd78cfd-fc80-460c-96a4-615e650975d3", "comment": "Malware payload (Heodo)", "value": "0d89e04481015980b7b995e1abe11996bf7581bd77e38c6c62ec1de32b290dd3", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662143, "uuid": "1a42fae4-32df-4cf3-8c8b-41e3e1790794", "comment": "Malware payload (Heodo)", "value": "4e6f3a5a38a48e57fad456cff7cfee6a41360015", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662143, "uuid": "7fef1a35-8199-4561-b5bd-618b81c66abb", "comment": "Malware payload (Heodo)", "value": "6fe420668cc9fa923e56e3f90f4b9c529c00c4e4993131a08159b833050f134fba1f64ddce2b1682a31d9d10530a5bfc", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662143, "uuid": "4f7a7033-3ef6-499a-9ea2-18a0c4c2e6cb", "value": "T1ED2523E059F82941CD0E0C35E92A71BD92BC31666EDD15E633BC3CE5A90EF6C42126B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662143, "uuid": "4743c7b2-7177-4b54-ae12-dacbd8ee0c0d", "value": "12288:Pkf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4dep:8XzNdfKluvnRHthzfoYxJlQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679662143, "uuid": "4fb1613e-dccd-440d-ad81-24c14b953a0b", "value": 1011295, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679662143, "uuid": "dff93c97-c168-4af9-8f9b-25aa8a3bf2f3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662143, "uuid": "67489ff3-d00f-4b3e-a00f-8f63cd7a1412", "value": "cZqbPkZZsIKxDxufIYMKJ.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f91a8742-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679646560, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646560, "uuid": "11a7f486-002b-45bc-9705-002a0d678774", "comment": "Malware payload (Quakbot)", "value": "aac7af991c0c07e781344822d6539f58", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646560, "uuid": "989fef5d-bd53-45ac-af4c-a04f92a286ae", "comment": "Malware payload (Quakbot)", "value": "0e6e638e422b261c9e97088f076c60dd280e744a48c18e8b2abaa008bcf3b79e", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646560, "uuid": "3d5657cd-3572-4581-8c04-06b50970cc76", "comment": "Malware payload (Quakbot)", "value": "3af19c694a2a4ab2908f8e3e4652b62c363f386e", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646560, "uuid": "c9364b66-36a4-4782-8753-a1891b9d96e4", "comment": "Malware payload (Quakbot)", "value": "2a0d7bc1e465a218748564aef29b637b834dfdc5365760324289104a76a3f4395d021aaa1af130be5fc1041d5efc6686", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646560, "uuid": "a9712afa-f764-4efa-a25c-f143fb566890", "value": "T123A3936085039823870775EB4A6DA895B56C0B938A54FF06B80DB245FFCFBCCC6E49B5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646560, "uuid": "e8da5b19-0091-4242-80cb-0c7cc76a8975", "value": "1536:tBjQ4gRGXlTkvLpUVwQD1RqA5PKrGZqKzr+9Y8oSA4NME5L+GCYPKQOErSX4X1Jp:tbCU0Wrr0y+9/A4Nj+GCYlF+IX1z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646560, "uuid": "1faa5a30-c84f-440d-874e-0447bfe8bd85", "value": 99810, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646560, "uuid": "e21d0291-d642-49a9-ae84-08b0a4b29563", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646560, "uuid": "96deb0ea-7d38-49a4-a7e8-4aaa5e88ff12", "value": "fq.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdc9ea92-c9dc-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679618650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618650, "uuid": "8fdc2dfd-6f3d-4075-be1e-bbf7177fb2e1", "comment": "Malware payload (CoinMiner)", "value": "fce9a40b8e277daf2ccb4fce34d99149", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618650, "uuid": "2876d6c1-b113-48db-b56f-28d38ef7cab0", "comment": "Malware payload (CoinMiner)", "value": "0ef00c494d4eae0b7c50fb28e02dda48a3a43869f8fd7cdffe67f0b94029e735", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618650, "uuid": "6fa86931-fe83-40d9-b98b-fdfab85e726f", "comment": "Malware payload (CoinMiner)", "value": "5627a5d27ab344fae2dfcb1d068b94530c16f805", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618650, "uuid": "d0995e03-157b-4709-9784-f6c8fac67c11", "comment": "Malware payload (CoinMiner)", "value": "1ab4e9ed869a608e19c4f3946d8a88a9baf2ed26256506a9fdffbd3fe0ce516c9bbb1adb3c8874ceb7e9eeac1aba12c1", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618650, "uuid": "2f6b302d-660e-45e2-a439-bebb234e4527", "value": "T10C24BF1B7D408122D59AD8FD24F9B5D2AA7D794A2352D04EBB2D3D571D362B03F6013C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618650, "uuid": "0a5bd3f0-e795-4bbe-90d9-9d905dd4cf88", "value": "9ccce235b0948e702108d60e5a6f9990", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618650, "uuid": "ab9d21a4-6f3d-4944-9e91-c43430d335fa", "value": "6144:fu/JnRtPtNGuN5KiQcAHJcDGsplSHpOpR1AGRtyRsSSFffJV7:WRRdt0qK3pnkrJGRsSSFn7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679618650, "uuid": "084dcc8a-dfc1-413f-bb20-cf7359a090a1", "value": 219216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679618650, "uuid": "5a9aa943-8746-49aa-8a41-e5241babbe62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618650, "uuid": "4bb48fb3-b713-475f-a703-9e7905e4cd51", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c60b633-c9db-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679617816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617816, "uuid": "1efb5d16-281b-4ad5-bdf0-6298c39f8ba8", "comment": "Malware payload (Amadey)", "value": "3a88587c089597a129c22fac0ae62380", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617816, "uuid": "b886956d-6a9e-439e-96c2-211f6389f9a4", "comment": "Malware payload (Amadey)", "value": "0efc37cca6f7e2b5405daf5431a093ae479527635ab2cd64b1e9a582a4095ffe", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617816, "uuid": "62615da7-0425-49f3-9509-37db608d12ce", "comment": "Malware payload (Amadey)", "value": "46c38647507de0ab67af56269aba4e8f8b8e167a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617816, "uuid": "8c2e0fc0-0b0e-431a-82e7-6f2db08d5821", "comment": "Malware payload (Amadey)", "value": "3bd96af24e994e227644264a20b086f231b7f4d364727b2e24ff7164a2b8da0859eca87eb99266de3208ac70ec74a337", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617816, "uuid": "75a53cbb-1e4b-437b-b2d9-2f4bf26588fb", "value": "T19854DFE132E1C872E86A01798815CAF55A7BB8711B55C2EB3B4496BE4E307E0DF35387", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617816, "uuid": "46284233-22f9-4c5b-9947-79d37d37ac0a", "value": "1a1f360ce6c706ec6136d71fd36c1fc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617816, "uuid": "bc594611-2a89-4e2b-9c4b-409f0d4d56ba", "value": "6144:hMXlbLoyQpUb9dl67lnD8pa2yH/uBXbl96+:8lbFQp09WlD8cmBXpU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679617816, "uuid": "11ceaeba-7c9c-44dc-a880-fb405b450634", "value": 292352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679617816, "uuid": "acf45e88-5cf6-4f01-ad75-90b08ac2687a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617816, "uuid": "20e27525-db86-4c16-bd78-3aec47c3b71c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0974f0fa-ca96-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679698127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698127, "uuid": "7b4ab8f6-3889-46d2-ace9-8087edfc098d", "comment": "Malware payload", "value": "6e7c63cb24b3b058553dcad910ba3871", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698127, "uuid": "32f76107-72ac-40c5-b649-7f72058afd6b", "comment": "Malware payload", "value": "0fe985470b7f91dd710e6d1fa99aeb7899aeb2d593024b3959c175e5d50aae39", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698127, "uuid": "6c1fd275-58e2-4aed-aef2-d567ef4be53d", "comment": "Malware payload", "value": "f9ee6f5a4b0625034607f8b451847a554e600753", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698127, "uuid": "fc7650cd-8893-4324-9e1b-8e01ff35e13d", "comment": "Malware payload", "value": "3572433793b50f75430b4fb71427be74bf28f4645da681fde659867a49d8bf1ac87e1691d63baa83936f0672afd1a010", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698127, "uuid": "e9d8a476-fd82-4519-bcf5-57cdefb9f8ca", "value": "T12884BF1273F0F920E52387328E2AC6FC6A3EB891DD55BB6E1758993F0D703A1D662714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698127, "uuid": "1cd5ea91-46af-4346-b56d-c74c01019011", "value": "a1305c8588ad78686efb12226f3191f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698127, "uuid": "277d917b-3e0e-4d52-9ea6-609935435820", "value": "6144:GRXkO23Ig12/+XfuR2age9uuvZCObdip20va:SXkO24g02Xfk2aB9uuv48dc2P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679698127, "uuid": "30a7c8c8-6a06-4ec2-a62e-03fef876fe2b", "value": 391168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679698127, "uuid": "8f033962-d0cd-43f2-9f72-fe2f85978c6e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698127, "uuid": "e27b501c-d3d8-41c0-aaf1-ca91275016af", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d89c2e57-c9e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679621165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621165, "uuid": "dbc32c5a-d470-46ed-884c-87cd50dd0920", "comment": "Malware payload (Stop)", "value": "68cddc9054104ff09ddb1a484c4ae1f0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621165, "uuid": "91cc7924-42d0-4233-bea1-67f18df7b211", "comment": "Malware payload (Stop)", "value": "12f6e0e9adea28f0619bddd3a51515af45ddfd29f545b21e93c69edffe69fdc1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621165, "uuid": "ac52679c-62d2-490d-8ac6-c50660a2104a", "comment": "Malware payload (Stop)", "value": "41f3d19ae2885fee79d523eec3a62f1da2df893e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621165, "uuid": "c4941814-1257-487c-ac73-630d543280e7", "comment": "Malware payload (Stop)", "value": "46b1b16266379b5e1b70cbbb6e085e9ee9ceb8886c99cbe21951c705a727313b20f5423c28f6bef5eff448f8208bf408", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621165, "uuid": "e822d2bb-c45a-4567-92c0-b992b807d2d1", "value": "T191F4221135B2C0B6ECAB90749665DBA55BBD78B2FB54C88B7B60077D2F31FC0822A351", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621165, "uuid": "d548acfc-4272-4f2f-ba03-ce3547e91b2f", "value": "8444e7fbc7fdb7e9f8131a6ae8e7a76e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621165, "uuid": "5321131f-394b-4162-84a5-aa3961cb4da8", "value": "12288:Ni0VYroBYHg5cLvReWYRYxlmC+uWDCMyjK20HGL3FNv+vyGvCy6al6:oi3KHg+zReRolUM8HG7FNayGqf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621165, "uuid": "567a2c21-fb51-4368-81f3-3858a01c5dc2", "value": 731648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621165, "uuid": "69e52c00-f81f-47a8-b931-ffd6891cd0b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621165, "uuid": "b43f412d-ec48-4775-a723-cc30604d8146", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0815987-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679660208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660208, "uuid": "b7035aea-c89f-49cb-a299-6774eda72d8d", "comment": "Malware payload (Mirai)", "value": "62defecd91dc963b1f85796b9ddb33e6", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660208, "uuid": "c747867d-d5a1-4550-9f6a-1c7fad091773", "comment": "Malware payload (Mirai)", "value": "138903d80af3cfc9f558b2fb3ac114c663984cd63c6b1d0af3dcf1e4797b454e", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660208, "uuid": "7a0acb43-58f8-4961-959c-c74eb7bb9553", "comment": "Malware payload (Mirai)", "value": "e99f58fc12cc09f511bdb4a320fd8c00e51eab4b", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660208, "uuid": "c70c66ef-f37c-45be-844e-2ae79172b2c2", "comment": "Malware payload (Mirai)", "value": "60f396187fb95a44d5e9a4e5981dfc2b5d6998a0ba6b1caff562b16b5e01217ceede0d904b2142cc48cfeb100a50a3dd", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660208, "uuid": "e61e49f8-a6fe-425b-92ed-830b608f92fb", "value": "T17F532956F881AA13C5C502B7FB5E06CD3B2613E8E2DA32039E256F6037C796B0D6BD51", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660208, "uuid": "bd1f8726-81cb-4372-be98-e7faa7941787", "value": "1536:WYrW4NhnZ8Qk5yenyYUGieUe8aeRmsjvCFC:WYPEyYJieUCG5Cw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660208, "uuid": "9df9e54f-d0b7-4daa-8eaf-387a36007c17", "value": 64200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660208, "uuid": "40fa9519-8cb6-4954-b33d-7715f37690a6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660208, "uuid": "43713567-4825-4b7d-a6df-d6cbd104f838", "value": "nigga.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "290f64b1-c9fb-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679631608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679631608, "uuid": "7e063292-cb69-49ba-b8c1-1a4ff3c7dc4b", "comment": "Malware payload (CoinMiner)", "value": "ec4f79ff7c81530945c55f8c85a6d9c7", "object_relation": "md5", "Tag": [ { "name": "Cinoshi", "colour": "#44C6B0", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679631608, "uuid": "76d0d3eb-17b7-4302-a964-06656653969a", "comment": "Malware payload (CoinMiner)", "value": "13bfad0426464496ea3ebc4dc6a2cb5326b778d24e5f392cf0d04bb6ebddcea5", "object_relation": "sha256", "Tag": [ { "name": "Cinoshi", "colour": "#44C6B0", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679631608, "uuid": "70b6564a-aa0f-41b3-982e-7de0fc49612c", "comment": "Malware payload (CoinMiner)", "value": "d042221e0f8a9236c5039f6e49647a2bff243afa", "object_relation": "sha1", "Tag": [ { "name": "Cinoshi", "colour": "#44C6B0", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679631608, "uuid": "47beb378-278b-42a6-8f7d-472b0c5f6660", "comment": "Malware payload (CoinMiner)", "value": "3ca3c5832b265a9a8b3eef57921753edd9ef458719312fb74b961c392ab8419b3c97217004f1e28fdffb8437a870f081", "object_relation": "sha3-384", "Tag": [ { "name": "Cinoshi", "colour": "#44C6B0", "exportable": true, "hide_tag": false }, { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679631608, "uuid": "ba9b2379-10ae-44aa-b912-0c24c9ac33f2", "value": "T173C4AE9D726072DFC86BD462DEA82CA8EB5574BB931F4203902715ADEE4D897CF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679631608, "uuid": "74aa2d92-0eea-411f-8e63-6e322eba967f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679631608, "uuid": "2b9c6213-d439-4e5d-a8d8-a92eb1538955", "value": "12288:t3XXFjEfeDjuZ/uagPihcMHbdZwUimoE+5UkRBVoLilGxrZPSk1nx6J4c900xXES:t3FY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679631608, "uuid": "7c4c6f3a-037d-4dc4-b299-46102ab2fc93", "value": 549376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679631608, "uuid": "8ff4a46d-fc29-4417-9ec0-2af669a7bbea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679631608, "uuid": "ffc68d00-f9a7-49e8-9aec-a48fcb7616e0", "value": "putin1337-202384344125.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee2826b3-ca45-11ed-88f6-42010a9c006e", "comment": "Malware payload (Meterpreter)", "timestamp": 1679663721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663721, "uuid": "051cb03d-4e2d-45e2-b502-1193c46e0276", "comment": "Malware payload (Meterpreter)", "value": "67e524e151efc62a8f5d3bbf8531e70a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663721, "uuid": "2a33fa51-da78-4ac1-b880-ec62fda27849", "comment": "Malware payload (Meterpreter)", "value": "141a6add7aa22399d765e3a91acf11cc7770902183d9e39734aa3e4ca854c362", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663721, "uuid": "ba67d968-daa4-4147-9740-51d3fda327dc", "comment": "Malware payload (Meterpreter)", "value": "b85ec8d7841709f539e056a8e07f047dcc5d4ffb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663721, "uuid": "a2b5ee55-a411-4184-aad4-facf66da3ef0", "comment": "Malware payload (Meterpreter)", "value": "53606eb44837a8605ecbc8ee1529857c724437c70456e13d341e0f60cc1e2fe4c011910eebfc83d68afc262bfc156939", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663721, "uuid": "3072c2c2-6452-4a27-a5d4-13b9d6cf2f32", "value": "T13DE1651337004DBAC45C563546E3FC77729A99693B7753B64A5802163A6262412B5E0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663721, "uuid": "0f731404-66a2-4735-856a-a9a2001ef3a3", "value": "b4c6fff030479aa3b12625be67bf4914", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663721, "uuid": "c25eb65b-cd94-4fc8-a49c-007026253d72", "value": "24:eFGStrJ9u0/64QnZdEBQAV8aKq9K9qnjeNDJSqUmZEWdXCIGDpmB:is0BEEBQpE99SDoqUjWZCSB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679663721, "uuid": "234f0c02-0d7c-4f71-a77f-8f06b09b3c35", "value": 7168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679663721, "uuid": "477951d6-d52a-4646-8161-9186185b3682", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663721, "uuid": "1af07d8b-7a30-4756-856e-f026194e61b5", "value": "67e524e151efc62a8f5d3bbf8531e70a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "484294a5-ca62-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679675898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675898, "uuid": "c1d5dcc6-76d7-482d-9752-abc9ea601fd7", "comment": "Malware payload (RedLineStealer)", "value": "ead2793caaeeca67829fd1467b0a1f41", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675898, "uuid": "f279c225-28db-4f5e-b532-f0f63ed45379", "comment": "Malware payload (RedLineStealer)", "value": "1451488667d13af22f9c499d4763d6a5551d31b7f62c91fc698abcf33741b5ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675898, "uuid": "fbaa3d6b-0870-42ae-b6d7-553e04e61830", "comment": "Malware payload (RedLineStealer)", "value": "e2afbf15cf3100f75835db3b4a4f6aee273b6cd6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675898, "uuid": "1f20b71a-956b-432f-9b15-ab617346e272", "comment": "Malware payload (RedLineStealer)", "value": "6aefea9836b0a9347355ed0fdd0dd6950a6a15e74c42030d3a935400c2aeedaf109e09777466558502b080a9e7c4a97d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675898, "uuid": "98a23369-a739-4d33-a292-fe5dcfdb132e", "value": "T13F74BF1273E1F960E12787328E1EC6FD663EF8E1DE59BF6E12459A7F0870261C662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675898, "uuid": "fbe2e5d5-9f5d-4a11-b72e-dea9d2df87cb", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675898, "uuid": "1a39a20f-3991-4a1d-bf1b-363195afcc0b", "value": "6144:JVmQiKEL+R5PgH+Mq9pldZYOy10xCWU47ZGWWWva:PmVKELKFtaymWWN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675898, "uuid": "b2078258-4153-4801-abaa-7ba7f0b0e81a", "value": 363008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675898, "uuid": "003572a0-21c6-4dfe-8cc1-d655649417af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675898, "uuid": "9f8d2cc1-883a-46d2-803b-8053c103c11a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "980fb897-ca17-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679643820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643820, "uuid": "bc28788c-fd9c-4949-9d75-2b1865a0804f", "comment": "Malware payload (Formbook)", "value": "469d4bff5636ca2035c291a119d0069d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643820, "uuid": "af818307-9501-4740-9905-8d00183a0db2", "comment": "Malware payload (Formbook)", "value": "148b60e2e8fddc7742ecec22573a0972da98d6bf0f0c1361f80f49d6799a1e09", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643820, "uuid": "d783e5b9-a42e-453c-8bfe-e22e5293fe32", "comment": "Malware payload (Formbook)", "value": "b5c89096d03841bd968e846990596465caea940b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643820, "uuid": "ab4f681e-1ec6-4a10-9136-29a4120cf929", "comment": "Malware payload (Formbook)", "value": "6dea54024d7f0dd88dcfd0942ea168a62ce6d516bf67ed9efa5d2b8473665a33f5e4190934c8cbad0b9a5adb10ee8daa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643820, "uuid": "b8bcf305-7911-41b0-9970-7d4a99e2a3f3", "value": "T1A754D0DD7A5079DFC817CC76DAE81C64AA20B4BB470BC287900705AD8A4CA97CF991F7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643820, "uuid": "231cd79a-f04b-498b-bb83-7f8e947f5084", "value": "6144:CcO9SzI1ZQnJIj8JZSRYrplBXREzx1qXmaIZnnC+qX5AkoJIPqMI:zzUZQyjGxXEzx1oIZnnC5AlIPqMI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679643820, "uuid": "afa720a9-b09c-4e83-976a-e26802b6ee43", "value": 300264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679643820, "uuid": "15afb6a9-d9e0-47db-a34d-0cc83655ecbb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643820, "uuid": "c5187874-0943-424b-a8f9-0b68be1aa21e", "value": "JHhGg762.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c00cc117-ca97-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679698862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698862, "uuid": "0f9af53e-d8ad-46cf-8e5f-b84261f3645c", "comment": "Malware payload", "value": "d915386b9f157bed5fb89d1fa6fa6814", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698862, "uuid": "01a9dcc5-c9c6-40cd-9b6a-a182f17aa542", "comment": "Malware payload", "value": "15e5d0f3035ddeb19ab45120c125c41d02a4317757d8a67c8545a31826d4b5a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698862, "uuid": "fccaff04-fab2-4051-bf6b-26b24cdb7406", "comment": "Malware payload", "value": "1a62d4df4127ed31070e49ad00797b886b56eb98", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698862, "uuid": "c6275176-0389-41ff-96fe-4eb0a3a31bc3", "comment": "Malware payload", "value": "2b9d2834c6afb330cf9a7ef7713e7439454675c7e4f538fed2459d8b4e03046f870f5317cd8bed61aa216a692e57231b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698862, "uuid": "6ec3884e-013c-489d-b1a7-08db6a923d40", "value": "T12E649E1273E0F964E5138732CE2AC6FD2A3EB8E1DE157F6A17499D3F09702A1C662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698862, "uuid": "2b0a38f5-d6bf-4403-aaee-fdcea02d99b2", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698862, "uuid": "23596b45-123f-4429-9c9a-1dce8f56cb74", "value": "6144:NNONJMM5+mcXt9ACfqadlJWzOPlQyJETGquGwwqVva:7ONJMi+mcXsCiazPwyqOz8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679698862, "uuid": "9b23becb-c9e0-4475-b446-b408410d49b1", "value": 330752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679698862, "uuid": "fca03ac5-29d4-4215-b2f1-29a82f9f459f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698862, "uuid": "b903e048-7f5f-419b-b67c-ea46fe210c5e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ab0943a-ca7c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679687123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679687123, "uuid": "d65c6154-0c50-404e-b907-4c5f45b64562", "comment": "Malware payload", "value": "b74a84974756f6c0901398f51aa691ee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679687123, "uuid": "dd320029-9489-4d71-9034-ccc38c6a50b8", "comment": "Malware payload", "value": "15f497477ed80181c3edbbee767fd29efb2277f07785e4d2f0010fea93625edf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679687123, "uuid": "f2c328ce-1767-413c-ab8c-02eb62b3965c", "comment": "Malware payload", "value": "bed7e886422bc35c5e34eb247d0d0405450c0a0c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679687123, "uuid": "69ab4275-1f61-46a8-8717-9d7a95e0b615", "comment": "Malware payload", "value": "735db452ae3e721e3b023ea17d6db709be84b4969af8f0e2dd72c42efa7f306de00da621f48062da684f523ab03053cf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679687123, "uuid": "ead79c21-cc0d-4386-84f6-7b3eca4177d0", "value": "T1E384BF1273E0FD60E56787728E2AC7FD2A3EB8E0DE15BB5E1644993F0D702A1D662305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679687123, "uuid": "55d9a115-65f7-4813-898f-9c77b77d93cb", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679687123, "uuid": "9789f238-e88a-43cb-ab7e-d2cbeb47d981", "value": "6144:/mp7NtQrnuSTNlaGoWc9kkpH4kVRdEG5va:Op7Nt4nu+oMu4aEGY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679687123, "uuid": "efe6ebb2-3b0e-491b-b872-cbc89711d3e8", "value": 391680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679687123, "uuid": "31096529-91b4-48ac-8a4e-c9b31e6f5297", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679687123, "uuid": "e822ba69-f920-4ac8-88be-f75ec365b330", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb881a31-ca04-11ed-88f6-42010a9c006e", "comment": "Malware payload (DCRat)", "timestamp": 1679635826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679635826, "uuid": "01cc79b5-536f-4f05-98d4-8344e7cf1148", "comment": "Malware payload (DCRat)", "value": "7b2cc7bd31191fc112de760c996e56a1", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679635826, "uuid": "288a37e5-dd68-444e-91f8-344bcada9fd2", "comment": "Malware payload (DCRat)", "value": "168dd964cedab347b56461282ab409b5fb19de28f50f635d7071dfce39c04ed5", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679635826, "uuid": "abedd7a0-c102-457c-92e2-4dd7c6f73ce2", "comment": "Malware payload (DCRat)", "value": "8c87bbdd79eda5b6f6612a9d828d10924071e959", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679635826, "uuid": "457fefb0-dde3-45d9-a17c-f0cbd642a137", "comment": "Malware payload (DCRat)", "value": "17843cde03834ccd08fd162559814c39041bd405660e6befac02dd8efe6dac142099efc1f6ab1636768af83b86fb5304", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679635826, "uuid": "b68e86d9-bca4-4fb6-91f2-b7ca1b908cd3", "value": "T1963523E33B08C81CDAF297317895CE4A545DA5B8EE8FC45BD33917B89DA46B07D92203", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679635826, "uuid": "4413dbe0-2ccb-4702-b7fc-40e90d663294", "value": "17a4bd9c95f2898add97f309fc6f9bcd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679635826, "uuid": "9e232336-9d57-4f38-9736-1680e938672a", "value": "24576:JpyruWBdka5dL1NELih7LqxLBwceZEY2Onj3JniDq0A5BfJXA6:Jpm9nkIdL1WCnwmDZJ2Q3ZB5BfJXA6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679635826, "uuid": "aea3f698-c827-4982-9e71-e56fa1c59a0e", "value": 1108056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679635826, "uuid": "b47fbf45-2acc-4094-b2d2-f52c6c8e0ae4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679635826, "uuid": "115f7a9b-b387-4807-becb-281e8010ee43", "value": "168DD964CEDAB347B56461282AB409B5FB19DE28F50F6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e88027d7-ca7a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679686475, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686475, "uuid": "857d4810-cb92-4fed-ab16-a58142d8d9ac", "comment": "Malware payload (Mirai)", "value": "611aabcafd14c511ade9d2ef460ff433", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686475, "uuid": "4f379d64-2c73-44e9-aac0-06e62104f380", "comment": "Malware payload (Mirai)", "value": "178fbc725d8374a4be15f6d7668a34200dc5cf6294773c34372a12aed72e6c76", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686475, "uuid": "848a4d66-4a52-4c4a-adb7-39170ca15d75", "comment": "Malware payload (Mirai)", "value": "84b0fd8e3d3ccd49297e49231bbbcfb29ac957c7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686475, "uuid": "086b5aa8-b46e-4b79-8588-868533f17619", "comment": "Malware payload (Mirai)", "value": "7a21fd285906f84d9337c95eb8cdef896d1a51d75738cfaf8ccbf698c9e16da2237afed80e44d22a8efe754574ed0e9d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686475, "uuid": "d1baa749-bc51-4481-9870-5c486c63bdd5", "value": "T17103F141CAA57F13CE786DB84EC6C1D2B71908AE63B385813AD38D55401B93ED6A1EFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686475, "uuid": "f214ebf3-35cf-4d0d-b949-104961033b95", "value": "768:OzU77DBbKPTHekxwodmTsF1XjqLKrRoK5nc7vCI6/FiS3/I7k6h4uVcqgw09S:/3D9KPTHekmETqLUnc7vdWFiX34u+qge", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686475, "uuid": "48cb0aa9-697c-4e66-abf9-b84b581df2e0", "value": 40532, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686475, "uuid": "3636e403-9c6c-43c2-973d-97e8a0d0cdbb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686475, "uuid": "addc030b-77aa-416d-a12c-c5ac067a982f", "value": "611aabcafd14c511ade9d2ef460ff433", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0023884f-c9e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679621231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621231, "uuid": "2e080882-52e4-4c49-ba19-3fe3f8849bac", "comment": "Malware payload (Stop)", "value": "35fb0deb07c22854702738f70f58a3ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621231, "uuid": "d51f8788-ed79-44ec-961b-b052e445fe21", "comment": "Malware payload (Stop)", "value": "19068810ffa556e922759d7652f4a16f35fc04a5bd708c56a8d601db3cec8708", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621231, "uuid": "32a4608d-e46d-4527-9cdc-798f01e6cc44", "comment": "Malware payload (Stop)", "value": "d4a1a9d77d26a6e6a7af73cd4f59ba59af959538", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621231, "uuid": "499e9173-7eb5-419a-8712-5c6b1c1f45d4", "comment": "Malware payload (Stop)", "value": "8cc7ab984a8644372bf753467bf1af5c0851723f56957e57f360eb9ea02807a2a4e2090ea6b59d833ce8dcf71ebbb8d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621231, "uuid": "4f534a08-c514-49eb-96f9-03a54016408b", "value": "T170F4122236A1D431D57754708756DBF06BBFB47097A7988B73580B792B30B80EF2A24B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621231, "uuid": "2ce1fbf4-1c44-4304-9d89-eb8e367c5f4c", "value": "8444e7fbc7fdb7e9f8131a6ae8e7a76e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621231, "uuid": "f2f84c8b-d9c6-4f54-960e-4b30ef79eea8", "value": "12288:EiduSupBChq0Ngd4DuzGrsDwVxrXVaOvnISbKOnbjVT63UsMElh48h:loRq3g44DwVxzVaXSbfPrA4c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621231, "uuid": "2298ad39-4fbc-47ac-921f-e6085bf4e845", "value": 731648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621231, "uuid": "f9669771-d893-4fd5-9697-86f272295830", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621231, "uuid": "389b19d8-3ad0-406e-89e6-87081618c022", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0590555-c9e1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679620775, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620775, "uuid": "a563b9e1-3c0d-4556-ba29-3957532fdca0", "comment": "Malware payload (Smoke Loader)", "value": "f51e2fc25d2c2725e6ee7a854720978e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620775, "uuid": "4642e45f-bae4-443e-aa48-e0656b66aa5e", "comment": "Malware payload (Smoke Loader)", "value": "1930e68124deed8f57e3c5763009d15e8061de2286fa71655483997e9d04e76c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620775, "uuid": "7f9460d4-a2a5-4e1a-b6c3-88eb77b967c8", "comment": "Malware payload (Smoke Loader)", "value": "f74399c8ddb5deb92de177edc71759364261cca3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620775, "uuid": "f71b7115-a5ea-4a92-9167-e238a08c321d", "comment": "Malware payload (Smoke Loader)", "value": "ff0196ad0cb71fd9b54b8c491f9d376be57edf08c0fc4a1a3af0cefb7949d6486b48b07357cb00c4c4994811ce59c4eb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620775, "uuid": "04b97fda-e17a-430a-a9d0-fd653f9725c2", "value": "T1FE44DF2232D1C832E16B06F98851C7B4697B78705F6585DB3B4067BE7E303E19E3A71A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620775, "uuid": "22dc76f1-bce2-41ae-9f5c-ccd3cbbae320", "value": "1a1f360ce6c706ec6136d71fd36c1fc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620775, "uuid": "bbf5ea50-5209-4a04-a1b8-2899ebc8889e", "value": "3072:f0v32b15+VALmAJ9OEW3mnMW5oJh16FO8yLogpsNALDPd5RcQ:+zVAL5JkF2ef73CNW5c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620775, "uuid": "0e830a18-a935-4096-a74f-3cf29aa2c054", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620775, "uuid": "b57add8b-2ae6-4b0d-b41b-c3570f18ad34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620775, "uuid": "ad546578-bada-43ea-b26b-01192de1c7bf", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d463f7af-ca7a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679686441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686441, "uuid": "d0bb7c3e-f3e7-4f9e-945a-eb32f18a48e0", "comment": "Malware payload (Mirai)", "value": "5f0dd5fd29900f01d5e4da54897fbcfc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686441, "uuid": "c227d9a6-9e00-43c6-8103-625f4790ecb5", "comment": "Malware payload (Mirai)", "value": "1ac28519ba288c85c9e01fbaad33587f3d526172cab5cdcd4038d2b552a436d2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686441, "uuid": "9e39a758-d672-4ec5-8158-784478bab97a", "comment": "Malware payload (Mirai)", "value": "b3daee5857e5dfd3d72aa3a1d2576ca931911c20", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686441, "uuid": "19b40ddc-c196-421f-8e8a-09a05620e21c", "comment": "Malware payload (Mirai)", "value": "db4ae6e983e89192ef141324e2a7ae21c3501284feacb9a8e65f63988dbad8f05afbc681b888702017e537534f371af9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686441, "uuid": "4020a371-07db-4033-b412-9d8595e11da4", "value": "T16113E19CB4B98C66C5CC2FBDA1C90FF03D60E52743DE9AD86345058CD325A866C6D4A8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686441, "uuid": "1c151136-53b7-463c-afcd-b4dd02745745", "value": "768:G+aNvRTTxIPdwYttUGuNjrZ5tHE136FtUP61KxJ9QpWakxZryPdx0KrDWM:Gb1RXxIFfGFjL836XM6MxJ9iVGOPn0mx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686441, "uuid": "3f44b9c8-0eec-4a92-9b3a-784d020fa295", "value": 44280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686441, "uuid": "0f69c271-e839-4a92-81c8-89b3973eccbf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686441, "uuid": "d4836100-01e0-48c3-8e53-0a40580f7762", "value": "5f0dd5fd29900f01d5e4da54897fbcfc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2f50400-c9e1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679620726, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620726, "uuid": "4e325606-4871-4534-8df1-ca1ac4a48959", "comment": "Malware payload (Stop)", "value": "55e9193eaf48788cdc5b9f7f2ca3d708", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620726, "uuid": "dc090466-79ec-4c16-a74f-b5cf1b85dc0d", "comment": "Malware payload (Stop)", "value": "1ac4c935700aeb5018ac473ec6a180bfc332ec686e7efb8617017ea93481ea79", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620726, "uuid": "e18b6ac9-889c-4631-a6cc-badc3833fd73", "comment": "Malware payload (Stop)", "value": "fddac955c8312d9099d0321f9379a41a2ce66795", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620726, "uuid": "ae2ba528-4f87-4f02-9757-9cb2db35eb24", "comment": "Malware payload (Stop)", "value": "2d39885618cca0d2f107f7a43bdabcdfdf26b1aca83855f6e73e11a88b6449744603f23213c0f88a06bb5ebef5028337", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620726, "uuid": "7ea54606-6d68-4985-b458-b1b45f493c3b", "value": "T1FCF41322BCE2C076D6D3593096A5C6F8653E7CF056988ACB27550A7E1F307C0F96B247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620726, "uuid": "d4162ed9-b845-4927-a315-d9f6f945ccff", "value": "8444e7fbc7fdb7e9f8131a6ae8e7a76e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620726, "uuid": "810a379b-32ff-405b-882a-1899d6965296", "value": "12288:g7i0Csr2VzRuVbYoJ7sGx+pt/2Sh8jrnWupTIk772lFVcq/ETn6:F5pVzAVbPUpt/8/x6don", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620726, "uuid": "a8aa9b2a-90c6-4c9b-a8dc-3aad845e890f", "value": 733184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620726, "uuid": "fa0f207c-306e-4ca1-8f25-612e8c906c9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620726, "uuid": "c75cab60-ad97-4cb7-8d5d-4a260f46cfdb", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e78eef7a-c9e0-11ed-88f6-42010a9c006e", "comment": "Malware payload (RemcosRAT)", "timestamp": 1679620331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620331, "uuid": "126c0565-255a-47bc-bfd4-b11e65c58a7e", "comment": "Malware payload (RemcosRAT)", "value": "8ab8847b21675188be6c9e4a3782ccda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620331, "uuid": "b58e114b-32b3-4d3c-a4ff-34082f853ce3", "comment": "Malware payload (RemcosRAT)", "value": "1b756a06817a1b3ab7db454b9b4791567ffabbea9db0ffd5ad9f3c01201c65dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620331, "uuid": "6ef978a0-c2ef-439c-aec4-e82b694e241e", "comment": "Malware payload (RemcosRAT)", "value": "8c2923b94ab3db0c67e83ef244642316afe56125", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620331, "uuid": "389b0dcc-c44d-40f3-939e-b0e0a17be4df", "comment": "Malware payload (RemcosRAT)", "value": "5304c5a75c52b681b7135edd3179b9d60fa8d28123eb1e08785cc1258794f632d03ac29e2bd18824a895af0030cffa7b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620331, "uuid": "7a4a164a-a2c7-464e-a3e8-d37f6e4e7a1d", "value": "T17ED57DB113D3FEA4EB6F1E31C09029048D11AC539BADD38CBDC9399756B5722DE48AB1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620331, "uuid": "17869e38-efa0-436d-9e32-934ea2c9e5de", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620331, "uuid": "9890a37d-9e36-4088-81c9-1cb9562befbb", "value": "24576:sUe7AbJO3BqXtEOGTPEhRNhvdf2VKtu1Dze6HDpLe1hP+dufPRfvcaeFN+qIOWXZ:sDAiOGT2Nf2+PpAw7lWdnL2Rwhzr6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620331, "uuid": "9c6b7a02-cbbc-42e2-868c-0735ef086ce0", "value": 2750976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620331, "uuid": "27a745ce-d8ef-4e6c-bfd5-e2ec37f00b0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620331, "uuid": "63fd03a1-6606-4026-85cd-1e06871d5437", "value": "8ab8847b21675188be6c9e4a3782ccda", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "801d6167-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679639914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639914, "uuid": "b06c83d8-db94-4764-9531-61ab1c8f5fcb", "comment": "Malware payload (AgentTesla)", "value": "5f11ed8710d132d4d94855e48977ec44", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639914, "uuid": "27dea20b-ab5a-4981-9a4b-03544928d5e5", "comment": "Malware payload (AgentTesla)", "value": "1b96e3e8f1846fbe1f2278851c6b339ad8feeb9c1fa4ac4d9e5c59ecf7b70e97", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639914, "uuid": "956ca562-1c6d-4c7b-9747-64d3a3974e2c", "comment": "Malware payload (AgentTesla)", "value": "8faf20774bf8711e1a3dd6a4896fc15e1cb03a4f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639914, "uuid": "fdc649b8-5313-4d75-af2b-4f6af7234dc6", "comment": "Malware payload (AgentTesla)", "value": "b6584a4729d425b60aeccbabfe74aadb8fa50a7a55bd537d1d0990e605d1b256679c3bf6de89ee3d96ee05f100055107", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639914, "uuid": "5ba67320-7664-4ec3-ad9f-7efef3d9ab38", "value": "T19705E004FD3A0A77F8DAD3B45164233A03A9BBA25062E6858EF969C93CCBF5705D411F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639914, "uuid": "0bbb4cc1-e2b7-4f9f-8b7a-b23b73af313d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639914, "uuid": "fa6bc781-1212-4e27-9625-dce9a86fa80c", "value": "24576:d8QawUZGqfE2peb8lS7flnAzFgvAfoqeqFuNaZ:6QavZU2pQ8lSmygeqsN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639914, "uuid": "266b317b-048c-462d-962a-f3eb304e888d", "value": 834560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639914, "uuid": "657621cf-b126-428f-9ab4-bef04945ef02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639914, "uuid": "851ee4f3-53c9-4d96-ae3f-b9313eeda760", "value": "DHL Shipping Notification.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c711a15-ca93-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679696897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696897, "uuid": "92240c06-6b91-4279-8c84-c33d5cb1e0b9", "comment": "Malware payload", "value": "ab9231ca1b6d681458025eab7af52695", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696897, "uuid": "1dfc350b-e685-4503-9bd8-28d6c8ea160e", "comment": "Malware payload", "value": "1cc35c2bf49a329a95265421aa2128b8e411231acfd59ca96498c6dd3d5f0e4e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696897, "uuid": "9eb8f4cd-7893-4800-b155-d14bdb69b58a", "comment": "Malware payload", "value": "1485c1b78063e051a49b67a255e384931d5335c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696897, "uuid": "fe7ddda9-8a5e-48e8-8adb-484f3812ce3a", "comment": "Malware payload", "value": "456864b1096030bf0eef70005be02447ec91aafcc2dd0de32a3eb8fb5965e67bb995e9b8c6f2f7a0fe182fef8c162243", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696897, "uuid": "ce7e5049-aa8d-4157-98f2-d7550762b77c", "value": "T16F548F1273E0F960E61787728E1EC7FC2A3EB8E1DE167B6E1649597F0D702A1C662704", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696897, "uuid": "a4c7a274-86d1-4bf9-bf20-f9b042b99d33", "value": "a1305c8588ad78686efb12226f3191f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696897, "uuid": "7fe8fbe3-3f1d-46e4-8398-1005b0c8e910", "value": "3072:JxufN82xxRYCCd5kxUlfCDm4dZTS1OIwj1YqDTXR8yUuFry0WN8aeeL:3S2cY/fCDntIwj11zRx1u0va", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679696897, "uuid": "65906d75-bbc2-414d-967a-18a94819f667", "value": 283136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679696897, "uuid": "15ad7da5-6b1b-412b-be5c-47e45952c208", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696897, "uuid": "8ea281aa-fc0a-4a02-bf6f-39a58e9a93cb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e4e914c-ca73-11ed-88f6-42010a9c006e", "comment": "Malware payload (IcedID)", "timestamp": 1679683317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683317, "uuid": "3d97ca1c-582b-4109-aa61-a9d27d36f2d4", "comment": "Malware payload (IcedID)", "value": "d659e03354a9657001d5136308449d5c", "object_relation": "md5", "Tag": [ { "name": "1105 SOFTWARE LLC", "colour": "#080BBD", "exportable": true, "hide_tag": false }, { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683317, "uuid": "ada198b5-4709-4cfb-8e3c-8e38e39f299c", "comment": "Malware payload (IcedID)", "value": "1e2aaed890f3a5e5657d6806bcf6756bbdef9baeca203330ad862dcf47ddf885", "object_relation": "sha256", "Tag": [ { "name": "1105 SOFTWARE LLC", "colour": "#080BBD", "exportable": true, "hide_tag": false }, { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683317, "uuid": "81476f33-a145-4fb1-b0ba-1c0ff664f1aa", "comment": "Malware payload (IcedID)", "value": "0f440e15ab54adf7f699d980fd436b3e5f03e20e", "object_relation": "sha1", "Tag": [ { "name": "1105 SOFTWARE LLC", "colour": "#080BBD", "exportable": true, "hide_tag": false }, { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683317, "uuid": "490e43e8-583c-461a-b7ad-5920061f0dba", "comment": "Malware payload (IcedID)", "value": "338a8eb248b4b9a945c753c23c52c173786439a98d07c38687bc0bb07819cbacff3e2049974eb4413d4e5223302bc9fb", "object_relation": "sha3-384", "Tag": [ { "name": "1105 SOFTWARE LLC", "colour": "#080BBD", "exportable": true, "hide_tag": false }, { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683317, "uuid": "913415f4-2c0c-4794-a7db-d0ed890c2c92", "value": "T1EBD4AF60EE952AF3E31BC977DDBEFC2D80B1729A7B63E37B7184426454A42410F4B246", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683317, "uuid": "18d1b9e1-c4b2-442f-b151-5c15d7b2e9c9", "value": "8a3f45460aa7178128f660fb37ed69e5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683317, "uuid": "1f67c5fe-c527-413c-a756-0a7d33869307", "value": "6144:vvJefQe21l/7o+zmG6abwLPcwUSgm1IWAH1c9/MJOBlX4Bd3uyWFACWPgkqTXzm6:vRloG6abwLPVRaqLm3VdGPEBj/eZb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683317, "uuid": "c6fefb2c-1290-484a-8db0-a0890ada61c8", "value": 635424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683317, "uuid": "c6559a4a-6511-4179-ab3e-116135b16a60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683317, "uuid": "0e266bc2-080e-4ea3-9ecb-a66231a2fd42", "value": "Docs_Unpaid_#367.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbad8c38-c9e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679621653, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621653, "uuid": "1b1f1047-ae8f-498c-81c6-0e4e89c20037", "comment": "Malware payload (Amadey)", "value": "f0daabd724759dd77456f8bcc0487131", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621653, "uuid": "8809f80c-7758-497f-9559-2b0ec7486224", "comment": "Malware payload (Amadey)", "value": "1e481192f06793668eb904c59ee13907b3f4a31a258960d65a4f0ece8cc98c51", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621653, "uuid": "20531222-30d6-45b1-87a4-23ddefdfa8bd", "comment": "Malware payload (Amadey)", "value": "d172da8bf72e9937a22d8ee7ad073cc0d2d7746e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621653, "uuid": "d3af2148-1aeb-4837-ac81-3f5a9cbcfd3c", "comment": "Malware payload (Amadey)", "value": "7a6c5b2f5895eff796dc07f2b908e305cc08d1d51c1aaa87b686d8f5df1e8c4f6c1555adeb1a2ad0ff16924edc59fbd4", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621653, "uuid": "1d1cef7b-9ea6-4743-a6d7-d621337ac54d", "value": "T1DF44CF22B6A1C4F2E447053C8865CBB869FB7C709B19C6CB2784567D4E703E2AE3D746", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621653, "uuid": "3b8c0d1a-9c55-4fc0-8ac4-39e4d1b81ee3", "value": "10e81001fcffe731bc4b5a2242faeabb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621653, "uuid": "8aa6834a-71bb-4d60-9560-ebc181e4f2b1", "value": "3072:40rS4NhHsYIYGLepVysWA2bBSkjnR9LY2NEf5hBecM6M:JOhYGLEYsWA2bhjE2NuBe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621653, "uuid": "f904bcc9-0af8-4a25-aeef-d0c94070ed7d", "value": 256512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621653, "uuid": "7a1c6350-3b4b-4fec-8527-e77e76f8d9b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621653, "uuid": "0327be4e-b60c-4d22-81b3-d9d0b17bf5f7", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7302ba9d-ca73-11ed-88f6-42010a9c006e", "comment": "Malware payload (GandCrab)", "timestamp": 1679683271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683271, "uuid": "ba111a46-2c6e-418b-b1ae-74d6246bac0f", "comment": "Malware payload (GandCrab)", "value": "faebc8605aa6ae0210b3d7332a4085b4", "object_relation": "md5", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683271, "uuid": "daa95ae8-84e5-45f6-87d1-437db86d90a7", "comment": "Malware payload (GandCrab)", "value": "1edc828da884f2b17544ba6609f55bba3c950093528a5e857a23be8ae78fcb36", "object_relation": "sha256", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683271, "uuid": "8de91ae2-d90d-4543-b5b2-6dfdd438aaab", "comment": "Malware payload (GandCrab)", "value": "0da4e0038853df664af34d14a20cb7ae48a35cfa", "object_relation": "sha1", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683271, "uuid": "519bf738-ce33-4de9-bdab-6b4ed563c960", "comment": "Malware payload (GandCrab)", "value": "6f61e5b70901552b7b26e73b2ed116c82926bbce246daeaf4693b29c1cd2f3092e1192a8506e229be909be48dd7d1591", "object_relation": "sha3-384", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683271, "uuid": "3571bbfd-e2c6-4afe-adac-3dbfa3e4df10", "value": "T13C24E013B2D4A871D5270B758D2989807E2DB5400778539F37AB2AAB9F702F08A7735F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683271, "uuid": "90f92b50-91f6-4555-8c36-3bd725973d49", "value": "c1ed536789620e443598b625f8d0ae7c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683271, "uuid": "488c5050-052b-4d2a-aacf-0be5a1283c68", "value": "3072:HPI88gNJMXBNO2gwvT+qaRER85N/0N9eaoRSh+KpVmytJKF7Gb:vI8FNmBJrxR85N/0N9eao+UCJsM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683271, "uuid": "648935fb-b2d8-4b4e-bd6a-ff3338ac403b", "value": 219661, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683271, "uuid": "5cd7369f-09c7-4ad7-9491-fa3f881285b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683271, "uuid": "310245a7-d061-42a0-88fa-b9df9ace34f4", "value": "1edc828da884f2b17544ba6609f55bba3c950093528a5e857a23be8ae78fcb36", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea2b8014-c9f1-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679627637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627637, "uuid": "35c84020-6b81-494e-b271-c12f94984529", "comment": "Malware payload", "value": "3c9dd604080dda485452751854ca892d", "object_relation": "md5", "Tag": [ { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627637, "uuid": "13047fd7-a117-46e5-8bd7-af0b7e88c473", "comment": "Malware payload", "value": "1f23a8be2e3cf81e2ab11b38df69ef7666e7925621854c062678e0aef5a8a5c2", "object_relation": "sha256", "Tag": [ { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627637, "uuid": "52edba94-4b82-4689-8203-84f3d922eb43", "comment": "Malware payload", "value": "c8eb2fa1e512d59dc0d8d2c4f857a37e45ddb988", "object_relation": "sha1", "Tag": [ { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627637, "uuid": "d4db7b55-18d4-476c-ad20-2e8ff3743320", "comment": "Malware payload", "value": "5d4c9f6c030f70e48e8891a11cd465f60fb09d6c76bf033593e8b143d7107967c6a7fbf0b9deac0832fa1d2a614a49bb", "object_relation": "sha3-384", "Tag": [ { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679627637, "uuid": "5d0db1cd-e598-4a2b-88c5-2f4467ed4779", "value": "T19644F1938444689BE5F3977D8DD10F24B71BC8C09326CA2D7DA1A0AA1D1F7B3D817A4E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679627637, "uuid": "62af12ad-0956-4663-8544-f18ad1d9c334", "value": "6144:7kIk+ai6laI6gfUOqa1fmioLyVmWsdYkB:QaI6aF1fmYEv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679627637, "uuid": "51d8aebf-3c02-425b-aa4c-80efca15f200", "value": 259992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679627637, "uuid": "d857aa1b-577f-401c-ad6b-75505f153042", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679627637, "uuid": "61990c16-2358-49bd-9cc4-3947a8b61c11", "value": "consult.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45a62e03-ca73-11ed-88f6-42010a9c006e", "comment": "Malware payload (GandCrab)", "timestamp": 1679683195, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683195, "uuid": "25024bdc-c542-4dbd-aea9-fd2954c999db", "comment": "Malware payload (GandCrab)", "value": "0159c89c26fadeb10863b81796e374b4", "object_relation": "md5", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683195, "uuid": "2b4da0f1-eea7-4adc-a71e-0c053a10bce5", "comment": "Malware payload (GandCrab)", "value": "1fbe885c0747a5735dce3ace377e26521dd11f981e5eda8050a6e8ce5ebc20e4", "object_relation": "sha256", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683195, "uuid": "d27d0bca-bb53-405e-9935-91ec9e1eb83f", "comment": "Malware payload (GandCrab)", "value": "d7e1844c04dbbde27d4f23e087166a353cfee96d", "object_relation": "sha1", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683195, "uuid": "b3bd23ec-e416-43f7-86ac-ce34f1280080", "comment": "Malware payload (GandCrab)", "value": "c21aa8514393a8260944f33fb69634229bae6a6ddc23d578be6b69839a30a231488dfd61f087d18189894cb4083ce242", "object_relation": "sha3-384", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683195, "uuid": "f893b436-1f4b-4d45-ac5d-3fbf15bbc6fc", "value": "T18CD3CF1171D0C4B2C0E2157188A0EAA45B7EF90217B986CB7B5D2A3D6FB03D05FB939B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683195, "uuid": "16d6951f-50ef-46c3-8906-6095b73aec1e", "value": "bcb64e67818079866efdc97c2da83d74", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683195, "uuid": "efaf1cc3-4a25-4c94-b40a-c7b10412df28", "value": "3072:niEm4ok3S63xBNPNO4CgasIBbCFO5JpOp:iEm4oiS6HzO4Cgip5JAp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683195, "uuid": "909f4dd8-bc12-48be-bb28-fbdd96823fee", "value": 131072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683195, "uuid": "b3fb697a-271c-4aeb-9634-27b526ae1121", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683195, "uuid": "0d98d048-5327-4507-91b0-78e6157b00eb", "value": "1fbe885c0747a5735dce3ace377e26521dd11f981e5eda8050a6e8ce5ebc20e4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bb81016-ca46-11ed-88f6-42010a9c006e", "comment": "Malware payload (RemcosRAT)", "timestamp": 1679663985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663985, "uuid": "389f63bb-4da2-4e5e-97a0-51f8c36cd43e", "comment": "Malware payload (RemcosRAT)", "value": "f2121e6f89567e460e1d5db6d2ac8740", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663985, "uuid": "fbb29c03-81a8-476b-a83f-15a1f67e719f", "comment": "Malware payload (RemcosRAT)", "value": "2010a7e1a136a9881ba4db4beb99088ea77ea2997d36e6d1d16fc696b34fda8b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663985, "uuid": "f34becd5-3cc0-4668-9dba-dda56bfac59e", "comment": "Malware payload (RemcosRAT)", "value": "2c6b0077b423e11bbfa00b9446f5f8614acd33df", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663985, "uuid": "c351414b-64eb-4843-b79d-966f15176f50", "comment": "Malware payload (RemcosRAT)", "value": "bac68aeae99177a94e2c6bce97dfd7a8b48ff6094c42bccc1b0956d96ded053c6d0bec967e94efa7d59599d98dd6db8d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663985, "uuid": "a784d835-6982-410b-80eb-3f8a67750415", "value": "T1913523843FBC0C62DB4D1B7AA5E9C1CC53B0757A974CE7032E89448DCAEA7844661BF6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663985, "uuid": "144852c5-c8f8-4172-8920-37426a8bc979", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663985, "uuid": "2cf383c5-a0f5-4083-8d08-840f13058869", "value": "24576:M+dborkAeFc65AX4LdHCcbnbUqcXG1+JIL66hP:M+dErkq0HCczbnY2l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679663985, "uuid": "f2829d21-b444-4cb2-8247-81a3a7bcd6b6", "value": 1134080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679663985, "uuid": "018e661c-c648-4f43-96f6-3adc7897e542", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663985, "uuid": "e4cc3ed8-ab4d-4acc-b32f-370a2171f4d7", "value": "OFFER - FLG 80460-7946893.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03a14b35-ca86-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679691245, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691245, "uuid": "7bab3209-fc34-42e4-a6dd-1f7a20d73993", "comment": "Malware payload", "value": "85f46d8248892a3b3341f49037c46ef1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691245, "uuid": "4a79ba2b-3de7-4b81-bb8e-927af8730ab2", "comment": "Malware payload", "value": "2119b6ce4788e62047950f48e87a11196aa3e90fdf1c9ac9fa8c0705e90c6a89", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691245, "uuid": "15b717eb-00b8-4d97-9444-e378d47f943b", "comment": "Malware payload", "value": "dee40cef47e97efa3e507c23e699619b0c179eb9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691245, "uuid": "06e3770a-659b-444c-8a68-dc728dd6c6a0", "comment": "Malware payload", "value": "a768e6109948b81152db0034696b1e469c02c5a7474d584565ab2d29a47c062527f7e7bf775d87a55c92d5564d0cce85", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691245, "uuid": "a08b4f3c-cec3-41e5-a485-473d91403d47", "value": "T14AA5334792C044B8C3EB97396E50D309EE6FBB721BBC90BD148C975C4B7D9628A36760", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691245, "uuid": "ca84e317-e7f8-4df0-ae10-46ce2254017c", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691245, "uuid": "3328c436-54ae-4def-8bf3-ae823e241f50", "value": "49152:EGlJfsg6DeVGLnMcHt970a9CQREv1x6fDipu1+lGOjSnKxpM5dlLYp:5RQ74ytiVQ6v76qu1+G4VePYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679691245, "uuid": "91ea4a4b-ce1b-4438-8aa1-7d123199a743", "value": 2183673, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679691245, "uuid": "edbe2db3-ade4-4fc1-943b-bd46f6b0d511", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691245, "uuid": "ee466ce3-8032-4c2c-a1fe-33b1c8be6591", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b9397b7-c9e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679620821, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620821, "uuid": "77377c45-9bfe-49a9-b1ed-08fe1c9df3e3", "comment": "Malware payload (Stop)", "value": "031e3b3b41fb249b1721da67dfee83f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620821, "uuid": "be113d57-5c8d-444e-adb3-0438ce40e567", "comment": "Malware payload (Stop)", "value": "217480c37c98f9bf2cc0ae64c2fe58c5df5be4b005bf6460a83b7c460fb3a257", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620821, "uuid": "7647c921-2831-4b8b-bcc6-dc154329e7ea", "comment": "Malware payload (Stop)", "value": "85788c179eb6e23e8696c34193d058fe736bf8bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620821, "uuid": "1d0903c9-43e1-4ac1-ad45-6e11c23bf52a", "comment": "Malware payload (Stop)", "value": "3dac7f273dc583c3083b09b4c86a3ae277f448213a9d7667b715c670456d9f6506a6eee1fa653dc519e0fabad898bba4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620821, "uuid": "3e4b74d3-05e5-4cbf-997b-468ced281464", "value": "T17CF4122139D1C1B3E94788719A65C7E1BA762C758B69CF4B732807BD3E703D0A72931A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620821, "uuid": "7b91f80a-a603-4f17-919b-fb07b17b9387", "value": "8444e7fbc7fdb7e9f8131a6ae8e7a76e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620821, "uuid": "b2438019-0af7-471b-a90d-7996ce94bbd0", "value": "12288:siMCQImB44Hm/bt8xwooglAIajuZ2c1kmbHbzz7ATP3JvQ9Qe0G:dbQ3XGjtvH6AfuZbKmbHbbKPVQ5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620821, "uuid": "9fe5e5fe-bab3-4314-8562-1c3fa99f25d7", "value": 733184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620821, "uuid": "1b8fb83f-72df-461a-8495-1b11966c0cc8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620821, "uuid": "278fbfdf-d5fb-4e5f-82c7-f83891866c54", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd246598-ca31-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679655049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655049, "uuid": "575fe147-b8ce-47ae-a7bc-663597045e38", "comment": "Malware payload (Smoke Loader)", "value": "9785b488e5fabbaf212379431515a843", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655049, "uuid": "b39fa0fc-4553-477d-9967-9f1014b5ad51", "comment": "Malware payload (Smoke Loader)", "value": "21f840d040c17a726d100f31af155807a41bd6d9b642f0ded1a22fb57f099a6f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655049, "uuid": "acd88193-eea4-4170-b4b6-8e14c6a539d9", "comment": "Malware payload (Smoke Loader)", "value": "4a8a7b5f33a1dccfc347a8b54f69e27a235cf30c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655049, "uuid": "946c5bfc-3455-4a7e-b576-2a6a2ad3f536", "comment": "Malware payload (Smoke Loader)", "value": "3805c39878a9e40e33ec347dd5b3bcbc9e37d3fb395420c8479c3235b8d6f5e7f1f9a6f64867670e5e98441cf37a00ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655049, "uuid": "eaf884bb-b636-4c3b-b42c-c5d1813672e4", "value": "T1B1347D1273E0F960F52686328E2EC7FD663EB8E1DE56BF6D2745993F0970261C622314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655049, "uuid": "13f7d3e1-b9b6-4a1b-af49-f4b6a1d29742", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655049, "uuid": "efcd8121-3a1a-47db-94ca-ebdf41738716", "value": "3072:nEXj+uz3uHaTMdtKQTvVGquDeJjQZNfCoZs4+0YNRNlEAdsOjt/dmWNObVq:0+sfat5BJsKoZ+0YHdzPmj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679655049, "uuid": "54d546ec-704e-4ec4-9fa6-23d8e085b69f", "value": 252416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679655049, "uuid": "7cf368f1-af5b-48c4-a80e-eb7350196629", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655049, "uuid": "055c9f8c-c640-412d-a870-99edf91f2459", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "880ef15e-ca19-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679644652, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644652, "uuid": "0a1cf81d-7803-46e5-921d-c2fa3bf7075d", "comment": "Malware payload (Amadey)", "value": "11d19c06c8ae19252c6971cd0b807c72", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644652, "uuid": "e02bbf9f-467e-4e3a-a3bf-0e9f450f2d75", "comment": "Malware payload (Amadey)", "value": "2233b27ef68c7dc4734347de753043542b20f81947e2be001b00fe3e0ddd0a21", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644652, "uuid": "cb9cafc8-2c2c-47f6-92ee-7656cc3f9483", "comment": "Malware payload (Amadey)", "value": "1c3694d1b1c0fffe33abffc5dce61fa234e22d52", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644652, "uuid": "37e1eac1-3dfb-4619-9346-a2a371f71d6b", "comment": "Malware payload (Amadey)", "value": "926f1b991369f1528cab47b00f82ea3aea50c39112484774637ea9a243fbe9966260e9824adc458493cc43eeceef15db", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644652, "uuid": "140da40e-14c3-45fa-a32a-aafc4431fefe", "value": "T17425220372E94573DCF917B19CF6478326367DE14AB9832A3797984B0CB17816270BAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644652, "uuid": "b26b843a-2e2c-46f0-9b47-03f67e809ce4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644652, "uuid": "a8540662-7c0a-4cf1-b574-29ce110cf8fb", "value": "12288:fMrDy906j2Q3XREkOQ7bgk/WIXX/V+U5hDgocbOSlvM5W2mPUTAGS9brm97vI/hI:Yyp5REkOQIk/f/UWSuW22a2xiEZI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679644652, "uuid": "362aceaf-9fe9-4392-83b5-78cd0ca52adf", "value": 1035776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679644652, "uuid": "088e66b1-db13-4a98-a4ce-f7d04818feec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644652, "uuid": "34fc81d9-9e10-449d-aa09-ff2c52b7a45a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74d1a1f5-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679640325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640325, "uuid": "edbd2e94-ffea-463d-89b0-18224cc800fe", "comment": "Malware payload (Formbook)", "value": "cd971240476762db335a265dfc524e42", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640325, "uuid": "45f78d05-47e6-4d6b-8d23-60e5b1c3e7f0", "comment": "Malware payload (Formbook)", "value": "2333130311b7b060f360196c5629af0ca1919366d2de939c067e0396602d0acb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640325, "uuid": "2616fe8d-b0b4-46b1-b270-7606149b0615", "comment": "Malware payload (Formbook)", "value": "d7337400348988d42a56c8d74e59cd2509d5f1d7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640325, "uuid": "efe3bb0f-80f4-46fc-bcf0-66050f9a8858", "comment": "Malware payload (Formbook)", "value": "cb29616e4a3336ea7b6cc6bc9f33a58f63054eb84f4621b6d4e8e1a2d00084d77c49647102f6ef3e9b85d71138207fe1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640325, "uuid": "879a4b1b-56e4-4187-b9b0-b67f82ee2e5f", "value": "T15474122203B6C963E8A7277159364192C6F8ED4614F5C65F2F84637B39332D2DB2E325", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640325, "uuid": "b400b1de-692f-4c4b-ab9b-fb6847511e48", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640325, "uuid": "c206f288-cc71-44ab-8b77-6334fa94ad19", "value": "6144:/Ya6hTQIsQt3UyjPf163/Jxqm9H4dOfzMLk8W5mdEoNxGG70xf7Ect:/YblBkq1u/JsmydOfzv8WA5xGGQKct", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640325, "uuid": "d13f3b44-b894-4779-bfc3-41972a96fdf7", "value": 361952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640325, "uuid": "ad902adc-ca7b-46e7-bfbc-de224132bc03", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640325, "uuid": "86cc6309-fffa-4727-9640-42b50fdbc84b", "value": "cd971240476762db335a265dfc524e42.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c521fcfe-ca66-11ed-88f6-42010a9c006e", "comment": "Malware payload (IcedID)", "timestamp": 1679677826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679677826, "uuid": "6521e9c7-1310-4a22-bcf1-f07802c068d8", "comment": "Malware payload (IcedID)", "value": "dbc6378ee7fb86000809b779d98fcec1", "object_relation": "md5", "Tag": [ { "name": "4281000665", "colour": "#E49F84", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679677826, "uuid": "95757064-b5a6-42f1-af30-368b33098c60", "comment": "Malware payload (IcedID)", "value": "244e55adeb71ae1cbd57af87dd4fa0c2f1143233ffddf254da27a721c61a63c4", "object_relation": "sha256", "Tag": [ { "name": "4281000665", "colour": "#E49F84", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679677826, "uuid": "c0760d68-941f-4977-908e-52a317ab385a", "comment": "Malware payload (IcedID)", "value": "676d870424accbbf77d69b76544ca880ace4ee3a", "object_relation": "sha1", "Tag": [ { "name": "4281000665", "colour": "#E49F84", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679677826, "uuid": "181edac9-9b74-4d75-8f92-3fa68b5fffd4", "comment": "Malware payload (IcedID)", "value": "4fcb93265e376e094edd270a5d2d61652008d0fa874cd8a8c5be282652ce270a31ca3cfd67f048f298cd0129580eaa7a", "object_relation": "sha3-384", "Tag": [ { "name": "4281000665", "colour": "#E49F84", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TA551", "colour": "#88E765", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679677826, "uuid": "75520a93-9a89-4955-a9e5-07973c60c03a", "value": "T1C1649205B591D886CC12913D8EA3C2D1E3B1B8564F92E7CB365A637EAD3B3D1AD77200", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679677826, "uuid": "dd49eea8-5e01-463b-8421-3b75b91cd0f7", "value": "ab887c1c27a75b4be4a6057f8310fdcb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679677826, "uuid": "475302e7-ea99-4de1-a211-2b423d092a63", "value": "6144:I9jpjF/+ONkn2eogb4qCdqnGZMMKq4Xl:I9jpcO6G4G6M/yl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679677826, "uuid": "586a60f1-8862-492f-a3f8-304682dda122", "value": 335112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679677826, "uuid": "e42b5874-5128-4cc7-9ed6-f9815b5ec619", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679677826, "uuid": "30154d8d-4f69-4d0c-94f5-5339f6ade2d0", "value": "ntkr.tii.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b22c3490-c9dd-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679618953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618953, "uuid": "700d5a54-4235-48ff-80c6-e1ff038abc68", "comment": "Malware payload (Stop)", "value": "53b4b7a52ff4187f3c5b66644ed5d413", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618953, "uuid": "e88be528-7d74-42c2-8e64-a72a7f23dbba", "comment": "Malware payload (Stop)", "value": "245247efeee2675a380f791323dd3b2b52eeddc0c1c033b7772c03a8c699b4e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618953, "uuid": "6f6ebb5b-36cd-4b18-86d7-6ac17fb2c696", "comment": "Malware payload (Stop)", "value": "ef288a4672d79662a9dfb531cfba49aedd8d8c3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618953, "uuid": "95d8c155-3fa0-473b-853f-1ce5e5d5da97", "comment": "Malware payload (Stop)", "value": "d7c46c3347e42fb93f3a3f918b7303c5c7ac01b29f4df1da35c7d2a012bd5a7d18d0d977c1d286361df18279be6a312d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618953, "uuid": "1806cec1-8276-42c6-8b00-05e235a09863", "value": "T114F4121132A1D033D8B208324B22D7F52A7BBC7547858AD77B882BBD1E357D1AE39395", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618953, "uuid": "2cce275c-2661-4e53-beb2-990dff090628", "value": "57a1d123edd8232af2119d11a9d551b0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618953, "uuid": "08a0e155-a8de-419f-9d8f-478e42442123", "value": "12288:6bb/OyO/RDWGjbb+ULhiTq1bNr3tfgU4p4U34kVFoa5Di85Qg0Vp:KghVV3t4UqVoOFRTcp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679618953, "uuid": "6d32cdd9-6e48-4440-a6cf-d9b6041ea74b", "value": 777216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679618953, "uuid": "8bd0f7f9-958f-4f4f-ae53-8c93e71c0c23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618953, "uuid": "4842efa8-76fd-4e4f-83c6-062534d4e6ab", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "235cfe90-ca00-11ed-88f6-42010a9c006e", "comment": "Malware payload (NanoCore)", "timestamp": 1679633746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679633746, "uuid": "78b6118d-ba59-4731-b7ad-03b5397047e1", "comment": "Malware payload (NanoCore)", "value": "e564b78ca0f4000710a72a67038451fa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679633746, "uuid": "676ff8a4-9a2a-4d31-9b44-6d42ddf0a707", "comment": "Malware payload (NanoCore)", "value": "2486ac56d5f6e92a34afc9c811720e9a8e03ac6e938410f81d9681a12c536e95", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679633746, "uuid": "a677066a-0117-45bd-be7a-00cda1cff22f", "comment": "Malware payload (NanoCore)", "value": "b6635fd58b3b8ef845a3472715c204e6815c6cba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679633746, "uuid": "cd175583-25df-435b-ad04-f81657adbc16", "comment": "Malware payload (NanoCore)", "value": "1f9d64eea58d9e11609d191e644c4f932ac47d403c0552e002bc159cc89883693687bf964e7effd1c2e7a461f4ba78c1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679633746, "uuid": "9c001696-d790-4199-b0cc-048786f0e8b4", "value": "T1C214CF6637E8893FE1DE8A79611242029778C2E3D9C3F3DE28D455B68F667E10A071D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679633746, "uuid": "1abce1b3-ff58-42d0-a7f4-b2ad3a506dec", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679633746, "uuid": "f09a3179-eef8-4d52-8077-47e0a459e83e", "value": "6144:CLV6Bta6dtJmakIM5LloIQpnwDws4LUt/n74gCjlE:CLV6BtpmkKytUtf74njlE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679633746, "uuid": "331350d5-23d4-4908-a05b-b1c64258b5c6", "value": 207360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679633746, "uuid": "46cfb2f1-4a00-4893-b52a-a5d52bcb39f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679633746, "uuid": "131bf89a-84ee-483a-a42c-6cd7a2039cce", "value": "wizard.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4ed8e53-ca07-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679637023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679637023, "uuid": "1675b37f-d263-49bb-9ddb-360f0b9f342e", "comment": "Malware payload (RedLineStealer)", "value": "0d9e38ba72b9994260768357559328a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679637023, "uuid": "22057808-eeae-434a-a86a-e2bc65922d69", "comment": "Malware payload (RedLineStealer)", "value": "24c78f9f8f15c94f2616a13adce3fda09255d3e1a4b762ef21b561318c082d65", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679637023, "uuid": "425bbbd6-72cc-497a-b670-a3372002233b", "comment": "Malware payload (RedLineStealer)", "value": "180ee5d2b2d8c6f5e993f77a1d9e1df9bd437bbd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679637023, "uuid": "11773366-7fef-48fb-9286-4bd2d463de12", "comment": "Malware payload (RedLineStealer)", "value": "18ff42230f3b768ef1437095df0c2159cebe84466f4cb7234ba8dc1366250796cab4e1d96655410aea102db4ffe028fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679637023, "uuid": "5b06b09a-ec0e-451c-86b3-555a4b63338f", "value": "T12C84BD20F8C8C985CB540D3491FBC2786D3FAE446E49AB65C956B5A95F30EDFB9B2030", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679637023, "uuid": "43b9f67b-7c5c-4912-a7a5-e4df8b3440c8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679637023, "uuid": "36446dee-6248-4684-aa71-796254919881", "value": "6144:2JAk9dNbuyG+VkT2Elng0ydlBDK9rPn9mYwYqYYw9/KSKTBdyjgpCrVaIYPX:Z49NsT2Eln1yZ29rP9mrdywm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679637023, "uuid": "1b71c310-937f-4c25-afce-358a9151ca46", "value": 374272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679637023, "uuid": "09b0d382-c12a-42ea-b72c-f9b6bb53a9a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679637023, "uuid": "bbcec3f0-b902-4bf4-82d6-1d3e36cc9204", "value": "Orderconfirmation#27682.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc435588-ca47-11ed-88f6-42010a9c006e", "comment": "Malware payload (Fabookie)", "timestamp": 1679664523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664523, "uuid": "54c92883-4f5c-4dd2-a559-7865bd4bcff6", "comment": "Malware payload (Fabookie)", "value": "00c4ac915f406d00262e889080985df2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664523, "uuid": "5df866ac-72cf-4294-ae0a-d5be7df0300c", "comment": "Malware payload (Fabookie)", "value": "24fc07335c600810e31230c90481091ebe94b60ada6c3d89c8e7cd6b426c7e77", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664523, "uuid": "15346d7d-4f14-474c-9117-078473b67375", "comment": "Malware payload (Fabookie)", "value": "8b57a9bc3665fcdb2729376a3a200a36126d8974", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664523, "uuid": "46335bfe-c652-481b-958d-a396314c8340", "comment": "Malware payload (Fabookie)", "value": "2ff9c5bc045a4cde9be9d9a9e912d207f070eaf80cdd41dac06da0f31e3a35bb1081d2a7ddfe8097795b1a7cea6934a0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664523, "uuid": "fd1a0293-6358-4eae-9413-c891fcaab92d", "value": "T1B3941849FB7408B5D096C531CDBE8376E272BC831B25930B8641FF5E2FF362169A9681", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664523, "uuid": "b699b1ce-4225-49d4-89ef-947169d1ed95", "value": "ff082fef3d15cdd142534440e54d6a28", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664523, "uuid": "5d38ddb7-f388-41d7-8eab-f401a5a518dc", "value": "6144:iykP7sQLwciHMBoFvT4MKBz3I8JmGerEhgVIXFML:i3nUcAC4rKi6ZerLIX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679664523, "uuid": "59d270d8-70d9-4f39-9900-470b9ee3ad8b", "value": 427520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679664523, "uuid": "8dcf100d-4e7c-4b56-8573-75a2a7e3556b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664523, "uuid": "904c810d-dcaa-4add-959d-10efff527779", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3af6246-ca91-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679696238, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696238, "uuid": "05ebf36f-398f-40cb-b278-6ddc2d595441", "comment": "Malware payload", "value": "cc866995f04447518eac9615d53efb97", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696238, "uuid": "64c8073c-55d4-45a7-8a4f-c30ed70f7663", "comment": "Malware payload", "value": "2770629500ae0bd2aec35ca2fbea7ffac2b56d9c981848020559e0fcfebeb341", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696238, "uuid": "d63712ef-c1ae-4ee3-943e-55ece68b8f95", "comment": "Malware payload", "value": "1efaed8877346e5b774cfee4aeab404244231a5e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696238, "uuid": "1cce3a7b-2e8c-4549-88d5-4ad491e20bc6", "comment": "Malware payload", "value": "c1af126b2cdc53863454ab750a005ee386edb3c8e5224d8eda4fd85e4f752c724f05a642235d922c9355f7e0587b99ca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696238, "uuid": "a941d962-dac5-42bd-8dd1-abe9e047a40d", "value": "T196953340F6C00D3DC1219ABA4E215E91756AB9760DB82A6C337D0EEDCF2B464D679F0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696238, "uuid": "1b1e2731-e7ba-43db-8e8e-693952e4f17f", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696238, "uuid": "882aa159-6fc6-4c9b-b4df-f5afa969a86c", "value": "49152:EGlJfs0mqccSUt9Y669wOpCGwXZ24XB9MB5S3rL5dlLYp:5bccr9o9FcdXZ24XB9MgrlPYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679696238, "uuid": "6980fb95-ee99-4617-9b4e-2d76b142f77a", "value": 2019433, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679696238, "uuid": "59ba0039-60d1-4ede-b3d3-222270a84b22", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696238, "uuid": "7cc22f50-2df9-4f77-a45a-d163e532fe06", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4e1d69f-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679660216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660216, "uuid": "5b8687ea-8cf2-4d99-809c-5617eee6af3c", "comment": "Malware payload (Mirai)", "value": "7f923dc47e1ca1f14c35288b1ee4e4a5", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660216, "uuid": "2bb7581e-b5b2-4a7a-83d9-8dcccaf6fc62", "comment": "Malware payload (Mirai)", "value": "27794b1e1128e8fa4fd11f410dd6c80178c5c2bfe45e0b57e142caa69044b283", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660216, "uuid": "b6947b44-d95a-407a-b8cc-8026a4e09587", "comment": "Malware payload (Mirai)", "value": "3f16e796c27880b1b7d600db4643deaec18c7c80", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660216, "uuid": "f9e6b4dc-28e4-4b98-8bb7-af3e9346d874", "comment": "Malware payload (Mirai)", "value": "7f1ffcc1b269afc426b2597ed86ea69823e7fbe64ca66f65cf07596c8951537e3cd3f09a5f20807dddc78543758e9544", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660216, "uuid": "162f2409-101b-4cb6-968d-02ea7584b851", "value": "T1A6335DC9F783D8F2DD5705741177EB328E72E1FA2128DB82D7A5A531AC52202E616B8C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660216, "uuid": "efc4cbf0-06a0-43f5-a5f9-2d09dfac8f18", "value": "1536:ZoaqGJXfMEyoRog1qsndzDrTD4lKLsznUrXo:eaqGhfNogxdDvD4UgnKo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660216, "uuid": "f27b8eb4-aed2-4cab-a13d-70cdc058423f", "value": 54352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660216, "uuid": "be4d4a4c-fe58-47c2-b7b2-ec11b58ca67b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660216, "uuid": "e505e9b1-950e-43e3-b002-7e22002fbdf0", "value": "nigga.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "006be1cc-ca89-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679692528, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692528, "uuid": "ad4afc87-7620-47f9-a1e0-01a0e8d9ac07", "comment": "Malware payload", "value": "f60fa2a3a6442d88e46de5d168ae40cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692528, "uuid": "c41b800b-6cd7-4982-8a76-1e5814b67115", "comment": "Malware payload", "value": "282b712fa12a47e02575c03b318c3db35aab48b336f14cdd124aebe2500321d6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692528, "uuid": "9bd53ed1-b986-46d0-b7ae-546f194b03b2", "comment": "Malware payload", "value": "5929915acba12a8f7e6e17e76eb49ade72e3cecd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692528, "uuid": "b53b60ab-4261-4d01-b9ac-0793501b7789", "comment": "Malware payload", "value": "55a20970788edd935bccce4a690ad0044555b12f7db106ea4a8c2e69c56ddaa29eb4c7f4d619a0f025a95ebd6abf726b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692528, "uuid": "f6928c12-9efd-41db-9651-ad2b7ca5d7e0", "value": "T1C0548F1273E0F960E51787728E2AC7FC2A3EF8E1DE15BB5E1255697F0D702A1C662708", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692528, "uuid": "819f4600-2d7c-4576-8080-90d9e5ced9ba", "value": "a1305c8588ad78686efb12226f3191f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692528, "uuid": "1131b970-5742-4df9-8518-9fbb51a0d03d", "value": "3072:axATwa293AvClK5gusHHoQGBdZSAVftHY3wRUsfOJXDWN8aeeL:CIBeJnHoQldARUsfO5Dva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679692528, "uuid": "36431ed7-ea74-4b85-8d0b-4b12f4195802", "value": 282112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679692528, "uuid": "d841c2de-25ca-4422-99d9-93d5e26a8726", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692528, "uuid": "d6654374-150d-48aa-bc1b-cb1025d901ea", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d03e134f-ca8a-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679693306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693306, "uuid": "c2fce246-4149-46c2-884f-6bccc771970d", "comment": "Malware payload", "value": "ca60a396915eb96aa8b5f7a0c5ff07f8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693306, "uuid": "3809d581-e1c1-4a2c-82b2-2c29bbbce3a4", "comment": "Malware payload", "value": "2a05b42d2c3c8b84d7e5343ba39030b16004622607ef49a11d75249d3a8a03b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693306, "uuid": "8b99cb6d-2971-44a5-b35f-708af441a69f", "comment": "Malware payload", "value": "19ca5be22c6b07418a18aa93931d41a0b11c3b9e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693306, "uuid": "2b9d7e7b-237c-45da-9166-040f1fd1cafe", "comment": "Malware payload", "value": "f7ab64d88bf65838c923ab666c6cd082e5641e0fe97dd8d297f59dcde40215736da7b0c8f82e825c2ab34d031b465577", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693306, "uuid": "694e4c06-fef3-4d5e-8505-d06d0a988e85", "value": "T141549E1273E1F960E52747728E2EC6FC2A3FB8E0DE15BB6E1645997F0D702A1C662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693306, "uuid": "a7385095-cea8-4cf1-86d1-8cbc54f53782", "value": "a1305c8588ad78686efb12226f3191f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693306, "uuid": "12cb6af0-737e-4124-9ce8-5d55d3931317", "value": "3072:oxkfN82xxRYCCd5kxUlfCDmDdZzlzxnsdJFqwWNb2oaqR0d2KWN8aeeL:Uw2cY/fCDAlzxdDJ2/qR0sKva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679693306, "uuid": "2cf41291-abc3-49a9-b649-24ca1921b084", "value": 283136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679693306, "uuid": "6cc459bd-a532-4c6d-981f-5d96be2065c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693306, "uuid": "6a2374f8-76c1-4375-8c53-8b01df5da481", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1f4f5b4-ca5e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679674465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674465, "uuid": "6ea2868b-9d1a-4267-aaaf-4bde5bf29bc1", "comment": "Malware payload (Gafgyt)", "value": "b90a31739039f3ed6e44f9e9c52fc6a3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674465, "uuid": "ea969e3f-017a-4765-8509-2d5ef9d5ccfb", "comment": "Malware payload (Gafgyt)", "value": "2b318c6894e66a3e8f3abe92eaf92b181fbc4b41998ce6a2081b72582bf8b773", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674465, "uuid": "ab652323-92ab-4ef0-8f0e-0e190acf86d7", "comment": "Malware payload (Gafgyt)", "value": "9e6966788ce00c8e39f9728809d723792755d6cb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674465, "uuid": "72de79ce-8c27-4518-9bd5-f9cea674ace5", "comment": "Malware payload (Gafgyt)", "value": "a58eed22309118321b9dbe9a6c4f767448c26b3bc19c9b716ceabd69278eadf13eb5b89726972320aa7dae310eb629ff", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674465, "uuid": "ad1b3145-18b3-45d9-8363-4d26e2680b9a", "value": "T1CC140825E9A16397C0A33379DBBE42043332D7A41B9B730784345AB47FF676E4D62829", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674465, "uuid": "1d0c5e18-96fb-420b-88a3-9dd6ec644e9e", "value": "3072:Ocdy+00aGdyk8Gr3j0TCi1SH5hbzon3nYM/92wmYwTBFqQXSn:vyl0aGdykTrqCia5hbzon3YM/92wmYwc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679674465, "uuid": "d8557f8d-cdec-4845-9386-9e2d2e4751de", "value": 190986, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679674465, "uuid": "b0c91f5a-60fe-4ae6-99b4-d60c78d271e3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674465, "uuid": "1536db0c-44c6-454e-b145-db4ddc8816da", "value": "b90a31739039f3ed6e44f9e9c52fc6a3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ec3cb0f-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679639858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639858, "uuid": "a1bf54e7-bce5-4999-82c0-50115d34a6da", "comment": "Malware payload (SnakeKeylogger)", "value": "726a0733d2ec70bcb70137e792b63080", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639858, "uuid": "f7e7f755-80e5-4597-a977-4900b2f4361b", "comment": "Malware payload (SnakeKeylogger)", "value": "2c15ecc6295d759b0320660ad376c358f52bdeb014e5829145fade95f6ea8a8d", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639858, "uuid": "e8c53997-efa3-4719-8670-ab8f793145b5", "comment": "Malware payload (SnakeKeylogger)", "value": "86a9ad3151dcf1373525c27326e6707c9d0b2cdc", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639858, "uuid": "8e3f3afe-d4b2-4d7f-acd1-276a6b89b472", "comment": "Malware payload (SnakeKeylogger)", "value": "4e01c3f7cfa3a09ea40bd074bd9f45165791bb8259130ee62519c06665d8267db07f98a53064cfbfb8f2f8b8a9e8be7d", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639858, "uuid": "af53eae0-7732-4fb3-8b68-39a0b0e95734", "value": "T1CCE2D752F78E13B88B5111B7621E57C99BBDA23D335054A138AC823433ADC6E4776AFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639858, "uuid": "4e160df6-a545-4000-9b59-d5db0232bc12", "value": "768:dFx0XaIsnPRIa4fwJM5/dL/xwVszCPlWDjXVYiB4qB98ZQWSK:df0Xvx3EM5liVbWDjTNz+SK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639858, "uuid": "1037a466-5e8d-4a29-843c-8f822f9ca1e4", "value": 32182, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639858, "uuid": "2f1c724a-8d4e-4cf8-8b0a-d96816b358ca", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639858, "uuid": "35ff3644-0262-4b7c-9f45-26867c9bd5d4", "value": "New Order.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cc95fee-c9f2-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679627722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627722, "uuid": "2a58c26f-5788-44e9-83df-c4df3fc0e8ec", "comment": "Malware payload (RedLineStealer)", "value": "3073358a1d1ef8e3542b9aba8f85d348", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627722, "uuid": "a50d3aea-176f-414c-991e-73049a43bec0", "comment": "Malware payload (RedLineStealer)", "value": "2c2feb266c45d1f2211a7d3ef4e8e0fd0ab2442f60b0953413e5f74caec7e9e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627722, "uuid": "03d32fd5-d1cf-4b00-86d9-cde88ef6e14c", "comment": "Malware payload (RedLineStealer)", "value": "a29ad858e11ad1d18fbeae607f1a321385e36fc4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627722, "uuid": "5ca1e199-b399-4764-830c-60badaf1346e", "comment": "Malware payload (RedLineStealer)", "value": "6d92d2037870e20288f50d0aa43e692f1602212ad76ae45e9806a72fa2b8db4da91a5c28d001721c302ef9ff6069956c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679627722, "uuid": "fece190c-808d-442a-97b3-1b24859fc24d", "value": "T147D3AF304E74FCD2C37E3E3017991E9E36664A6347795764DE9309A0296A122EF277CC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679627722, "uuid": "9f7a3e71-0cc4-48c4-a0f8-4f413cf81736", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679627722, "uuid": "3d1e4647-33b4-4072-b7d0-287a1e1f9b46", "value": "3072:LMpS1zppXebikZvNpbakgq8OmD1/B6WHKtBbPX7JBetSqnWGT:Yp4XfgvNpWkgq8OmD1gWHKtRXlMYqnZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679627722, "uuid": "558dc418-386f-440e-ad5c-d87b8a1dadce", "value": 136568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679627722, "uuid": "d8682d8b-5f4f-4810-983b-af2b74143d5b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679627722, "uuid": "812c1b0f-a080-4e70-9931-d1e732b72a6f", "value": "3073358a1d1ef8e3542b9aba8f85d348.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31d92654-ca81-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679689175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679689175, "uuid": "d7f13da4-7c5a-4e95-978f-7654ab6a17f7", "comment": "Malware payload", "value": "8e58fad55d4911efddf3a0158052a0bc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679689175, "uuid": "16490194-a85c-4a16-8440-ca04f82242df", "comment": "Malware payload", "value": "2e332da5611077d3910bf031baff390ba82aa7cb106a42bfe6f067ad64220b9d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679689175, "uuid": "1c27a2f8-5b87-49e5-82bc-8d6ed5e47ac0", "comment": "Malware payload", "value": "dc181317464d6dcad47efccc801c9a4b5f27a0f9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679689175, "uuid": "a1701d8b-3029-4725-a740-9310a4ad9d80", "comment": "Malware payload", "value": "3fad62363c639e7b74f9003fcc460b49e5e58c3530d949aa192a83060b90dcff1dd4698914ea60b7c1bb80db896ea793", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679689175, "uuid": "240f78f2-151e-42f7-be2c-50f40be0b3ef", "value": "T17F548E1273E1F960E55387328E2EC6FD2A3EB8E0EE15BB7E1645593F0D702A1C662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679689175, "uuid": "47acab3c-a537-48b2-ad08-c5486fabd7a0", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679689175, "uuid": "9e24d20c-6aac-42b7-ad6d-159de982216a", "value": "3072:ooLvVW2lhwh3qvLCUqEt83/rXkZQCIyzgkpp+qxkmI9jqgxT3QcqXWN8aeDr:170gw2N83/16zp7p82aDqXva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679689175, "uuid": "91317b20-f649-4969-8f5a-9d60d54cdda2", "value": 283648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679689175, "uuid": "6a4e42df-f8b1-4645-b0ba-45a5eb9eefbe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679689175, "uuid": "456cd9e4-ac54-4cd9-beed-f06f74177da6", "value": "8e58fad55d4911efddf3a0158052a0bc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db55a605-ca10-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679640926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640926, "uuid": "81ad8d00-b1de-402b-92fa-da63f950a177", "comment": "Malware payload (RedLineStealer)", "value": "f00f6596f6bf65d01cb390aebc5326f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640926, "uuid": "d26e74e6-7e2f-4e6b-91cc-08462bbf3244", "comment": "Malware payload (RedLineStealer)", "value": "2e54e59e1fabb5accbef4a42a2cf7af640c57ac0fa7e3542c160662fb327caa7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640926, "uuid": "59d5812f-d9e1-46bc-b541-38fbf05903f1", "comment": "Malware payload (RedLineStealer)", "value": "8e8d257bd51d2213ed871c4b8b88a0238036e313", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640926, "uuid": "5ced5901-31a7-4800-91c3-d214b3c9a973", "comment": "Malware payload (RedLineStealer)", "value": "fc0649d6c639d9c05809fea444e96d5a2e287abf0100555cc216e340868dfec21321f4f8b2180236d920c9a0ce9c5608", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640926, "uuid": "e7b6625e-8785-4c56-91f4-4513cbaa6598", "value": "T1B574FA987670FD9EC867C43F8A681C64E6636466570BA203B05313AD993D79BFE130B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640926, "uuid": "863f0ebb-c089-48bf-be49-fa9f80a663ff", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640926, "uuid": "fa744256-b442-4d93-bc1c-7b7f4f5991f4", "value": "6144:Rk5b6U2sTRw9UCcByzLR3RkOpUW/bli2xV+xVU8AatClTrwG7CU:u6U2s6GCc6B/bli2xV+xVU8AatClTrwG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640926, "uuid": "e533242b-1bea-40fd-b939-8aa1ac59dc75", "value": 343040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640926, "uuid": "6ab5c2cc-b114-4bfd-bbaf-1c906241b0e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640926, "uuid": "3f734377-fcec-47a4-82e9-e0be477bb165", "value": "2e54e59e1fabb5accbef4a42a2cf7af640c57ac0fa7e3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "687f70c5-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679640304, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640304, "uuid": "f4c86968-b50f-4c4a-a783-91a311d94148", "comment": "Malware payload (Gozi)", "value": "084628be20c0cc112964dc4efe6dbc93", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640304, "uuid": "0acda62d-9150-47c5-a7a4-eb7d9773af6b", "comment": "Malware payload (Gozi)", "value": "2e93682935ab93fcb97ede1f8aba8076adf5e440a40a407a96f97c1b3af5188f", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640304, "uuid": "43734c17-5942-4305-8ffb-a3f1ca280f08", "comment": "Malware payload (Gozi)", "value": "5535112912b97b970ba4b3b7d51896658beadb46", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640304, "uuid": "2e2545bb-7992-4d31-bcf3-9b11f48da619", "comment": "Malware payload (Gozi)", "value": "5e223a55777cf693c4b5d99bddd740a8c16798a4ec1aa5e67c473e4291dc671c1a26f7b6bb74174d9ee6840550589398", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640304, "uuid": "5b65909d-bdb0-4390-ac5d-3310e228c53b", "value": "T1E0C02208860DC069C042440FA058BC48AE0EB04808FB89181380DA876DD00CACD08ABE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640304, "uuid": "6889e72f-4f4e-4e7b-afb8-ad974f9ce24c", "value": "3:HRAbABGQEb5oQsQaGRjlAXWkAoIvycAI9RyJ25YdimVVG/VClAWHn:HRYFJb5bsZGRG7NIvyc1yc54vVG/4xHn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640304, "uuid": "76111db4-03ba-40d2-8e28-8bb95a3683cb", "value": 189, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640304, "uuid": "93cfa3ae-5ef6-4107-b5e9-1346ecc43078", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640304, "uuid": "29670471-2159-4bac-affe-faa57b8f685f", "value": "Documenti url", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8157d0f-ca7a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679686501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686501, "uuid": "55ebbf61-6761-4aa5-87d1-6e6f16778b8a", "comment": "Malware payload (Mirai)", "value": "753f9c65d7b8e23b72f6c9f4df6b42d0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686501, "uuid": "914f6e50-1d17-4d4a-ae26-07d2899cc1a5", "comment": "Malware payload (Mirai)", "value": "31653adc62bef06d75b62bf827452295a2762350db30e802bdb2b201cb16cae1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686501, "uuid": "74ad740c-aa9e-45a0-9097-684f4a887845", "comment": "Malware payload (Mirai)", "value": "3b4f4b58489ad640d074dcd5c91fbc0cc970793c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686501, "uuid": "b7d42bfb-b143-4699-825f-f9069ad55585", "comment": "Malware payload (Mirai)", "value": "6e2197b99ae752f8d96f2ff880c0435de2fe7c48dfd6bccf722bcb3d279b6da7e47a0a7adb94bf0872b0fa0357e6576a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686501, "uuid": "756966f3-6c82-4ab4-8a5d-7544b6a30c90", "value": "T1C79359D7FC00D9BDF809D73640630A06B231A3A10E931B72B2136D27FD761E95967E86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686501, "uuid": "b3440b04-962b-410b-af0a-30e7bfe3235f", "value": "1536:1O3tyhOmnluPpih0Y2Nz2jP8K1/y8tvEFUyYiw1YnRDHPB949XJ3/V:etePn0PdJ8oK55EFUyYiw6nd4XJ3/V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686501, "uuid": "b0c3e270-e0c8-4fb5-8519-81579fbce304", "value": 97228, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686501, "uuid": "0b064c4c-642c-41e9-a957-34ccbacbbf5f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686501, "uuid": "8fac8810-78b6-4fc7-a80c-0d199ca6fb7c", "value": "753f9c65d7b8e23b72f6c9f4df6b42d0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e2bbfcf-c9e1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679620610, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620610, "uuid": "53bd3201-7cca-4289-a5fb-cd1b065fecee", "comment": "Malware payload (Stop)", "value": "f06353c9fce6631e1338f9d509a08f60", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620610, "uuid": "2bb40600-f350-49b0-8e96-446e1293c7ad", "comment": "Malware payload (Stop)", "value": "31a80f0d85b3ab33bc5d45b3f1c850eebf1c6318b732a9e48d0b2accbc3754ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620610, "uuid": "2a034a11-ff01-4c0c-bf3e-63dc14e76688", "comment": "Malware payload (Stop)", "value": "c6b5398703e6bdd23254e07a4c1d1049498bbacc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620610, "uuid": "a8ec1b73-9aca-4aa3-bef2-1a85bbc78b77", "comment": "Malware payload (Stop)", "value": "ccb5ec46fc64a4fa793edb7128d1e486f5335d88833537aa989e4e994af9d00a054ef45e8b8a7d73a508a04094132f67", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620610, "uuid": "a3170e18-def9-4273-9296-993f11626c5a", "value": "T1DCF4123336F1C437E09B4934C5A6CB90BA7BB83256658A877324273E1D716A157BE30B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620610, "uuid": "5a6df0e1-1517-4c64-9174-d29c4b70e0f7", "value": "e5d844fa3edf48de21502f4c833cd751", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620610, "uuid": "3e21119e-6b2c-45a0-9427-f96062b4b75e", "value": "12288:ZiYT5624m1nKnTIyemMdibjM2pPyigwnz8UIj79C:U8p4m1qTjMdibY2pqgz0j79", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620610, "uuid": "885c152d-5f4e-49bb-a96b-3291edaec619", "value": 733184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620610, "uuid": "28b195ce-8153-4797-b6d7-b867b04541c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620610, "uuid": "a120b9b6-7e24-4173-b69b-d44c975d263a", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07ea0523-c9df-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679619526, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619526, "uuid": "f4814d41-bff6-4b49-87d1-d49517cf42bd", "comment": "Malware payload (Stop)", "value": "944fa35068545973d0ca94f5719c8625", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619526, "uuid": "c4a6c894-df69-4f2e-9cb1-27eaee5b8c46", "comment": "Malware payload (Stop)", "value": "3281c9ae9c603fab9293b71fd9f6955e4216f6418047b29a08446c9b540c7a5d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619526, "uuid": "7630775b-2453-4e15-9119-038e21b5efa7", "comment": "Malware payload (Stop)", "value": "1179f1388aeb80796c3d63d4ee70ee32a4ca6b3e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619526, "uuid": "90659ba7-9141-4224-bf08-b5a0066f0a02", "comment": "Malware payload (Stop)", "value": "cfa143965bed9f653fea57b9a28866cf8b276c50017eb57ae6902437c0edf49b4a6eb41b59e36a280d166cb39712a212", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619526, "uuid": "88dac4ca-2a3e-4976-9a4a-f69174c6d66f", "value": "T175F412223691C0B2E01704B99415E6B1ADFFB8B087544ED72B8057BA1F367D2DF7A386", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619526, "uuid": "2ea1c68a-b6c5-4d20-aa26-224461841607", "value": "57a1d123edd8232af2119d11a9d551b0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619526, "uuid": "971a73b3-07c6-4a07-88da-a37c3147966a", "value": "12288:mbo+Mm+/pItkKb3JBOvW2Rwc5CnbIEEIrWj1zPnsuyWDozpcxo/6SiyLlM:uChcBWWBwGbIEEIrWjeCozOxoZTZM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679619526, "uuid": "1f3b7b08-221c-4e6e-a993-1949cd8a3cdd", "value": 768512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679619526, "uuid": "f01a1609-0d3c-4051-abd2-3f55d568815a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619526, "uuid": "81858f2d-30d2-4007-b1e7-67660e6b08b4", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "113590d9-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679639728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639728, "uuid": "95f851f3-2983-4277-9ff6-a0a7aef0fd99", "comment": "Malware payload", "value": "7128d7e3632afbc109085c91fd0404c1", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639728, "uuid": "3b2eee58-e714-43d5-abac-745b1416e260", "comment": "Malware payload", "value": "33497120ede69ba4d6c9c7bb4533ec7ece887acfa9ed2d617a215ff81126b46e", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639728, "uuid": "a796d489-6ead-40c5-9e7b-3fb1c226fadd", "comment": "Malware payload", "value": "4b16b615630468c252d3f642995a4d5d9c252e6b", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639728, "uuid": "1a4487dc-f588-44fc-bcf8-0af2d4743a69", "comment": "Malware payload", "value": "e10326265d82e271577465bf01ca3d75495e370b4978f44de1222c108ad8425e64e32d28fea4cb5d3b0d56b9966f98f8", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639728, "uuid": "07568cbc-46e6-4274-9ac8-a422ad6e5816", "value": "T1CD652351BDD78B43CA9AA7389EC3D22762BAFC053AA5C5077208731D9932EF18E5431D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639728, "uuid": "9d2e0093-91bf-4a58-ba28-e8c5db95f4b2", "value": "24576:X2Tbq8KPsUGRoG1t6EWOEMhpaMNzl8raUtGCn113y4RzuCr2izm/EcUAbFNLGeuX:mv5K/G3v6EWxNMNzlMRtGCn113y4RaCw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639728, "uuid": "083df5f1-f26d-4024-9944-53627c484d8a", "value": 1533952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639728, "uuid": "8710e8ed-2c27-4d10-8323-320503b8af06", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639728, "uuid": "5af7ae80-a778-4684-97b5-218d6590feef", "value": "PURCHASEORDER.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b3e0498-ca94-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679697512, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697512, "uuid": "ac421b17-2aad-4b03-83d1-65f0d7bce957", "comment": "Malware payload", "value": "a8a9f3eee9c2f9fc76fafa7d070b8725", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697512, "uuid": "2888dd93-61d2-405e-a73b-f029fd3b9868", "comment": "Malware payload", "value": "343e70f3e18bc05049395ef500abdbc4d5293b1c367d9608d6853cb68b628b1c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697512, "uuid": "5c7d84b9-5c03-469a-9cd3-5adf8abbcacd", "comment": "Malware payload", "value": "8d657880bf1691606ce195c8e25860d6d9101d5a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697512, "uuid": "46b02971-4002-4b1a-b261-e5e994571b51", "comment": "Malware payload", "value": "8d155214ea1561619940df9f4ca334efb1f206fbe0d00721d6070d9db4e4290c52d88be875e4edd01e94c801ef899a18", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697512, "uuid": "f768cc5c-c0ae-492c-a0f5-9bf4d03c0ef1", "value": "T118548E1273E0F960E51787328E2EC6FC2A3EB8E1DE15BB6E1355997F0D702A1C662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697512, "uuid": "7af2a1ba-e8d3-4092-8f96-8d577d761478", "value": "a1305c8588ad78686efb12226f3191f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697512, "uuid": "57a0cbf0-2050-416e-8cb7-12bda4a8ab92", "value": "3072:OxYPdF2R3YdfcCGR5E78SfyndddZZctUpo8S8cF0NHfJoHC1xvWN8aeeL:OUXsYdCSfynRZS8cg/e+xvva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679697512, "uuid": "788b13d0-9960-414c-8b4d-5c08027b7c02", "value": 284160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679697512, "uuid": "e867369e-c233-45cb-8093-c5c530b99e7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697512, "uuid": "52a1cc84-c87a-429e-9cb1-753fb9d077b0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48851dae-c9da-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679617487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617487, "uuid": "767f359a-6ca0-4c25-a7ad-db147910b4e4", "comment": "Malware payload (Smoke Loader)", "value": "ee30406c7f005c757653677c3ca0b779", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617487, "uuid": "497a03c4-6750-42a2-8d23-48a4101db9c6", "comment": "Malware payload (Smoke Loader)", "value": "3595c78c59a2b6dc06113f757f9b7e87bc0bcd447cd2036da1033fb4fa901482", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617487, "uuid": "cec73f61-af2e-423e-b2d7-82f8ae3289e9", "comment": "Malware payload (Smoke Loader)", "value": "0bee5cfec20fcca2e94491d213c5955654f9130c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617487, "uuid": "4b4e5883-9f05-43da-96c2-660a65d07864", "comment": "Malware payload (Smoke Loader)", "value": "a56da1fe9274bbd519fd613c92ca92afb19c4dde9c336eaa8da3e1826a9e45b46a5c126e7143ee914b33a65c99cf0c7c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617487, "uuid": "63f81691-ce11-4529-b280-03177702019d", "value": "T11C44CF12B6E1E873D85B45754825C6F86D3BBC709B548ACB37842B7E2E313D2DA36306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617487, "uuid": "f8122386-8f9f-464d-8ea0-5bcc659a4366", "value": "58071948c33b7dec9bea638ac45f94ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617487, "uuid": "3f0b1f06-e288-45bd-9e2e-c848fd17e11e", "value": "3072:k7aImwKAwTiVOLpNef3exrtDdoEEK2vmyeRZUvCSg8679SjLrS5h9M08GW:C/m+VOLre3ef+vmyeRZ4HnayLKSl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679617487, "uuid": "c0f5a809-b850-4a0c-a51f-0240d4917ad1", "value": 264704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679617487, "uuid": "02d91f42-97b0-4b2a-8459-4ef84d15d8cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617487, "uuid": "82e5ef4d-6a57-490b-abfd-38ce92594749", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "695aba80-c9e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679620978, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620978, "uuid": "47d97f53-3320-4c5d-8b39-a17037429739", "comment": "Malware payload (Stop)", "value": "63f27891237e3b558a9a36f184f0153e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620978, "uuid": "7d8e33c6-e338-4f4c-97bc-2ccde6ea8d00", "comment": "Malware payload (Stop)", "value": "374066adde3b0759cb714dc69f81022ff93c36e759cbe7594d3ca3600be94194", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620978, "uuid": "e3b8e73f-1909-49ec-94b8-ab8dfb2bddd5", "comment": "Malware payload (Stop)", "value": "190474e136f48361b50b6aa9790cdc3b79857973", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620978, "uuid": "acb64e03-de62-4c9b-b02e-a9cde16a043c", "comment": "Malware payload (Stop)", "value": "7d6370a0c8a5dc40ece7729792ca3d27dd34d6a4bf7edd5125068078a94debad8f7526c8fe57a47b62da8d1925543845", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620978, "uuid": "96de7df5-eec9-4b75-920d-5049fc5ad1fa", "value": "T13DF4123239A2C072E896853145708BD0BA6BBCB29296844B335457BF5DB02D1FF7B74B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620978, "uuid": "5794643c-b29f-4d99-8997-76cbef3861ee", "value": "8444e7fbc7fdb7e9f8131a6ae8e7a76e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620978, "uuid": "9f2c5098-ddd5-4253-a241-5c40a3fdb8fc", "value": "12288:bini1LeTXYSF7Ny83ZdVSTagy5M6LfnzKhr5I3U6wf6vg+7pjSTNNisMMSD4l:mi4TDBNyUCGLfn2hr5I3U6AYSBNisMM4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620978, "uuid": "4b61e283-c84a-4f0c-b6cc-86165ec105b9", "value": 732672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620978, "uuid": "3c7c72c2-86a8-40c4-9c3c-af2253b1488b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620978, "uuid": "e865318c-ead8-4726-a39b-630dccf4d3c9", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcd49d92-ca39-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679658592, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658592, "uuid": "0d1a2542-69ed-43ee-b16b-018ef4812e58", "comment": "Malware payload", "value": "beb68e9c7ef18f421df8230c032fe02a", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658592, "uuid": "1b0b0cc6-393b-4110-8231-603212c05835", "comment": "Malware payload", "value": "37e9d0fa03ed30371098f83b8c69bd04d8ec78229005362c138433cfb124afb2", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658592, "uuid": "e9ab3417-ccb9-484f-9f95-0a2e196a47a9", "comment": "Malware payload", "value": "c81b867063202b354c7451682aaac15083deccff", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658592, "uuid": "99191364-bc51-499e-a34f-54c0184849eb", "comment": "Malware payload", "value": "252524a253e6c4164fc7c1be1d8a44288a4a8e91cd5012520a56c5402e6c7a367d3df605e8f4d9e4735abe1a3a2972f0", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658592, "uuid": "33d8653b-7d5c-4bd6-9951-57db2b93428b", "value": "T1C4836A50B8D2C4B4D4BE19390834C6B15B7D7821DEE1DD6B2B99027E8F701D0EE36E6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658592, "uuid": "d17d3648-8bad-40d9-88f8-272f29b6cb27", "value": "6a79728a09f4edda13797e5ae0ffa0f3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658592, "uuid": "65120829-5ae0-48ae-851a-cc77adcc1cab", "value": "1536:ejKmFpNtDESljZ1q+h/c+MHvT3Vz83z64sWXcd28V8B0u:kpNtDHq+hdmvG3za28V8R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679658592, "uuid": "1b4a3b33-a641-4087-a075-fe6e645637bd", "value": 82435, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679658592, "uuid": "fd50c1e5-17a3-499b-82f8-793249cfe0ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658592, "uuid": "f0c61126-438a-418e-b0e5-57bf21b0b755", "value": "beb68e9c7ef18f421df8230c032fe02a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b7488d3-c9df-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679619720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619720, "uuid": "fa5162d7-cdc8-4bce-b648-8d8d949367c2", "comment": "Malware payload (Stop)", "value": "35071e98c42d2bc2749824ee92089e44", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619720, "uuid": "a3bc725b-5fd4-4008-89dd-d853ca7883d0", "comment": "Malware payload (Stop)", "value": "38c4970c7f338a44d531efbff4737bac904c9ea1720b31f07ed2f70ad8b0ad27", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619720, "uuid": "302fa402-eb2e-48a3-ba6f-635190243a44", "comment": "Malware payload (Stop)", "value": "579c84d2efb62ee087d7df29a05fcf17278c4896", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619720, "uuid": "e529409e-efd2-4824-961d-0afc83b24ca1", "comment": "Malware payload (Stop)", "value": "c99d50a3a4efbed02ef066f28a2f2d8b36938fa431790b0f860020d6f550a93eddfdb9d9d17393309d16132b7407358c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619720, "uuid": "c1fd04fd-e33f-4004-8a1f-cb767381d08b", "value": "T1EBF4121137D1C47AD43B497A8720DBB5173BF874A7299ACBA74012AD4E327E0DEB8346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619720, "uuid": "cfb6f26e-ed1f-42c5-a83c-96ecc2ba69cb", "value": "f74196ae98b7afb3677d1c2066ccd5db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619720, "uuid": "1f560362-7851-48af-815f-f73e3eb86a3c", "value": "12288:xK4pRv/Kn5DAeCroGEpEpD6ZHT9DXd1srcYldZ/oiMBJYPC/W+yu:/7/Kn5UepDpaAT9DXRYlQBI6y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679619720, "uuid": "7d624344-ecb7-4e06-876d-bd4a91823b44", "value": 767488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679619720, "uuid": "0aecd434-5e35-4cb5-8977-8596935ea019", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619720, "uuid": "8ea80199-86f3-4642-834c-f5164d52165b", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9791e838-c9fc-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679632223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679632223, "uuid": "4d610a07-ef46-4120-81d9-3de547c73c8c", "comment": "Malware payload (njrat)", "value": "39dda22bc0baa6be16a26d21b7cd12b8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679632223, "uuid": "aa34d301-c79e-4518-8fea-1ccaacff23c2", "comment": "Malware payload (njrat)", "value": "38d653d1792cc05fae43f3c9a5dfae6910dc904647de5e1cadf31fca9a7dcee3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679632223, "uuid": "cbef0f70-d3c6-4e34-ac9b-a90f94680f1c", "comment": "Malware payload (njrat)", "value": "2a38beffbd14f58bd91c9530959cd7e832a12799", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679632223, "uuid": "8898820c-38ff-42fb-a226-1406abd7a6b0", "comment": "Malware payload (njrat)", "value": "ee3e59d5acd3a6e5b9ee16670e7775cf3547a71ecbaa696825a24bedcbebca706587f90deec5c2c6ecf1ab41feca317d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679632223, "uuid": "8ec4fd2f-e25c-4197-b5f7-852aed591a5e", "value": "T190032A4D7FE181A8C4FD067B05B2D41207BAE04B6A23DD0E8EE564EA37636C58B54AF1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679632223, "uuid": "2571722f-d09c-4171-8561-d0be8c588d28", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679632223, "uuid": "b56eddee-fdb7-4fc1-92cc-5ddfbe20f918", "value": "384:QmOs0IiejvCVLO309QmykrtG+dA+VfwvOSifrAF+rMRTyN/0L+EcoinblneHQM35:GFdGdkrgYRwWS0rM+rMRa8Nu3+t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679632223, "uuid": "dab6c381-8c33-4b5a-9b4f-bb845acb297c", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679632223, "uuid": "81a09cfc-aa38-4c75-8646-a4179b264718", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679632223, "uuid": "f2e53353-cd8e-4aa1-be80-d68e43b43028", "value": "39dda22bc0baa6be16a26d21b7cd12b8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "071551e3-ca3a-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679658609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658609, "uuid": "17a75a9b-a220-4b77-8b0c-6cd7618e2bb2", "comment": "Malware payload", "value": "ca71f8a79f8ed255bf03679504813c6a", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658609, "uuid": "b900214a-9044-4998-a17e-8837e54db095", "comment": "Malware payload", "value": "397e054981e16af9cc59d62897d9cf037470289df8844f1b6121d5e2fb6afbf0", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658609, "uuid": "1ed490fa-92eb-48b6-be36-88c5037e311f", "comment": "Malware payload", "value": "751782fd6cfdb8400bc640529c356b79d744855b", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658609, "uuid": "97e40f71-6697-4962-9b41-d623ad8c91e1", "comment": "Malware payload", "value": "a3fb3180447bd22aea2bc509958a30190385c9d40ef3d5b85ac3b05d1975df0fe78ec8572e08bb27a23c55980b4716fb", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658609, "uuid": "bbdc647f-0cdf-4630-9f6a-eca746a2b844", "value": "T176834A2072D0D136E4A62A349875D7714A7E79229BF4C5CB3F851ABE5F323C0AE39316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658609, "uuid": "09448588-5a72-4f20-b2ac-1f7299570d6a", "value": "02bfd547f1b5485188cf91fa5d51e943", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658609, "uuid": "172170d1-e2c9-48b7-83fe-709c4953905c", "value": "1536:mGO9CgHi2WlcneIcA0eTQ9mQmeOVm60hk6Seo5bJ2ISq:m4mitSneXRPmJIto5bYI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679658609, "uuid": "7ce28773-7e5d-4f81-aa04-84a21f7c82ac", "value": 83459, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679658609, "uuid": "32fd7899-4738-454d-ae6b-36ad2267a289", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658609, "uuid": "164b9d0b-3cda-45cc-b34e-88da27072056", "value": "ca71f8a79f8ed255bf03679504813c6a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb979d4a-c9e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679621116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621116, "uuid": "6c76d77b-b116-48bc-b96b-3686934bbc38", "comment": "Malware payload (Stop)", "value": "aee56f857c02d62d47a74d2930bd4919", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621116, "uuid": "a0b79809-d2c4-4cd0-a287-2e41addc1036", "comment": "Malware payload (Stop)", "value": "3a0ec30b86a42ae13b311f023c748dc14918cee78593f5e6786bf98a2c4b0f22", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621116, "uuid": "8b0cd443-a6e9-43ea-8b94-2782c8ea9e70", "comment": "Malware payload (Stop)", "value": "b21615d9ae71ed05cdbd75b329fe5a643ae5df31", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621116, "uuid": "3cae7cd9-36c3-4a9c-903a-8d758138b28b", "comment": "Malware payload (Stop)", "value": "a2fc4c87e55f34012661b87fdc3cc640e8996ecdb02d84b9dbc01407e4c330ca8d0ff9b91adba495521c97247b82aadb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621116, "uuid": "5ec77da0-5ea5-43ea-af63-14841def036d", "value": "T14CF4121176E2C072E39246744921E7B869E6B8B04B198FEB3B54067E8D35BD1DF3B342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621116, "uuid": "1ae65089-abfc-48c2-a481-50ed652891e4", "value": "1a1f360ce6c706ec6136d71fd36c1fc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621116, "uuid": "7a0655b5-461e-4d78-ba86-aff121e34d8f", "value": "12288:DX4/Gy317F9iG5mwQimFrkH9zIT2uZRTcwABIoPHXTWIXdQjOzehlaN7FhFSE:ENfYimFIdcT/ZR4PDHt0OC+7XFS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621116, "uuid": "c043d440-58a7-41c6-978e-6bac61114af2", "value": 768512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621116, "uuid": "49a8b67d-335a-4f0e-9a19-acdaa83b19d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621116, "uuid": "e60f1b09-8c7c-4449-b935-e51a391f9aaf", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8dc8e54d-ca57-11ed-88f6-42010a9c006e", "comment": "Malware payload (GandCrab)", "timestamp": 1679671290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671290, "uuid": "78a29e33-badc-45b5-a940-6612ef8948c0", "comment": "Malware payload (GandCrab)", "value": "932ba34b0e7033ae4d111cba6e0cc37b", "object_relation": "md5", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671290, "uuid": "6ab9f0ff-9555-4e66-aa42-32ac2c8a5a60", "comment": "Malware payload (GandCrab)", "value": "3a99fc405bc3f694acf862883caf95687ae32ba5002a7ac1aaf5931ec1895f86", "object_relation": "sha256", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671290, "uuid": "12c03fdd-62cf-4d8a-9392-8190c9d2b70f", "comment": "Malware payload (GandCrab)", "value": "4a36ee82116c4ae044ac0819ead7aa8242e94dbf", "object_relation": "sha1", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671290, "uuid": "201247c9-fe65-4d2f-9c6d-3f60ee10e15d", "comment": "Malware payload (GandCrab)", "value": "f8e084e6f4391ce743d0de4dfa5a9798ee4afa6536d98fab53154c8dbddc78182acca98d39a490d7e2c43410c77e9a54", "object_relation": "sha3-384", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671290, "uuid": "b70a11d8-7bd3-471e-a1f8-56cb93c3c6c0", "value": "T1C3E34E182A88B7D2DD9A6B37D2A278C87C343584568E605FCA531CF538783B57B2361F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671290, "uuid": "ac9cd480-223a-4e04-a353-00e6963661d0", "value": "40306b615af659fc1f93cfb121cc38d9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671290, "uuid": "9d198b8b-3abe-431d-a973-cae4e13f61de", "value": "3072:vYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:vyOqqDL64vdGREz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679671290, "uuid": "1480a5d0-b181-467b-823e-19b92af42a20", "value": 148992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679671290, "uuid": "16e142dd-78b5-4cc4-af53-4f4e2c7c9708", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671290, "uuid": "03a6b9c8-b2bf-4e89-abb2-bc9ea6540eb2", "value": "3a99fc405bc3f694acf862883caf95687ae32ba5002a7ac1aaf5931ec1895f86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a7de31a-ca24-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679649219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649219, "uuid": "52929e1a-2639-46b1-81ef-6db54166c1b4", "comment": "Malware payload (Gozi)", "value": "b3101788c7bf3073dff4b4ecbaaee7f2", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649219, "uuid": "759be2db-a9ec-4933-8e2c-4599f519a69b", "comment": "Malware payload (Gozi)", "value": "3abe280839baec9e6aee5759dfbc052688a28237f39532c9e8e419db9c3a0f61", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649219, "uuid": "d74faafd-241a-4984-bd18-8e00941ce635", "comment": "Malware payload (Gozi)", "value": "02fcc9af48e8d85f403b1238610d44fe048cbcd5", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649219, "uuid": "eed1f40d-52bc-4afb-bbb3-6b319b6d780f", "comment": "Malware payload (Gozi)", "value": "3b37a4f62e1e54635405317f0a6849cbf02ab310ad55cd97339b0e94c0a9d65723824ee843a961bf074b39d830c88f02", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649219, "uuid": "0c75e38a-2049-438b-8b3a-fb908345800b", "value": "T1B0347E12B3E1F960F52687328E2EC6FD663EB8D1DE15BF6E17459A3F0870261D662304", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649219, "uuid": "c80a9bbf-974a-48f7-a7c7-264f10fae9f6", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649219, "uuid": "6085bb04-c862-4ca4-a0c6-a0b0d787620a", "value": "3072:JFQvz3uHvNFdtKQTGVG3uDdgvARWHudvTux1UpodKWrOTGSFBWNObVq:+SNtKvgxn1UpejrOTDBj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679649219, "uuid": "dc0a8cc5-31a4-4d7e-9a7f-d2746e0bf4e4", "value": 252416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679649219, "uuid": "e3dc9051-e53b-4da6-bb50-bf10a9ed6d67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649219, "uuid": "2a95ed13-3b51-48e3-9354-f86355142b9a", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3d6cfee-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679660214, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660214, "uuid": "a9cb0aa6-e15a-4afe-b877-9df830f092c4", "comment": "Malware payload (Mirai)", "value": "cca3f54a49d742a97a6b05ff789bc3f7", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660214, "uuid": "c60c6a69-9125-4be3-866a-4d588fea0d02", "comment": "Malware payload (Mirai)", "value": "3b05262eb2fdf70f55062fe63088298581ebed5810edd213b39f12692143c658", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660214, "uuid": "5568dfa7-3123-4456-bd5d-9098ebd8e911", "comment": "Malware payload (Mirai)", "value": "78d7a670ceb6a247df70ebe28290a5f254638cba", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660214, "uuid": "ffbb77e9-8bd8-4d89-8e7f-e421b510ba03", "comment": "Malware payload (Mirai)", "value": "62064d0380bc4ffe7abd47fa51b7b470404875aad9fb1de086908466efa09b41fead1742fa27b4681a0835847d76da57", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660214, "uuid": "34ecf154-71be-4a64-b6d5-aacc9c49ec92", "value": "T16A436D36E8292E94C09988B074688F355F23E5C892835FFA12B5C3799453E9DF905FF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660214, "uuid": "bfad0816-58a1-4cad-a913-16a6a0ed9a0d", "value": "768:baFNC7UqSVzWbGEyYkDiCQH82iKyudeaio/cMFT4CuVaOCflfHKcwFp8I:baHC78JWMIxmKyudp1/9T4CumPsFy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660214, "uuid": "c7be5e1a-8831-419b-be99-89e9443a1120", "value": 55504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660214, "uuid": "6266697b-23cb-4bb5-b6a2-d19d9f5aa6d5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660214, "uuid": "63829551-ac8f-4911-a09e-e1712e3b558d", "value": "nigga.sh4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7455a632-ca3b-11ed-88f6-42010a9c006e", "comment": "Malware payload (WannaCry)", "timestamp": 1679659222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659222, "uuid": "62043deb-8bdb-4dec-b9af-8547ebf4836c", "comment": "Malware payload (WannaCry)", "value": "7c95f0401e7b113f8e26ecb52dc5d4aa", "object_relation": "md5", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659222, "uuid": "b1267eb9-3732-4b4e-ace5-26c55b7e5b0b", "comment": "Malware payload (WannaCry)", "value": "3bae5b7d3bdfb4fcc3e8f4fb655aa0412d54c8cc55c7816f36106ff2b219f88e", "object_relation": "sha256", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659222, "uuid": "deba6a8d-a353-4d35-b308-93e1b9b7a345", "comment": "Malware payload (WannaCry)", "value": "7cb6e0d6a838eec72d65d511134b1fcb7ed8a913", "object_relation": "sha1", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659222, "uuid": "cae9d1eb-7e09-4df0-906c-17583b8c00ef", "comment": "Malware payload (WannaCry)", "value": "2c3c8f43c80e6c97e06ade70ff4ccdfc285c73c357f5b62fde5d08670cefab681d8413207e1a9948a1b5719016ca7379", "object_relation": "sha3-384", "Tag": [ { "name": "WannaCry", "colour": "#7BC495", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659222, "uuid": "8122dd09-4f81-44a2-bf3d-5651d80518d1", "value": "T1F8E38E096A9C84F4C45A567188B35E29E3B3BC5E0378C60F4F58DA6A1F63391B935F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659222, "uuid": "4bc1b450-24aa-434b-ada0-725c1f61e15e", "value": "2e5708ae5fed0403e8117c645fb23e5b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659222, "uuid": "24205786-23ea-419c-a7cc-f85f7be3d4ea", "value": "3072:xV+LydVaND9yum3hILEVTCW5DgSglPJTcMXaDfl:TE9l9ynRIYVTH5DgSgNajl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659222, "uuid": "adcc3e0b-ca69-4801-a593-546a94bb1858", "value": 147459, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659222, "uuid": "5ac5b050-a509-4277-b9be-ff3704cb9c4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659222, "uuid": "9666bb88-6d1e-4cc0-bb61-c532565c95ad", "value": "7c95f0401e7b113f8e26ecb52dc5d4aa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10b28e06-ca47-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679664208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664208, "uuid": "266e73d6-d3b8-4b92-be59-e5b17a6ffe80", "comment": "Malware payload (GCleaner)", "value": "d3fddf13bc4e9a1b7687e67419fcbce1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664208, "uuid": "7b167c81-2a6e-4def-a5b4-7ab4d7c4f461", "comment": "Malware payload (GCleaner)", "value": "3d3fcbf9ff9a5c092b1e3bedfe76b0330b5dbfdc7e03288aecd45cab984d40ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664208, "uuid": "d297c921-06c2-4d55-a5db-0f550865acb6", "comment": "Malware payload (GCleaner)", "value": "1288e4aa974a08f09419559c1dc93ab8cab46a7c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664208, "uuid": "eaef1d18-22ac-47d1-bfcf-56e0450d4efd", "comment": "Malware payload (GCleaner)", "value": "7ba8c43c15c39e2504fc51ff3b294050632363132b2df833450b392c7af18d70789baa9325c5daf29056f7267630fda4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664208, "uuid": "a682f0de-df33-47df-8418-e980259d39fc", "value": "T1CB953346DAE98831E5B2BAB45C784D49D332F75F3F38243F91DCD88D2BA18116E1B291", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664208, "uuid": "93f6a23e-9272-4258-9321-4735a7eb5c5c", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664208, "uuid": "6d26f504-4a6f-4936-8425-8b41eae9ccec", "value": "49152:EGlJfshd3bRC72tdxKnxmZTPBrDUXUmsoPRkHWi+fLrY2cK5dlLYp:5EVC7kMxmZTtD6Um35k2r/YIPYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679664208, "uuid": "af21f328-4a23-4d7a-bb1b-2d1568ba5385", "value": 2032128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679664208, "uuid": "25b8a2b5-43ba-42c2-ba02-d13373264cb8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664208, "uuid": "a2f09f98-d8ad-45b9-8d43-09922ee581be", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75f39707-ca98-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679699168, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679699168, "uuid": "208e8a87-a6cc-42c4-98d2-7f1a333a4110", "comment": "Malware payload", "value": "e4100ef6ecd7cb6becacbd6849a24caf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679699168, "uuid": "9669826a-2278-4fec-a4f8-688a0aa7fd57", "comment": "Malware payload", "value": "3de48fc5f0343ae45da8b32c924551074c812894f9f090d9db44f290a5338720", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679699168, "uuid": "ebe0a494-03f9-4b36-b8b8-f508c0a13771", "comment": "Malware payload", "value": "e84ce852cdb381b78a2e9c94206725938f41d39f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679699168, "uuid": "7c29154f-dc41-48d1-8d75-468859ef0f50", "comment": "Malware payload", "value": "3a19be98328d34b4f188af0e7bd1b930fee357330f67ab7e41bed452a582f4cd8a6a5ef361c2db6364ce6e88c75e924b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679699168, "uuid": "f9ae3010-f4a4-47ae-8daa-91cc7399ecc2", "value": "T12084BF1273E1F960E1634732DE2EC6FC7A3EB8A0DE15BB6A1344997F0D702A1D662305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679699168, "uuid": "78baa775-aaa6-4f6b-bfaf-69c680e6a275", "value": "a1305c8588ad78686efb12226f3191f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679699168, "uuid": "a5581776-7b7b-48f9-8535-c9937c8774d1", "value": "6144:lO0IrLPoaQNcnuzi/l8FPDgtBOhSdafOtxPNT0Ypbq1Ova:o0IrLAa5uzi8D70PHbq1l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679699168, "uuid": "b8a368ff-80e3-4c39-9772-9e287476fb71", "value": 392192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679699168, "uuid": "c9c2a3e3-28f2-49cc-97cf-20d58a78d041", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679699168, "uuid": "0c53b793-6937-41fe-afab-84963002c0d1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10a4bf11-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (GandCrab)", "timestamp": 1679671939, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671939, "uuid": "40298baf-7fc8-4c4c-b9c5-c5ad281583f2", "comment": "Malware payload (GandCrab)", "value": "51228f70ed0699ecd99d16abff1050ff", "object_relation": "md5", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671939, "uuid": "ccfda9a5-ddce-4fb0-bed4-2b6c6c4290ad", "comment": "Malware payload (GandCrab)", "value": "3f82673c5bebf4a1c2595cb052286fac41ac41d8280b3e15d098e764c98f2dcc", "object_relation": "sha256", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671939, "uuid": "4bea340b-6c68-4f6c-8add-11d35c5e7060", "comment": "Malware payload (GandCrab)", "value": "88c17515910fe84fbb9326d3446fddf33e8145bf", "object_relation": "sha1", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671939, "uuid": "7cc511e8-6b4a-4453-8911-3808395c0110", "comment": "Malware payload (GandCrab)", "value": "0a9442b71ff19041ac11972ed2b8e681389e699f6c9f4287bc8ff3d82879f2901a3479b02a9f4cc91176fcb561f4893e", "object_relation": "sha3-384", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671939, "uuid": "04195b28-1be7-41d2-93cd-214b74249605", "value": "T1F7736A1D62E1B283E1F257B9FAB43E65456E3D103B299BDB89A3594528230F17937303", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671939, "uuid": "2815ff87-280f-444b-8df9-40b93a21b6f4", "value": "6b11af918234585a966ca8fab046dc6c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671939, "uuid": "65020715-2943-4821-8781-a5daa3ed1252", "value": "1536:DZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXouWVU8hbHnAwfMqqU+2bbbAV2/S2LkvdD:TBouWVzFHpfMqqDL2/Lkvd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679671939, "uuid": "29a8e5d0-2c3c-4471-87a7-537b2802f966", "value": 73728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679671939, "uuid": "463ed67d-5713-472b-9f5c-146dc5c52f3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671939, "uuid": "764e8d22-a2ca-400c-8aca-ffc470347081", "value": "3f82673c5bebf4a1c2595cb052286fac41ac41d8280b3e15d098e764c98f2dcc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8c79bb4-ca75-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679684247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684247, "uuid": "c215daf7-3b23-4fb4-b77d-40c1ff4b221f", "comment": "Malware payload (Guildma)", "value": "5fa5e9144a815d703b1cb8bcb36a962e", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684247, "uuid": "e8e557b5-c4ce-45a6-8d44-f9af347d5863", "comment": "Malware payload (Guildma)", "value": "3f874a2d39712cf407d5891e4aecca2a876b6fceb01c42f73c82c1d536436710", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684247, "uuid": "1ebc6d9e-304f-499a-9081-741029d3d4b5", "comment": "Malware payload (Guildma)", "value": "18f77f27d3b91385ca2ad6428271c982f2c19e5c", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684247, "uuid": "d6013ab3-f0ab-4c4a-b70d-4dd961108a3b", "comment": "Malware payload (Guildma)", "value": "9a9f81f6b38b115f29f2978a81a2be2fd124bbd7d74a9a3e599874fe51f8fd5af4484c0900f565861f35f3a07995d59a", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684247, "uuid": "746f546e-78f7-404d-b2b3-d6b1ca0eb2e2", "value": "T18BD2DE9AF13319038172B335D8A6331CE73290BA14654850BF568DC4BD71A7BABF1F6A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684247, "uuid": "80704d6a-ba46-458f-9229-dce2c2217a40", "value": "96:I5lNKGekMBEleY8huFyiBKJ4NPNoNOYNkuNaNoaNtTNRuNaNBNeNfNncNLNFNLus:Il9XBKVreNy4e78CQrOmRKL0YZXqF5g+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679684247, "uuid": "c70f9a7e-da3a-4294-a983-aae644c5f6db", "value": 29885, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679684247, "uuid": "2426744c-0d34-4748-bebc-f088ba426f12", "value": "text/xml", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684247, "uuid": "8b633245-6a9c-4337-9652-d67f39ead0e3", "value": "payload.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07f77946-ca74-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679683521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683521, "uuid": "ff99952e-d8ea-474c-993a-458980ff1431", "comment": "Malware payload (GCleaner)", "value": "d6fa4dd8ac9a9d8a164c35da0e0b7b80", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683521, "uuid": "f44492d3-1664-4f68-96c4-6cb0fded0170", "comment": "Malware payload (GCleaner)", "value": "3f98c72ae30ee253d3fc2e00d37b7eb65e3b20c91f6b68715ae1559bb425d176", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683521, "uuid": "1e3ed963-8acf-4c5c-9469-2bb13211ca05", "comment": "Malware payload (GCleaner)", "value": "ee02c468663da5f9c2c58b3433186d6b50565e38", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683521, "uuid": "269ab86f-3f36-4df7-93dc-764f3485b1ae", "comment": "Malware payload (GCleaner)", "value": "b953ac81cc301db214f8832656b674c2504685568021b0b4a64c2f7083960afe5b3fa7d86a1234593ab8abbeb0708c30", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683521, "uuid": "e2268664-10be-4edd-992d-9208836336f3", "value": "T13B953309A6F689F5E0D3A9740C89CD65AFEEB1026CBC3934676C6D9F1F3A1920C6C315", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683521, "uuid": "76f9456f-ab7d-4e96-b6f0-8774761058fd", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683521, "uuid": "c967a79b-31d5-480b-9a26-fab2048e99f3", "value": "49152:EGlJfs3UrAf76T/tvqN37mwt8wNtIYBGJqMOWtFQZUo75dlLYp:5c8I6/oxmwLwYGbtGFPYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683521, "uuid": "201f13e6-1cca-4c82-8f71-a5a844266621", "value": 1988269, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683521, "uuid": "a12cf58b-9dd3-49db-83a8-da794a177081", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683521, "uuid": "2e14844f-ca38-45c0-ae32-1718d8afc6fd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a58fa75-ca75-11ed-88f6-42010a9c006e", "comment": "Malware payload (N-W0rm)", "timestamp": 1679684169, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684169, "uuid": "6c0a3834-ba02-47c1-aa09-6ce025ab7c04", "comment": "Malware payload (N-W0rm)", "value": "5a86037c2b791d93962bb03022768baa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684169, "uuid": "1c2e6a2e-b883-4532-ae89-8ed859dee80a", "comment": "Malware payload (N-W0rm)", "value": "415ed284c9515925e60e26958546b0fe84b5f1e9f2647b4d4355af5425cea425", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684169, "uuid": "38db5b82-c015-44e2-86c5-ebfe7f834c4c", "comment": "Malware payload (N-W0rm)", "value": "fb94a4441007f82336fdb9094e3e1550435073ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684169, "uuid": "55c2869a-9ee2-4504-b1f7-de90cff645c2", "comment": "Malware payload (N-W0rm)", "value": "b1a400ab37dba4f05fb3b9881870a150d6511f9ba28712cfa18f896fb2f6f160406b64c762ee2d9bd1b2214af7783e68", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684169, "uuid": "f1592526-bf21-4a33-927b-15b0ee30d9e2", "value": "T14084BF1272E0BA20F52397728E2EC7FD2A3EB8D1DE15BB5E1655993F0D703A1C662305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684169, "uuid": "2a4f11d0-63be-4110-b6d9-a83b048bea62", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684169, "uuid": "a9322cf9-5fe8-4c29-87d6-0166158cf563", "value": "6144:rKllzYoLhPvyBU0wu5qRLXMbhaSUfP8vZ2228n3xR2OdWva:ullzY0hnkU0L5qZELUsvE22qRzN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679684169, "uuid": "0880df58-b9cd-47c3-9342-cf2cd10e61d7", "value": 392192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679684169, "uuid": "eeaf0d71-3487-45de-a0fe-005add2bff12", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684169, "uuid": "0f58c722-6a3b-41c9-9e25-8e7289aa9351", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2ef1641-ca7a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679686466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686466, "uuid": "46b5b43e-7864-4cbf-aa88-cf59324dacdb", "comment": "Malware payload (Mirai)", "value": "68dc4dc8d4da630939e242beeb035022", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686466, "uuid": "d27bb22a-4ba0-429d-975f-4c5a2c0c6c30", "comment": "Malware payload (Mirai)", "value": "41a64a3d09cbce2bdc7b8f6d3b11133cfda7b41689ad69092e53c456c4edad45", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686466, "uuid": "f758c7b8-e308-4c9b-b890-f6608bb214d5", "comment": "Malware payload (Mirai)", "value": "35ad0fe15623112d1c45c66893a681d97077b6a8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686466, "uuid": "695ddc20-7bbc-4390-8352-75ac3317e002", "comment": "Malware payload (Mirai)", "value": "e98751cc42d70a247681509f33031eaea1cffc7e936fe7835a306b75fdb301aa9d08a6f0c301b3563bf3d5468509ea1e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686466, "uuid": "1576f66f-51e7-4fdc-9b6c-19467ce9c13f", "value": "T13223F270EB201CB3E153B33E91AE8B8162A35FF951FA3437767D3494A533D914628269", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686466, "uuid": "936d6353-a81b-4930-bc19-dd13fc7e22b3", "value": "768:w89GDkewxwPib91hDjoH04qVfNWBUVCM4ts5+JKyb9raioOh9q3UEL5J:wyjxZDs0rVVWBUEELoULv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686466, "uuid": "7ebc3a20-1ffa-4e45-9fa2-afb1e0446d29", "value": 45940, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686466, "uuid": "d6986f5e-c202-432e-b755-d117097c8c36", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686466, "uuid": "c26bfa5d-a41a-4419-8494-dfedffa8d630", "value": "68dc4dc8d4da630939e242beeb035022", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "538eaf5d-ca42-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679662173, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662173, "uuid": "b49dd180-4288-4611-83a1-3127c4fe5a3d", "comment": "Malware payload (Heodo)", "value": "2c17746d2426bdb971fbf88ccb963e0c", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662173, "uuid": "138d9628-ff6c-4e5d-9d11-a4997c9f2837", "comment": "Malware payload (Heodo)", "value": "41c7076bb4d5b171750f7eb727ad5a6e60304eea592c6001ab906765dd3abe76", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662173, "uuid": "f25423ea-3128-4bdb-904a-72fad928e3d5", "comment": "Malware payload (Heodo)", "value": "165ffc427eeeea8ba22454814c63acfed27a0222", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662173, "uuid": "3f7ee347-2ffb-4391-a6ee-9dee6f6e749e", "comment": "Malware payload (Heodo)", "value": "73629ad09f950f99533ade19bd61a43d228907c1a5c393f3d78e1d38beb408edc4706419218aa3b93739c922c8563e76", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662173, "uuid": "ba76be79-a824-4d2f-be3e-74e5f3b67db7", "value": "T1A82523E059E82941CD0E0C35F92B71BD92BC31666EDD15E633BC3CE5A90EF6D42122B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662173, "uuid": "8de633cd-5752-436a-ac0d-0f6d278edfc9", "value": "12288:akf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4de4:JXzNdfKluvnRHthzfoYxJlX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679662173, "uuid": "43d865ca-d3e8-483e-aa87-ceea042dcd73", "value": 968578, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679662173, "uuid": "74565089-e436-4182-bc53-c5caf87b9d0f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662173, "uuid": "ca880189-8f76-4203-a04a-57465e25b22b", "value": "9pYdueGO2psws4ORnvJ.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10ccc596-ca93-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679696850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696850, "uuid": "14d5adb1-cb5a-4397-89d3-13cb1d14dbd0", "comment": "Malware payload", "value": "aa1340e6de19d9206466a3e46505637a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696850, "uuid": "267c2bd1-ec97-456b-a31c-af36be0bb439", "comment": "Malware payload", "value": "41d1e68ca8ce71c9900d8e02c93a9e23a1f7ae02aec9b3b61b39fc410262fdad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696850, "uuid": "6c930a17-ba8d-4d5f-8b50-7e5e29962697", "comment": "Malware payload", "value": "cf2c701eaa0b3d4bb9ee758fe0070a5fdea4f199", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696850, "uuid": "313b3546-ef30-4073-8d9b-371c076655c9", "comment": "Malware payload", "value": "92794650051224e71e8b7957b7ad4bb8a26a614894e21ed5127c73a9ab85666a6ab1547421550003db512ebc638c987b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696850, "uuid": "0beeb48c-0d34-40f8-a525-94336c51da1f", "value": "T102C53379C3846CC4DA17F0714B741B98F63EE166C701E076BABE4EA653C1B221ED8A1D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696850, "uuid": "7006d72f-a2bf-48d3-8336-37a904b36658", "value": "baa93d47220682c04d92f7797d9224ce", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696850, "uuid": "826d6fa2-af45-49a1-9180-1f66d47ab042", "value": "49152:q/pHoS8FLhcMV6jkf/y2GnS69qGCBArQaF1ClrLG6/ShIssmz1JvXsB:q/xYFLODi/yhS6MHMQaGNLL/C7smplX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679696850, "uuid": "1156851e-b860-4fff-ba62-6eb7458f453e", "value": 2685552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679696850, "uuid": "fda65992-21ba-4ac9-9a3f-580f158aeeaa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696850, "uuid": "ed4a86ff-64d1-459a-8393-7e0c2c8cc0ca", "value": "SecuriteInfo.com.Win32.CrypterX-gen.18764.12891", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "357bad59-ca6f-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679681450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679681450, "uuid": "4893db93-dffd-40c9-928d-b9cab1b458c8", "comment": "Malware payload (njrat)", "value": "043e344c6cc9477cbcfc0a483b1ca568", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679681450, "uuid": "cacc77a7-ff0f-44bd-b390-f5d92fe3abda", "comment": "Malware payload (njrat)", "value": "424f837c55e7216646a63f6bbbbba766ed7521273ddfce6edad4b6335bf7a36e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679681450, "uuid": "24621929-7b32-45c7-a5fd-f897ad8f610f", "comment": "Malware payload (njrat)", "value": "52c4391b1a91c828823107cdf2db92e7142073d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679681450, "uuid": "22bc6b74-ae8a-4717-a203-64828c7d6420", "comment": "Malware payload (njrat)", "value": "ab8bac3c350fe511dfdc2818f0832d43dea1799c171f12216f5c8941d24474ef119c06557a9474d364ab9ae856cddd44", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679681450, "uuid": "9e9d3f41-5e2b-4b45-8251-4b2158e8b03f", "value": "T14EB2290E3FA98856C5AC16748AA5D65043B4A1470423EF2FCDC454CBAFB3BD91D4CAF9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679681450, "uuid": "c1bcd9c4-5f5a-414e-a6cd-bb63f9e7bf3d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679681450, "uuid": "8c0a3bd3-a4f9-4910-8755-a247d09016eb", "value": "384:LMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZWe:Eb9glF51LRpcnuq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679681450, "uuid": "1ae7da29-38ff-46de-93e2-afda43efd48f", "value": 24064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679681450, "uuid": "353c66cc-2ee7-4ee4-943a-4cc4b4fe2934", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679681450, "uuid": "573dc5c5-3d36-4825-8bf4-64abaa5d7547", "value": "043e344c6cc9477cbcfc0a483b1ca568.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50f28139-ca42-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679662169, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662169, "uuid": "ebed4dbd-c3df-4429-9bc9-8d7491860c93", "comment": "Malware payload (Heodo)", "value": "f012a50188257b14ba2d14d6e636c3aa", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662169, "uuid": "1f110cd9-a1dc-40a3-94fb-124d31efc8ca", "comment": "Malware payload (Heodo)", "value": "4254f37e42b83e66521714aef2cf9aa7efc34c9f87e5c8399414d6fbe3c2bf84", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662169, "uuid": "d1a078bd-9050-4bed-b149-a140d832da6e", "comment": "Malware payload (Heodo)", "value": "6353550d7c1a13f5dceaa30ef02ec06c1a4bf9db", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662169, "uuid": "4b04c715-a3a1-4679-bcfd-a41d78b22610", "comment": "Malware payload (Heodo)", "value": "3ffccbb1bfedc2781ebce782fb4fb4a64e220a3387707e3b9d3ba4c3fd8e38de788a0e85161e2fda952aacf09b0e417d", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662169, "uuid": "8c23afa0-2586-40c8-87c5-73060f8b3dcd", "value": "T1322523E059F82941CD0E0C35F92A71BD92BC31666EDD15E633BC3CE5A90EF6842122B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662169, "uuid": "99fce535-1a3a-408f-9b86-5fd9b5d4f288", "value": "12288:Rkf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4deD:KXzNdfKluvnRHthzfoYxJlW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679662169, "uuid": "82b406e5-6932-4599-8407-ba4e099f98c5", "value": 981810, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679662169, "uuid": "36bf018e-adc7-417f-b700-bff683d84d5e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662169, "uuid": "a6c04f8e-32b6-4bfd-a14a-37d8c13f1853", "value": "9cpifm6qgmrA33CrmoEt2HusBUU.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97b0b99d-ca70-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679682044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682044, "uuid": "2076497d-12c4-457e-828e-f5b4ac06972c", "comment": "Malware payload", "value": "683d0488bc6b7aee5c52dea1b21b3469", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682044, "uuid": "1bba9d9c-63ef-401f-b34b-d7f2141c255c", "comment": "Malware payload", "value": "4469ea6689654fe0388191097d3938a832abfa597c8195966320dab9e0d77a7b", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682044, "uuid": "dacfcec7-5915-4462-a720-f146c0e759db", "comment": "Malware payload", "value": "a558e73e215b61eb11395335ac4f87be81fa4c58", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682044, "uuid": "53e4a0a4-8746-4084-ab74-a6962feb5507", "comment": "Malware payload", "value": "cc014ab1649b6fbf5d569eb2601d9a63e7176e2c99b4e8b39aa4bcee51237cb78e9bf2d4f948abfb6d3e2ea9799d1422", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682044, "uuid": "43d0dc05-84d9-4afa-8424-c4903a1ad403", "value": "T1A43601957B85E92FCC7B083515B69331634B8C168EABE7476814325C6C37AE84F8DEC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682044, "uuid": "63e9912f-6ab5-40c4-88a0-3f38ae68bbdf", "value": "98304:QA/x4oaqGxHh5k7c2sptAdL5FBoWHZvFmKgkISN96MJBks2X+rzQZqU9ynNy:QA/x4oaqGxHcc2ktA9B9HmKgkI696M6z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679682044, "uuid": "fb854d43-5cda-4aa9-a4a0-054c491b53e7", "value": 5239137, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679682044, "uuid": "def5b1f0-75ad-4b57-a1a9-1715533aa1e8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682044, "uuid": "e4d78ce9-ba8c-4099-898d-35b2c8683be3", "value": "4469ea6689654fe0388191097d3938a832abfa597c8195966320dab9e0d77a7b.virus", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5282e15-ca75-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679684241, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684241, "uuid": "47b58b6e-d125-4a09-8798-aadf336871e7", "comment": "Malware payload (Guildma)", "value": "46ed07b6775feec87b40375b8ae347f5", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684241, "uuid": "a6bbfcc1-acda-4960-872e-3c15939a15dc", "comment": "Malware payload (Guildma)", "value": "4500fc553b1d61be5bf84415b01aa0db72a604284fd72e3a287cec55ade664fb", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684241, "uuid": "b532a7c9-e992-4b35-a4c0-a62eb2cf3bd5", "comment": "Malware payload (Guildma)", "value": "ac785aa406cf90e4524a6a4f92087cf03bee5e70", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684241, "uuid": "53a58d71-0fb7-4e3c-b28b-ef0c05a9fe65", "comment": "Malware payload (Guildma)", "value": "a5f7498e446d7c0d5e003ffd6b07f7ae2cef3794e185225da13fae8be9657d35d9c8c212987c93d9c21caef3eb774d3f", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684241, "uuid": "437283b0-d5a3-492a-9f29-fb595f40a861", "value": "T102F0DC4DE41229C5F49C0035C8061A4A2C1C3F4B0BC19292058D09888AE09CB6D5D670", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684241, "uuid": "8dda45a3-c4cf-41c6-bd7b-6a77c672af2d", "value": "12:8rflM8OBE6ZGtgkOId8vjKjdpoL70OmOm7+6pL5/JKXrBOdpJlb:8loGtFOId8rK7oL4Odm7+4L9EXdOpV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679684241, "uuid": "842733a3-4bfa-4498-a3f2-84e579de38ee", "value": 509, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679684241, "uuid": "9c50517e-8475-4f46-a24f-96f5f059060a", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684241, "uuid": "994075b4-e135-48e1-aab7-19628cf9ccf9", "value": "rastreamento323868_484.42892276.037227.29163.lNk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc73e1a2-ca7a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679686455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686455, "uuid": "c462c17c-0c03-4c1e-a294-6fa4809226e7", "comment": "Malware payload (Mirai)", "value": "a14b2b4973a97e68c15c83ea3f236e23", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686455, "uuid": "04b32450-6064-44da-b20d-8deb1af923b3", "comment": "Malware payload (Mirai)", "value": "4588deec548ac01d7e28ebb4d2171ca815e348c5f99223a059c3e4481d01c57d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686455, "uuid": "8bf5833d-c17e-41ae-b2ea-cc06697dc55e", "comment": "Malware payload (Mirai)", "value": "c6ade5c56f823ca0fda78f27fc4adeb73741056c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686455, "uuid": "450d8255-3416-4bd2-9c75-5b528e212968", "comment": "Malware payload (Mirai)", "value": "8ace94c65e1c35c9163ba3f58b4062d343025a5c7da0371087f78c76742c8aa30718d033bce4b7710b5d2c8562bd1fe8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686455, "uuid": "7ca477b2-8565-4cce-896f-b900807f25a8", "value": "T193A35B22BE560827C1D4A27A22F74321F1F7634E70A84B1A7EA30D8DBF6475136277E5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686455, "uuid": "cf4f6cb7-b7eb-4428-94a4-be5fc9bdd5ca", "value": "1536:4Uus8eqsVSlvq6IZwuDywNcgKNtHP5Atfphaoj:dX//Sly6IwuzNhKNth2phaoj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686455, "uuid": "44052f41-f807-4651-95c9-b20564e4d344", "value": 101400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686455, "uuid": "d8cb593f-7991-46ce-ac54-a16d42039226", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686455, "uuid": "9e4c1ea2-d7c8-424c-a9f5-a74172227efd", "value": "a14b2b4973a97e68c15c83ea3f236e23", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b7bcbcb-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679639853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639853, "uuid": "029f4c4d-a909-4a6e-b973-89aad1e91783", "comment": "Malware payload", "value": "b087db470a2ff393cd25f2bef2f5c1b4", "object_relation": "md5", "Tag": [ { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639853, "uuid": "12c576b1-3607-48e1-a5c7-679f2a60ecd3", "comment": "Malware payload", "value": "46149f56028829246628ffafc58df81a4b0ff1c87ed6466492e25ad2f23c0a13", "object_relation": "sha256", "Tag": [ { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639853, "uuid": "97bfd0a2-caeb-4ad9-97c4-06ca4d033773", "comment": "Malware payload", "value": "5b33e3d63dfab6e829456abb2ca3ea2f76a7da0e", "object_relation": "sha1", "Tag": [ { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639853, "uuid": "baa39c04-1ba0-4720-92d5-dd9a27ebe075", "comment": "Malware payload", "value": "ec1488288c2f51528493c175484d3f9832f2549086160d8e24bd9a24064abd28c3149cd65accca1272fba19c663160b8", "object_relation": "sha3-384", "Tag": [ { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639853, "uuid": "030b5d8b-b4cb-4fea-9e30-4ef9ad4af4bc", "value": "T10B44F1538455589BE4F3933CCED20B18A71BD9C0936ACB5D7EA6509E0D2F2B3E817A0D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639853, "uuid": "b97c5c4f-e873-4c39-9682-be45af4a11c7", "value": "6144:1kIk+ai6laI6g0UOqa1fmioLyVmWq20F/wy:GaI6fF1fmYEN/wy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639853, "uuid": "b45cd236-4616-430e-8413-466b817123cc", "value": 259760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639853, "uuid": "af54a6bc-34e3-4f45-b136-7f5b8fbb51b0", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639853, "uuid": "eea1ecbd-f4f5-4a87-b240-61157e54b2a1", "value": "infinilegno doc 03.23.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e5d12c6-c9d9-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679617094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617094, "uuid": "2fe762c9-abe7-48c4-a75c-87bedcb8d1a0", "comment": "Malware payload (RedLineStealer)", "value": "5b186d2922ed3a83054ecb715f5e02f6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617094, "uuid": "f17741bb-bab7-490d-8286-89ee9694deee", "comment": "Malware payload (RedLineStealer)", "value": "462fe73759511dccf18282eeac0c584285b8e91a3a04b488b2599696b5b99500", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617094, "uuid": "bae77be0-c8cf-4989-968d-070821b1e48e", "comment": "Malware payload (RedLineStealer)", "value": "5aad803f8771566d6cbd12f7c9cee4237e7e6d6b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617094, "uuid": "c1b41f4c-ce63-4686-abf6-bccb814b6dca", "comment": "Malware payload (RedLineStealer)", "value": "b638612381c2d152abb0bc958cb35ea78f69ae4e3c58281285fa9d7adc44d13b2b621bfbb4eef8cc76360e240e16e2b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617094, "uuid": "74eb7715-e415-449b-b4c2-fec86c6e8422", "value": "T1A374DF11F290D4BAE89645748822C6F96E3FB8719B1582CB77817B2E5F303D1EE36346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617094, "uuid": "e2e0e3eb-c65b-4884-a26f-e50432ad67f5", "value": "58071948c33b7dec9bea638ac45f94ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617094, "uuid": "c85a09d8-7b42-4dfe-8232-a20b52422922", "value": "6144:Xr92GoLn8vUZKrylCAMG2jFCEiHTVanXj0swMib+XNRpyz+iHA:Xr0Go78vaKryMGyri5Yc6dyzDg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679617094, "uuid": "93231f2c-d621-47bd-b586-9b8a85bd4c52", "value": 363008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679617094, "uuid": "ba574814-73b0-4b2b-89e0-c938104f3b32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617094, "uuid": "2b98a495-2cf2-45a6-9944-f6a6cbcf404d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5e6f833-ca24-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679649534, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649534, "uuid": "cca5493d-cd8d-40d7-ba7a-9d6fdffc13ff", "comment": "Malware payload (Gozi)", "value": "2e10dd62f4a9c0e65e8b89348512ba3e", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649534, "uuid": "e7ae23a6-8b8e-4ba7-a18d-f9220b670970", "comment": "Malware payload (Gozi)", "value": "463174e74e8c212a4024f1ccc1bf4490d2ffe6d5ef9c573cc512c5b996adb437", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649534, "uuid": "21a81de8-25ae-4471-8dff-016eca544374", "comment": "Malware payload (Gozi)", "value": "375488048de003ce196799d4f51e26c8204adc54", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649534, "uuid": "78dfcae2-1877-4874-be34-a1194817de21", "comment": "Malware payload (Gozi)", "value": "b22618802758db993def5c191f34463374ae889db158f47b69cda62055d3c1ed22b0925a28316c6554ed05283359a0b4", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649534, "uuid": "9f2ddcdb-496d-4b69-97a0-912ff7170794", "value": "T16DF05C418E23F737C0E696B911944691A1AAA607C493B10B4F9C71FDD9D1B586E310CB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649534, "uuid": "0151cb4c-2cff-4d1e-aed8-07098197a7d9", "value": "12:5jPMEMuGNpRslDfYtlquHYdwvFtGhWEJC7Mxz:9RERdpOCavs7Mh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679649534, "uuid": "0f87e005-a821-49ec-bdd9-f5b27b124ea3", "value": 487, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679649534, "uuid": "5cf90771-afb4-4736-9e57-51da09699d22", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649534, "uuid": "7a5d22cd-6800-435b-b2bf-44bf39c52162", "value": "Contratto991.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58763d02-ca30-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679654450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654450, "uuid": "3dac4ddc-1333-4544-8496-5b510bb42e9d", "comment": "Malware payload", "value": "403abf9198972d61e96a887fb027a431", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654450, "uuid": "f6f66fb0-cbd8-4877-a03e-99990e298ce8", "comment": "Malware payload", "value": "466cf0832a24b9a900aa36431f7fd69647c172c1c8054e233c473e83e50aa18f", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654450, "uuid": "17c6c20e-6345-4351-a315-4e1ba0dfc369", "comment": "Malware payload", "value": "521a10c2cf8b54343d6505c2fdf3f2dde7db9002", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654450, "uuid": "f06ff95a-76a3-458c-adb7-328497417940", "comment": "Malware payload", "value": "da8c0f64bb26e5eaae1b96ac41fe71859e78c7435ed6987ef2240262df72d6cdcd180237dadf3209db14aff025dc2f71", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654450, "uuid": "975d89af-3229-4e8c-8bf4-c12575fdd8c6", "value": "T161B42361F8B30EAD712661F07B41ABDF0453C494C7866B6F5A5BC3852888BFE5D006EB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654450, "uuid": "eb2fbeac-442e-416e-8e51-9e06ee577f70", "value": "12288:8jNm7xY41hx1BDcAv7NFANjbsDk+iXNEa5di5AOq1vr1p:8sxY4PxTDcADN6Px7NVdaAOq1vr3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679654450, "uuid": "064dfc49-5ac3-47c3-b8c1-02dba8fa8997", "value": 540355, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679654450, "uuid": "f8f56b71-94ce-41a9-b96e-1e89280a52f6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654450, "uuid": "4ffdf126-b9be-482b-b60b-5c3e3520b957", "value": "backscraper.img.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7e60803-ca36-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679657214, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679657214, "uuid": "d698624d-2034-4e93-8113-1725bd5db17a", "comment": "Malware payload", "value": "2cb2530056d3666359998d19f31e5ba9", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679657214, "uuid": "ec6db560-9499-4f33-9611-cf666c3b7347", "comment": "Malware payload", "value": "48287288eab187b020206a99ec50a11cf73c67d10081c629b05056b15b83148a", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679657214, "uuid": "0363e4f4-a1fc-4d21-a605-275c7f2c9958", "comment": "Malware payload", "value": "fc3044a95e045c7e2974187adef686085a17922f", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679657214, "uuid": "8fac1ef9-a8af-43c6-936e-1f6e36c427f1", "comment": "Malware payload", "value": "62156f3a5c31596c10f522554c3f9452cb25bea6622665c61dc8faa8a0f317dc0c6e2f9e4fb769fcdfc544bdc762326a", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679657214, "uuid": "44de9c92-c817-47d3-b4e4-de07e1fa85a2", "value": "T113F2BF79D014E8ACC9B74ABDA10F18E1F2680543D2527F0B6E10F3AC57665DF476F88A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679657214, "uuid": "a3a6a589-2fe3-456d-b851-3071dbbc05c3", "value": "768:yp9fOaqDTQI6YiXH7v06sHtOJhvnZWtD25gn8r8YUB:yLfoDTQI6YiXHx48XmDuP0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679657214, "uuid": "19ec2cf5-58d5-48e9-85d9-915005c415da", "value": 37230, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679657214, "uuid": "e8eea5ce-4a2e-4f84-85eb-8a36d98ec6e6", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679657214, "uuid": "8eddd250-26c3-4f1a-a368-c6deb63acb46", "value": "48287288eab187b020206a99ec50a11cf73c67d10081c629b05056b15b83148a.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67da4ca2-c9dd-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679618828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618828, "uuid": "8672a206-faad-491c-b180-cba9bcbd3d05", "comment": "Malware payload (LummaStealer)", "value": "b56983f161b2ff80cad6dbec58ed55fe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618828, "uuid": "d1345291-8b8e-4269-82b4-fc4fff0815b5", "comment": "Malware payload (LummaStealer)", "value": "49cf3f7dff15bac894c07903ad2b14a89967c0b5c5c7b7f78e4f3f45628def71", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618828, "uuid": "932e9f7a-d3d5-4c97-a1c4-0a7bd376a54a", "comment": "Malware payload (LummaStealer)", "value": "fef579427734ffbf25101b1dbbf0b0dd02b7d379", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618828, "uuid": "d094b418-c68f-4ed6-ab29-c6a5a633558d", "comment": "Malware payload (LummaStealer)", "value": "245b2fc32bb319285ac7706e2036e1b4d8192b4b8ccd639d30aab4e175dd54f1d699f57bf2cb5ed9af4b1fd8005aca8e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618828, "uuid": "b6ccc02f-3d38-4142-ad7b-df0505b33f23", "value": "T1B644CE1276A1C872E54645794820CAF4EA3BBCB08B1586FB7B143BAE6E313D1DF35346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618828, "uuid": "8f412c64-95fa-47f5-a080-0c7cc085bc18", "value": "58071948c33b7dec9bea638ac45f94ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618828, "uuid": "dd0a7d8f-1cfc-4421-b03e-4601c22cec82", "value": "3072:WVGFSFEHpiVOL15eNN/1j0JgozzQQM/9CPUt1y2S5hio6eU:VFYVOLrYN/9EzzQQwCPU32p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679618828, "uuid": "53979dc6-9bd9-42a0-8354-7c2bfe71a4f9", "value": 265728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679618828, "uuid": "40b9c865-3253-43a8-9d5e-8b41bae2f1da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618828, "uuid": "50a212d5-5460-4769-b5fc-ad9f69470cc8", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e8cea23-ca87-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679691800, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691800, "uuid": "69a6cad6-e921-48ec-a0cb-d294fe331982", "comment": "Malware payload", "value": "77d24afc56ad6fe02595f0317c666692", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691800, "uuid": "9eff4468-7297-476c-b7d1-adf16b37370f", "comment": "Malware payload", "value": "49d6bc1b46a0e34b1be729269e18f415606be1e28414aaaa90d1da1b64bf569a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691800, "uuid": "374ead04-12d5-4aa0-8a76-fa0948cc5a38", "comment": "Malware payload", "value": "0039664cf573e33f62f3979c403b147c1759dbd0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691800, "uuid": "926474af-55b3-4dac-a7ad-38ab18d69d53", "comment": "Malware payload", "value": "bd7e697ac5a72def0e4569c3fa218dfc2db7db3f907be429898baf4dd09fe803e76831878f157ee27a2f843167e78215", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691800, "uuid": "5027ae45-6115-4701-a893-df31ad3fd508", "value": "T142547E1273E1F960F51787328E2AC7FD3A3EB8E0DE15BB6E1649993F0970261C662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691800, "uuid": "1641de9f-622b-4ba0-b755-c64caa431d56", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691800, "uuid": "30535520-60da-47f9-be78-586541854120", "value": "3072:WoLvVW2lhwh3qvLCUqEt83/rIkZXPaMIk4Ke8HKHf60VpvoL/1hWN8aeDr:/70gw2N83/NankxBK/7oLdhva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679691800, "uuid": "472fe6f2-bf40-42e7-94dd-32e64b9b460c", "value": 283648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679691800, "uuid": "a90e7cd8-8bc4-4940-a561-ae9af7ca3d06", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691800, "uuid": "f8cd00de-6d76-4fca-b4ae-026b37b38296", "value": "77d24afc56ad6fe02595f0317c666692", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bfd7816-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679639880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639880, "uuid": "9edb6105-9145-45ba-aeef-c309b70a33d8", "comment": "Malware payload", "value": "fdc75e40621414008dbbb6c5dae7d76b", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639880, "uuid": "f8cce2e7-51ef-4d2c-98ef-fe85821bb6fc", "comment": "Malware payload", "value": "4accce76226674130f283d5c025a1584b7d7f1004911ddff5047776d61af1c11", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639880, "uuid": "abf2af7d-39d0-4412-8a15-1fdf3f12b820", "comment": "Malware payload", "value": "fe2d8f24efbc4fd59c7b2b82dcb7183940b277fc", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639880, "uuid": "d5f5a309-90b5-411d-92bf-a5e97fd24169", "comment": "Malware payload", "value": "acfa043f69f3b67e98057ac4f2605887e752205c47c08298eafb6fd0ef65f8a1033d3151ff23cbe95dbc9a6b96ea652d", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639880, "uuid": "e7f1408b-3f54-4e56-8b7e-2a235a0c659d", "value": "T12163F19BC8C393D8C443523DF1E546EBFD090E1AAF29346FA50B6FF85A405D8074AA6C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639880, "uuid": "6ed9f7da-4ffe-4b5b-b5f2-e831e061d3a0", "value": "1536:uoGpMsTr0pnaWnXgSfo8Av3Eq+1EfjZCQO8XWGlWVdfZIlXhvs:uoOsRXi8IuMCQO8/cV76U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639880, "uuid": "da8472d1-c683-44e2-b286-d18578787b22", "value": 68599, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639880, "uuid": "bbeaf5be-9b8b-4ce8-9dde-6a1857acf1f0", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639880, "uuid": "bce0eaa3-6aa4-4d42-9563-c711640ddba6", "value": "Bloomberg BNA.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e57f940-ca87-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679691907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691907, "uuid": "3b7c6997-393d-4bef-ba6b-da5ab3889577", "comment": "Malware payload", "value": "5fa74e56e7665ecb48c8d7c135e618cd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691907, "uuid": "9f769489-98ba-4cab-9669-7f71056e3d5c", "comment": "Malware payload", "value": "4b0ad64c6543fdd2505d741b567955fca23812cd1bcb83d2a0e546831e292f08", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691907, "uuid": "7d42b169-1594-4595-9c2c-24d2212aafa8", "comment": "Malware payload", "value": "765f31a03a7682e3566a1273d5b08dae830bc28b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691907, "uuid": "5f30cf5d-20d8-49d5-9670-8048b19eb18e", "comment": "Malware payload", "value": "59ee842f3eb13a7331bf0d990347a03cd91d6b8d44d4de1fdcf72c02d2eb8da9a0d639dbeac07e5b921e55eb45345690", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691907, "uuid": "d01fd214-bfc1-4e35-9ab6-c4b7bc1a339f", "value": "T1F9352353A3D4D1B3E8F527316DB206930739BCA24E65429FB38AC98F5D71A91A4703B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691907, "uuid": "aaba1f31-f719-42d0-978e-2b8cc5448d9c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691907, "uuid": "2c46b421-bbc6-454b-b94c-2382656abb65", "value": "24576:0yiYgykT4skP+3eLc0ZsptveVNyk4cI+s03oEE2ky:DiJykhkP+Cc0KWdDdd3m5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679691907, "uuid": "d8fa1304-052a-49af-b215-59b5904afdbe", "value": 1063936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679691907, "uuid": "92b69ba3-87a9-4551-835f-afa57f61a07a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691907, "uuid": "fe245a09-99cd-46ae-b698-c7b3b3c2daa4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1307c72-ca02-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gh0stRAT)", "timestamp": 1679634923, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679634923, "uuid": "b775f486-3dff-433a-9167-064ff0998e3b", "comment": "Malware payload (Gh0stRAT)", "value": "3ff09c343d8a50e9c9bb1332bf21998a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679634923, "uuid": "4f06a18e-cd9f-4c77-9291-8795356efbd1", "comment": "Malware payload (Gh0stRAT)", "value": "4b74fbd877b7e3e1e325df75ddd3cfece7404a4104a646a65a1a4b7614f9478c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679634923, "uuid": "4022944a-a572-4fce-8f19-6d4c85c3f596", "comment": "Malware payload (Gh0stRAT)", "value": "1406b01f0d4a258ff883978104903cbc4941cfe8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679634923, "uuid": "8bff1a2b-1e4c-401c-8f1a-a57bb81bcaa0", "comment": "Malware payload (Gh0stRAT)", "value": "af92a9f1e970778add8127b5e2c5f6e0dee4e36c7f444f58d55cf15b9557a76056a2eaa12fd4d71f3afd29817b6c9621", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679634923, "uuid": "e02fa3a5-66a1-4daf-82ed-85f0e3013586", "value": "T149C37D02F5C500FAF6A8117C14BF7B76963BA9949B146FC37B24DE641C63161AB3238B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679634923, "uuid": "592e4394-bcaf-48b1-aed6-bab042cd3e35", "value": "f683366ddf493cd68d5fc61a44ca3135", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679634923, "uuid": "a3efbb4a-4926-4091-916d-375384113c3e", "value": "3072:PZ8FyFwFD6HDIgRAD+rG8RsaESUjx/kKYjzt:PZ8IFjHm4G0JGjxstjZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679634923, "uuid": "111bd2d1-ccfc-4b7b-8f58-d0115afa762e", "value": 127488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679634923, "uuid": "22979617-4184-4f3d-b7eb-de0c3b06c0e3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679634923, "uuid": "817d3a8e-eae2-43ca-bec2-1d4d4f54266d", "value": "3ff09c343d8a50e9c9bb1332bf21998a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52921f97-ca95-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679697820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697820, "uuid": "60e382ba-e94e-433c-97b6-99a6a9faca13", "comment": "Malware payload", "value": "4e1fdf13a7da8eff042e49bf7f08dfc9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697820, "uuid": "81340556-bfa4-4e7f-8edb-bccd024634c3", "comment": "Malware payload", "value": "4be3d9f2a74c89eabd7a9ba7ec64e69096b5007d6b1b421059ef634dad85cc1f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697820, "uuid": "24891be7-4ee7-462b-be8d-ed2b21d73670", "comment": "Malware payload", "value": "607bf3523750ed7292330e84d7bece4e30de9dd4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697820, "uuid": "e1973c0d-5d99-4fa5-ae6a-618c918b95bd", "comment": "Malware payload", "value": "546a40ae568ba71e704852beb17ddde2717b13678638abfdc4a932925d1d749512e8d8cf9a6a554dfd9d3b44a48931a0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697820, "uuid": "0ccc138a-8fac-4628-9a13-ccd9675ff9c1", "value": "T1CF547E1273E0F960E5178732CE1AC7FC2A3EB8E1DE55BB6E16595A3F0D702A1C662704", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697820, "uuid": "1b15dda5-11ee-415a-9db0-8a539bc988f9", "value": "a1305c8588ad78686efb12226f3191f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697820, "uuid": "d7ebdc6e-13cd-4fb5-bb7c-0568eb7c442d", "value": "3072:QxwfC82x9g4Ci95kHUCfCjtpdZNqoSGoov/ZDBS8b30KMVYAmuSGbAZMwf7SamHb:skZUpyfCjCG1vpj6VxmGb7tInva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679697820, "uuid": "79ca94b2-b5da-47bd-9d27-c48ea1e133b8", "value": 283136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679697820, "uuid": "241db1c0-7e8a-415c-b058-79e2a5c43ddf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697820, "uuid": "e7889995-3786-4e77-b0a1-5cea22c18142", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3dbf0fcc-ca44-11ed-88f6-42010a9c006e", "comment": "Malware payload (NanoCore)", "timestamp": 1679662996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662996, "uuid": "f106f3f6-0df1-4064-a88f-a5f5f3d5d33f", "comment": "Malware payload (NanoCore)", "value": "06bb3e6845c05801adc2f8d3d85cd188", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662996, "uuid": "961d8cbc-abcf-4282-a5b3-aa2d23d71cc5", "comment": "Malware payload (NanoCore)", "value": "4c39d7bc897c365a5c93f4fa958362f6e98d6cbdf8f7dcd9f84aa16caa972855", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662996, "uuid": "5aa16f1b-c4ea-41cb-a1b1-9bf6bfefe56c", "comment": "Malware payload (NanoCore)", "value": "ef7a48d42513d860bfed62e5fa41efcd79d860c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662996, "uuid": "2696bf88-4324-4d5c-b6c8-390c74373aa8", "comment": "Malware payload (NanoCore)", "value": "181427d9441c337a15c0ddccacaaa53538a50a203e60b1c9981523b926b531476bda398017f6cba98e8466c94b5daf3c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662996, "uuid": "f63c38e9-973e-4d29-b116-c8c996fc59c5", "value": "T1B5841211B568C8A7F4471FB42E9AE5BA1AE6ED085E91074737E07F1F7E32045CA0C7A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662996, "uuid": "f33ee17f-84df-47a4-a933-5917950c11fa", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662996, "uuid": "e2995885-7aef-42ef-af1f-3c1d9ca68d0e", "value": "6144:gYa6oyf4GW0T3aXVgMUtBxFPg3leoyr9ZoMCAWEHmim3hEd+SJ5VDEx0psOkqX5V:gY2yfCXVgHfx8l09ZoMdd5msOciN0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679662996, "uuid": "9886a060-2e6e-4499-b189-c86bc5b2de96", "value": 392412, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679662996, "uuid": "63e8e12b-2ef3-4b91-b8d6-fee8ae1e4c6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662996, "uuid": "184d154d-a0d1-4cfc-a2a6-dcc89230b620", "value": "scopat2.1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c99763f-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Hajime)", "timestamp": 1679659477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659477, "uuid": "f28edd35-beba-4d19-bcd8-17775a4b3264", "comment": "Malware payload (Hajime)", "value": "9e3b4b247b2196322c3b09dd9c932ae9", "object_relation": "md5", "Tag": [ { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659477, "uuid": "df00fbdd-097e-47e0-b4ae-ffbec898bb5f", "comment": "Malware payload (Hajime)", "value": "4c4fe251236789553cd237459c06f79b72cc26a63e9491e339b5de382b246470", "object_relation": "sha256", "Tag": [ { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659477, "uuid": "1707ec52-3421-4d50-a7f9-2672f3176e07", "comment": "Malware payload (Hajime)", "value": "d9b1ed53fa6c48cd0c3c4bbb633bba834a0a4d5f", "object_relation": "sha1", "Tag": [ { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659477, "uuid": "8d69105e-a5fa-4344-9e3f-f61116a7ed8d", "comment": "Malware payload (Hajime)", "value": "dd5b3eb5bb3d42b25b77ce7e0abf6d675b0ed3a4a176e44f03f3a3e7ce4ef89159a82125ab36ae0324183084824b78d0", "object_relation": "sha3-384", "Tag": [ { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659477, "uuid": "063d7644-5771-4a99-9fdf-6281c5820078", "value": "T147F0C0F80BC45E53D9F420BDC46D03702703CB00D41BF757D01440180C03064AF5E6D0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659477, "uuid": "7491baf7-0b09-43b4-9b1b-9a0bc22ab0fa", "value": "6:Btk/t+l7RY4R1+st8zlxQPibhYmhVH8f/I9glqlcZqDQKIqGgZsIvhP:BLey5AxQPiemc/TqWsQKIq57vZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659477, "uuid": "0e50ef48-ae4d-4ea9-bc94-2b3052f3795e", "value": 480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659477, "uuid": "d6e25a50-3c5d-44e4-8461-b5cf2bf5abd7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659477, "uuid": "c663a672-de47-4dc3-b822-a8f1ee1b0d92", "value": "4c4fe251236789553cd237459c06f79b72cc26a63e9491e339b5de382b246470", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d2c3877-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679646298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646298, "uuid": "ed9f24dc-a9fc-4367-b3f3-ace928b83b6d", "comment": "Malware payload (Heodo)", "value": "ddff411e5ad7ce29e20876781d1c4575", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646298, "uuid": "976df591-d3a5-4325-a3d6-3d11849b4c1e", "comment": "Malware payload (Heodo)", "value": "4cff47be9f748f13fcfd3d383052695fb4b8d73ee586a1fa130fa7de4cffa209", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646298, "uuid": "3bb50dd4-5e21-4279-87a9-9c1112d599e6", "comment": "Malware payload (Heodo)", "value": "7044af94c1554f1dea70bd947f27c40eba5d7b6e", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646298, "uuid": "5240d0cf-bf53-4f38-b635-8f321a15f14f", "comment": "Malware payload (Heodo)", "value": "638ce8a58b3628ec62e44ca22ef4d74cdd5362929058325301d884eb19db055d5d29f50db107b2bb7f98a6d790fe62fa", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646298, "uuid": "dffb3175-5089-4959-bc67-b0b8afb85544", "value": "T19444F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646298, "uuid": "880d4441-319e-4fda-aec1-9e69c62241ec", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaZ:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuVa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646298, "uuid": "9b4bd204-7c7b-4e77-9955-7a306be52fc1", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646298, "uuid": "3099d5a4-a26d-4b88-b6d8-0e4790b24283", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646298, "uuid": "85ec59e7-f864-48ed-b3aa-efcb34bd6891", "value": "100325364797862682.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9307961b-ca8b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679693633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693633, "uuid": "d63a88c1-c7a1-4989-8f10-d31a43a42648", "comment": "Malware payload", "value": "4308e46cb94ae079f265c4bea40343fe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693633, "uuid": "0ff86c68-31dc-4dc5-8421-02a796d20988", "comment": "Malware payload", "value": "4d2ca20f77551de7bc6a5788de5252b3d1c3efe011e7f329e873d01a7eb339b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693633, "uuid": "4fb3487d-3846-4cc5-9f77-0381d1da1a9c", "comment": "Malware payload", "value": "ba565af97101637959a8b3e86499b8cbac81356d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693633, "uuid": "72349dd4-c000-4058-82d0-ae7eb1dc6886", "comment": "Malware payload", "value": "5202df18f793351fb97c98039265d1184f5e3188de100dafdfd68e32ee91fb4fe68d4409c45cae73a73388d19ad28abc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693633, "uuid": "d7910b5f-65e3-4ef8-bfa4-3fce059cccbc", "value": "T19A84BF0273E1F920E51787728E2EC6FC6A3EB8E0DE15BB6E17555E3F09702A1C662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693633, "uuid": "e1ead07f-df19-408b-b127-8a558843bf5d", "value": "a1305c8588ad78686efb12226f3191f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693633, "uuid": "4bfa6a1c-2686-4640-8242-d714faf23f20", "value": "6144:bWrKWU/g0PCFmstsP47MhfUlhWlrTOlbv48tZDL0mIpq1va:yrKWUI0PCF37CfUl6rTIbrL0mYx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679693633, "uuid": "5e7bafdd-efc3-43b2-b4e5-0873dee0dd77", "value": 392192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679693633, "uuid": "38a0b474-bc45-4146-9f2c-357f50f83a3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693633, "uuid": "9a04351b-7a70-4f55-b656-fd5b094e5fcc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd2941a4-ca72-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679682966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682966, "uuid": "888cd01c-6dc9-4c02-9bd4-0b4f700addb4", "comment": "Malware payload (RedLineStealer)", "value": "17d42baeb0167521ced4f3a0010283f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682966, "uuid": "d89bf0f8-3fd6-47a6-979a-00d78a5fe399", "comment": "Malware payload (RedLineStealer)", "value": "4dd8787a20228e45c582eac16ecde7e6ca03ad78639473d1b091bc3bcfbf5c75", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682966, "uuid": "bcde0e1b-7ab2-4ef5-8308-67b4b89ae806", "comment": "Malware payload (RedLineStealer)", "value": "e92bf79d017426dec346ca09b083856cec2b7807", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682966, "uuid": "50a7bf52-1fcd-4ad5-b13b-3675ae591537", "comment": "Malware payload (RedLineStealer)", "value": "76fb1303e59bb3207cbf439f0d15faa47c2d496c1dcde4711ce5d48a8e31a15b7ca68a56f0a87bdc283e87b529506046", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682966, "uuid": "28843a82-5579-41b9-9a36-632932ec0f0f", "value": "T1EFC41256E6C84472ECB8277065F627A31E31BCA25E34936E7745AC4E19B3784D83233B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682966, "uuid": "80cae025-14c2-43e4-8bf8-b057b97cc0d6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682966, "uuid": "864a5af5-93af-4a7f-a3e7-7320e6976692", "value": "12288:7Mrmy90aOW9ZLSiOBF2LcyWold06WMdWto+/4d/zzyCV:tyIW/evBQvWolyM/9dV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679682966, "uuid": "a3a685e2-fc31-46ce-9418-1e1617b1b4ec", "value": 566784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679682966, "uuid": "8f47cd84-bfcd-45f0-b1ac-e345f2289e74", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682966, "uuid": "b054c15a-5dbf-480b-8844-a7ed80e67a97", "value": "17d42baeb0167521ced4f3a0010283f3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4150dd9-ca74-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679683837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683837, "uuid": "cecc9d0c-0290-4266-9ed3-27630212afcf", "comment": "Malware payload (RedLineStealer)", "value": "af4eeaad90b517e600570110754d9c5e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683837, "uuid": "80336368-562f-46ff-bfe1-6b0a4d5c9269", "comment": "Malware payload (RedLineStealer)", "value": "4ec8aad55df3e8ec8764a710e2613c8c160cf176653ab6c38c65fd0ac9892164", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683837, "uuid": "df2c4650-c503-4b7e-8056-cd4310e6499a", "comment": "Malware payload (RedLineStealer)", "value": "3541b188739c9a8f410e72e2bd83fb13f7f5d3e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683837, "uuid": "32723014-14be-4f2c-9e5d-1fa5272cca36", "comment": "Malware payload (RedLineStealer)", "value": "5cc9d3c2a5c929eac14cf7500a65cb1231aed89f3fb731315f854d870ee703aef3c1f5bfbd4536a55e241131030b690e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683837, "uuid": "2491bdc8-911a-412f-99b7-40e29a88dfa4", "value": "T1113523625EE890B3CCF86B7014F303930A35BDBBDD74826623999E4F5DB2281593173A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683837, "uuid": "5657201a-3f89-4942-8ca9-d1504406fabe", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683837, "uuid": "e2a3c67a-7dbe-4e83-9b8a-e1f990b3145b", "value": "12288:/Mr+y90uWN7tjy9h/hBCuOmhSG6HC5/C75PRt2V7frgpGNmcxaUzxhPt2dWQzke5:Rya9Fy9hJB1r56tPXGNmcsU7EaN8V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683837, "uuid": "bad96c78-c29b-43d0-ae55-2fd173d8aa2f", "value": 1066496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683837, "uuid": "2de9c251-27ec-4918-99f4-8403b74c9f0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683837, "uuid": "31c2bab1-3a22-4f07-973c-de644faf7efc", "value": "af4eeaad90b517e600570110754d9c5e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aab48b85-c9e1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679620658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620658, "uuid": "193010f1-89cb-46d0-a698-05e28bd60fc2", "comment": "Malware payload (Stop)", "value": "a228c31eb2cdd8ce4169f1854e4cb4b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620658, "uuid": "099f2ea5-b139-489f-9136-92d84a2599f9", "comment": "Malware payload (Stop)", "value": "4ef4bd047ca7a31b0bb1232236a1d4075031bf9c5b0128ab33a6948fcbe65c1f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620658, "uuid": "2054b1c5-63ee-4c5c-9d33-4cd7e6673ad1", "comment": "Malware payload (Stop)", "value": "98dd45f77bfb04018993a54eb53f2529ed7b0a0d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620658, "uuid": "655e1296-e083-4cc5-aee6-1637566fc495", "comment": "Malware payload (Stop)", "value": "2e0d99d83e643c8070dafff23c9abc13e02e805498d3c85dfbb692f846b1f7163d98c152c40f092c87bdf33eef57d612", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620658, "uuid": "a9cbf1cf-587a-49c8-89b7-6b5d6ddd5771", "value": "T111F412223BD1C533C65B89B088119AB06F7DBA70E798C99F736857385F603D16769383", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620658, "uuid": "511c685c-c762-4ee9-8e47-7b98914fda49", "value": "8444e7fbc7fdb7e9f8131a6ae8e7a76e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620658, "uuid": "7da10d19-1276-4d60-be25-b004d4e5b7c2", "value": "12288:+im9O0mhWzVZvAH37t179sBtUYhnAPsEb6UtPyZo2pGoc1EQuW8:vIYQHvw3j79sbhnkuUtPQj41fX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620658, "uuid": "20a67c94-3537-4070-8dd8-77f4f46831f1", "value": 733696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620658, "uuid": "89349593-f0ae-4382-aadd-7296746ae589", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620658, "uuid": "c898cc14-63e6-430f-8a43-7cd4186258c3", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63e066f7-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (ModiLoader)", "timestamp": 1679660053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660053, "uuid": "51506cf6-2e76-4d85-85aa-7a9ee2b3f844", "comment": "Malware payload (ModiLoader)", "value": "6cb6f7cef28a7a5ea1ce5da5dc8e72a4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660053, "uuid": "096658ea-4c38-4ebb-9d15-eee753a6c59c", "comment": "Malware payload (ModiLoader)", "value": "4fd695117a6e08fa904e7bc528640c25ac5cf17055bc75b39748dbb4bf9c3af9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660053, "uuid": "2e2bda74-626d-400f-b8f1-a5674bf9d498", "comment": "Malware payload (ModiLoader)", "value": "5f6d81c356884db5f61967532c4da6b79e387f4a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660053, "uuid": "d6f20da1-bd7f-4330-9775-7eefa2106bc0", "comment": "Malware payload (ModiLoader)", "value": "725261c2f1d7b7ec1df66cbf099059754f7326acaf225ae5bf21e37d02b4797a64bd742cbd063a205e7b1e6c6739722c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660053, "uuid": "6647aa06-8527-4a6d-96c5-ee076e135f19", "value": "T1ECE49D21EA908437C13355798F4BE7A4682CBD316E14BE8EAFD02D9C5E792817D253B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660053, "uuid": "eba7d2c6-3649-497e-a7ab-29bd0b4c9c8a", "value": "dafc4f5e149ed150bd97ebd590d5ac53", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660053, "uuid": "3729427b-d298-4ef0-ab1e-1a1dc5584ced", "value": "12288:XP31nwx3zw3CxeCSimftjiCLc5oUyjfhCPhVzwUfNOXxeM36j:fFnozwSeConLnUyTmTzwjxt36", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660053, "uuid": "27458591-7cec-4b3d-9105-d52536848ad3", "value": 702976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660053, "uuid": "a2196763-6b67-4a3b-8c45-0d78cb151b40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660053, "uuid": "b5621a91-7315-4d36-83c1-4b54cb3da24c", "value": "04352562561652.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b0d5af1-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679639906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639906, "uuid": "83d15c24-a032-47f0-9f3a-4e712e410bbf", "comment": "Malware payload (Loki)", "value": "a7a8649efd8d0ed5ed1194028187bf66", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639906, "uuid": "e266477f-8b25-4b1d-aaff-34da06b1073a", "comment": "Malware payload (Loki)", "value": "5224ad26b096f110856cfa5e9713928ba3704c860b3ea022ff4c8b271c2a6997", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639906, "uuid": "f2876b63-2f83-4335-a89a-19bbef59d9dc", "comment": "Malware payload (Loki)", "value": "e989b3f25655c2b9c8a92e999e3054a967c559b9", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639906, "uuid": "db9e55a3-8c92-4941-a679-98dd47bb399b", "comment": "Malware payload (Loki)", "value": "55105330db54881ac9115dac9e0eddf2b86332e1e0c2ea8370c754464dcddccb50ec62ba804bcfbc587a2f7b290b6bee", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639906, "uuid": "ff61b356-732c-41a2-aac4-8eef9ea36d5d", "value": "T123E4E044DD7A4E75F8E9D3F42560173A07A8BBA12061D1488FF968CA3DEBB2309D194F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639906, "uuid": "f996b693-ac8f-42d5-8fc0-fd8ba10b0ace", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639906, "uuid": "ef33b267-a7d2-4c37-a376-6c743ed3f381", "value": "12288:Uajs6zcep+oxWhWo00XLwjeU2qxlhI+iml76ecGU04bqoxfLuoVHRxmkviZwd+:UDep+oxaLHkI+z7T40CFxfL5ZRliZG+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639906, "uuid": "95c71275-5d93-4e4e-9207-031f984aaa57", "value": 717824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639906, "uuid": "13b23c04-bca3-47b5-9502-02b34934400d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639906, "uuid": "b061947a-121a-4edf-8705-8aa4a2bf5e32", "value": "DHL Express Receipt_Awb#84571089602.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dde84c97-c9e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679621603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621603, "uuid": "81309fd1-590e-4590-8dfe-1962ec5e0f88", "comment": "Malware payload (Stop)", "value": "4ea98ee0b78ec35ef65391b98a84beb3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621603, "uuid": "9ada7c4b-b62f-4661-a136-a53816375bf6", "comment": "Malware payload (Stop)", "value": "52df416537250c88db017edd6a56282707f80ea38e3c7d4f9101d88c171bc49e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621603, "uuid": "be0d3d7c-2514-4a6f-ad5e-5866fa6df14c", "comment": "Malware payload (Stop)", "value": "3eb99a9752c18d9396e63587d401b42521b36a89", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621603, "uuid": "d5dc667d-a074-4aec-92a1-eb645bca0455", "comment": "Malware payload (Stop)", "value": "76a4016c7a74aa13eb7689524a1cd17317262b02189ff82ae8c04d2b2f904af58fc5ff96aa0fa95926884572fdae137a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621603, "uuid": "1a79dce5-43d3-417d-9536-1d2c82df1cfb", "value": "T11AF423123B21D0B2E59A8971A114C7A4BFFEB87266A0C55733D843BF0DB0780BA76757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621603, "uuid": "db8a4ef0-e615-4c91-befe-7513217d36f9", "value": "8d9508e89d467f2b8f17cb75c34b216a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621603, "uuid": "14781f66-8811-4fa0-b27f-47e12512b6ea", "value": "12288:Gf0wxenRBIAj9xOAMTDds007XrChHN0aV9vZoVabelKzsWhVQXvnwTr2ooP6:6KtjeAM/ZIr47lfelKzefnFooP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621603, "uuid": "fd49fbe9-1320-49b7-a184-3b4c0add5190", "value": 731136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621603, "uuid": "3f8f9fa4-c89d-4aed-a5bc-a84de207b578", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621603, "uuid": "6f59323b-31d1-40de-a9b8-2b28648d13bc", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "caed91b1-ca74-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679683848, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683848, "uuid": "65347972-bfaf-4c80-9770-605a0d4150a1", "comment": "Malware payload", "value": "f6167d29a99d9b2a633e2c89761a0d03", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683848, "uuid": "d226a2c0-b155-4563-921d-79fa4aa1d111", "comment": "Malware payload", "value": "53ede26e1b5b7287a78002c268363493d9aa8b35ab2cdb571444adcd7a4752ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683848, "uuid": "e884b2f5-5466-48cd-abfe-df5163e51636", "comment": "Malware payload", "value": "3ce2f2443951cc6db70cf07d4a17a7d0a46b1dad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683848, "uuid": "8167c1f1-17d5-4af4-b381-52c9f6ac813b", "comment": "Malware payload", "value": "be3d0ef9de4006bb071c30dbaa636ac7d273400320becb54eae5d5b35b5c2e9681d976f139a81c5df92edf2c83586c39", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683848, "uuid": "fc5da27c-e64a-400c-94ef-584bf1ce46f6", "value": "T14C56330033959BB7DA39D63460859567BEA3DB6C89E90D4BF245A2033FB30B0571BA73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683848, "uuid": "c075c868-3068-4ccf-89c5-018d33b2e6c4", "value": "496fff7f26eb25a135e9d530fa8ef62e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683848, "uuid": "147a4ad3-f502-437a-a769-dd79edf11a02", "value": "98304:AbvZyYdxZpInRynqqvSex6jwDS1bEONKtPUj5o38qYV89b0pkMaftnrWL:qJLInR6fNWEYqR1ftiL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683848, "uuid": "6f4c5d43-1071-4c5e-8fe8-1ca42ec855ff", "value": 5990704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683848, "uuid": "ab04e230-0176-4f47-9d40-4c8b0f6de4c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683848, "uuid": "1f9cbcd8-5d76-49bb-8b78-aefdf16c5a6a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab9dcca5-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679672199, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672199, "uuid": "2702ad7c-ffba-41e9-a8c9-2e91f411e228", "comment": "Malware payload (Mirai)", "value": "11315f134cec858b69bd4ed8546ec792", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672199, "uuid": "5d7d1d5f-cb79-4466-b5e4-e43c2a41fed4", "comment": "Malware payload (Mirai)", "value": "544ef8494c0847d23b594f671f5ba3fab5ee92b54b2f8e841a855762f8d4cf19", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672199, "uuid": "cf0e19cf-d082-4c77-af2d-6a34cc0e332e", "comment": "Malware payload (Mirai)", "value": "fb68194cce417feb1819898a517670f11a543b62", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672199, "uuid": "73430d24-0283-48ea-ac9c-284041c08556", "comment": "Malware payload (Mirai)", "value": "4429379436827f918a3b3e03c162b39b9284f4008373af52a0fe5aba066c522c5df7fdefd0672ed00ad45f44216ab0cc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672199, "uuid": "1a9e73d1-2fa9-4f15-84c8-bf75587fef49", "value": "T150E2F1D4F5CBA29BF7EFCDB11A91C3E027B0CB95B7AA8E6152604B10729B4658F04DC4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672199, "uuid": "366eb99d-acf0-4d34-9081-0c467a5a772c", "value": "768:kLXsWC+bAq+VXJYbQUu8dJloL58q7Kh42E4uVcqgw09Dm:dGyJYkU5P08q7Kh4B4u+qgw09K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679672199, "uuid": "dbd4a24a-bd46-402d-9239-5d8db4d936fe", "value": 33540, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679672199, "uuid": "7730282b-20d4-4300-9d3e-f0df9eac3304", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672199, "uuid": "cf76e3d9-9ce9-4db3-9112-223fe7bcd961", "value": "11315f134cec858b69bd4ed8546ec792", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d030fb99-c9f0-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679627164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627164, "uuid": "348d429c-7a2e-4800-b88f-bfed4aa898f3", "comment": "Malware payload", "value": "e451461492849e6dd93e1280d86294f7", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627164, "uuid": "e6b651d2-44e3-4908-b237-097447f71540", "comment": "Malware payload", "value": "54ba415f427da70d122382ef32b4dbed321c8b6288a134fff1bb2f6e0ac7588a", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627164, "uuid": "14bc121f-c528-4415-8e35-789deb730aee", "comment": "Malware payload", "value": "06d270d06e01a4ad4688e78fd0a807fb274e76cb", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679627164, "uuid": "0da8f7d4-7180-4f76-b9b5-afc4ef4f495d", "comment": "Malware payload", "value": "2651d1765d80b867852834e0a4aa51d1b30036619b12b40d96dc7771264de81f69623db78820857d0490ea267c45dfc7", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679627164, "uuid": "dd478325-305e-4743-986c-f32d453dbf67", "value": "T1DBA3F119327AC419E5841C3C5DC2C6DB3371BF21BE43170BB2D8B71E2A7A6A18613B1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679627164, "uuid": "b8150741-bd6b-4c4b-8ffb-095d9cd95a15", "value": "1536:pX9KpjzYhVcfKWkjC7neegur5GJvYGtmev5JIB3VAvg5Eo8rDVoGea:pXojzMV4lgC7neDuVaZmkIug6oeDV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679627164, "uuid": "e0d87f8a-dad4-461e-9f31-e2a2f04a68b0", "value": 107008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679627164, "uuid": "9af3c824-dcaf-4a5f-a7b4-ddadf0e2785e", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679627164, "uuid": "0b7fe560-df91-421a-8ed8-76bf614429a9", "value": "dumb.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "872e1b5d-ca73-11ed-88f6-42010a9c006e", "comment": "Malware payload (IcedID)", "timestamp": 1679683305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683305, "uuid": "11c6503b-ecd8-491a-82ca-e460ab1e4167", "comment": "Malware payload (IcedID)", "value": "5794e7d7f9ac624535b2f8dc2a5285e8", "object_relation": "md5", "Tag": [ { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pw-749", "colour": "#42D37D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683305, "uuid": "878ec556-e9cb-4a40-bc9b-afcc8514777c", "comment": "Malware payload (IcedID)", "value": "55d76b580ae98c5589b1ff9a643cc8cedcaa3bb5405c2808caf4ba5506f53e23", "object_relation": "sha256", "Tag": [ { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pw-749", "colour": "#42D37D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683305, "uuid": "13d9aab2-a5eb-4882-bd6c-d7860609cc9d", "comment": "Malware payload (IcedID)", "value": "9e66b1153eca2a15b9697499ca1e7ca9f781cc03", "object_relation": "sha1", "Tag": [ { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pw-749", "colour": "#42D37D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683305, "uuid": "50b08f47-5a69-4600-a5e2-bff71e832383", "comment": "Malware payload (IcedID)", "value": "bacef4df78ed72fa4b2e381699b79934690dd4b66cc5a27c484caddf1cd6ac29a89ede1c7f14fd555bbc862cccdca9a2", "object_relation": "sha3-384", "Tag": [ { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pw-749", "colour": "#42D37D", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683305, "uuid": "9b440d38-6e76-44be-af86-ee124d837e3d", "value": "T1DB7423C07B48296BB431D392EB34997507210BF01B5FDD9095A26F5AC342BDE26F4EC9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683305, "uuid": "15bba3d0-499e-4057-90ec-2d0910b1c5cb", "value": "6144:tdzdYDDJO+ZHogEh/kpb1A+oj+bNMGKJgCmaIn8kvmrzxipf5:tdpkDJOKHoGpixexwHfIpR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683305, "uuid": "f04cbdae-37af-4cbc-bd75-ba4d9724b7af", "value": 341155, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683305, "uuid": "eabd139c-e894-4aec-99c2-5fecb34f783b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683305, "uuid": "ae5b4353-4708-43c9-a87f-ec2c497c79dd", "value": "Docs_Unpaid_#367.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9c635ce-ca62-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679676062, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679676062, "uuid": "e8e74099-3367-404f-88ca-07b0d310b868", "comment": "Malware payload (RedLineStealer)", "value": "365316c5631a07ca410870b18a8b27fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679676062, "uuid": "c94d8531-41f9-4159-a2de-53c5efdd395a", "comment": "Malware payload (RedLineStealer)", "value": "576b98f21d6b9df500e7c158b155eaa3a10e77318dae94c510c106a1c74ed71e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679676062, "uuid": "66e5ff3a-901d-4aca-9481-619590ec5706", "comment": "Malware payload (RedLineStealer)", "value": "fa6830190b19a85a5834214ba1efc61fe8b8fb5f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679676062, "uuid": "6b4ef94e-757d-43f3-b8f4-528dc1449cfe", "comment": "Malware payload (RedLineStealer)", "value": "81e98ddae2398455c0ef618f6eadbbe9e2332ac130a1d81d49ce826b838f85ab8abf6be5c33382f02ab390d8fcb557f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679676062, "uuid": "97fc441f-c659-4d45-a143-36e9825f7d6d", "value": "T1962522119AE89037E5B81B31A9F917831B32BCD61835A37F1346B94E5833AC1D9317BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679676062, "uuid": "5ebc0b29-0465-4985-8fb8-cd1e54322212", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679676062, "uuid": "841e18c9-a34e-4d5d-ae70-163a3bc4dd15", "value": "24576:lyED+Hxa4Aig8P+/JGpMCZ1RLw5Tir/tl2Oow4m8zE9U:AEDExHgQMuMCZ11w5OTz2xw4m8zE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679676062, "uuid": "e3aba4ee-b07e-4ee1-ac22-6f460ee18340", "value": 1035264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679676062, "uuid": "576489ad-fa83-4f2a-9bc9-ce2a187ccc49", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679676062, "uuid": "0ecb872c-d74a-4ce7-9739-b27451cf1a1b", "value": "365316c5631a07ca410870b18a8b27fb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5c06ed4-ca2f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679654285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654285, "uuid": "c1c21f05-0ef8-467c-9245-c4b0d5b552ec", "comment": "Malware payload (RedLineStealer)", "value": "15e748d85d3d915f9af4203f80d79c7d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654285, "uuid": "f9a419a5-ced5-4176-a29c-e2284c555bb3", "comment": "Malware payload (RedLineStealer)", "value": "58a72c0516bd99a2f14e266e5ef58fc82209ea46a44cf2fcbb7d48d95ab5f2f5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654285, "uuid": "295ba9c9-8a0a-4f68-a33a-b0270107dfef", "comment": "Malware payload (RedLineStealer)", "value": "bfe2a2406f038156d881b09aa021d8f2ad339e18", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654285, "uuid": "0007cf98-90dd-422e-b880-f61d85108091", "comment": "Malware payload (RedLineStealer)", "value": "879f71fa30fb879e9b915941b2867054c3ae16bbe4e4e66ccae4b08bbd18abd6e6fd7a39c958e0be4e3059226f77f4e0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654285, "uuid": "a47296e4-2cc7-440e-ad56-e540cc7c4f37", "value": "T1B474BF1173E1BD60F56787328E1AC6FD6A3FB8E0EE5ABF6D12445A7F0874261C662304", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654285, "uuid": "6ee2edc0-9940-4a2a-80a3-6d9f1ca6bb23", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654285, "uuid": "8481496c-4aa1-4f5b-aba4-6d14f0126503", "value": "6144:p4HZlMaROzAR5e2illfKP3OD+7mRguzTAXulj:SHZlxMWRWKP579w2ux", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679654285, "uuid": "387e3e34-8689-43b5-8bde-737f199cb639", "value": 360448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679654285, "uuid": "7431672f-3db4-4449-a8ba-0572bd30457c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654285, "uuid": "5cc73bac-a781-437f-a21a-4b95aaaa14e4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1a4a637-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679660210, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660210, "uuid": "2afb1675-c9ff-4b87-86fd-3441d02cc66f", "comment": "Malware payload (Mirai)", "value": "57829946fd84210a96345289704c1138", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660210, "uuid": "4338b249-8a26-4729-9698-845da5452d88", "comment": "Malware payload (Mirai)", "value": "5bd4143421c39453dc03d8f4f10558b866813df348851508ac8f919cd440b2b6", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660210, "uuid": "94a3113d-3533-434f-94b3-3f206edfdb6a", "comment": "Malware payload (Mirai)", "value": "ad947fc3ef38535259c007adacdc6f0a1a4b58b9", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660210, "uuid": "5d5208b0-2cf0-4c2f-a3a8-ce0ed55a6520", "comment": "Malware payload (Mirai)", "value": "60de297a865f240cf0dc66917a1e6e56f863085170b99dac65d5015d2d8a6b02159c4a012c3a106a106047d51de27ba8", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660210, "uuid": "702a9b87-f4d0-4e90-ba9d-a6ad09e0ba3a", "value": "T18873E95AF8818B11C5C6027AFA1E158E332317FCE3DEB2135E205F6477C6A6B0E36855", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660210, "uuid": "3ab2594d-6bea-452a-af99-60e1a7335186", "value": "1536:uFndYPPZyWvL+C1xwsIOQps16aTH+sM5iT2lTRYcblW5vYIFJ:/P5SA1yo6av2lTRYcbYNRb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660210, "uuid": "75ca5762-f99b-40ee-aefb-f7fb296879a0", "value": 75064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660210, "uuid": "7d92dc8e-34b0-4e95-a217-ee9bc24085b7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660210, "uuid": "1b16ea69-635b-48f8-b65d-863bcbce5746", "value": "nigga.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7510cc0-ca4d-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679667092, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667092, "uuid": "bf357381-a7f2-487e-87af-44880f56def7", "comment": "Malware payload (RedLineStealer)", "value": "2da209388c30f0ca11f8269d37a7e833", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667092, "uuid": "095b9504-f46e-47cc-ada9-790894128054", "comment": "Malware payload (RedLineStealer)", "value": "5d57ad56d15f7e76bd3ead79872ed1224f720e8a010f8282f4ae62f47a744f29", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667092, "uuid": "cc5e0ff1-63e6-4279-9285-6c5affe3c0cf", "comment": "Malware payload (RedLineStealer)", "value": "1b3debb25203faed2905ab1e88711a5203ac6688", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667092, "uuid": "d615a3f9-a883-4207-9fab-30bf18a5b10e", "comment": "Malware payload (RedLineStealer)", "value": "2f71133bf51eb531f1555882f9063383692ba9f9079b318d471995f90a1d5969c302443430e6068ed7868d7b07aaffd2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667092, "uuid": "67e47137-dc28-4534-83e9-6638b59ac505", "value": "T13774AF1273E1F960E12387728E1EC6FD663EB8E1DE19BF6D12499A7F0C70261C662315", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667092, "uuid": "69b8829a-6cf7-4045-a777-c0f07bd371de", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667092, "uuid": "4384eef3-ef15-4b81-ae07-2ff2614783bb", "value": "6144:3VmQiKEL+vaDECbV1Ns5zThnNDbfJyYhVsYuSCcwGd5Hzxj:lmVKELMkWThBNyYzDC+d5T9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679667092, "uuid": "35240e74-0451-4394-b909-45e20b1fde78", "value": 360448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679667092, "uuid": "69759010-db25-4f9c-bd5b-d3a0c61f438e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667092, "uuid": "567f6db9-80ca-4605-ace5-2ea54a1adff2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57c85e04-ca11-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679641135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641135, "uuid": "27df9547-f79d-4597-a1a5-9abe28ba36c7", "comment": "Malware payload (Gozi)", "value": "a03e51781fbf641b6bce7863f7990f90", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641135, "uuid": "48db212e-6697-41f9-8978-e73ce542533e", "comment": "Malware payload (Gozi)", "value": "5e13daad538571332b6944ab418c0004cdb0cf8aaf7e368270d29dc8d93dcddd", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641135, "uuid": "a7b86964-7d2a-4101-90b4-cb705aa4eb6c", "comment": "Malware payload (Gozi)", "value": "6160e801d60495880636741d643927c4631de8a0", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641135, "uuid": "bcb401db-8c44-4068-92f7-5166e6cc01ea", "comment": "Malware payload (Gozi)", "value": "a9aaf76be1b5d49765e04b2292558c9f565bd0f79da75d75efdfe2875895a0b6f7fea7924c24875d2ee687a6f961a201", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641135, "uuid": "5f564865-307e-4820-93a8-4e844dd5c065", "value": "T1CAF027ABA512543BEB4736F85054F7A81C3A0A2E4990544E4FBC34611C816CAAB81B02", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641135, "uuid": "20f1ab70-3673-41c2-b049-fbe9c8301094", "value": "12:5jkfaaIqfZfgino3vzpw+jv1f5zleugoUadIiSMMxx:9kdIGZ4incvlwivhPeu7nIyMD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679641135, "uuid": "a64f29bd-af1b-4305-b230-c72d684780de", "value": 517, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679641135, "uuid": "f3539f10-9e98-457f-a625-b63e4a150cba", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641135, "uuid": "3181f900-9fc3-4e95-86fa-d635fc7c589a", "value": "Organizzazione208.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3674b4c9-ca32-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679655252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655252, "uuid": "822933ef-db14-434f-953f-732343842551", "comment": "Malware payload (Quakbot)", "value": "92bd25eaf2122b46434941a2488cb5c9", "object_relation": "md5", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655252, "uuid": "0a1ef353-eb6c-40ac-a5e8-ef6b49f2c1b9", "comment": "Malware payload (Quakbot)", "value": "5e30ec1e1b1e5e64a98dfe05ca8d151ed1c0180e8ba3a01f1da8b26d890f8300", "object_relation": "sha256", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655252, "uuid": "4e57e7f8-4032-42fd-b54c-b074052fe938", "comment": "Malware payload (Quakbot)", "value": "526afbc6e5f20d14e5045096c0a9ebdb0dcb2ce6", "object_relation": "sha1", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655252, "uuid": "c9fbd54c-d510-4792-8dff-9e02e2f6b1b4", "comment": "Malware payload (Quakbot)", "value": "59653d51ecac0cf53ce93ac8e9e620561b408729925cc41f2bfeb192ab093562de835808c9bd641780d693970eebfbaa", "object_relation": "sha3-384", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655252, "uuid": "b4cadafb-3e28-477d-9c02-48e9faaad666", "value": "T123458D43BBC7C1B1DFD605F695766B7A4939B9380B3888CBB3D0346EC9A06C1A635316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655252, "uuid": "acfe8537-4c11-4472-a8af-3baa03b71cfb", "value": "c838d1a15fac6fddafb036f322459302", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655252, "uuid": "e1070c01-ba71-4115-a934-95af30f721f7", "value": "24576:k/QKBLJ2TutS+yAFHBdfuwufXJFeZahuC9T6r57hoYNtwj:bRgqLMZc9TY57Oetwj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679655252, "uuid": "802ac646-63e2-4a94-8bea-1abefdfcb4be", "value": 1165712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679655252, "uuid": "c53fdf97-67fe-4ffd-a868-702e19a41aad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655252, "uuid": "0510675b-b4b5-473e-836d-6c150f8b7898", "value": "peenge.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0d1b520-ca18-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679644344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644344, "uuid": "27e02233-36b9-4877-8742-3f1d92a48c93", "comment": "Malware payload (Smoke Loader)", "value": "e909cbbe4152e8cb072c716a240ab34e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644344, "uuid": "b0052c7b-6f83-4633-acde-b729c8fae0c7", "comment": "Malware payload (Smoke Loader)", "value": "5e4d63cde2fc36ea485d524cd8300e2f2671dc05590414fff31fb9ca96687ddf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644344, "uuid": "3d92b236-375c-4218-b982-34af2e382397", "comment": "Malware payload (Smoke Loader)", "value": "54bb070e7f30b9c2fc638fad6b53f891e8989acf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644344, "uuid": "384d74be-2832-4bc7-a83b-bdb5c0eaea2a", "comment": "Malware payload (Smoke Loader)", "value": "137e41de14250e95a7c0ef7a089f378a3d2e54d35e39ccb5bfd4be3b09495931a01ea8320133808953aca6b3ae4d1670", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644344, "uuid": "471c1182-e423-4ef7-9df7-70c4c28fae57", "value": "T1D8347E12B3E1F960E52287328E1EC6FD663EF8E1DE55BF6E2745993F0870261C662704", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644344, "uuid": "9f0f0c45-00e4-425b-83fa-2ecaa558bf57", "value": "f074ca07d05b404f1800905e64acce35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644344, "uuid": "79114079-7709-468f-befa-dc1bab1fad40", "value": "3072:9e++RfJ0h/xW0x6pfO/L4BuXmMbjICyZOMPyRWSnQxn+MI+nRWNOb4q:fMiClFO5baZ9yRWSn++9+nRj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679644344, "uuid": "ada11835-d5b2-485e-a517-bda51855d338", "value": 252416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679644344, "uuid": "fadfdbf2-1dc6-4251-aa2a-cc03fcf2b598", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644344, "uuid": "e813aee7-c827-4749-b79f-e08e13a12578", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b328a936-ca77-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679685097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685097, "uuid": "564a746b-fcb5-46ca-ba22-e79a2f7baf0d", "comment": "Malware payload", "value": "8700d2452d5d8f223324605b125acd3e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685097, "uuid": "7a2570e7-0fdb-40ba-b56a-5e55c747fbf7", "comment": "Malware payload", "value": "5ebeb697d30caf314b05884fd63d043c1aac03ef8d5164eefedff1bf8ceec736", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685097, "uuid": "3973ed85-f2a1-4ffc-940c-68cb098f8750", "comment": "Malware payload", "value": "de8a2b5c9c85c67158426c28ad1ec554525dbf65", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685097, "uuid": "7f225d91-5fd5-41b1-9409-7c978613aaff", "comment": "Malware payload", "value": "31a8b94cfa52ac459f2e63df3467d40b2272096de2711ea4c7bd069d8e6377bfe4d202dc7976196002065dc36a0c2368", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685097, "uuid": "a7646af2-c867-4385-af64-20c4b05fcea3", "value": "T117548F0273E0F960E52787728E2EC6FC2A3EB8E0DD557B6E16959D3F0D702A1C662305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685097, "uuid": "50cda6eb-f305-4197-85b4-d0b64d559cc1", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685097, "uuid": "26abd418-3f0c-4ffa-943d-ca76122f96ea", "value": "3072:coK7fa2Bg6eq62Cw/0/IVGrUkZlGQuYhpOag6gXqtMAiFw8KMUxWN8aeDr:pqiV15IVGWQFhpOSqqFiFw8KBxva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679685097, "uuid": "c671446d-aecb-4556-9f31-08432e218608", "value": 283136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679685097, "uuid": "3e5d9cf7-ce55-4efe-bf11-1b4688af0860", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685097, "uuid": "80cb72a6-900c-410e-a726-683d19264094", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a724b7e8-ca7b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679686795, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686795, "uuid": "37f62023-675b-4e6d-a212-770f606406c1", "comment": "Malware payload", "value": "74d94dab71aecc2af6b9a98df84e9c1c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686795, "uuid": "824b90aa-5f6f-4f2c-a1e1-320d7a3a5404", "comment": "Malware payload", "value": "5ec9843a2aee2813c1d99bda8df3a2518457867e63522a5b2075d30b7eead0d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686795, "uuid": "c599de7a-417d-483a-af84-c99bcffddfe1", "comment": "Malware payload", "value": "4c8e540e20399b74c2161b756e198645a24990fb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686795, "uuid": "55b345c5-c52c-49c7-b8b9-9ab09b85f656", "comment": "Malware payload", "value": "775bf81fc1ae72fce2d221f8df3a0f7d900a8ccfe5052e6cfa274f6ce98f5ab14f5a31cfccca396d3cdbb5144df023f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686795, "uuid": "403e3d9d-bdb4-434f-885c-f871a5f24d4b", "value": "T1B0548E1273E0F960E5238773CE2AC6FC2A3EB8D0DE15BB6A17595D3F09702A1D662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686795, "uuid": "8c45c035-b23d-45d3-9115-38c0683438e4", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686795, "uuid": "92671ddf-f833-486d-a926-b55d81ba68b9", "value": "3072:qoRz8e2BHiAqkUCwTsLMpMvV4kZD3y3VJbqBryE3xYriaN9BcTuR8HQEgWN8aeDr:jFFqJbMpM/MJbguE3NaNUTuR8H6va", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686795, "uuid": "90f00c89-03ae-4d9b-8ca3-c082da68cde9", "value": 283648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686795, "uuid": "95f6917f-8f4b-476a-8fd2-64df5fff6487", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686795, "uuid": "52a14016-83c7-4d81-b0a0-c4378487f553", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6265331-ca89-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679692833, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692833, "uuid": "61a71c85-dd21-4577-9dac-7f3693807848", "comment": "Malware payload", "value": "1b091d568b361f576ba2af84a4578f1d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692833, "uuid": "d196ad36-407b-44b3-8efe-18649f9d70a7", "comment": "Malware payload", "value": "5ecb8f54488ba74740c4523adc1cfa1529f96ab09fa0e8e3fe13ae629653167c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692833, "uuid": "16845d41-c648-4be7-8e08-a55d59538217", "comment": "Malware payload", "value": "daee19301b2a6cacabf1a243f95305e8d5d61fb3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692833, "uuid": "c9c77d0b-2ef9-4018-b28a-ec7856993f21", "comment": "Malware payload", "value": "7fe13f617fa18588eee58e8cb36070b356b22015c4e9a41b9a15c895d9b4ab6f8e4f0b0321ae107f48cacd74991c63d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692833, "uuid": "74766821-68b0-424b-9425-bf0f5a76506e", "value": "T14E84B02272E0F960E51787728E2EC7FC6A3EB8E1DE15BB5E16585D3F0D702A1C662704", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692833, "uuid": "7e8e3128-ee34-4c39-a68b-7d3d545550b4", "value": "a1305c8588ad78686efb12226f3191f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692833, "uuid": "f0d35f77-35c1-4cbe-8aa9-38f4bc0bea70", "value": "6144:0kfMT6XyZT50aTAFbONcD1VXrSh7U1hLpkosTXzfZZmLpe4Wva:VfMT6CZTOaTA1ONcxJs7U1Rp3UXzR4t/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679692833, "uuid": "ae99ea6f-f6d8-4051-b478-1ff7b6093e08", "value": 391680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679692833, "uuid": "7486d584-bafc-4496-8fbc-690d82cdf1c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692833, "uuid": "ecdfc768-d109-44fc-8993-f56937ef8abe", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6af95a7-ca1a-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679645267, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645267, "uuid": "a9193e6c-2b48-4e2a-a967-fa713d302bbc", "comment": "Malware payload (CoinMiner)", "value": "5dc80ae7fe21de5e8ad37c209a53c8a0", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645267, "uuid": "7052d73c-365e-49f7-bdc7-c76adb65311a", "comment": "Malware payload (CoinMiner)", "value": "5f030ba62ffcff8862052215f66dc861c31b3219d1ca0b03032bf1d83635ca5c", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645267, "uuid": "af4389ce-8c3f-4d4d-a029-9d08ab30a8cf", "comment": "Malware payload (CoinMiner)", "value": "f12a906e00251c973499d8a959eb7ef9324ac131", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645267, "uuid": "269d7dba-e515-4fc1-a81c-7e320db99b5c", "comment": "Malware payload (CoinMiner)", "value": "bf954a9dbd2909c56da060764cda8cc85126d54b3f85d49c4c805797bb484d2ca8a00504ee8f4c232072c81f21ae02bf", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645267, "uuid": "b0382983-97e2-4a18-8c3d-044baab980a0", "value": "T101347D1273E1F960F52287728E1EC7FD6A3EB8E1DE15BB6E2349993F0870261C652714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645267, "uuid": "2a37b1ce-ed43-495c-a318-709396c0f994", "value": "f074ca07d05b404f1800905e64acce35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645267, "uuid": "b8f36a16-8475-4724-b9df-97be36d7967e", "value": "3072:ZSq1sJchbSIBxBs7OO2pRuXD2zswv0npyS5HtPeTYH87X/kkGqXWcWNOb4q:bpVRuwQ2zknQS5HtP2Z7XxGMnj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679645267, "uuid": "b2e1e69f-ec82-4857-af4e-2c9677d00818", "value": 251392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679645267, "uuid": "157c5618-e56c-448d-bf03-716262dd43b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645267, "uuid": "48ace011-d988-49a7-90c0-1f31415c19f8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b15daa6b-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679672209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672209, "uuid": "ebb62ba9-fa0a-4e8b-8c35-17704f2c153e", "comment": "Malware payload (Mirai)", "value": "460bf1a4bb6d6b6e8e02b20a3b4a52d7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672209, "uuid": "1b51cc0c-bd86-41f9-9d84-07fd24f2c109", "comment": "Malware payload (Mirai)", "value": "60020b4b53a0f2acd97d487028df1aab3694562e7d4bfd38cb46ad611af01c23", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672209, "uuid": "58e5de3c-c79d-47ab-8e73-c80ff3d184bc", "comment": "Malware payload (Mirai)", "value": "5454e7e0eea1aac451ec58c71dcc95d4f51bda4c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672209, "uuid": "0ba80a12-8f95-437d-abcd-ca0fa2fa12aa", "comment": "Malware payload (Mirai)", "value": "3594c289d81811c3e0bbdc021859c86964845a0dcc454427a7e529d971a8c65d57fc656fbdb05264b266d2465901b70e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672209, "uuid": "f3db00ff-d216-4584-970b-743cb0cc1005", "value": "T18FF2F1A5600E39B919916935DF5CE5D20B1A8B7882F73019471D0039FA8AF605F7CBFE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672209, "uuid": "a0e9fa28-1842-4166-8d1d-c4e8b3248dc5", "value": "768:kPU1yQAL/XJHozq+atq7HWzWZ+A0U79/jmgus3Uoz7:ryQArRozq+Kw2q+A0+BiCz7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679672209, "uuid": "2fcdc9a5-002e-467c-9260-de9e918e5141", "value": 34912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679672209, "uuid": "e6160f7d-8966-4b77-b327-831e91357078", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672209, "uuid": "2350fdfc-69b4-460d-b6d9-66e6e2d8ebce", "value": "460bf1a4bb6d6b6e8e02b20a3b4a52d7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10582b05-ca4d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Tofsee)", "timestamp": 1679666785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666785, "uuid": "e9a854fb-74c0-4083-b886-e8320678e202", "comment": "Malware payload (Tofsee)", "value": "0bb6577c959d800596d24fe7463ef0a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666785, "uuid": "0af7470f-13e7-4a86-bb37-e0d9f45931a4", "comment": "Malware payload (Tofsee)", "value": "616dedb19b5779b772d3c5050a3097193682bc8851118e061183bdfaff7ad0fc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666785, "uuid": "10fb0d0a-6fda-4d57-9f13-1ba7a9196495", "comment": "Malware payload (Tofsee)", "value": "76dca664e491f616de6c2f2bf500e3d28c9eea07", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666785, "uuid": "2ad259db-e5e5-43c7-8383-624ec5ad8bd9", "comment": "Malware payload (Tofsee)", "value": "64462225c77da8f0b9f3a1532622242faa61fd061ec000771570ed3c95212c9e7f064ee66353fde5342db3a988f169ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666785, "uuid": "7482d516-33ea-4f10-a35f-1e4908311962", "value": "T1A5447D1273E1B960F1278B328F1EC7FD263EB8D1DE55BB6E12559A7F08702A1C662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666785, "uuid": "720df47a-f0f8-4ffb-a5f3-bd447967b91f", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666785, "uuid": "eb65a6fd-be1c-433f-812c-1d0a95e7e64a", "value": "3072:FHg+miRqVpNvVKcTi15cb7R/XDmncsoesLw1qhKiIY5gZfWNObhr:JJmlxYumOycbw+KlY5g5j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666785, "uuid": "100a4890-6110-4f7c-bf22-476e643d0c2b", "value": 253440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666785, "uuid": "e8a3db10-85ff-4f8e-a84c-601c233c6ee1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666785, "uuid": "7ceaa4d0-ba46-4a96-bbb0-ade9a02f7c01", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "635341e0-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679646308, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646308, "uuid": "6684b4e0-5d0e-4065-b03d-200130ad3ad0", "comment": "Malware payload (Heodo)", "value": "b3dcbac047390badb8ae7a5665e32763", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646308, "uuid": "6540bf9d-2f62-4034-8ff0-1cce05c29f96", "comment": "Malware payload (Heodo)", "value": "6425c7166875c6576849505db3e9ddf655641afcd7ca9d3aa53d15806a01a848", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646308, "uuid": "e8eb1bbb-bfb0-4aa8-90c9-601b91f20348", "comment": "Malware payload (Heodo)", "value": "9fca1aae40acf6eca2547609325387d151ef208d", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646308, "uuid": "a6e26286-3309-4dac-afa6-843e9fb5b702", "comment": "Malware payload (Heodo)", "value": "b8d091273f2e4ba82a854f073315ceaf57c43d1e9905db897191f00e8d72cbe35734ed98d068339bf14e5a2ea0dec7c3", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646308, "uuid": "26886e3f-aae6-4c05-8427-7084c8bcf266", "value": "T17644F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646308, "uuid": "1a621286-be1c-4e02-9da9-4f248deb99e2", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaB:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuVu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646308, "uuid": "389799ca-32e9-423a-ac5a-f97e5c8f0713", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646308, "uuid": "b15cec38-fe97-4507-b07c-169b053aa2f6", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646308, "uuid": "c4cc2e1f-d65e-4964-af59-2975fbbac60b", "value": "HED-010323 NZJF-230323.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90c98ea1-ca61-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679675590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675590, "uuid": "5f6d6c67-0a63-438c-a834-7292c793fb6b", "comment": "Malware payload (Amadey)", "value": "5b77d1b9121cbbeebe3f4e5c078380b5", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675590, "uuid": "36004b02-0228-4e51-b8e1-d6c2698ce5f3", "comment": "Malware payload (Amadey)", "value": "64aca7057a61b52f8630a3e5e312efd0c0a2004c1596cdef29d483f8e97b346a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675590, "uuid": "b46d3843-0172-42f9-b2fa-b53bc76ac5b2", "comment": "Malware payload (Amadey)", "value": "433de61d420d74a6cf92d2cbe7e10eda0e33c7d4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675590, "uuid": "da1f2cb7-f728-4f52-935e-6effa9d5932d", "comment": "Malware payload (Amadey)", "value": "573b0bd3d88cbe93d6f4d860831d9b7ecfa75b6ed4df465d41d723adfed903f5188c879a0da4150670467317e39eb50c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675590, "uuid": "ff1fb312-5912-4dbf-a282-47ba11820527", "value": "T116549E0173E1B960F52787328E1EC6FC6A3EB8E1DE55BF6E17449A7F0870261D662318", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675590, "uuid": "c2231c17-28e5-41ee-8f7b-e96a6c27377e", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675590, "uuid": "ca98f56b-ebc8-4442-881f-c9c67bb76caa", "value": "3072:9usm5zdjqLkkqdID8TUtxbuDlnT0psj+RIdoZV3yZHQjfw0YJdPz8LJlCNDTvgWH:oKJQIhsyRI4V3yZHQTFYJp+lqTvgj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675590, "uuid": "9138b219-5e5b-457a-84ef-ef61dcc1e7f2", "value": 299008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675590, "uuid": "8b2916b6-8d25-4be4-b176-688d34deefaf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675590, "uuid": "d8a535f2-eebc-4697-825f-45a71f50ce46", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8199f746-ca8c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679694033, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679694033, "uuid": "a143d2c0-9b29-4d2f-824f-f57c1aaca9ea", "comment": "Malware payload", "value": "30f6caa4e5acce16a6db8b1cd8aebb30", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679694033, "uuid": "88df80f5-80d1-44b3-a594-4612ce9e844c", "comment": "Malware payload", "value": "6781a85bf0dd90e3ba1390143b17c08244f410dc165fa61bf7d6dacb4a4c8656", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679694033, "uuid": "2fdf451e-836a-46ea-8f71-15769d384d4b", "comment": "Malware payload", "value": "00ce3992348f3c28a432675fd983e5da50f8e4c5", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679694033, "uuid": "c3892bcf-37e4-4fdc-8c5b-035c35e40c35", "comment": "Malware payload", "value": "56521056a3c4130c33f9b28634954eb3db41619d3934b9b29f8ccc9b6154ad07a264919b78f2b650694f7c2952efbf9c", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679694033, "uuid": "d4c3ca3f-6c70-467b-b4cb-411d11c5f14f", "value": "T15835DE347979BC2043DBD91334F14BA65CD9568FC5703A3B199AD423AA382C265B22FF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679694033, "uuid": "4692e68c-9592-4df9-986b-bed5f8bbe383", "value": "1536:FFrMcs0Vq6qDCDbpyOHmc6iMH8d73D4xIm+lIWFg7WbYyO/e1GNURb9Bq79RIGrQ:FFXZq6qDANyOHmc6Zu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679694033, "uuid": "11620ad5-a658-46fb-b1ce-73efdbc06c5d", "value": 1149367, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679694033, "uuid": "bc850034-0a04-44a7-98bf-1640af9672fc", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679694033, "uuid": "a4234754-86aa-4cbf-8619-4078d9002869", "value": "USCORP.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d66436d-ca48-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679664686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664686, "uuid": "6988a548-6511-4e53-af8e-aff7f7929aad", "comment": "Malware payload (AgentTesla)", "value": "8bfa8aabb77a2e81e7c44a902ee1b23a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664686, "uuid": "88618f60-aee2-4a10-b41f-dc3b2daa5acb", "comment": "Malware payload (AgentTesla)", "value": "6853334661bfcfcba8589d5cedb4c7be7649a28ce0530eee9f216d70ad4d404a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664686, "uuid": "2c132ccf-5345-41f7-b9aa-eacdd3cf7226", "comment": "Malware payload (AgentTesla)", "value": "9809a034ec82e35388fd3fde6ce04bf42fd990b7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664686, "uuid": "6cddb509-1c90-4281-91a1-a9fc56c8164b", "comment": "Malware payload (AgentTesla)", "value": "ac1269aca69d534004a9ba143a9a7ebf2c6dcdacf1c48dc511f2651bb6533f0544d54c40899581300224cfc2a1e53611", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664686, "uuid": "4e528e35-0883-4b20-b054-0f623534eca7", "value": "T12F64128977EDC9B7D7E342304D3A5B177EEE742661B0534B23900A2A796A251FA0F350", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664686, "uuid": "099f14e2-e196-4932-9721-32a34b99a5c4", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664686, "uuid": "e3833b38-7f35-4c3e-b20e-915cd55eba89", "value": "6144:/Ya6GVyN9Q+yiYLLSkZINcB/0JiqH38XT9tQmwK:/YQVy4iELSWINcfD9VwK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679664686, "uuid": "4ee42ba3-db59-4250-8e6a-4d9adb027bb5", "value": 312331, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679664686, "uuid": "5e6a04df-5c35-42a0-b74a-6f84957151eb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664686, "uuid": "f1067b83-f5b6-4435-8418-bc19fef00d62", "value": "PO#801644.com.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c28a9ac5-ca7a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679686411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686411, "uuid": "7411b688-4c0c-4fda-876c-a8fa70bbcf3c", "comment": "Malware payload (Mirai)", "value": "ee728628e25618eae067026a6aa7eb3e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686411, "uuid": "cbe307cd-40c7-4829-a4f0-f9bf28f72e98", "comment": "Malware payload (Mirai)", "value": "6972ac6cdb84eec7e259c120689b9ef5391979520b61c93dc57cddada43b2700", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686411, "uuid": "874d3140-282c-4fc8-b9fa-f3c3d738f768", "comment": "Malware payload (Mirai)", "value": "c605b2ee66b13fb25d44ed2edbd1f3b8625ef392", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686411, "uuid": "06536d0b-ee17-4a6b-a0cc-13e7545ecb32", "comment": "Malware payload (Mirai)", "value": "58d29d4dfd2ef461ba0ff2ffae1ec8c32988d1f70c28d70586e6b5a9431ef9dbb28bf865a17a11cef0a1767288e665ea", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686411, "uuid": "8c5b4494-e5de-4e90-8b55-2d7c895d6241", "value": "T11883AF27CD341D48CA048AB131B4EE358BA3964585873EFAD159CB68E853EDCF169BF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686411, "uuid": "7edc7931-0899-4779-a933-f94f5419b139", "value": "1536:pWuAnADFm3nkXAc+yTd4yeaN+iXViT8CY5K/KlMZPKgm45hk:KAUiSyTd48FiT8zliC45hk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686411, "uuid": "672749a6-c775-4c1e-bde4-1440e012b437", "value": 83316, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686411, "uuid": "264b8cb4-4f8c-415d-bea3-96585bb0a1f8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686411, "uuid": "bc1f0cac-5551-451d-850e-237731203e5c", "value": "ee728628e25618eae067026a6aa7eb3e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9534ebe3-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679640379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640379, "uuid": "460c62b0-89de-4aa8-90e5-fd73deb33eb3", "comment": "Malware payload (RedLineStealer)", "value": "719082dcc3c017e5b675c8b9ec74b6a1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640379, "uuid": "9c515639-75e0-460c-9ef1-a2ebe9976935", "comment": "Malware payload (RedLineStealer)", "value": "6a57409b5f4d0ae13167353c059ddf4b9fe7920647a119a70438dae02a35586e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640379, "uuid": "e4fabed6-faa2-4d94-8a46-d625626e6b22", "comment": "Malware payload (RedLineStealer)", "value": "d189e585b338d3ce5d6f0c04e0ce94aa40343c6a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640379, "uuid": "4ed7f8f8-aafb-4bc5-a51f-8c0567f63009", "comment": "Malware payload (RedLineStealer)", "value": "df60dda1a8c36ad593193298631a655d5a31149d2f014e88e5160938225c8a672f0568df2488f0b5270b6dab7717768c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640379, "uuid": "6d30c8d1-4bd0-4dbd-84cc-c27f85ea2ada", "value": "T1A4451313FDC158B2D46205320B695B21B97EBC201F75CEEB73D06A5DEA212C0EB357A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640379, "uuid": "b3733a87-db8a-41f5-a224-06362d11a301", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640379, "uuid": "72a1d64a-97ba-4b84-b0e6-7eb87624d6cc", "value": "24576:kTbBv5rUlINj1z+EmdKiTazGSfcElXv8zcAsMVMgSZwU:WBREd3GGSfNpAjpS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640379, "uuid": "b19407fc-c134-45e4-8771-bb3e4b7e9fa9", "value": 1217709, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640379, "uuid": "ac2a61d8-a981-4636-8a35-0b1708753699", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640379, "uuid": "db6d8da2-1b03-4138-a287-1624a2dcdf98", "value": "719082dcc3c017e5b675c8b9ec74b6a1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e97ee593-ca6f-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679681752, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679681752, "uuid": "ac535a5e-db4b-470c-b96a-185bb3f71d90", "comment": "Malware payload (njrat)", "value": "09a039699d3c2b826e5e2f8ad90f50fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679681752, "uuid": "5e953175-6284-450f-a945-f31bab57e26f", "comment": "Malware payload (njrat)", "value": "6c3183412fc318d586ba196d42f9399ecc84500d4624377752b4952442236093", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679681752, "uuid": "e9c9a069-f627-4509-b485-d385a1cefdc6", "comment": "Malware payload (njrat)", "value": "158c98ba265e4829c203771eb566d607c5ab0f72", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679681752, "uuid": "7ca6cd31-ed5e-4093-9a4a-6adb9021711a", "comment": "Malware payload (njrat)", "value": "5a193739933559e4c93a268007a9659e44da5153e71c827b8fab7e4ffbb7933d7cef1de676d6d1826c795f34c1b066d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679681752, "uuid": "8821d403-f636-47c3-af8a-83c934e352c8", "value": "T157032B4D7FE18168C5FD1A7B05B2D412077AE04F6E23D90E8EE5649A37636C18F50AF1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679681752, "uuid": "f8f988f6-1692-4ba0-a0e5-6b0a1164dd86", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679681752, "uuid": "43be4b0d-5f2e-4633-bc4f-762688114806", "value": "384:/0qBkiyjnDNGRn5IyUvapIrPbh+/VsIt6xrAF+rMRTyN/0L+EcoinblneHQM3epD:M35M5jUvairANsIQxrM+rMRa8Nuu0t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679681752, "uuid": "a54f8913-8a59-4a73-8869-6631e6005ec4", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679681752, "uuid": "a5994b5f-17a6-4bd9-9e8e-97eef9305f47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679681752, "uuid": "45e74521-6efd-479f-85f8-b70f26d274fa", "value": "09a039699d3c2b826e5e2f8ad90f50fc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e4cc62f-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679640287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640287, "uuid": "7291f8dd-dd1f-43ec-945e-99c203f0a61d", "comment": "Malware payload (Gozi)", "value": "fa8a0fbe498ecc2e325f96aaccdde7ea", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640287, "uuid": "a2d860bd-14e0-4488-ab37-ab49d153cd0c", "comment": "Malware payload (Gozi)", "value": "6d33f688e7bdebab0f6247daf2236287d00cc43c9c4156bd9f69081427ebf453", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640287, "uuid": "41d3aee6-e35f-488e-b034-d1e6ee95a503", "comment": "Malware payload (Gozi)", "value": "4b800571b156a008a185aa8ba84b9988eb2b7d1a", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640287, "uuid": "88a488d2-dc5a-4e42-8ee9-031e947f006b", "comment": "Malware payload (Gozi)", "value": "c58c9f9c4ba76bd1c4e62d054abdea3d551f1e9e608985b1d1d27be41a1a5ecf07d2626b935843fa53550902428f865e", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640287, "uuid": "7168fb86-9500-4a2f-8d8f-f51ee79219ff", "value": "T198F05C8465EBD277D11F66F9F176E2261DA5278DEC51B045E83820E00991A781742F4E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640287, "uuid": "4b64c8a2-b2f0-410c-a347-537622b47809", "value": "12:5j4w6Nz8T5QtHZ0mdriIdPL4uho+6hs0lB7Mxz:94wsA5eHZvricLj3gjXMh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640287, "uuid": "a43f6f04-f72f-46e2-b70e-e8c2a8a8a896", "value": 487, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640287, "uuid": "88378f89-486c-45ff-ad52-a7d80412d5e7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640287, "uuid": "ae473d88-a03d-4c0f-84f6-817e6e90972b", "value": "Documenti210.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdfb21b5-ca7a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679686511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686511, "uuid": "8b19f6e2-38b4-47e5-8687-36c6504552df", "comment": "Malware payload (Mirai)", "value": "97b093e1db01c6b7f1d4198eaa348dbb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686511, "uuid": "2055ec48-4f56-4404-855c-cd64f5c72ed6", "comment": "Malware payload (Mirai)", "value": "6d43f0f2b9139c5c9e4552642dc8629775367c521c024ed355dd636de35a51c8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686511, "uuid": "7ebb6613-25a5-41a2-9213-0e0ab823d78b", "comment": "Malware payload (Mirai)", "value": "ece52eb69a1fb90b43b8b4fb138551129d68b8c3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686511, "uuid": "78ee4039-4e35-4898-b848-18ee92412a99", "comment": "Malware payload (Mirai)", "value": "3c1a5c5b8d3c44c8d2b139522e857bf2ae09bdaee6a8ad4b8ab2c39ed533f15e1f7faf727c5aa08ea6ecb7eac3ef1f43", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686511, "uuid": "065991c4-5a9f-4b9b-99cd-5c2afc43d25a", "value": "T17AE2F10BC169718EDC290170E4FFFD0AA058D20A985DEC1FE843B67F6C5DBB82A54B90", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686511, "uuid": "df9e8acd-c66f-4e1b-8dbe-d5a5ac9df6b6", "value": "768:DZPfKE+em+BqvZttOjil6UnM3yQtNTPTEjw8bC/vGxJNHsZnbcuyD7UHQRjQ:DsE192trJM3NT7TEjIWPNH0nouy8HyM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686511, "uuid": "3a17cbe6-dd9a-4820-9eb4-3be53c7f6dc9", "value": 33332, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686511, "uuid": "abb29625-c500-43ce-9ccb-3dbd560b258e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686511, "uuid": "baad8ecc-9e5c-4b22-b19b-9f1140838990", "value": "97b093e1db01c6b7f1d4198eaa348dbb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71e413db-c9e1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679620563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620563, "uuid": "4c575b85-d2a9-49b0-87e3-31d17d4b48d2", "comment": "Malware payload (Stop)", "value": "5a785be3df78597450ef9967a304c040", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620563, "uuid": "00708266-7466-47e0-86e0-c80ec31dfb30", "comment": "Malware payload (Stop)", "value": "6de170d20061599ced85f74630cb8dfbe6ec11592fd3f61d261a5e92e8e5b4d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620563, "uuid": "1c10c4bd-3332-4eb5-8a75-3113dc5bf6ba", "comment": "Malware payload (Stop)", "value": "e8bd5a7cf9820e39b3d1e6f8df37ff083213e305", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620563, "uuid": "f0fa3853-c0bf-439b-b17e-77a514adf272", "comment": "Malware payload (Stop)", "value": "7f030cb7cd05711059cb71ca03c7ab57010d4d21439129d6a4a3e410474ef3047d4b7ea891c72202ef5f39ed916983df", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620563, "uuid": "511db15f-ba94-40c7-8de3-7e66dc73fb66", "value": "T120F412127B90CC36D5C789704905CAF4BA2E7572D295C49B730877FE6E2C7C0A61E3AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620563, "uuid": "52f66167-cc4a-4113-a597-3b9f8903a21f", "value": "8444e7fbc7fdb7e9f8131a6ae8e7a76e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620563, "uuid": "7bb50ebb-e5b4-4581-abe4-f3e1220a0fc3", "value": "12288:sitVwnyXN48JAcHPTofU9kvrkkQEcqqed2cj/Xwehs80qVEmMSP2AxN4Zrw:dTt93AcHEf5vgYj/XweEqiy2A4Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620563, "uuid": "17ffddb0-7929-4382-9338-e6544420b14e", "value": 733696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620563, "uuid": "996fa378-fa02-44e3-9012-61f548e07188", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620563, "uuid": "5d3850e1-c0bb-4c65-8ce6-77c408182a6d", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a710a916-ca75-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679684218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684218, "uuid": "761cd693-76c1-4e08-8d1f-326074902e64", "comment": "Malware payload (Amadey)", "value": "f4951c6464c45fbf025f3b17014fd703", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684218, "uuid": "cddd105e-f1a9-4696-87d0-15d093aadc2f", "comment": "Malware payload (Amadey)", "value": "6eb72beceda5a3a0f702899ee335bead3968b4c38952dfade47e8d1c0156107b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684218, "uuid": "bad07070-7988-48e4-a23e-9309bc3269f0", "comment": "Malware payload (Amadey)", "value": "9d3011dcac47cfd4315c77515a533ac61b8fbcd6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684218, "uuid": "d5599dbf-4c21-4f90-8762-106c735b69d8", "comment": "Malware payload (Amadey)", "value": "2b3c2fa1297e2ae5f920c4085556f23c1dd24dc24c099442c99982758c0ce25245cc8c88d8887dc59d7087130720001c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684218, "uuid": "baff0dca-89c2-45f1-9b10-53d70a8002eb", "value": "T11935238266ED4031DA783B7468F603D31B35BD2146BCE353275AAE6E0CB35E1A57072B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684218, "uuid": "cf2ed55c-0e99-4fc1-b7a9-543208c599ef", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684218, "uuid": "fec42d65-6c77-490c-b8a8-cec90c21ee99", "value": "12288:LMrHy90GoJplnRz2uEyh20WliELIBP3AnzF2bA3z+6/htH2R/q/0dW6R5KrcdLSL:wyuFRz2UkAUgW+grCysbgcdHCGyRt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679684218, "uuid": "9b95fd9d-796b-4036-bd49-5469592dd26e", "value": 1065984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679684218, "uuid": "a881ea09-6464-4c2c-aca0-0d5e1f46db2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684218, "uuid": "5638d79f-9943-4632-b3ff-438c09652607", "value": "f4951c6464c45fbf025f3b17014fd703.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e7cff73-ca79-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679685894, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685894, "uuid": "c8ef9eb2-d69c-4e5b-aab8-92034f99662c", "comment": "Malware payload (Amadey)", "value": "9ec3ce277f1d46b821f83afbc099f5d0", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685894, "uuid": "a1d15cea-e12a-493c-969d-165f86f065dc", "comment": "Malware payload (Amadey)", "value": "6ebb4b08f0add9dfb5edcaa0160c0be0685832eb5d5b51c344a4dc82f0230082", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685894, "uuid": "fa5e4cee-6b03-41fa-9a0c-ecf5f4182c3c", "comment": "Malware payload (Amadey)", "value": "4157370f34a1e24674555376ad14e9a59c49e1b4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685894, "uuid": "fba57e7e-b8ee-4fbe-aae9-83f317d06762", "comment": "Malware payload (Amadey)", "value": "48684cfe6f13938a81c013cdb2eefbdf76a1a6f7296cbc44e68ff398d6a6835b6fa1842d19bb1e89fcb564729ade404a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685894, "uuid": "90325094-8a1d-482e-9427-a4e628e12d4e", "value": "T18E357C1BA26601BCD4BB9178CA274A46E775744603309BEB17D05AAA3F13FF16E7E310", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685894, "uuid": "ec751087-c914-45be-9e46-c51f8224e76b", "value": "7440c982ea49d693b3f3d5cb31294fdf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685894, "uuid": "920b1fbe-00e0-4a9e-8f7b-aa6253c41748", "value": "24576:NMq/RX0hoa8wrC+azFbtZhUYFauTZyRMxk:Nioa8wrCHz3ZhUYRA6k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679685894, "uuid": "216aecf7-ba86-406d-9761-55b594f6049f", "value": 1088512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679685894, "uuid": "987b5a73-b746-49b7-b9d0-8ba3677a84dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685894, "uuid": "5908e7f0-6348-47ba-9265-01d22212e3d3", "value": "9ec3ce277f1d46b821f83afbc099f5d0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e5520db-ca41-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679661628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661628, "uuid": "e87da81b-0275-4224-9ed5-3e759c6ef212", "comment": "Malware payload (RedLineStealer)", "value": "30cc8d3a676fba066fdbbd36d159f2b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661628, "uuid": "d545a10a-ab27-4f93-8b84-4e2ff8ba51a8", "comment": "Malware payload (RedLineStealer)", "value": "6ef39121008d09964cfcf1521ad6f5729f00e0c8b409393abfa2656c3632aa15", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661628, "uuid": "b84adafe-123b-4c44-9f1b-66701fd5e82e", "comment": "Malware payload (RedLineStealer)", "value": "1a883f4bbefe045e654208f3f8324eef8b400415", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661628, "uuid": "a26877f3-aa96-48a9-bf05-2d077d84597e", "comment": "Malware payload (RedLineStealer)", "value": "1d7566c7eb6b9723a6ceb426130436ebe927eaf9182ba35de25a848202228f0d38eb5d87a6f75466b42763c5c9818751", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661628, "uuid": "a4c3384a-c2b2-47b8-a6e4-b9676e282f90", "value": "T139C40202AAE88437D9B2477019F707C30B31BCA19DB8D35B274AA85F1971AD8E53177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661628, "uuid": "59b5a098-4858-4626-acd0-ab69455daf98", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661628, "uuid": "88b57a20-bccb-4f8d-a262-b57455ef768d", "value": "6144:Kqy+bnr+Yp0yN90QE8Vul4NkWn7ZNCQR5pkd3gynE8KZs/+rSqzfjwzX81WyZYnx:2Mrky90Ijqh/SZFJgD81WIRToL3A4xL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679661628, "uuid": "a045dd32-d962-4e2a-b5de-1cc8675469bd", "value": 553472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679661628, "uuid": "3cde69bb-107d-4a51-870e-b1b027706dc7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661628, "uuid": "97f642b2-25aa-4e6f-80ca-55e2ba4c9d79", "value": "30cc8d3a676fba066fdbbd36d159f2b4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "841d9b11-c9e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679621023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621023, "uuid": "b5a11a7b-a0c3-4a07-a43d-a6e5b791e97d", "comment": "Malware payload (LummaStealer)", "value": "05f661d66e351ded5c5b307ea1ae828d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621023, "uuid": "7136f49d-3027-4a72-bac7-d36a3807202c", "comment": "Malware payload (LummaStealer)", "value": "6fc53e16ca8bd3ba12b442e2cb427b1db254f5c657566046196257be6e9f4642", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621023, "uuid": "f7f14e27-38fc-4abf-b9ae-28f42f217a6b", "comment": "Malware payload (LummaStealer)", "value": "5cafb0a578af40ae718ecf08ad9a15c76aafa7b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621023, "uuid": "a495c904-3e31-4aae-9238-1bf6300d8ad7", "comment": "Malware payload (LummaStealer)", "value": "83144a23525fdd9659d42556cbc475525ec7065d798cb17e0b6f7ec2e060706700b880dcfe622f421bdd7b22ce019a8a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621023, "uuid": "0befaa98-bf85-4330-8cb8-ad251d998c8c", "value": "T14744DF1236D9C572EADB4074482DFBF46E3BBC704B2686D72B84427D4E307E19A3934A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621023, "uuid": "1f15bf39-ebf5-43cd-a18e-156a9d198dc6", "value": "1a1f360ce6c706ec6136d71fd36c1fc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621023, "uuid": "91ed3d43-690f-4d02-aca9-3eefd63cd41b", "value": "3072:SYAewATHWLoVhBLE/Ck760fWI/3lukgDRnkvpO+3BDowftPIaud5RtVt9:TCkVhBLUC8v+I/VKRkY+3BUQd2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621023, "uuid": "e322425c-105f-4722-a863-15a269b8549f", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621023, "uuid": "b6052450-0b38-4141-bd0d-7b0ca2d7a93b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621023, "uuid": "d498b409-4a3a-4f5a-95ab-0a04d94d45eb", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ce85996-ca48-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679664846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664846, "uuid": "4521811d-9c2b-43f9-87f1-a4ab9d3de6dd", "comment": "Malware payload (RedLineStealer)", "value": "ef9f35b5759cbaf198924e0150c3b322", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664846, "uuid": "bcebe1a7-4656-496f-9f3d-bd6e3cbfc0a0", "comment": "Malware payload (RedLineStealer)", "value": "700e375b24c23364b58b4655530f2295dd7ea229475eeca9b0712acd4d12ffaf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664846, "uuid": "33a18d9c-a6ff-4983-a272-82a677f4ff35", "comment": "Malware payload (RedLineStealer)", "value": "48f9c1c6a761917eb4cfd036e2ea520621a4dd3a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664846, "uuid": "54dae323-1b8a-40a2-9296-ee8fca008856", "comment": "Malware payload (RedLineStealer)", "value": "9b4b4c9691054c516faf2645be2dff250f58696a671b49a5fe5398ea29c47c16410bb19d22d803d10b543efd5350da64", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664846, "uuid": "dc708e70-a3cc-4096-880f-5ef2a787cffe", "value": "T116442AA71E4C12A5E40F80F9529FEDEBC23FD420371958188A0823765BA375B4F56B7E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664846, "uuid": "91b36840-7385-43d9-98d1-d58a56527977", "value": "e8d1c822bb1493104fac7c5466a244d9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664846, "uuid": "ee3bb5a7-1378-451a-b549-3ffb3b033a45", "value": "3072:JhZwP47zHKyB3Iv+cMBdNbGE6MU6J6k7hvBm1tifhCN9jY1a5p:Jhb3CWcIbT6MUQdv8tis/F7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679664846, "uuid": "5e0762ec-5eb3-4935-8d70-5c0ea02d8408", "value": 264272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679664846, "uuid": "92ac4658-f525-4e73-9d44-495b7a88ba00", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664846, "uuid": "cbbacc33-f051-4d07-911c-f48ddbaac3e0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66d89e28-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679646314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646314, "uuid": "36fd8452-2afb-404d-b393-d79d7579152d", "comment": "Malware payload (Smoke Loader)", "value": "d0944c99a31016865caaedc55fe97754", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646314, "uuid": "a2e7bfe4-bd6d-494d-b1ef-fb7a919c18d6", "comment": "Malware payload (Smoke Loader)", "value": "727ac7cc033f0c339a39eee121adeaffc70ab3899bb1fab0c724555052f65ce1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646314, "uuid": "fc14b27c-b0dc-4d95-80a4-b05f726340ae", "comment": "Malware payload (Smoke Loader)", "value": "5cd6af975f3f70f8acdff0ecf2ec9d905873d715", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646314, "uuid": "6ce85889-e2da-4b9a-b166-636c95fd621b", "comment": "Malware payload (Smoke Loader)", "value": "866073e79e339412cba874fa70f8a9c7b77e0b130e0eaf383cfce0d5e132ae54dbd65cd1d6e37899f6e0b62c39ece065", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646314, "uuid": "5ae276c2-025f-4f8a-87b8-125892c999e7", "value": "T1B4347D1273E1F960F512C7328E2EC2FD263EB8E1DE15BB6E27459A7F0870261D662714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646314, "uuid": "b8ef1720-d948-411b-aa22-54cd4b8ef6cf", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646314, "uuid": "be0b034b-a97b-4598-b5c6-be839de9c693", "value": "3072:mFQvz3uHvNFdtKQTGVGouDXgZpPjnIR0qtMwgKKpy4v8yuds7d/wWNObVq:NSNtKAgf7IR0jwr6Udo/wj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646314, "uuid": "c3ec297d-71ea-4b89-a57c-74ab1fd114dc", "value": 252416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646314, "uuid": "7ae41126-f478-4e9e-9afb-71b37fe367eb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646314, "uuid": "b00e9bfa-f818-49de-b579-9790361c9d11", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16395b57-ca62-11ed-88f6-42010a9c006e", "comment": "Malware payload (DCRat)", "timestamp": 1679675814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675814, "uuid": "04d49bcd-3c93-4fec-acdb-a6116d11ec58", "comment": "Malware payload (DCRat)", "value": "0b68b6976ce7b3b7932a35a00160e38c", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675814, "uuid": "9eb0157f-806e-456e-bc98-b28559fb3f88", "comment": "Malware payload (DCRat)", "value": "746cf06882b23f72a1f61783ef15bc50309a451abf181f80342565e89e51e04b", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675814, "uuid": "d01b77ce-1a2c-43de-8b02-518789cabc24", "comment": "Malware payload (DCRat)", "value": "14d43c43292d417da6bbac21491dcf346a4bc0de", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675814, "uuid": "1a001545-8403-4d13-8cb5-a1a07f69655b", "comment": "Malware payload (DCRat)", "value": "8720769a406e61d562eb28274be14f28f498b929ff3305746e62a3574c4aec0f9cca1f7ae43a863f66589822f062c5bf", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675814, "uuid": "09e1c1ae-c2cf-4491-a801-54393bdcdbf5", "value": "T1D205F6027E44CE11F0091233C2EF454887B9A95166A6E32FBDBA376E65523E77C0D9CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675814, "uuid": "704c85e0-29e7-4f70-ad1f-6305174c1564", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675814, "uuid": "47593272-fa0f-41a7-8a5c-5ba9788f3cd0", "value": "12288:+f26x3stG2zpTYlbCXdOm6r2i8hiPafbxjkAdbV3knD7nsTVkmT:CStJt0lbXm6r2imlkpnD7nsTVkC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675814, "uuid": "09c0ebb9-77a1-4a9a-8070-3ffbd6648565", "value": 848896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675814, "uuid": "3f9f3cc6-14eb-456d-bfe9-4575376656da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675814, "uuid": "db2f3e62-bdab-4430-82db-e6afda5f0406", "value": "0b68b6976ce7b3b7932a35a00160e38c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b70e5d99-ca75-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679684244, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684244, "uuid": "0aa59940-37d7-4428-8c15-86fc0e6db434", "comment": "Malware payload (Guildma)", "value": "354efa6ff821faab2c5b3f8cf712da28", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684244, "uuid": "a795dc8f-aa0d-4fe3-a8d8-90f989819049", "comment": "Malware payload (Guildma)", "value": "74894f19a304d7ce7d2994eefa94ff29b0f34aa4b831ad73a53093a60cbf5580", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684244, "uuid": "9ec7a05b-462e-47e3-96b0-07191a6ead4b", "comment": "Malware payload (Guildma)", "value": "a8aa3fc471d9bfb2518697c4527238c40e6e8e35", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684244, "uuid": "cc58d6e0-d098-438c-8722-63a8d9e92828", "comment": "Malware payload (Guildma)", "value": "e875b526e09044bdd8f602e7848dceb47b6d0f607fb7ee384a2991b373b5d21e2478a90fb9ea6433be2003b55f541105", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684244, "uuid": "edbede71-416d-4d6f-84ee-5086dd79c159", "value": "T129E0C05EFC572589B4CC14449808054A3C181B5708C1A94219898E048FC49C3445CB10", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684244, "uuid": "d0637fcc-3abd-434d-867f-34f109c74486", "value": "6:SGIfGlkOvmRnceqSmLvjdIjdpEVL7luOmOmsXe5OUu6pL59JykVhcAmXVrMaOwWL:QgkOId8vjKjdpoL70OmOm7+6pL5/JKXc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679684244, "uuid": "43eb77a3-3d16-450a-8001-2e27394bc148", "value": 333, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679684244, "uuid": "08d9dd38-2d2b-48bd-9aff-eb8e454bbab4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684244, "uuid": "99f7c3f3-5658-4105-a559-2f9caf78e724", "value": "rastreamento323868_484.42892276.037227.29163.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32f12427-ca3e-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679660400, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660400, "uuid": "f6033b34-4e77-4c0b-b4cb-fc373cef523e", "comment": "Malware payload", "value": "e78b3a04b1fd945aad1f2e61fdc67925", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Remote", "colour": "#EDBCBC", "exportable": true, "hide_tag": false }, { "name": "silent", "colour": "#E75EA8", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "unknown", "colour": "#D1F4B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660400, "uuid": "de946767-289f-4414-9486-2e2f6fb40822", "comment": "Malware payload", "value": "74f60be5e412a3af9701289707be3aa8e6e321283a0280c20cb437ac25d8d90e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Remote", "colour": "#EDBCBC", "exportable": true, "hide_tag": false }, { "name": "silent", "colour": "#E75EA8", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "unknown", "colour": "#D1F4B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660400, "uuid": "014a9168-224c-480c-84d0-b285b371f92c", "comment": "Malware payload", "value": "5d0a4a11e546372985667acf3fbfef118cdb3217", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Remote", "colour": "#EDBCBC", "exportable": true, "hide_tag": false }, { "name": "silent", "colour": "#E75EA8", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "unknown", "colour": "#D1F4B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660400, "uuid": "3a745487-5b36-4e2d-befd-ac5994d62d7c", "comment": "Malware payload", "value": "123f6d27bae928b228d6ec090dda6c61eea997968ce941dd962d6d4b913bece3d0daf6bd5cdd268742244fbd4aa0cc74", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Remote", "colour": "#EDBCBC", "exportable": true, "hide_tag": false }, { "name": "silent", "colour": "#E75EA8", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "unknown", "colour": "#D1F4B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660400, "uuid": "2ad53045-4923-49da-af7d-634ea65c7a5d", "value": "T1CB24532493FAC469F1B28B786C7A07717A72BC515F34CA0FDE40E28D1C75A44EA36726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660400, "uuid": "d516b641-2be4-42ff-a165-1f737de1772b", "value": "5881e1e6c29a4460adc7eeb1b16b9792", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660400, "uuid": "40840eeb-4c87-4b9c-aa65-552451eb0327", "value": "3072:JAt+1bT0KKWzqECkjugajxRVWK11yKaH/+1+SNIkmoyi:2M7rzqAug4D5P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660400, "uuid": "c05bdd6e-d3b6-4639-8af4-83632e763605", "value": 221198, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660400, "uuid": "c17d094a-e56e-48e8-abb8-efefd02c9000", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660400, "uuid": "06758dd1-d09a-417c-acda-2087c01c6c5e", "value": "conhost.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bee1263-ca3e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679660550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660550, "uuid": "471bc70e-79af-41ac-aa5e-dba6a3ea09b3", "comment": "Malware payload (Formbook)", "value": "9b7c8a8f7e147f29126432d8c9547933", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660550, "uuid": "5ee301bb-d093-4b05-b595-b1b9a98b2607", "comment": "Malware payload (Formbook)", "value": "74f70d89e0b7a9404a1c735cbed159e02e9d11a76cc72df340500a2495d2b331", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660550, "uuid": "aa2b1d02-fb50-4120-b255-73164d4d16a2", "comment": "Malware payload (Formbook)", "value": "dbbfc43797e9114aff1397a7c8fffcca3e972dd3", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660550, "uuid": "10cdbff0-8fa7-491c-9ed1-425c0e9d07d9", "comment": "Malware payload (Formbook)", "value": "a0e26a2d725b54ecc388c6682467ae71209538239121780828d846591dfcbf683d3ec9144c6f35dbde8d7160a4afa8f2", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660550, "uuid": "aba40511-22ea-45ac-ac5e-83ffb6786f6e", "value": "T153F4230833B14F9EA096EED08E91F4417C943D771EC2753B87691AA90CDDAD0265ACFB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660550, "uuid": "b91cdfb3-06dc-4e1b-b1f9-0fa0e0447b27", "value": "12288:niCYoQ2Hp0rX8pLBrIIuyzM0uK+qcBWs+djnrpFA/SXviiAkzpvMKrpv69P2Zeoh:V6LaZP+LBYZAc35pMk6FSeo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660550, "uuid": "f6cd8c27-cebf-42ce-8d63-dc54a6142dad", "value": 732415, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660550, "uuid": "933eed15-0c42-48f9-90a7-ba77892fb847", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660550, "uuid": "ac647fc2-f891-4251-a21e-af53680d8bd7", "value": "Shipment_notification.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05e50c4b-ca62-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679675787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675787, "uuid": "4e5dfbd7-d89e-458b-8cec-cd457b95010a", "comment": "Malware payload (Amadey)", "value": "935c8459f31edb0ec9be0e6ce3cb53ab", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675787, "uuid": "42a756a8-4d13-4720-9dd0-cbaa1ec99770", "comment": "Malware payload (Amadey)", "value": "74faa2ec8f6fb1ab3d84f5a14824e4d58d0cc5d610021f5edf250184de062e0a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675787, "uuid": "73640c00-52d6-42c8-96ef-fa4fdde649db", "comment": "Malware payload (Amadey)", "value": "ea766a0431c3dc91336432d0ff7b26e45d5bacf9", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675787, "uuid": "38dca1f9-c5cc-4004-bd06-6d81ac17fcc7", "comment": "Malware payload (Amadey)", "value": "45d0df9da87a43415619581d77fd7fd9cd457275b08c76687217fe35079e9359782f9ebbe7eb4795663a38f314c8cb61", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675787, "uuid": "06f1eddd-24b5-4ee5-9313-7032d3511370", "value": "T148252342E6D98132CDB94B7148FA13D30A3ABCB10978C72F536656BF1CB2989943573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675787, "uuid": "2b05b128-fcff-4383-b259-a3749309c66e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675787, "uuid": "b61c41b6-6dd5-4a19-84a6-88fe1bd7bc33", "value": "24576:2yyuQU6oDHu7pQLRBOrFPkVfovB1NcwWVM:FyuQkHforhkRoJ1NcL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675787, "uuid": "ae012f00-9d2d-4394-891b-fb013653ac0e", "value": 1037824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675787, "uuid": "2c91c3bf-d3a0-4fb2-87e8-20b60a1d426d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675787, "uuid": "7663eb96-4590-41b7-ad2f-f66ce6c09c09", "value": "935c8459f31edb0ec9be0e6ce3cb53ab.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ca3e9df-ca2f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679654135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654135, "uuid": "c94baac9-83f5-449c-b675-9d8ea335231a", "comment": "Malware payload (Gozi)", "value": "558eea9b8577b7c83b6d8d607ef425b9", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654135, "uuid": "66b8f892-70b2-4717-ad0a-f3ce4a7b30a6", "comment": "Malware payload (Gozi)", "value": "7515c850d854d372f10c29229f60c883d1b255236a0abff1031fe331185acb6f", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654135, "uuid": "e4c5c69d-ed79-4722-be49-cd1604825ff4", "comment": "Malware payload (Gozi)", "value": "4919e4566750c9cda2ed4249408a5670b5f85354", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654135, "uuid": "fbd00219-95dd-4932-ae3a-92db9c257567", "comment": "Malware payload (Gozi)", "value": "03472ae452d2121e9a0df1ee38c56a792ac26ca828f8b638b38f3cc154c58611848e045dc29a9f6e2320b49b9154288a", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654135, "uuid": "af684f80-6d22-4f0f-a606-5a3cec7af90e", "value": "T124347D1273E0B960F52BC7328E1EC7FD263EB8E1DE55BA6E13559A7F0870261D662304", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654135, "uuid": "cdc49417-a8af-4d2f-9157-49ec43241241", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654135, "uuid": "74d6d4c2-1a88-46bf-bfd1-6a66ccbfb21b", "value": "3072:uWd4zhhXgLgdDAgTs/DauDPzhjI5d8Pimo1odk08mf71aOefgZHbw1zF2WNObVq:AQcTObNAuPZoBmBsIhw1zF2j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679654135, "uuid": "43421b3d-7d4c-4416-8525-d2fbaaab655e", "value": 251904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679654135, "uuid": "491dc8bb-b63c-4105-8886-d27584ad095c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654135, "uuid": "6b2b71de-a078-42fd-949c-a858203a812c", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a19715e9-ca4d-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679667029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667029, "uuid": "bf046426-3f9d-4f1f-95e4-84491f60b6f0", "comment": "Malware payload (RedLineStealer)", "value": "6c02cdfad46b38663008c0f1532e2ca8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667029, "uuid": "be49381e-b8c0-4613-8f6e-5afec8863659", "comment": "Malware payload (RedLineStealer)", "value": "75b41295274d94a16e330aa26f14d1ac365b4aa15a99fb80bd17396b95da5e41", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667029, "uuid": "727d3224-1021-4d79-a124-2fec54211ed2", "comment": "Malware payload (RedLineStealer)", "value": "c177e72d93dbc7e94f846d4302f6ae65e882b8da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667029, "uuid": "37ad51ae-1947-446f-8a7e-a3ac6d1b0512", "comment": "Malware payload (RedLineStealer)", "value": "48a046bdc9f561defa9fefe67e20139ce32f1b6f756f35b2e110a31438b550c71d0eb97ffd899916f058fdb6568500f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667029, "uuid": "5de00275-8779-4aba-9ac3-bb23df7f80b8", "value": "T1B3C41253A7E88436E9F417B019F706830B3ABDE14D70866B238A199F1DB2590E53277F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667029, "uuid": "e303dab7-c66f-4672-b2bc-f318ca2aefde", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667029, "uuid": "77d98d83-1c94-4c4e-8a63-4d947ddb64af", "value": "12288:uMr3y90nFG0PzsIc5PhoJ1+/ZjKv+op5F8XzjGAOraXXJb:dyO8XIU+mNK2quGhrsXJb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679667029, "uuid": "ee1ab68f-82ba-4889-a107-a9e8d50439b0", "value": 554496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679667029, "uuid": "19ad41b3-e8b9-454d-921f-6c4f84edda63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667029, "uuid": "0eb5ada1-8628-4647-895c-d7927520f727", "value": "6c02cdfad46b38663008c0f1532e2ca8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac906c15-ca1b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679645572, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645572, "uuid": "cebb9952-6d9f-4e8b-be39-3e85306139c9", "comment": "Malware payload (RedLineStealer)", "value": "2df74715a2b0cb4e47ed724502534aed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645572, "uuid": "d948e686-9112-4237-a6d5-c8b4eeaf02f7", "comment": "Malware payload (RedLineStealer)", "value": "76c823ecac2174b88bec20e534056aab2321b3ddcefca770750f30909e1fb663", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645572, "uuid": "5015a2a1-8be8-4b3c-9c9b-afeeb9100ad3", "comment": "Malware payload (RedLineStealer)", "value": "7a3e07c9a4d8a07d02305d24d88d6584c5177c29", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645572, "uuid": "6c3f927c-79a7-4038-a673-91c1fc680d96", "comment": "Malware payload (RedLineStealer)", "value": "97334f9ba092541c5e8fa7b1690412588e77394dfca8cec68a9b2d8c70c285c38e74064b85f930a3e73c0231c226d0b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645572, "uuid": "26853af2-d19a-426c-ab95-ed51ab319edf", "value": "T16074BF1273E0B560F52387328E2EC7FD663EB8D1EE55BB6E12499E3F0970261D662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645572, "uuid": "04538bc6-1d77-4138-80c6-8336e7826dbc", "value": "f074ca07d05b404f1800905e64acce35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645572, "uuid": "30832aeb-5889-47fd-a022-da9da87063b6", "value": "6144:UIdmUSGiuyguzP89/dO14gtQIm23Q7qrC6XBHj:UIdmdHuyhgdOftgYLXBD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679645572, "uuid": "56e433c3-8aa9-463a-9e0b-756ab645a759", "value": 360960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679645572, "uuid": "f04603df-adf4-4714-b1fd-2d16df1c529e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645572, "uuid": "9a329dc8-3faf-4aa4-957d-75bea4c3473d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fcfbb98-ca79-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679685709, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685709, "uuid": "9474fc3e-462f-46b9-bcb1-6951df88e1a7", "comment": "Malware payload", "value": "b0630a231fb675cec486eb6aec0f91d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685709, "uuid": "2bd62d87-f1f5-4695-8f78-457d1ed9eef9", "comment": "Malware payload", "value": "77485b16cf05b05c07c7b5226d60802dddad060fa4be509714e1be64dc0ccf61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685709, "uuid": "8d5528ad-93c3-4c8d-b9c9-da545757cd40", "comment": "Malware payload", "value": "e064f7b47b5c75d05edd5b726ba4144ba2a5ada0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685709, "uuid": "7c7cdc82-8dcb-4d4e-86a1-bd2562e71d40", "comment": "Malware payload", "value": "919e34ab8bc19e9a113dc697b44e50367524b17c037df847a2c1a394a130dadf54585eac90bc0058cc0bcc69ecb88e06", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685709, "uuid": "3172419b-90c8-49f9-a3bf-bb932e296cf0", "value": "T1DF84BF1273E0B960E52747728E2EC6FC6A3EB8E0DE15BB6E17589D3F0970361C662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685709, "uuid": "6469cead-8810-4972-9f0d-19bada58d335", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685709, "uuid": "0bd38f68-2738-4213-9aea-bcf174e9009d", "value": "6144:KzczVOMZsxOku4TnE99MXXOFDUyUxzvZ2G+MDYUeld9va:AczVOqsxzu47+9M8RWzZ2GyxE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679685709, "uuid": "4a0eded3-4e12-4670-9f2d-efbc3e2381f1", "value": 391680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679685709, "uuid": "171b5ec0-5170-47c7-ad5d-f278c08db6aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685709, "uuid": "79cf3d16-ea13-4ae9-a6a2-0733a8c11d45", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec8d6391-ca35-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679656846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679656846, "uuid": "3e657fc2-44a1-4738-80f8-efeaa98795a4", "comment": "Malware payload (Gozi)", "value": "670a87cb68fa3a4388e17512cd210eeb", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679656846, "uuid": "d8bcac11-3dec-49f7-a6a9-d340c833e530", "comment": "Malware payload (Gozi)", "value": "77bba915b59a7d8d5faee3ce608283fe93ab4c2e5b73c5f66bf0e0ecae8c85db", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679656846, "uuid": "528e95b4-0573-410a-b247-77074d2783fd", "comment": "Malware payload (Gozi)", "value": "a89eb1cb69d7b0cc198fb88b392e86e24c10815b", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679656846, "uuid": "90b6281e-66f3-4be4-b232-f989b0784024", "comment": "Malware payload (Gozi)", "value": "7e4ac3b9c4bfff408bf991f1ee81f3d1799c666c89c2140b57ed9e4abbdf04eefbe942070adbb623e510a1fab99d0445", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679656846, "uuid": "d04c41ff-cb38-4d33-9c34-ee75a5a1a030", "value": "T1D3347D1273E0F960F52687728E2EC6FD263EB8E1DE15BF6E13459A3F0974261D652308", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679656846, "uuid": "ca26137c-6f56-4f0e-8e66-ca085e719932", "value": "4fc712efe0d5d011b63626c597ebe2a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679656846, "uuid": "fff58f0f-6d6c-4ded-941e-072dc9909374", "value": "3072:5f+Vzynr2/mdy1cT/dYXjDwRQESMPOoI/nCdenjjB/aeCeJhfz4aWnWNObVr:VUzSz6WSMPXgnCdenJH+nj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679656846, "uuid": "bdbf606a-9037-4915-9a0a-b217e45747dc", "value": 252416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679656846, "uuid": "97bb69fb-c076-4d3c-8878-ac032c1b7da8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679656846, "uuid": "7cd87536-baa9-462d-b22e-732c870e8570", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "949e652d-ca5b-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679673020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673020, "uuid": "cbc85ef8-6083-43c6-874b-3c40f8925de0", "comment": "Malware payload (GCleaner)", "value": "756f949bee32f19ffa0ad1ba8748721b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673020, "uuid": "b4ccd145-4745-4239-bcda-254966b28383", "comment": "Malware payload (GCleaner)", "value": "789633ecdfd15766a3bf12ee30d79a5ace11e744add8f0f605018dd06878605b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673020, "uuid": "6beb20f5-6e90-4947-adc1-b206d81b685d", "comment": "Malware payload (GCleaner)", "value": "a6f7b78773bfa2423b26f4e93c2bed668ee86a51", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673020, "uuid": "529687d1-d7bd-4671-b714-c56b65aabbeb", "comment": "Malware payload (GCleaner)", "value": "edc980ee65334c3a5e5c43c4e777748c0ee4d64d43e9174baf6b0bfd392299afa7ba647b968381e09f547f199774475d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673020, "uuid": "d7a6e7af-8710-4655-b46a-94ca1e10dd3d", "value": "T147A53322EED548B1F1C286369E6689999763BE230D3CDA7034BD7F7D1E1F0E1D989240", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673020, "uuid": "1906c6cc-4069-475b-aa04-f8fe30bcb229", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673020, "uuid": "f54bb2ac-966d-4adf-808f-494025756fa3", "value": "49152:EGlJfsM5NEe49PfLOx/kCW2QXtkBdYiwYYTRE9F93MYCs1z5dlLYp:5lEeMa+CxIcdJFv3hHPYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679673020, "uuid": "f423da16-4ef7-41af-aa7f-3c02d7b609bf", "value": 2174249, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679673020, "uuid": "98c899dc-422e-4123-b4b8-c79f392c98ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673020, "uuid": "6398560a-d6d4-4b5b-bfb0-3c89c398fffb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cb1deb8-c9e1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679620500, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620500, "uuid": "6a57c887-3b53-4f5c-9ebb-ae2aa153bb2b", "comment": "Malware payload (Stop)", "value": "2391139a208c849a409b59082bf2c969", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620500, "uuid": "93cd02ae-5bab-425a-b86b-a96a7160f39f", "comment": "Malware payload (Stop)", "value": "78cd97ec2dd4ee8922a48327c44b2b040b3e817d87acd0386f040932557a9ef8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620500, "uuid": "3567fc9f-7b27-44dc-9091-94cf56333a4d", "comment": "Malware payload (Stop)", "value": "0c7cb94f58ef4e0e4af3f5afb7b19d5835f585df", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620500, "uuid": "96ce81ae-3ef3-4814-b06f-cfe770965093", "comment": "Malware payload (Stop)", "value": "92805c27238da80bd306f15c0447e43cd7816ae2278c17ba4bc63c96bcf13cfc9922fec9e1dbda3c712deb473863c5f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620500, "uuid": "2299b697-2439-4880-bf45-3616df7db1fb", "value": "T124F412627EA1D077E1939830C915FBB4A77D74708BA684873324977E0E303D19A7A367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620500, "uuid": "f8a6ef7e-2fbe-49b6-af94-1d94a997ecf3", "value": "e5d844fa3edf48de21502f4c833cd751", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620500, "uuid": "071cbc1e-bb0b-43e6-b588-1c2674b0ff4f", "value": "12288:2iIjqqHdtn+u9pQzmzaKUxdewAhHYJYOyW3vWyFKP65JaCDxGC:3cj++SWaJZXJYOyW3vpM4Jp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620500, "uuid": "6daa711a-0fd3-41cf-a876-0710e57efd8f", "value": 732672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620500, "uuid": "16a08555-f571-48cd-832d-cf2955a64ed8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620500, "uuid": "6411f75f-3318-4f4f-a13b-2308dab97e2e", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75d608d4-ca42-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679662231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662231, "uuid": "e1680724-0639-4249-9307-14e62d3535c9", "comment": "Malware payload (AsyncRAT)", "value": "a92bef216bec5b6fcc6a958305f81391", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662231, "uuid": "06dcc600-2db5-497b-b1fc-5dce2e9b01c9", "comment": "Malware payload (AsyncRAT)", "value": "7b9a9b11fc9794d4e31d647a3cab02fecdb048e81bc13d37d1c3533b8e96a8d3", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662231, "uuid": "4dd84165-94cd-4ef3-b13e-9efe58cf1956", "comment": "Malware payload (AsyncRAT)", "value": "196de00aba5b37c7d7d5b7da6b6eb302257a81a9", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662231, "uuid": "c252a1cb-1af5-43d5-907f-673cf5939d86", "comment": "Malware payload (AsyncRAT)", "value": "417eda50d311d619ef85609c86418b6e6de970f91e90badd4614240f47c2eeba8eaaa3488c0b18713be2180b1f93c5c9", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662231, "uuid": "6596eaad-b73a-416d-b160-67d701b2f65d", "value": "T13ED35A0277D4D264E27E9EB135FB44920AFBFD3B7B41E8191EC8728905727118A42F6E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662231, "uuid": "1e120a42-5bf9-4277-81b0-a56929adf8c3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662231, "uuid": "ceed4794-4b9f-45a0-bd29-b9dbb02f38b5", "value": "3072:lh0ZVtDuop7hxJB0S4rObd4r9MrUEkmnnnnnZ/iUvVfG:lh0HtDTpkrObaBM7nnnnngAO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679662231, "uuid": "16f96a37-a672-4ab4-847d-83f6c52988c6", "value": 130048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679662231, "uuid": "b32f866f-68da-4b44-85fd-8d50cd6d5919", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662231, "uuid": "61063afc-50ee-4f45-9555-4bee8ded3448", "value": "a92bef216bec5b6fcc6a958305f81391.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cab4c9fd-ca53-11ed-88f6-42010a9c006e", "comment": "Malware payload (Pony)", "timestamp": 1679669675, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679669675, "uuid": "7eeada66-54c9-428a-8758-615d7ceb19a4", "comment": "Malware payload (Pony)", "value": "c71f5ee952162f4e509063c3b7e9c51c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679669675, "uuid": "84034115-2dfa-46e6-bc82-f4ffaa0ba99a", "comment": "Malware payload (Pony)", "value": "7d756e2f89b385032206ffac5548025b8e58c558cd32eba1cebab530c374bb88", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679669675, "uuid": "7ee2f57a-f5ee-431f-b06a-93d5d5c1ec19", "comment": "Malware payload (Pony)", "value": "6adb8e0a00c7a7950e0c4c2500391604274a6e78", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679669675, "uuid": "6283d978-424d-41db-b8e3-f86cc719f8a7", "comment": "Malware payload (Pony)", "value": "28a45da61472725882c0ea73a0bcb4c619bc874f9f4eb8fc76c9a3adb0cfece8ed90e180ce13f6e9fac21e30bb7300ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679669675, "uuid": "350c5a38-1007-4504-9d15-8047ac1cabd7", "value": "T169C3C8A326C98CB2ED44163DF8742DDB836E05B31B2295AB8AE5751DB2D37F4043A532", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679669675, "uuid": "82523ab6-c79c-42f7-ad17-5096ae95d0b5", "value": "694a3785fbb9789551fe2e4853e2a2a9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679669675, "uuid": "14e6497e-7738-4839-b8c1-052a9e497704", "value": "1536:ZsQU/QKnydTXiVtIQ8bbovSdPFLtr4k+X:Zs94YVGnbo8t54k+X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679669675, "uuid": "c76dc9a8-fcd6-4151-9cd3-4e23d4a3056c", "value": 118784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679669675, "uuid": "1c92bd09-d9f2-49c5-837e-f8b9d740d3fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679669675, "uuid": "52b731e8-7e8a-4dbf-afa0-5d0c0143379a", "value": "sample3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89458aae-ca76-11ed-88f6-42010a9c006e", "comment": "Malware payload (GandCrab)", "timestamp": 1679684597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684597, "uuid": "a654e588-0106-41b1-80d9-7f62fe3c8747", "comment": "Malware payload (GandCrab)", "value": "b6191a47d15b387578dcb59bcd7b4da3", "object_relation": "md5", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684597, "uuid": "5d882996-9ab8-495e-940c-dd0de5cca8c2", "comment": "Malware payload (GandCrab)", "value": "7dd561afd40c84ecbb49025a6176ee973b56b1271ac2b25279daa095941283fa", "object_relation": "sha256", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684597, "uuid": "650f876e-32e3-4f76-a9dd-ca7a9fb1a33b", "comment": "Malware payload (GandCrab)", "value": "c9b98679c5ea159a5b649cc1a11db7f559cfcdb0", "object_relation": "sha1", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684597, "uuid": "41984c72-c686-43dc-bcce-71ba37f6eeab", "comment": "Malware payload (GandCrab)", "value": "6bf1df21e46959a38128ae8a0c72281d89f6165cb519a281145c3d6742248691f6d6370bc218c6d21010c26b663398e8", "object_relation": "sha3-384", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684597, "uuid": "c04646cf-6199-453f-b1d2-209b12e3a42e", "value": "T1E634D001B3D4C4B1E9BB17B5AAB14E010E7DFC368E729A97779C148E1E602C09F2675B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684597, "uuid": "a2614fb7-c15b-4eed-b8e0-e1df962a9605", "value": "9990fe112bc93330512c2d030a75c141", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684597, "uuid": "c93a9e0e-73d5-46ff-8094-4d6b5be41553", "value": "6144:VrBHBqqaXbkSbs3tSAmuLBi6Yt84fMjxtue:VrBHBqN4SIO6Yt84fMdke", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679684597, "uuid": "5df411ae-d5fa-4cee-877b-f4e677c53727", "value": 234509, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679684597, "uuid": "26069db9-7899-49ac-a4ef-761d3e83c4d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684597, "uuid": "4060d953-fd08-4950-b26f-dc58f33ce205", "value": "7dd561afd40c84ecbb49025a6176ee973b56b1271ac2b25279daa095941283fa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88aea19f-c9dd-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679618883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618883, "uuid": "b7ad0e6c-6573-4f4b-bfdd-1bfe866f2c78", "comment": "Malware payload (Stop)", "value": "9d539c5a593fc1af0ccc116043ff9494", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618883, "uuid": "97e4518a-92c5-4e40-9910-f71bf36b4f28", "comment": "Malware payload (Stop)", "value": "7dd575b4960d6489a8d2e254a11c281fb0a584cdb3ed4e247e77f03352e5c3e3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618883, "uuid": "c2393289-286a-4ab6-b12a-c94c81703c5f", "comment": "Malware payload (Stop)", "value": "b1fe1f44c50a81a90a803344571e4254ea90bec3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679618883, "uuid": "4f54c939-f438-475b-b21d-d2db0e64b928", "comment": "Malware payload (Stop)", "value": "3011b3fe428d7189d4011d555f0abe2223c0fef3feccbd340be1d27ec8e461f3d18b206c15bab16ba87d44b6f1340ade", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618883, "uuid": "7b85bcac-817a-41e3-9cb8-f825456472d7", "value": "T1E8F41211B691C072D55605358974F6F89A3BB8BA1B25CACF7B812BBE2E313D18D713C2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618883, "uuid": "01ecc2d3-173b-481a-b0b9-ba1f6bb50e81", "value": "c20fbfc00bff5331a861f7f1579229b4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618883, "uuid": "120baca0-d77e-4a1a-9656-a2cad632f354", "value": "12288:4b1mdYG/VqtlZcErSdv5joXGsxL76ivKGXt1BVgTs8pZe59Wi:UQYHZc8iv5wGsxfSUVyI59Wi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679618883, "uuid": "ed73cea4-1460-4738-a5ec-d88fa6ca4ae1", "value": 777728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679618883, "uuid": "057b56d8-1996-4a22-9703-bf01102aee50", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679618883, "uuid": "73f04056-d0a8-4706-a617-eef26088de48", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f43fd56-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679639805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639805, "uuid": "4bc39c85-cacd-4ada-b120-6c8daf7429b3", "comment": "Malware payload (Loki)", "value": "da5154b7a4709a67fd1dd62177f208ec", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639805, "uuid": "d39e6151-ff45-4d83-9a72-d829e423dd27", "comment": "Malware payload (Loki)", "value": "7e9731c3ef4cfd7a118c1d027b24d16d901d82a003159aca521f66fed469b34f", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639805, "uuid": "21719466-e2d1-489a-a893-d2b24fb41169", "comment": "Malware payload (Loki)", "value": "dd7fe11c85dccab61bb9e381c48f4a2af9fb964d", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639805, "uuid": "e29ca4f1-e152-4778-8e69-6abf1a2e2682", "comment": "Malware payload (Loki)", "value": "fc596df0fa77b971df3004aa14a075ed7aaa904995ae80a9e2c36b636ef9c5e47ecb7b8e5ca4f89cb649a3da29300942", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639805, "uuid": "6f4aa749-21d5-4d71-8fd6-8c7da5600ed7", "value": "T195350213E9C48D46D4464BF56AE379D9131EBC623BD6A2C72358B70F6F786E08A0311E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639805, "uuid": "af410bdb-246f-42d3-a217-9adaa3b6379b", "value": "24576:ELK+WQmmav30xN+MXUu9/zY+MXUu9L3bVW+MXUu9B3bVlr2VoCXQpi:ELKzQmmQ30P+MXV9c+MXV9L3bVW+MXVM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639805, "uuid": "2eb542e6-3b73-41de-b29d-ea81ba227535", "value": 1149440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639805, "uuid": "b2594ce6-f79d-4dc0-93a1-9ddea870066f", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639805, "uuid": "0e8b71c9-4fc2-43d6-a100-766772319d0d", "value": "Payment slip.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c24faa1f-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679660212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660212, "uuid": "96e4440c-3402-4ed4-b742-09f5951da8b4", "comment": "Malware payload (Mirai)", "value": "32be6f2482e2688f3789950fda72990d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660212, "uuid": "aad6025a-0bc8-4959-afcc-115e29291e04", "comment": "Malware payload (Mirai)", "value": "7f888842eda94c2d0443cd86f24ac426ffe1854bf81d06b3dc976f643a8f2c28", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660212, "uuid": "6e27479f-0ac5-464d-9a59-dd065018f336", "comment": "Malware payload (Mirai)", "value": "36f56d2c286728cd5becc8f1eed2c0d8a82d23af", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660212, "uuid": "fb4bb2bb-cd77-4a26-9819-95f5513b48f2", "comment": "Malware payload (Mirai)", "value": "e7e1a5040bd0691b8902e263537ccce18f90ead4c67806d5b5f12e16edbbc3132e9970f658184a1c535c056eb9cd992d", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660212, "uuid": "0ac63ace-2824-4b4a-a913-224e05cac51e", "value": "T1D5E31A46FA418B13C0D617B5BADF42493323A7A5D3DB73065928AFF43F8679E0E22905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660212, "uuid": "e4de37e2-a30c-4b15-9c1a-91539da6e99c", "value": "3072:b+4j3pAyQaZQ4hkgrVkFKidN1yZVUyvUk5XM/9BOGZT:b+EnQaZQ4hkgmFKRjUyvZhM/9BOCT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660212, "uuid": "b27c626b-be0f-4622-9017-391a26b7eaba", "value": 148703, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660212, "uuid": "deb40948-2ef2-4b76-816b-04a3c7b2a7c4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660212, "uuid": "a09c8666-77d8-4a0e-86b0-bc1da1de461f", "value": "nigga.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69f47ec6-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (AZORult)", "timestamp": 1679646319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646319, "uuid": "b4185fb2-23cb-45d2-9499-e9c7bc74f399", "comment": "Malware payload (AZORult)", "value": "02b4fe8d20fbb40f6f198ad2e2bb4f05", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646319, "uuid": "b221ce6e-3690-428e-b3eb-645ce3b6c55b", "comment": "Malware payload (AZORult)", "value": "80c8ab4dcf64f9a2bcbeb1ef6f1f8b1b7ccb55039c0bae6a9957ffed097fe6be", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646319, "uuid": "1f5516cc-d93e-419d-bf86-0c329ff21927", "comment": "Malware payload (AZORult)", "value": "aed4141ecdb8754f906f7ce571e2705e36e3d5e6", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646319, "uuid": "f7a587f4-3fd0-4c0a-b7e0-ef59c9512415", "comment": "Malware payload (AZORult)", "value": "5485e431eeea178571d6c8d64694fb65ca6b59705194d064b40f2000cc4b10313417f0393e40f06241c556a4b97099f9", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646319, "uuid": "01d1ed65-f8a1-48ec-908b-3c36185c3858", "value": "T1CED30297FBDB8AC0DF9E33ED3ACA9624658FC34F6452A6BD3932A811F52100518D21F5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646319, "uuid": "7b0e9a84-6caf-4ba5-b6d8-5983f78eef00", "value": "3072:/sVXb3QSFe2MhkVgDdSBc7u6KGIFlubiDCC3XbCji2Ic2KPLDk:/sVrgglxudSBc7u6K7luYCCGe2R2Svk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646319, "uuid": "f60b7c3a-73b6-4a7c-bef0-e915acd59f2e", "value": 131806, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646319, "uuid": "af4c1e4e-ff6c-4b6c-8891-3967429c3a4b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646319, "uuid": "880e09de-6a9f-40a6-86bb-3dfff3080d94", "value": "PO & DATASHEET_1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d494554-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679639856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639856, "uuid": "d95f7cca-a76f-48f7-8ad1-8091112bf49b", "comment": "Malware payload (SnakeKeylogger)", "value": "a88de09ed33f9a28c344de2f4c15c1a6", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639856, "uuid": "9e8e14f9-a27d-402c-a9d0-af16b9c53590", "comment": "Malware payload (SnakeKeylogger)", "value": "818d76bc4671562df0554f11f455d99d64749a2800b52c7800108d6d3dd6602b", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639856, "uuid": "caebbf18-fef8-4781-86ef-a0e57ff1644a", "comment": "Malware payload (SnakeKeylogger)", "value": "f203f3ddc886b9e8a2c3ce1fb34e839eec2f925e", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639856, "uuid": "50436cdb-1cee-4b6d-acf0-af303bcfd9b1", "comment": "Malware payload (SnakeKeylogger)", "value": "5b8ff4b8f9912aa42069f46dd4e1641560861fd9cd410282b27fe3d049fe6cca5abac02119a49e5d6749d7772ac3c21b", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639856, "uuid": "58d28541-64ab-41a7-ad72-18f1773ce4f1", "value": "T118D27252E74F02B48F5151B7521E0BC99BBDB23E335454A138AC927433ADC2E467AAFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639856, "uuid": "6d8e5be4-543a-43f8-9dbf-b5c27b7650bf", "value": "768:QFx0XaIsnPRIa4fwJM5x/7loo0iPSZLlMLe0UsQ5r:Qf0Xvx3EM5NxBSZjsQ5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639856, "uuid": "210a8caf-e1b4-49bd-b223-c6bf21ff6bc0", "value": 29630, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639856, "uuid": "74f2af17-d2ac-43ae-a4a8-6affca9f9c4e", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639856, "uuid": "9044cfed-0f70-40e1-8b14-6511e03b30e7", "value": "lastest soa.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f04e99e-ca73-11ed-88f6-42010a9c006e", "comment": "Malware payload (IcedID)", "timestamp": 1679683291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683291, "uuid": "2b6ad3a0-a46a-44fb-9b35-15c8280f65b3", "comment": "Malware payload (IcedID)", "value": "f6f56b0437f97de0bc4a7f01dd2b01f5", "object_relation": "md5", "Tag": [ { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683291, "uuid": "f7278d30-1a1b-4fdd-b5b4-7d51fccd4acd", "comment": "Malware payload (IcedID)", "value": "83afb9bde467bca436aa216d186cb9bbb7a40ce87fcbe013db74f89a097fa29c", "object_relation": "sha256", "Tag": [ { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683291, "uuid": "3eb7acd0-67d8-4564-a1a6-9ecc8384c97d", "comment": "Malware payload (IcedID)", "value": "078634d92d21670dd864c5f44fb2a66dc0071753", "object_relation": "sha1", "Tag": [ { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683291, "uuid": "2c06325a-cd90-4d7e-b332-f2a1e8647cbd", "comment": "Malware payload (IcedID)", "value": "42f79793ec583e5a51b207ea97959ead00319ffcba040ffd95f3b4f7b13cf315b97583e243fcb1ae2dbe2d43c001789b", "object_relation": "sha3-384", "Tag": [ { "name": "1883783121", "colour": "#1B354E", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683291, "uuid": "4b1214f5-1a76-44c8-b2a2-c483ec1763c7", "value": "T1D3B312A39F110470D8B7F77D8C8EB853D8D4388D9A94169CE2B247B19EC766C6F381A4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683291, "uuid": "13411a6c-508d-4f8b-a649-5fcb44ba5c5f", "value": "3072:2dxkcYnCyWBWZOzp35q0C7NOzDElCTOfF:OYCWEV5Y7kzIlCTOfF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683291, "uuid": "719d441f-7714-419b-a83e-276070631e71", "value": 115188, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683291, "uuid": "9f61145d-4f5e-4486-a5d4-d123d8a90b4b", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683291, "uuid": "6c50679c-1d7b-40fd-b8e3-b82d24be96a4", "value": "Doc_Unpaid_03_24_#849.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2449e02d-ca58-11ed-88f6-42010a9c006e", "comment": "Malware payload (BlackNET)", "timestamp": 1679671543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671543, "uuid": "c80606a6-a36d-4324-bf66-cf3fbfec69ec", "comment": "Malware payload (BlackNET)", "value": "ad9e6ee16b3abd3f757c8b5357de6042", "object_relation": "md5", "Tag": [ { "name": "BlackNet", "colour": "#964CF3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671543, "uuid": "80420c1c-b366-4885-97a5-fa450e9da581", "comment": "Malware payload (BlackNET)", "value": "84298e0b46665ad3825b9344fbda6ac8d75a6e9ccc44eab5b40a70555e4718f4", "object_relation": "sha256", "Tag": [ { "name": "BlackNet", "colour": "#964CF3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671543, "uuid": "4b51c7ef-4418-4fd0-9f35-06cac8baac5c", "comment": "Malware payload (BlackNET)", "value": "f324263dc0b46991bb0ed664577910c4f4de8009", "object_relation": "sha1", "Tag": [ { "name": "BlackNet", "colour": "#964CF3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671543, "uuid": "041f54c1-f3c2-4ef6-95a4-8874ca8657c4", "comment": "Malware payload (BlackNET)", "value": "22459e62c0b6e00af2dda1c0ccc8380c3e8d0db71680afe61e808fd54f241afe0c86f11442d396c0915318c9d3ce1988", "object_relation": "sha3-384", "Tag": [ { "name": "BlackNet", "colour": "#964CF3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671543, "uuid": "8100271a-fcae-4a50-8de0-2d37216d9c42", "value": "T12983C40277DD6D55E1BE8AB4BB3353C0C7B5BC1A4923DB1D08C5109D4ABAB82B941BE3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671543, "uuid": "0b41117e-080c-4e12-9be6-7209416c71d8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671543, "uuid": "a9c4bf95-f50b-4d77-9549-cd55c46b771c", "value": "1536:zW27RutYPWEBQlIGOO1g4W6j6hMbv4UFZLrkjj1RZ:5g1g49jcMbvLFxrkjF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679671543, "uuid": "27c69016-a715-4389-b2a9-433901bd66f6", "value": 88064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679671543, "uuid": "c356b829-3d30-4dd6-9f07-7d050255d844", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671543, "uuid": "f909127a-bb87-4518-912f-0694a5979722", "value": "84298E0B46665AD3825B9344FBDA6AC8D75A6E9CCC44E.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f47992c-ca17-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679643724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643724, "uuid": "47a83c42-b0b4-4afe-b845-39672cfd9213", "comment": "Malware payload (SnakeKeylogger)", "value": "6c55423893463ef8e5aa10e85672d15e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643724, "uuid": "26a5610b-4033-4bab-9272-39881291be8f", "comment": "Malware payload (SnakeKeylogger)", "value": "84df116f1326ab65e4c91ec9c243e4e2b819c19dc2e47f1e10878a52f96c4c41", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643724, "uuid": "3f045ad1-47f8-4d54-8f92-1d95666ac97b", "comment": "Malware payload (SnakeKeylogger)", "value": "b852bd74671c844dc62b7c8337b117017ee43ec4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643724, "uuid": "f00fd993-a012-43b4-bf0d-f7291af18c67", "comment": "Malware payload (SnakeKeylogger)", "value": "ebac65ba013294adadc52312fc9d3a189d6bdbbc2ef6ccd4df280383262d14dfd23c966189c40df08a654ff708b61449", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643724, "uuid": "d91a8e30-de93-455d-96d0-bf8722ef70c6", "value": "T1CBF4D000AEBA4B71F9D5D3F40921127603E9BBA51072D5188FFA68CA2DDBF6345D0A4F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643724, "uuid": "59fba5e5-3ff5-4482-ac76-c8913df59374", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643724, "uuid": "63aff929-1dd5-464f-84a9-4c40ad9f8549", "value": "12288:UenZwdJeXQeepjKCRPg3f1miG0i3yNrsTTnX2FP9W0Nvzu:UuZGJeGPRPg3u0iPTnX2F1h9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679643724, "uuid": "38a330b1-3469-4edf-9951-dfcf93e9cdb3", "value": 784384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679643724, "uuid": "24e9c2cc-b90f-445c-a181-d0017c603234", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643724, "uuid": "51e8e74d-6d48-4a15-ac2f-cd7cf2250553", "value": "6c55423893463ef8e5aa10e85672d15e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40798950-ca45-11ed-88f6-42010a9c006e", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1679663430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663430, "uuid": "a755266f-df81-45c7-a8a4-7d6eec8d7405", "comment": "Malware payload (AveMariaRAT)", "value": "63bd8934c91736c0730f84dc84ac65f7", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663430, "uuid": "535b5745-9a18-48a3-b123-c40d99304564", "comment": "Malware payload (AveMariaRAT)", "value": "85490cf0fc3a4ab7db8b39dae6b341a4f99aec3f84ed12816f85759aea900e74", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663430, "uuid": "f71c4676-84f6-4951-859b-16fd77f8a25a", "comment": "Malware payload (AveMariaRAT)", "value": "d44d2435eda49dc2706b7b5219898ef6d86689c3", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663430, "uuid": "7b855870-f7c9-43d0-a0e2-d97139785e94", "comment": "Malware payload (AveMariaRAT)", "value": "e58a7820b7586058889de996f3da279e4618bfb352931028bfff803c112e820bdfc4ff2e6a7d359e52f8ee52e406bd20", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663430, "uuid": "82f1377e-cd31-4ec5-9b20-9a7d1de32f5f", "value": "T155F3E020BBFCED25F35F9E7F68690A026121F7096792BB0F604E61745DC5FE0D290AA4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663430, "uuid": "4c8f3d16-f884-43a0-beb3-972dffeef07c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663430, "uuid": "07c49c99-4797-4e94-bd1c-52ae9f236ce1", "value": "3072:x8r8NJzhdWVl7nqHHdiFSBFRRwh9J9vZiEPUv6S0:xw81nKl7srF7whVhHUS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679663430, "uuid": "5dc174fc-d038-4e13-b49a-6c5ff7787c54", "value": 164864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679663430, "uuid": "ca5f440a-e7c1-49ef-8432-bf33db8b05f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663430, "uuid": "d1048c56-1187-4e8d-b978-5e046d2d42a6", "value": "z63DATASHEET.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ded1cfe-ca8b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679693517, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693517, "uuid": "90b061e9-7662-4244-aa8b-27070fadb66a", "comment": "Malware payload", "value": "ab325877a3a024da9fda1af137806144", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693517, "uuid": "6bfe727c-5ab1-4557-9e5a-b646b3f30fc1", "comment": "Malware payload", "value": "857217b72741e90dac37cfc2069753957841c31b224e6cd755c07833aa14dbe1", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693517, "uuid": "fde82f55-3c8e-4999-bb5e-cd7739dbe5e5", "comment": "Malware payload", "value": "a2bb2c49e9b2110824bdd57b5487b7376d9e8a00", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679693517, "uuid": "08d8daf3-62a4-4c53-b863-5713ce9c688b", "comment": "Malware payload", "value": "82f063f302fd35ef661309a58a31bd391cc992ecb5c98761b0af3624be95fa3f23fc8767363b85c3edd16940c2c82df7", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693517, "uuid": "4bed712c-b4e0-4aad-8da0-c6ec5c2bf394", "value": "T131A42384B64F2CD1847C020D242ECE682F898FFFFCD4BADA16E45D5B1216B65B857928", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693517, "uuid": "281e8ff2-0d26-4487-89df-5d512d03fa05", "value": "12288:DWcMt4cZQrTLZiT/qwuRb0OIo2BExKQM1O8umfF9g9xFt:KiTL4CrR4NzBExKQj8um99gJt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679693517, "uuid": "31ff7c3b-ff7f-4caa-8a66-82e011688802", "value": 481350, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679693517, "uuid": "1b5c29e5-a98d-44eb-8367-ad29570e1acf", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679693517, "uuid": "93c46efc-fa21-44c0-b5e4-03c94adc5231", "value": "bindropondisc11_SC.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dde1b4ea-ca09-11ed-88f6-42010a9c006e", "comment": "Malware payload (EternityStealer)", "timestamp": 1679637924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679637924, "uuid": "9092cc67-b07a-471b-a66b-11a2c2307df6", "comment": "Malware payload (EternityStealer)", "value": "1c69a1b3116f4287ed85eece698dca49", "object_relation": "md5", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679637924, "uuid": "2236440d-a3e8-4378-a0d3-962f7f84630a", "comment": "Malware payload (EternityStealer)", "value": "86cd6b87e4ade0b8e0d440a956644837d4ced2552ea0d7890ef70df61d686c8f", "object_relation": "sha256", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679637924, "uuid": "82b23b94-3e4e-4734-9a0f-9a12f1e9a07c", "comment": "Malware payload (EternityStealer)", "value": "8337da8c05c1d3951a5270d4cb4b5a414215f741", "object_relation": "sha1", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679637924, "uuid": "7d2a532e-f529-4956-bb66-ba6536f638d1", "comment": "Malware payload (EternityStealer)", "value": "30b9c5cb3f97b6a7bc986131c2369fb370cec2391f6ce135808791304e56153e16a4435b4c77108143dd7e9f7c625059", "object_relation": "sha3-384", "Tag": [ { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679637924, "uuid": "d7438ecf-dc1d-47ee-97ca-b64717c41551", "value": "T10E252363A7D881B3DAAD47B419F257D31F36BEA14E3483672205989F0C332E5563633A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679637924, "uuid": "ef9a56a3-7047-4fd5-8547-6a971f41d6f7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679637924, "uuid": "22ec12c4-7283-44c6-bfb5-fa1e95ef48b8", "value": "24576:iyAJGBbFcso4QzQEqUhNMaGMdoOTt8cPMDZ7ITRu:JvBbF/o4QzEUhN2upTdMa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679637924, "uuid": "4996ea5c-8011-4c94-b924-20651959be62", "value": 1050112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679637924, "uuid": "8dbb7122-b2f4-42d3-bd29-44fac64944b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679637924, "uuid": "a7d68bb5-0367-46f0-be6f-91187ed7ff73", "value": "1c69a1b3116f4287ed85eece698dca49.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4c84b55-ca97-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679698844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698844, "uuid": "7549a83c-df34-4b9b-8807-45250b22573f", "comment": "Malware payload (njrat)", "value": "23e67f3b7e85a2378fe509b732622036", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698844, "uuid": "43d64a79-acdc-4cb3-99dc-65b11d6438ba", "comment": "Malware payload (njrat)", "value": "887026dbafced2123c1a825a84aaed287abf56d5895cd31b5aeb8edd7c21e27a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698844, "uuid": "a651b6a6-a3f0-4b4c-8b72-3668082bcc98", "comment": "Malware payload (njrat)", "value": "0a150cb24e6c12c926c6138b2584787b2af06508", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698844, "uuid": "a1fdd21a-94da-4020-b411-b4cff74c5c2d", "comment": "Malware payload (njrat)", "value": "072790448734ad6b25d086f005e10b520a8239186f96c64f4224aa7cf6dd61ae2065d8f48e2386faf71c42c782bd4208", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698844, "uuid": "7651cbba-a4bc-45c9-a84c-186843c4cfa2", "value": "T13EE21BADFBE64466D1BC0AB50571950053B4E043E523F77E4ECB24E62B6B2D84B88DF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698844, "uuid": "e520f002-653f-4da9-94ea-756d02e401bd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698844, "uuid": "708e1c7b-2767-4d51-9906-4dd63f6f137a", "value": "768:sNu5RgJZLrGzxhuc0v0qvZhvv8dQmIDUu0tiBdj:9UKAVR4QVkuj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679698844, "uuid": "453fb2ac-05ca-43c1-a450-b7de021a8053", "value": 32256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679698844, "uuid": "dccb43b4-b743-4987-bf41-d5bdc86106cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698844, "uuid": "f1b29f17-6c47-4ed1-8fde-026a549883f5", "value": "23e67f3b7e85a2378fe509b732622036.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb388602-ca45-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679663743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663743, "uuid": "4d1b5722-dbc8-4fa6-8b0f-23d49b3401a6", "comment": "Malware payload (SnakeKeylogger)", "value": "d0daf4fdcb7713918de46b45bad5bf40", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663743, "uuid": "5033abca-9bfe-456f-aed7-d3577fcbaa83", "comment": "Malware payload (SnakeKeylogger)", "value": "88a828aefc78faed640ba8b9f9fe1f1da96f8e674a6c92e3b8507a2fef1384cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663743, "uuid": "e18380b6-c46a-45cd-a624-eb7f38d615a0", "comment": "Malware payload (SnakeKeylogger)", "value": "2a23a6813ae3735107da91695ee67f00633f6342", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663743, "uuid": "c0294822-8850-4bc2-93b8-8385359dab75", "comment": "Malware payload (SnakeKeylogger)", "value": "e105e76516ddbd2c0a1b860d3d2b285d3922d9dc938a799e30cab200da124b8daadbf8ec9def7ce386c59240c827be74", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663743, "uuid": "487ddf51-21c9-4a30-af01-84dae140727c", "value": "T112F4E055DDBA5E36F8D4D3B41010137A0768BBA11072E1498BF9A8CA3DEBF6306E494F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663743, "uuid": "f765b299-b51a-4153-a62f-a6be16b17b36", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663743, "uuid": "d35f9518-84a5-4452-81c3-d644540989ae", "value": "12288:LCNs/zl3zc4ipG/vlZ1z9xQAIVjjUVpyESpNYmAym+Zwd:L7lDc4ip8lZ1rQAIVjjUHyE+NYxB+ZG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679663743, "uuid": "c2e386b3-87cd-4096-9824-e40d04fd618d", "value": 751616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679663743, "uuid": "d61a6d77-3852-4cbe-adb9-ab37edeb3989", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663743, "uuid": "9ff66976-7f25-4caf-8921-ce9354514a19", "value": "Order Inquiry.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "629fe26d-c9db-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679617960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617960, "uuid": "2f2f7a40-98a7-4317-bc2f-32dc09d97d0d", "comment": "Malware payload (AgentTesla)", "value": "158b50ed16a8b040895dd357db227500", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617960, "uuid": "ee41dfcd-4238-48a3-b0ae-2834d3003f5a", "comment": "Malware payload (AgentTesla)", "value": "8905801a8273b80a87ba32aa8d1bc2897178561ea39f82b387c746ec7241e0ec", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617960, "uuid": "715e2746-5f93-4a96-8c22-6e0e65682ce4", "comment": "Malware payload (AgentTesla)", "value": "db6b836064bcff8bc85135640de48862e60b9261", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679617960, "uuid": "6b45a639-6a7f-4ea6-a6c2-ff472516fa46", "comment": "Malware payload (AgentTesla)", "value": "166e14442d6550523a22ccfc5ca622f1658c735a48ec824b6b6a65749ccca94fca67016c1bedf2282f720d854ceb2004", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617960, "uuid": "cb893a64-1f2f-4ef6-81b2-52e568f7e260", "value": "T1D5E45A3D2DB59D12F136E639CBD1C022A2B0DBC76B22DB1517D713488E42A57B8CE19E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617960, "uuid": "29e731d6-c3bd-4e8a-aec1-13aed793ee30", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617960, "uuid": "33876b36-4bc1-475f-9138-f8085c2daef9", "value": "12288:IVmcwNcKDTImiiik0eGAkZwAguAfKiOAlN:ImzNOmiVk2WP7O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679617960, "uuid": "e8fc1e96-0aae-4211-a978-a285bf2bd0f5", "value": 669184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679617960, "uuid": "a268aa5c-1a69-46bd-a307-faa755b19c42", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679617960, "uuid": "4d721be4-6700-4c7a-8ec9-0808d0627eb7", "value": "158b50ed16a8b040895dd357db227500", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "542e523f-ca60-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679675059, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675059, "uuid": "8411189b-6452-4385-9191-0dbac3703a90", "comment": "Malware payload (Gafgyt)", "value": "959fabc03ac8ef8e27b8936b51367b20", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675059, "uuid": "0d6c3d9d-6c7d-4820-ad33-d035eb6de8e0", "comment": "Malware payload (Gafgyt)", "value": "8970c5d903f2e579e2e686ef75054d6aace1e54e4180cded697a6110bbf07c7a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675059, "uuid": "70114fa6-5f7a-4ac8-8f26-fbb0f91b8e4e", "comment": "Malware payload (Gafgyt)", "value": "a5b04383ff3c458274ed6f165dc303ca0c8cdbb2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675059, "uuid": "2f99c654-305c-4866-8823-f9e718c8d6ac", "comment": "Malware payload (Gafgyt)", "value": "9d3b1299b3e635aa393dca45d7511d9e96a32df7a8d57f5fb1bca57ef7ab62c1ca0630a70857bc606c883feda856b8fb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675059, "uuid": "d44dc2a2-90a7-48ae-9b6d-97b893ca54aa", "value": "T144C3FA2779752353C077B3B48FFB13A053BCE7A00B166083803999959BB767D4862EB9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675059, "uuid": "b6f8f437-4878-4077-a5dc-aa016ff7a563", "value": "1536:f3+w+IQhTb2sf2le45zbc0rbMbDCQ55hb9ADrFOTV6D1U/RkSye:fuRrWrVc0r+35hbQrFOTV6D1oRkSye", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675059, "uuid": "1ea8685e-beed-4e20-84be-5f1d0a0ef407", "value": 126049, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675059, "uuid": "29254cf6-c1f4-4a0c-811f-81fb954473ff", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675059, "uuid": "069e36ec-53b6-4561-bab6-597f23391dcd", "value": "959fabc03ac8ef8e27b8936b51367b20", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a498770-ca2d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679653058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653058, "uuid": "5fc8675e-77b3-436f-87b4-48581c169aa6", "comment": "Malware payload (Smoke Loader)", "value": "fc972576be9bb5ab5b861f5dff64332f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653058, "uuid": "6871a793-94bd-4d1e-8e78-bb2cb6c95bfe", "comment": "Malware payload (Smoke Loader)", "value": "89c220b333799268134188e0caf76d5259a8fed81d38c5553589b380a84b3a79", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653058, "uuid": "1a874f65-4849-41c9-a85d-d28fe0b22d9d", "comment": "Malware payload (Smoke Loader)", "value": "50379f22ef61a0f05cf246fc0bb3c3c40fca1822", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653058, "uuid": "29d88ef8-e438-43e3-a71d-7c2d3503063d", "comment": "Malware payload (Smoke Loader)", "value": "696f9159308def62a20437452c4e49f550051adecc22b6eb777e965924ef6cb7ab67d351542f51e45b6f0e7890915a75", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653058, "uuid": "dbb8d1e6-dd92-4a8a-8aea-35250251d702", "value": "T1D0347D1173E1B960E12387328E2EC7FD663EF8E1DE55BB6E13459A3F0970262D662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653058, "uuid": "72dc95b7-b667-4d9b-91b0-5132153d9167", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653058, "uuid": "9ca56e35-f2ea-4541-835b-bfd366ce8099", "value": "3072:MVLFzTC3rjtdx+AT3RqriuD48XVebVQgBAo5v/JQMbO8nG5EGeiWNObVq:YIpx1e7VWxJJQMbO0YEGeij", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679653058, "uuid": "854b946f-5ea4-48e3-9f28-b85562b2d4ee", "value": 251392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679653058, "uuid": "f6053b08-482b-4705-8673-4c2e1171347d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653058, "uuid": "e59f888c-0e4e-4ad1-8513-6fe21fbcb74e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76aa84c1-ca3b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Meterpreter)", "timestamp": 1679659226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659226, "uuid": "80152751-6fd0-4412-b311-c25590e2b102", "comment": "Malware payload (Meterpreter)", "value": "fc4bb3140f35cc8abd681b63096e7b81", "object_relation": "md5", "Tag": [ { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659226, "uuid": "07bd5112-064a-45b8-a6c0-a2e3f4ce1eb1", "comment": "Malware payload (Meterpreter)", "value": "89c3af5318ed0d9de1f320f94152a6730a6a3cbef53593e2a23765da015132d9", "object_relation": "sha256", "Tag": [ { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659226, "uuid": "6dc9d026-e64e-4283-b86c-04799d49a7e1", "comment": "Malware payload (Meterpreter)", "value": "0946eff5c8cb8bca76dc0702e15076a332929439", "object_relation": "sha1", "Tag": [ { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659226, "uuid": "ec84e71d-0d2f-4c34-802e-ca0ab34ec1da", "comment": "Malware payload (Meterpreter)", "value": "cc37e45cc5c8885cc6abd4d556ad0eed517cc5ce75ac5db6e1ab19abeb53b7d1ca985a1e851170defae1dcd6794c317d", "object_relation": "sha3-384", "Tag": [ { "name": "Meterpreter", "colour": "#17CA6F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659226, "uuid": "1370cca8-41d7-4086-bc81-8ab91e8f2d7e", "value": "T127B14477533A48F2D0785BF4094BD04D93BF95200B7940E37983A55025012EEBB74F05", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659226, "uuid": "d0f8a197-85bf-45d1-96ca-9a6f0c4e7196", "value": "22647e5b96f2de81d003f25d98d7d2dc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659226, "uuid": "b751ad13-e873-40bf-9af3-f7d92ea1eb12", "value": "24:ev1GSFGFajE/K3tQ3zSaJ2IkM6Pv617s3h/LjpKpuMAmwyhZojsYM:qFGFajFK3zSIe7h/TMXhZogYM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659226, "uuid": "7ce878cc-e18a-4295-91f0-82109558b4ab", "value": 5123, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659226, "uuid": "34cf598f-eb5c-4d1d-8d98-8b170253c1c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659226, "uuid": "7f7dcb4d-b5bf-47dc-aa11-6864cce0c47a", "value": "fc4bb3140f35cc8abd681b63096e7b81", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "497fd395-ca88-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679692221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692221, "uuid": "02612eea-abe3-4b32-8de2-20ac37a84153", "comment": "Malware payload", "value": "abc1082fec08a94f36a5b474db619f59", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692221, "uuid": "24f942ac-7bd6-483f-b392-617c13d07527", "comment": "Malware payload", "value": "8aa50f524b99eb9973dbde652c6de924849432be9d080866bb78f13aa1c31967", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692221, "uuid": "004e720f-0a9b-4703-8607-5e3aa6cb2ba3", "comment": "Malware payload", "value": "05d0065526e8653d3b1bd7008f233772ae9fefa0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679692221, "uuid": "db1df6ce-126d-49a8-b5a1-685c708e1eb3", "comment": "Malware payload", "value": "e7897951717cf125f5529e0fef4294e62a272428daf6c85d3b30e79aee8d433a794d5b8e82a41442eafe50fef8e5a4da", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692221, "uuid": "3c2071f9-bfc0-47c6-ba1a-11ef380426e2", "value": "T191548F1273E0F970E61747328E2EC6FD2A3EB8E1DD15BB6E1249993F0D702A1C662715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692221, "uuid": "82bcfcc5-1df4-4012-a1b4-134d153e25b4", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692221, "uuid": "571603e4-593b-4f32-b808-fa9740c3cdd6", "value": "3072:Qo+ftE2FELFq1dC0wU1gnZ3ikZPBYhNBwQUpv/8TnZCNs6Y1GcrvF7lwWbGkt9mt:tii5EtgnZfqhNBG1kENXXczx2tp8Pva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679692221, "uuid": "672dc848-4819-46a8-ae9a-bad80c14e6dc", "value": 283136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679692221, "uuid": "fee60dab-4d4c-4352-bcd8-040a218467fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679692221, "uuid": "65d9ba7e-4f4e-494c-b832-3b5736ce68ae", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd27741b-c9e6-11ed-88f6-42010a9c006e", "comment": "Malware payload (Nitol)", "timestamp": 1679622863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622863, "uuid": "bf5c1ef5-afa8-409d-8388-8026982f6be8", "comment": "Malware payload (Nitol)", "value": "f1ec2cf6256a7c8543586065a07da47a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622863, "uuid": "c963266d-919b-4c6b-9fee-a2581793c741", "comment": "Malware payload (Nitol)", "value": "8ad50e2cd339bb8033e62937f73308441bdbe8acf61ad9edd1489eb35f3a2895", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622863, "uuid": "1cb45752-ef9e-4c0a-ba07-fe66210a06e8", "comment": "Malware payload (Nitol)", "value": "4b09ea264e9762305f30668fe2ce7fc7999adc2f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622863, "uuid": "4671181e-e5d3-471c-93f5-b596c05ad5ca", "comment": "Malware payload (Nitol)", "value": "50d3e8ecdf4e9bfa15edd2dc3e2f0640bcc32840cd56ef4fe5937c1b8764b9346f1f04670a023d62ea113f7878d1661b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622863, "uuid": "0b9892c2-0e8d-4c82-a29a-55c5e25b2118", "value": "T1D5B312DC1F3704EBC6524A7007EDCE7F090B7301EEE3BB69AEA9A31495794D90A93941", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622863, "uuid": "109bad74-a21a-4cd1-8fa8-3d1a044d4355", "value": "6ed4f5f04d62b18d96b26d6db7c18840", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622863, "uuid": "6655f40d-3c07-44de-8cdc-4a13bf86389f", "value": "3072:yyETbqC8r+DfEnMIXRyGcCHwuWWDPD6QbF6sRa:DEyifMXfcCQ+DOpC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679622863, "uuid": "fa65147b-61d9-4be2-8cc1-d9a1f077d802", "value": 116736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679622863, "uuid": "086cc07d-f96e-4d98-a71d-31e784516016", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622863, "uuid": "4b7ef79f-4f73-4e91-ae3e-91a3c37a9d55", "value": "f1ec2cf6256a7c8543586065a07da47a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bea8e110-c9e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (NanoCore)", "timestamp": 1679621980, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621980, "uuid": "57181e19-a978-401d-bcfb-14e063699324", "comment": "Malware payload (NanoCore)", "value": "49fb7a401e3e3aec30bc4ef9f38a9db8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621980, "uuid": "5b687843-0e09-4624-8544-43459e2fda31", "comment": "Malware payload (NanoCore)", "value": "8b1733372859ca38e68f6041f34097604546024ff22d9151bb985e6fc173093b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621980, "uuid": "e117093d-39ad-4497-bcf2-20b1f0233519", "comment": "Malware payload (NanoCore)", "value": "594efdc82fb2d73fe234e98d5d1cf6d71571d5ab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621980, "uuid": "d2b1173a-75b9-4ad4-b399-af6164eba652", "comment": "Malware payload (NanoCore)", "value": "ad6212f56478234b117a1e54fc21c83574b48d6d4945186053bf46c90037fbfb84ff425f7913de6bc850efc666ef772a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621980, "uuid": "1767713f-4332-4ede-acdc-0e1fc30042e9", "value": "T1B7C4125633E80A2FD2DE867975221696833DC2E79DD3F3DE28E454728B623E446031E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621980, "uuid": "5399df5a-4df5-4954-bf72-89c31c6797b5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621980, "uuid": "6a397990-8457-442e-984d-33b156aac001", "value": "12288:ULV6BtpmkEpVzCkqNaYrVMuAGyNw1Dtf5fOChGow8cwG4Tj:mApfuzCJIYuuh1pf5fSNNt4Tj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621980, "uuid": "281b15bf-06fe-46ef-908b-33cae6ed2416", "value": 565760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621980, "uuid": "7c3a5131-777d-426c-930a-5e66b477eb68", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621980, "uuid": "63246baa-6607-4b78-864e-8bfb237b4792", "value": "VendettaFINAL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "585b9487-ca62-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679675925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675925, "uuid": "be5ce0ed-3f58-4a5e-8de0-2d623db1de69", "comment": "Malware payload (Amadey)", "value": "75fdfeea880280c0fb6d07a3f45e2164", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675925, "uuid": "e58ae6bc-2a9d-4f3b-aef9-cad67c4239ce", "comment": "Malware payload (Amadey)", "value": "8ba8cddcb2504771225554a9de43324648607e3603a4d0d9e55bdd28b5db6611", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675925, "uuid": "c6ae55ab-b48f-407c-bdd3-1c4359bf768c", "comment": "Malware payload (Amadey)", "value": "1323371a69ae70ab660fdfa708433cc979999ba1", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675925, "uuid": "374631da-42ec-4e4c-8abc-1343dcb0c9d7", "comment": "Malware payload (Amadey)", "value": "5f4bbc231ba1e7d570471f8fe6406d062cc2c9f2bf8fdadba169070f9f01bef45686064568a4b627acf90d01ad7a973a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675925, "uuid": "eeefdc13-4cb7-4060-bb0c-3f926894419b", "value": "T1B4059C927EC67EA2EFAF55B38360EA3D111623AD03B05ADF7743059D3954EC2413EA06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675925, "uuid": "32d0dbcf-5e95-4072-8867-f16f80abca26", "value": "0d65617cfd2eeeccf3175fc27ca72f6f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675925, "uuid": "07a10dec-e36f-4986-91d0-3673d9de380b", "value": "12288:D2s0sLs8IcuAHGW8bzbBSre9Q0uqZzD1reWabd/qIK8Km1woE:D22LDHGVX1t+QHT+dSIK8/1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675925, "uuid": "745daf58-ad67-4082-aff1-4cd90af51f0f", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675925, "uuid": "031b77e5-468b-4159-8d9e-3aa0a342f716", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675925, "uuid": "ed879b40-9732-4861-9d8e-9f2409cda8c1", "value": "ExcelAssessment-32bit.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a93e290-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679640307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640307, "uuid": "5605b213-7ac0-45de-967b-78bead7654fa", "comment": "Malware payload (Loki)", "value": "51a387b9b5f5c0645f72573bf175f9ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640307, "uuid": "1cf5256f-856f-40e1-a448-9d8089354c07", "comment": "Malware payload (Loki)", "value": "8dbcffd97d94be3165aec10026ea0019f4dc271f39791cec1044a4851a7c5db4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640307, "uuid": "6481cfe6-d4f4-4daa-bb88-9f9e4b40f485", "comment": "Malware payload (Loki)", "value": "e8c2ccb11ce035998e0d912390b4e5bb6a312b2d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640307, "uuid": "19af8472-31f8-4e8e-b7eb-023a0931b83d", "comment": "Malware payload (Loki)", "value": "3166d5402256a1270a2700cf67f3805afa7b48886db4a5a1b97de1d6f29c512f488480ad5eb1523bf636aab35753376f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640307, "uuid": "ae0d75ab-0cd3-419c-91e6-a729e5e1d708", "value": "T13DF4D001AEB94B35F5E5C3F51930133A13A97BA21071D6188FBA68C92DEBF6305D0A5F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640307, "uuid": "eba74e16-3b33-49ac-902e-96b719f4324e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640307, "uuid": "312181b0-fe50-4279-9afb-785c611adbf1", "value": "12288:EwmZwdXPwaCzfSrsvsMiT8uNB6gfEtl0lKvUq3Ny5j0mmhgG6fp0oeb+JkpvOzMQ:EBZGXBqfUYczNTfilNvUq3yArBKpHkp9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640307, "uuid": "6a04f3fe-b504-43a9-8de5-9e38ec9926f2", "value": 752640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640307, "uuid": "1359758f-59fb-43cb-832d-abf6079b026c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640307, "uuid": "93ff7b0f-878a-4b27-aaba-fc6163690231", "value": "51a387b9b5f5c0645f72573bf175f9ef.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb9e5314-ca4f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679667931, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667931, "uuid": "ee16ffd7-608f-40fd-944c-c435fa2f9803", "comment": "Malware payload (Quakbot)", "value": "2d5ad3bd3fab871ea412bd2c26580ddf", "object_relation": "md5", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667931, "uuid": "c0d1db54-a3d1-4522-a1d1-87dcf8bce8ec", "comment": "Malware payload (Quakbot)", "value": "8fce4c9d0474fbe04c61686f02e499c07c8e39f00e236046c9cff339721cb0f1", "object_relation": "sha256", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667931, "uuid": "684e28f0-7f30-4524-a9e1-b7940a5789a3", "comment": "Malware payload (Quakbot)", "value": "a48ba96deaddabb41f20bee911512a7967897401", "object_relation": "sha1", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667931, "uuid": "9f42b8ee-0b53-4729-b4ba-cd272ac00d96", "comment": "Malware payload (Quakbot)", "value": "df2295d2ed3a95e683c34fe142dfab6b7a03bed4fd6ecf9a2195e5213a4f822b344a7a9c3961425bb7ec640c6cf24bfe", "object_relation": "sha3-384", "Tag": [ { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667931, "uuid": "7efbfc99-e991-457b-8ce3-a29cb3c343f3", "value": "T187458D43BBC7C1B1DFD605F695766B7A4939B9380B3888CBB3D0346EC9A06C1A635316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667931, "uuid": "bbe16788-ecfc-4f89-b708-e1a5d0065186", "value": "c838d1a15fac6fddafb036f322459302", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667931, "uuid": "8474c6a3-65be-49ba-ac96-66f58248061c", "value": "24576:Z/QKBLJ2TutS+yAFHBdfuwufXJFeZahuC9T6r57hoYNtwj:SRgqLMZc9TY57Oetwj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679667931, "uuid": "df47a377-8fa1-4c1c-a65b-8fbce3bad95e", "value": 1167795, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679667931, "uuid": "04868d25-ac02-437c-9ca4-11ce51049398", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667931, "uuid": "7e8bfbb1-8f7a-4ea7-a3ed-5eeb72d54e14", "value": "Echinostomiasis.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b39af83-ca4e-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679667367, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667367, "uuid": "d7df84ae-950c-468e-a543-f3bc40e83955", "comment": "Malware payload", "value": "6c23134b6c6a637fbaefe1425dbff688", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667367, "uuid": "3da5b779-88bd-48d0-84a3-3de0e99fe81d", "comment": "Malware payload", "value": "90016f7bb8185bdf92e213ba01119f774b2fec3ca84702ec6bf92bf5e86690f6", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667367, "uuid": "3d11b457-56bb-475c-b700-4d7550c71ef9", "comment": "Malware payload", "value": "5519a761400b895987d3373021a8dcec83f10429", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667367, "uuid": "e23267d1-b7d3-40ad-aae6-0919df1cd9ac", "comment": "Malware payload", "value": "cd6d3bd28c95e04aadf437b5ca05312e884242fa2c9fd083a9421f2ec4c93bf3ce359b11e92018973ea4bf870a326bcf", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667367, "uuid": "fd53ec3c-0f79-4052-b558-079706e8b25a", "value": "T10225234DE893C44AED7E303212C743ABA755B817B9705B2CDCA3F2AE5A011F6271749B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667367, "uuid": "93bd0ecf-5318-42eb-ad89-4eacae851079", "value": "12288:GPy6lP24qasIspwNGfshY9Zc1yCLFuIHhh9A2hQYoO8/gU88HkeygkNvvPJ2zNM7:Ga6V24qpfsEZckCprC81JUMFfF4j6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679667367, "uuid": "df71d18b-9c3a-4cd8-af5d-518a527adffe", "value": 1022096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679667367, "uuid": "952976cc-de2d-4ff8-9684-54ee82b54198", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667367, "uuid": "b97fff8f-bc56-4965-8011-0584edf677dc", "value": "Week 10 2022-23.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0986f931-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679639715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639715, "uuid": "73a160b9-2d49-47df-806b-4407714d83de", "comment": "Malware payload (RedLineStealer)", "value": "bd308fdc3dad7b71a15b2ab609a49922", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639715, "uuid": "a5367410-89db-4928-a5c0-851e80584173", "comment": "Malware payload (RedLineStealer)", "value": "90655e3b08fb570c3a012f636be8480f8b3a6eace0c39ecb92cddc5e860bc240", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639715, "uuid": "b22272ea-fa19-4d8e-bb5a-853fb0435648", "comment": "Malware payload (RedLineStealer)", "value": "4f6a6cc92d2fdc3b1c7caaacdb4dfbceeb7329a9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639715, "uuid": "7e815cf5-1ac8-46c1-beef-da91615cdb09", "comment": "Malware payload (RedLineStealer)", "value": "d06795551c87fc8c0381ee839ab783af6fc97d2606bcea5f2ac260c14638f15882ecabad653c822cc489cb6db428e8ba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639715, "uuid": "5cbb73c1-eac5-486d-ad46-14282371f7cd", "value": "T1A4251203FDC59472C47219335B586B21B93EBE101F65CEEB73D46A2DEA214C0E7352A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639715, "uuid": "01dc464a-41c0-401d-9cc5-6ca7ce9a8365", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639715, "uuid": "e0caba59-ac07-4a85-90d5-82036a2dc3c8", "value": "12288:FToPWBv/cpGrU3yDT+tjI9tnj1i2+Qrm0OodmKiZ3yxSxiWuq9Hz9MX3oXjJ3LHV:FTbBv5rUlIfj1z+EmcdDykqvTJbHnV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639715, "uuid": "621ca05d-780b-41df-bf77-054f24c43e09", "value": 1021599, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639715, "uuid": "eead5394-40c9-4c3d-be04-283e1ac64f38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639715, "uuid": "eb0a00f0-8709-43e7-94cf-c922a46a40a5", "value": "bd308fdc3dad7b71a15b2ab609a49922.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7d54f12-c9d8-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679616788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616788, "uuid": "3949e8e3-b85c-4269-b802-e1e16ba07583", "comment": "Malware payload (CoinMiner)", "value": "ad4a274aad0b6a82d12fd72316592d38", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616788, "uuid": "f62835a9-975d-4a05-bcb0-738a9b83cbe9", "comment": "Malware payload (CoinMiner)", "value": "90ac1c4e7958aef9906ca6fd3bc52caece7b8dff721e4f370ec3af6168dfd53a", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616788, "uuid": "2e36b03d-6956-42ce-b7c4-24bf96c8802c", "comment": "Malware payload (CoinMiner)", "value": "58e33a039d2555909f0ded2393a7c9ff1c2df3b0", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616788, "uuid": "6aac811e-6530-45cf-91e5-5e63cb48ca03", "comment": "Malware payload (CoinMiner)", "value": "b0ac93125d6e7a1845574e49f2bdfa557c3d7f91daa80e04b10ec7bf7ccb83d0d393e139cf80d4ac53f89e0af6cc072c", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616788, "uuid": "2cc7a3c1-fdfa-4678-bfe9-e41439c44cbe", "value": "T12444CF2272C1DC72E95A05798821CBF86A3ABCB08B55C5C777442B7E1EF13E1AE35346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616788, "uuid": "fd388e2c-438e-41a9-b84d-7c5006f98f94", "value": "58071948c33b7dec9bea638ac45f94ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616788, "uuid": "08c1bda7-55ec-472e-8c33-62717a52dcc4", "value": "3072:hZDU3bCDIiVlLF+ebDY/VpbaANAHd3SzH1WjFnfkS5hZw5swVa:/UaVlLwCc/V9u9+WRZ2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679616788, "uuid": "724ce7b6-e0bc-4b8e-97b6-5004f73150fe", "value": 264704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679616788, "uuid": "590a21a7-d433-45f9-8562-fc25d0f74e93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616788, "uuid": "79567bd5-1ad8-4667-9202-36bb0d75b217", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5367a8e7-c9fb-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679631679, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679631679, "uuid": "1f49a7b3-9152-4561-97a0-a5fc72918246", "comment": "Malware payload (Mirai)", "value": "dbfa6d945797587ad2e7e7faae044a96", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679631679, "uuid": "fe8e4ca3-bee9-47fe-9938-85867aa7001b", "comment": "Malware payload (Mirai)", "value": "90d174800ee67d898d8043582fd129d9b94c6cf38a9faa8f5fa2bea7e594cda2", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679631679, "uuid": "44b37b06-2a86-440f-bd80-bd6b2ec1f684", "comment": "Malware payload (Mirai)", "value": "3b1b0372894a19c24e5f74fd357fe6ae207a7763", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679631679, "uuid": "86a7d7a8-2e70-4daa-90d8-765cbd2bb754", "comment": "Malware payload (Mirai)", "value": "4addc35e9c833508694f4ceb60351b291cc9c5caa4e167c5a464ad1675c301f0a25740d9b126c3f7b84092d866cc2657", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679631679, "uuid": "ab883a5c-f4e2-4444-9f32-fc931410f640", "value": "T14C633B9AF801DD7DF81BD77A4453090AB630F3D512830B3B6397B9A7BC721985D22E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679631679, "uuid": "41a284bb-493f-4b2b-b29c-49f170e342e2", "value": "1536:/gwl1AZMo+DYT9X8VBDG1ox6OjpdJn77MVtqGtQkQ:/gA1A+PET96G1y6yp/nDGttQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679631679, "uuid": "82534d42-2452-402e-adc0-dfbc7c708cce", "value": 69644, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679631679, "uuid": "a6fa4547-6bf2-4b53-80a7-5454bfd0eba5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679631679, "uuid": "3721e581-c014-4168-9e95-ac26af1587f9", "value": "m68k", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1660d08f-ca44-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679662930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662930, "uuid": "57b38469-4d8e-41fe-8120-5bd085c850be", "comment": "Malware payload (Formbook)", "value": "ed07c2c550fa6fe55afc5d683cf522ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662930, "uuid": "acf58c28-87c2-4dee-9b6f-07a4e7b80e6d", "comment": "Malware payload (Formbook)", "value": "91220ea3c0c0c29ff200847c1b57713f299e74c789cedaf4f0008981203f2995", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662930, "uuid": "9b23f74a-11be-4b96-a6d0-6f13451ccc96", "comment": "Malware payload (Formbook)", "value": "26eee5d9e33659c9ff7e915afa81981c122772ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662930, "uuid": "3ed8e01c-9f7f-4a69-9389-3412df2b77eb", "comment": "Malware payload (Formbook)", "value": "9e0d14e9c6a7f12ebe58f31ad2b879c0793b3424a33eafcce6202af047b44e26322d412df52f5e41e75e83c3fb52f540", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662930, "uuid": "25086249-59cb-4b87-b0de-ffb80e68bf69", "value": "T11805E004DD3A1E76F4E6E3B41060133A17B8BBA11062D6488BF968CA3DDFB6306D595F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662930, "uuid": "30ec320f-e05c-4ed0-b03d-76f1f5dbdfc0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662930, "uuid": "74bc4f07-9537-4287-a0d2-31e123434c15", "value": "12288:CGnNs0n+3yXHcA+USqhO4X6a+h+7E9EqDGCVG0OGWKyjN/q6AU3uZwd:JnbnYlUSqQW6S7cZVGoWJNS633uZG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679662930, "uuid": "abc0e9a1-c138-46b3-b5a1-f2bb00ecd3f0", "value": 812032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679662930, "uuid": "5b59882b-c477-4ec3-a492-d503404bd7d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662930, "uuid": "d6c4bb8f-8c01-4d70-910a-baf0a37adc8b", "value": "Return Slip.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33d00c0c-ca4c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679666415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666415, "uuid": "46fa6de7-3100-4a96-a672-a330d44068e7", "comment": "Malware payload (AgentTesla)", "value": "e707a300a4b6c944c4fa6065c900bddc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666415, "uuid": "9ea7599d-25c4-4865-b474-5cd158954e02", "comment": "Malware payload (AgentTesla)", "value": "9136d00fe273b059f1064a9b5a2fd9a16aa0ea2cc40b3938f32d21286107174e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666415, "uuid": "92198936-ab80-4a0c-9980-2696364647bd", "comment": "Malware payload (AgentTesla)", "value": "b5f42ebc3c3003739e182e0715da3c27d840ebdc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666415, "uuid": "2df15e3f-2971-4956-9b59-7da5997f8834", "comment": "Malware payload (AgentTesla)", "value": "19f301a1aa762175af1b1bd09e18b8cf976919444b5d775ca98ba631736a02e284da243272c386399c1432c6bc838cb3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666415, "uuid": "484ca4e3-c3e1-4d78-a3cd-1ffb3ca1f02b", "value": "T11D1522402F6C4972D72D17BD25F7E0DC93B06866CB28DA2A2D8C55DDC8CE70986127BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666415, "uuid": "a39875e1-ae88-4809-8cfb-a043a0c263b0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666415, "uuid": "269d99ef-c550-4743-b966-a1d5d2256ffd", "value": "24576:G+S5JMzjCZFuGKhuKo/ADSN0RY+bmQ+GVzhQDm:G+72iKKHGN00BSuD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666415, "uuid": "05d021bf-b495-46ae-af69-fbfb8aa021d3", "value": 904192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666415, "uuid": "c9ceec34-5c77-4698-ae3a-17bb8cd67b28", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666415, "uuid": "77fdbbb9-168b-43f8-8b8e-7651d08be2cc", "value": "50039571.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a72376e-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679639958, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639958, "uuid": "1655aa40-718a-4240-bbc2-8582108bd9e4", "comment": "Malware payload (AsyncRAT)", "value": "5e2d96e18e9f50558282b844f9af47c6", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639958, "uuid": "6bc83c48-439a-46fd-95b1-4dd6a3eb7f0b", "comment": "Malware payload (AsyncRAT)", "value": "927fcfec5aca05e59135e5679883db421b1d78d3b0ee44e316cb2f3da1ba399d", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639958, "uuid": "53aac0d1-bdd7-4691-8ee4-a73bfb7b2a2b", "comment": "Malware payload (AsyncRAT)", "value": "5b5b3ba7c3f233f18c9eaef6903ba9e9c2cfce7b", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639958, "uuid": "a1e06629-6a1b-4e6b-853b-30aaa9c0b249", "comment": "Malware payload (AsyncRAT)", "value": "8efb897b04e99152a1683417638d559d4fe29b9d02fdf1c22c31a904d918ca62a87e45b53921a11b51f84dcb9818eebb", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639958, "uuid": "c2aaa916-07ab-48c6-8119-6bc031a7354d", "value": "T14D73BF13AEA36E06CE1814A50EB74D78CD75229F54E1A5EEC541C3E06DDB04DBEE6CB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639958, "uuid": "948ae170-f2af-4228-9a5f-0c5de5cf67fb", "value": "1536:l+++++++++++g+++++++++++M+++++++++++H+++++++++++7+++++++++++I++C:q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639958, "uuid": "cdf11120-76a7-4451-b9c3-e1f231c16316", "value": 77472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639958, "uuid": "918d669d-1318-4d4b-b52b-3f57de6f69a1", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639958, "uuid": "a4ad99ca-effa-44fd-9359-255063c4d418", "value": "15-10-10-36.JS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d367f9c-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Hajime)", "timestamp": 1679659478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659478, "uuid": "61ba9092-f27d-4de2-a81d-2101a0f903a1", "comment": "Malware payload (Hajime)", "value": "ce6408b61924820392a28a866c7bdbb2", "object_relation": "md5", "Tag": [ { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659478, "uuid": "24c2d9fb-0335-4d2f-9292-8f1c501688cd", "comment": "Malware payload (Hajime)", "value": "92b2909aafb87d9a520ef5f3c23ac3c8287a94ed7028a590949c24c272933b95", "object_relation": "sha256", "Tag": [ { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659478, "uuid": "cb0ed51c-174f-456f-adf5-0f0e71781194", "comment": "Malware payload (Hajime)", "value": "812e734e52ab71de0605b557b1ca50a00b513148", "object_relation": "sha1", "Tag": [ { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659478, "uuid": "01fd05e8-5e80-4942-a365-afb87ada816e", "comment": "Malware payload (Hajime)", "value": "a95ff4a89cd8cf80a92be878a2b9e77a1a434f75c0abf35244f0c0919fbbb67eb8b33b6c8e49f1b083cde1b17841e7d0", "object_relation": "sha3-384", "Tag": [ { "name": "Hajime", "colour": "#A08D3D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659478, "uuid": "02ce44f8-b215-4464-b062-13d8c1ab18e1", "value": "T164F020F85BC49E57D9F421BDD4AD43B12703CB55D55BF797D01440580C03064AF5E690", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659478, "uuid": "5979e06d-a8b4-4893-9b82-d1387962880f", "value": "6:Btk/t+l7RY4R1+st8zlxQPibhYmhVH8f/I9glq1WZqDQKIqGgZsIvhP:BLey5AxQPiemc/Tq1WsQKIq57vZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659478, "uuid": "b6b1bca1-f9a2-477d-9149-7984a0f93adf", "value": 480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659478, "uuid": "f91859b3-55d3-44c2-acb1-e5b9afcac300", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659478, "uuid": "f4b09b5d-a6c8-4a52-ac51-6d89c0fe9507", "value": "92b2909aafb87d9a520ef5f3c23ac3c8287a94ed7028a590949c24c272933b95", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2e76787-ca2c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679652992, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652992, "uuid": "b0dfc406-a9ae-4aa8-b60f-ec60b4c3c1d3", "comment": "Malware payload (Quakbot)", "value": "64f7744b343c6311f84aa4279fe7867f", "object_relation": "md5", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652992, "uuid": "bb4ede1d-a5ae-47e8-81c3-5e02af212aec", "comment": "Malware payload (Quakbot)", "value": "93163742e6258aabd87424525982393577fb6d9578ac81504585ab520bd9c09e", "object_relation": "sha256", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652992, "uuid": "39dd13df-6533-4ab3-9133-0993ffc0cc83", "comment": "Malware payload (Quakbot)", "value": "60fd834da4d60ecb8395b26edb1bbf70f2f7254d", "object_relation": "sha1", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652992, "uuid": "df6fa2f1-98b8-44fd-a752-456058e32c8e", "comment": "Malware payload (Quakbot)", "value": "1e38ef3c23c6b79db4ceb4ac16d2caa875065fa1483044deb82d543baa2d2ccfaa75a04e9cdc164f2f85514e58aad502", "object_relation": "sha3-384", "Tag": [ { "name": "1679552371", "colour": "#47A346", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652992, "uuid": "2724e89a-abd0-44cf-a115-64a74cf4ca42", "value": "T1E7458D43BBC7C1B1DFD605F695766B7A4939B9380B3888CBB3D0346EC9A06C1A635316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652992, "uuid": "5c20bcc7-c12b-4dc6-ad28-5c79b7b85a0b", "value": "c838d1a15fac6fddafb036f322459302", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652992, "uuid": "105187f6-afbb-4939-b693-4cb200d56ab8", "value": "24576:3/QKBLJ2TutS+yAFHBdfuwufXJFeZahuC9T6r57hoYNtwj:cRgqLMZc9TY57Oetwj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679652992, "uuid": "7e1543e7-b8fe-4669-900e-b7e00fb4cf64", "value": 1167432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679652992, "uuid": "a9430939-76d7-4158-a3b5-39bc6d7f50a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652992, "uuid": "8b0498b2-3165-40b7-b4de-3a7a9cb4e301", "value": "neoplasmsFormazan.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0dd6380b-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679659479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659479, "uuid": "720d263b-e1da-4b78-ac99-ecbe24fc461c", "comment": "Malware payload", "value": "7b224c95d2d1becadb913aef24cf619b", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659479, "uuid": "159da5d9-7a8f-4fc4-b212-a2569e094ad8", "comment": "Malware payload", "value": "9323a7b3badfbaf4585a20d3cc145f3d6f847b13cdaf7a681ba7fda187da715b", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659479, "uuid": "a8a734e2-f675-4867-abe2-e04d297458c4", "comment": "Malware payload", "value": "caf2434c2f4517f398fb4cda92266351709013e8", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659479, "uuid": "c043a1ee-aaac-4fb6-a9d8-8d5b3f465b7d", "comment": "Malware payload", "value": "038e2643b4a58db447c9b7db4ecee060122dde040cdc5c573c3d0bddf404561134e638f74db412555fcf3426fe21a119", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659479, "uuid": "d795991e-fc8d-4252-842b-f93491e71b39", "value": "T1A3F02B57575C6DE7E9B827F4084F33786793E812120153CB114621225C93EC00F51440", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659479, "uuid": "36c6c060-c7c8-4125-9341-0fe67204d4aa", "value": "6:Btk/tKP2Sl/4lXYls1wzFkrc0BMZzaqnMDD9BfhOlreCqDUGPselM:BX7toXIs1lY0OzOffoOUAs6M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659479, "uuid": "7ecdc99d-5257-489d-90f1-75fa43fe62f3", "value": 476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659479, "uuid": "0d59f2f6-2675-443b-abc4-dc0f6e2dd6c2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659479, "uuid": "dc17da3a-5c6d-4f23-9621-2f4b2e7a3958", "value": "9323a7b3badfbaf4585a20d3cc145f3d6f847b13cdaf7a681ba7fda187da715b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f36300f-ca25-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679649818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649818, "uuid": "6702c562-3dcd-43d4-b0ee-ceb0d7f7da4f", "comment": "Malware payload (Gozi)", "value": "7cbd4c0112b434cfec8d65eb13c4cde2", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649818, "uuid": "f549dc0f-3f8a-4191-9db4-e6594734bbcf", "comment": "Malware payload (Gozi)", "value": "9338f0d5b65469305cf0b92c722eb6efad79fb34219efb62c833ee5f10d5e905", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649818, "uuid": "6b23bb76-33c4-4b28-a884-4c6fab6c49ba", "comment": "Malware payload (Gozi)", "value": "138bd62139a29af6371225dfab9aa72075d42fe9", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649818, "uuid": "fd47abf4-a888-4038-b0be-31a0cdae140a", "comment": "Malware payload (Gozi)", "value": "4a967183414b6f65e3d751f15f1b3d548cfbce21e3881167bdf3ceb9f9fd649fc0d0b7f8d8fe57390f0db9768baaf90d", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649818, "uuid": "3b15ada6-4351-4cb1-bd52-b183f7d4844b", "value": "T10EF0AB20AAB1E97FE90303F83C8A21D02170971E8E67A46BADFC229C5D00B877C21576", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649818, "uuid": "e3a0fae4-922e-4a50-9389-fee95ba9ae83", "value": "12:5jqlDNccprTtTV6g5kLUkyjwbqfQu3G29Dhhq7Mxz:9/cxt8wMbm7j07Mh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679649818, "uuid": "e89e52a6-2279-41a9-aa9e-9ea4d8b47aef", "value": 487, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679649818, "uuid": "b2bb0ad0-b2d1-4cbf-9437-aa9a790b6e41", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649818, "uuid": "63f583ff-b6aa-4b70-ae8b-4f925f62b369", "value": "Direzione451.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf6bf8b6-ca25-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679649926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649926, "uuid": "3ffd7284-b18e-49a4-b6b8-68cf20035115", "comment": "Malware payload (Loki)", "value": "0201abc69aa01e4de483b33819ed0f0a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649926, "uuid": "167f65f1-4d29-4b9a-b44d-1392bc819539", "comment": "Malware payload (Loki)", "value": "938185acacd59d04cae3ab7ed1c62b18e5eebdda14987da6cecec70ce1d0a9dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649926, "uuid": "cd08f93c-2d13-4b6e-afa6-6fa512fc7f54", "comment": "Malware payload (Loki)", "value": "6d9f073851f64401b534bf609643eb880c69cb00", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649926, "uuid": "6ed0ac0e-7b6d-43a9-8b74-76d8597d15bf", "comment": "Malware payload (Loki)", "value": "4c32384a08311c5e4654938e4b94fa2e9a7fc84e09544df998dd45e58889b47329ed1eec747e4c2b102dc4632c59bb59", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649926, "uuid": "ba0e279b-9dba-4392-b621-72e639aa2f7c", "value": "T185F422543B2D0C22D779B3B91AF6E0CC93B56D239709E622298514CDC8FFA458661BF3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649926, "uuid": "9b323e01-736a-4bed-ad1d-236f9f67d808", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649926, "uuid": "ba47b17d-4574-4790-baee-f449836c2da3", "value": "12288:cv92SUvK+nY88kHNy0kHwDoY5h6C7ckAorZYRKYuU/1LmtNgzhT06u:E+s8ZHNy0CwDf5sGckwAvs1Lpz6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679649926, "uuid": "61996bd1-008e-4ebc-a30c-621b20bd03a8", "value": 743424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679649926, "uuid": "6faa6891-6702-4296-8c65-028c9803116c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649926, "uuid": "93850f16-42d6-496e-84e5-430e54fb6e74", "value": "PRICE REQUEST FOR PO KIPO000903 ( KIND122822 .exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4366908f-ca49-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679665153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665153, "uuid": "5dd4d503-b8b6-4b7f-9558-070ccb91272a", "comment": "Malware payload (Smoke Loader)", "value": "2cd9a7629eb88bad437e37d4cce7dfeb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665153, "uuid": "cbf3f3c9-a358-42bd-9228-a3778dbef8c7", "comment": "Malware payload (Smoke Loader)", "value": "93b75a7c9f000e58aa2c13e033e2d822590886ca67e6dc6157c9d5bbe20a6af4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665153, "uuid": "dc78c1d9-9c3f-493a-9f75-3d3b66af7c46", "comment": "Malware payload (Smoke Loader)", "value": "b4c06d2f6c9e78af048a4a3bd68d23d03e74dcc4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665153, "uuid": "e1f8d514-ffd0-4624-81eb-5d73a59b500e", "comment": "Malware payload (Smoke Loader)", "value": "44ff4dad1c05cb6f59e846db13f8139054b9e96354f1e7017fd3315d25db313f39cf5454e5b1b73156e99ea2d9df6a6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665153, "uuid": "341e4709-eeb8-46c8-94ab-2163287bc8ec", "value": "T1B7348E12B3E1F960F52287328E1EC6FD663EF8E1DE55BF6E1249993F0970261C662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665153, "uuid": "5ba6a238-bcef-4f6f-9116-85f538a6c162", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665153, "uuid": "481384fe-5b6c-43e7-970b-40e642593c97", "value": "3072:0VI6umRqtJTjDKctcV50lHH/XwFCuGtFpVkzh91L/Pr6QtAYhWNObhr:q1uxXKEgG+FMF7kzl/POQtAYhj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679665153, "uuid": "f193b5e3-82aa-4884-a124-eeb8b9d93ea7", "value": 252928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679665153, "uuid": "8cb11754-cfe5-44a8-ae4c-8e5c9225c32a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665153, "uuid": "a279b01f-a141-4c05-9e92-b4b836c60af1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d071d22-ca62-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679675933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675933, "uuid": "2324fae3-bf96-41ed-9437-eceb33678497", "comment": "Malware payload (Amadey)", "value": "74be1fd043e881b4c14f52ae485121d1", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675933, "uuid": "b6968da6-530a-48c1-a7c4-fb5d068a5399", "comment": "Malware payload (Amadey)", "value": "941da29dbf819c5f5bc7cfc20b423f168d75468c3394b145229832af5be4cced", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675933, "uuid": "79637926-0032-4192-8757-528bcaa6486c", "comment": "Malware payload (Amadey)", "value": "c203a5f101a3a6e328964a8255b6c6df53ba0736", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675933, "uuid": "e8553489-f604-4f3b-b9f3-f104ebc8713f", "comment": "Malware payload (Amadey)", "value": "4336e6e8c03b4d3b90112cff97efcabff8eef418ec21874193cdaa7d093d815987b5fe0ace1219bf3686a9d1914fa337", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675933, "uuid": "3456f0ee-eba6-45ca-9653-af56fcc5ee45", "value": "T1E3E4BF57F6E3BA75F6BFD2BAC6B1D92C61B3349603B0938E774125892912351483CB0E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675933, "uuid": "0e2ead32-6be5-40dc-bf74-b1c33b1e1bad", "value": "d4c9759f791ea559bbad095fb49820d9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675933, "uuid": "af1f471c-4acd-4a93-8217-c7f150f997ab", "value": "12288:7G1N4HkcgMsiOd58bzbBSreyQ0uqZzD1reWabd//pKz:7oOOMX1i+QHT+dHM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675933, "uuid": "1e72c640-3258-4887-abbc-410b233f49c1", "value": 721920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675933, "uuid": "a6c32856-d2d9-4b8c-96d7-dbb89fdea6ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675933, "uuid": "401548a1-cfb2-47b7-ab40-de64238c6523", "value": "ExcelAssessment-64bit.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3950157-ca0d-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679639678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639678, "uuid": "4c4b481c-8252-4728-b610-6a9a4769cd5e", "comment": "Malware payload (SnakeKeylogger)", "value": "8c663e1f54489844036c1159877fb68d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639678, "uuid": "f86346d4-1531-4715-8288-387f6380faa7", "comment": "Malware payload (SnakeKeylogger)", "value": "94e644a9242ad93043fce6c5bb97e759d61e456b5171a0965e78405b018c5c75", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639678, "uuid": "200b461d-6db0-4676-bfd8-9d9de5e2ceb5", "comment": "Malware payload (SnakeKeylogger)", "value": "a40315d3a08f85aa8c082a911562e3efc08d0634", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639678, "uuid": "a691eb53-1bc3-4cdb-8dd4-7e75bc0c4361", "comment": "Malware payload (SnakeKeylogger)", "value": "c22c6e74ae5faa2fe11a0815e0e6c5bf5f2f8f4626898ffafebc70d98c3a92f4c95f01e4bcd7e02ef12c149e5b6eeaf1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639678, "uuid": "0eb01a8d-99a6-46ce-9d64-860b6f2c00e3", "value": "T100F4D001AEB60B75F9E5D3B50930233603A97B661061D6588FFA28DA2DDFF6305D0A4F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639678, "uuid": "90c79536-b7a0-41bf-a8fe-f4c13bc66cc8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639678, "uuid": "78a872c5-317c-45e8-9892-f8da4ed2bd43", "value": "12288:PQkZwdQt0LZTyxv0Wd4MJLXmXgVpSZYAb4OnqwtuEK8V/CHP6R:PnZGQsyZt8gw8OnqHuqi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639678, "uuid": "5a6c69c9-784f-49b3-9967-ee043beacde0", "value": 788992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639678, "uuid": "f8b46998-b80c-4b4b-99b4-80f1eac10656", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639678, "uuid": "acde82c7-13f7-4a5c-9de5-9a5086824c4f", "value": "8c663e1f54489844036c1159877fb68d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92d92c5d-ca71-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679682466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682466, "uuid": "e25b31dd-e2b0-4ea1-b6ec-fbdf13728619", "comment": "Malware payload", "value": "0e5ac423d05c5c99f80c6efa63612afc", "object_relation": "md5", "Tag": [ { "name": "BootLoaderKiller", "colour": "#F9364A", "exportable": true, "hide_tag": false }, { "name": "DriveDeleter", "colour": "#D59BB8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "win32", "colour": "#901D57", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682466, "uuid": "108e8ce3-6645-49ca-80cd-0aacc3dc4c55", "comment": "Malware payload", "value": "96d593c86dccc83296a1cd05fede1554f9eb889f107b5cf39ce888ab0d5ff0fd", "object_relation": "sha256", "Tag": [ { "name": "BootLoaderKiller", "colour": "#F9364A", "exportable": true, "hide_tag": false }, { "name": "DriveDeleter", "colour": "#D59BB8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "win32", "colour": "#901D57", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682466, "uuid": "596f82d3-409c-48f4-94ff-eabb3f8d35b1", "comment": "Malware payload", "value": "2a6798169d0c3c3ed94859e61c1286ccbbcfc99f", "object_relation": "sha1", "Tag": [ { "name": "BootLoaderKiller", "colour": "#F9364A", "exportable": true, "hide_tag": false }, { "name": "DriveDeleter", "colour": "#D59BB8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "win32", "colour": "#901D57", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679682466, "uuid": "74c63405-7014-4c00-bdb6-eb143f4f858b", "comment": "Malware payload", "value": "629b4ef7f1b24def11b5017cf927f3674cbb6777162813c21a51a12f69587674e8ff653c3375fa200b970c2d00d7277e", "object_relation": "sha3-384", "Tag": [ { "name": "BootLoaderKiller", "colour": "#F9364A", "exportable": true, "hide_tag": false }, { "name": "DriveDeleter", "colour": "#D59BB8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "win32", "colour": "#901D57", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682466, "uuid": "e5351b99-e90e-4b79-ba17-87086b85868d", "value": "T10BC1752563EC4376E4BA4332DAE356631339F652DDA3A79F24D9430F2D65B108913F21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682466, "uuid": "c2f0947b-af47-4b18-a98f-cbdafbfa197b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682466, "uuid": "af0fadbd-85ab-468f-afb7-8b38f8bdbf30", "value": "96:uyFQT2MjR21yZAFqfK9Zfy5cXszMM+A8zNt:uYMvt2AuZZcYZAG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679682466, "uuid": "e1f4a6b2-6cf9-4908-83b9-d4687e697862", "value": 6144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679682466, "uuid": "66948c12-0447-414d-b380-f9d96b4a8556", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679682466, "uuid": "12af7451-e591-48c0-bd8f-07c63cb7252d", "value": "0.00001.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0a64d0b-ca46-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679664101, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664101, "uuid": "c83ced18-3c10-4049-92e8-0de5dcf5b2ce", "comment": "Malware payload (njrat)", "value": "4ffd11b24dc5060c7bc1a92de45e4581", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664101, "uuid": "a3e03948-b417-4b97-8c72-08e503eb4987", "comment": "Malware payload (njrat)", "value": "97519e693de4ee19da7b44d6941d403c311fcca985fef0b4a3fa24c5f2c75990", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664101, "uuid": "6cdb0dd0-8019-4c14-bfbb-75027d898f5e", "comment": "Malware payload (njrat)", "value": "ef2228e70d3596a4bd07a49dab999347303c87ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664101, "uuid": "d33550a2-8c0b-4ee1-831c-f67826d7f0fb", "comment": "Malware payload (njrat)", "value": "a47c8efc2a0a472b6124df88116f30ebc8eafb950b0b7cbadd19aa68afb870329036c32cb37f92593ed3d6a6f2f1cca0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664101, "uuid": "4f701630-dca7-489f-ac29-0d2c55b7374c", "value": "T184032A4D7FE18168C5FD197B06B2D41207BAE00F6E23D90E8EE5649A37636C18F50AF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664101, "uuid": "c21336b4-bc56-40ec-864b-944de7e3f870", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664101, "uuid": "82efb859-2417-4898-91db-ac4a56435564", "value": "384:cWqBkiyjnDNGRn5IyUvapIrPbh+/VsIt6crAF+rMRTyN/0L+EcoinblneHQM3epa:p35M5jUvairANsIQcrM+rMRa8Nujkt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679664101, "uuid": "2cbd2fb4-137d-492c-bac8-c9cde944e6fc", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679664101, "uuid": "e8136c8e-3826-4eb0-94ba-5c1e74e1a907", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664101, "uuid": "dae76e65-3aea-4f5d-b104-0a4e603e4af6", "value": "cheat_minecraft_2023_pro_bez_sms_i_registracii.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1689143-ca16-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679643486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643486, "uuid": "76f327f3-49c1-4d60-9fa1-45dd04fafb31", "comment": "Malware payload (Gozi)", "value": "bd5bc060acc6626ec5f48c20f781d117", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643486, "uuid": "1f23fd97-ad02-4a1b-89d4-5ef86b0fdb56", "comment": "Malware payload (Gozi)", "value": "9845ab2130e0c1bdad9a5c1b354939481e34b4f06b0391636303c29a24ea3608", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643486, "uuid": "98e0dabf-220a-4ef1-beba-aac7e7e0ebc7", "comment": "Malware payload (Gozi)", "value": "e826c2271cee179f3025c50705a25a0054d1078d", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643486, "uuid": "9b5d05ff-30cb-48b6-b038-c920c9c71deb", "comment": "Malware payload (Gozi)", "value": "45cd6d6d0d65e0776857e0bafac0c22f17b1c54552478892e3660791e8e93a4459d13c008454e1bcdde0ceef6af2e679", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643486, "uuid": "66c02847-ddb7-4d6b-9151-77df9dff1ad2", "value": "T17A346C1273E0B960E12687728E2EC7FD2A3EF8E1DE15BB6E1745993F0970361D662704", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643486, "uuid": "9d09f748-0861-44d9-98c6-a8463032463f", "value": "f074ca07d05b404f1800905e64acce35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643486, "uuid": "090d265e-a692-4325-b50b-1dc4934dfb83", "value": "3072:FiOq+JThvrG8xWtvOEHUyuX6RVksf/0ub2RD94wNbniOUiF56mWNOb4q:DBM55jL+sf/0uCR55R4iF53j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679643486, "uuid": "91ae9b83-fca5-48ec-b894-5a8d1833cc57", "value": 251392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679643486, "uuid": "1f7c4733-06c9-437b-9fa4-e65229b6855c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643486, "uuid": "3838a41f-5ffd-4fef-9f6e-f2f263b62376", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "faa1438e-ca76-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679684787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684787, "uuid": "a1806106-1819-4f3a-826b-0e3bcfb025d5", "comment": "Malware payload", "value": "7988194100b7d89196fee932a1587f7d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684787, "uuid": "c2f56e96-7a95-42ee-86df-71cb0b557942", "comment": "Malware payload", "value": "9948cc02ef75cecb098bb1acc158440834d1857b57018bbac3b00bfa37ccecfe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684787, "uuid": "bac38587-b8e6-47e5-9403-6547637ca86f", "comment": "Malware payload", "value": "b62046856e43856695eff1e6ab0b42382624b278", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684787, "uuid": "66926131-b235-41ab-b3b9-084581b21548", "comment": "Malware payload", "value": "849c157d648595468a8d5920af1a519963ac691f71c4f608fe8a0fd51f8c7caf47e1f9ae0c7c6a2ef53ee27d6172b0be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684787, "uuid": "496018c8-6cb3-48ba-9a50-5f9a43c934c0", "value": "T181352312FBE80123D9F107B01EF326830E3679128A75865B2356991E5D73EE264F5B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684787, "uuid": "788c14dd-caf5-4417-a2fd-b39217f53829", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684787, "uuid": "1787ebc0-d5b6-4362-a570-6ae3d332af4b", "value": "24576:lypJZoneSu5m3SZRB7pMm1dsBSgfNOiBG6MPk:A2neSu53VdnyAiBVo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679684787, "uuid": "b275c74e-6bff-4bf2-9dfd-235aed7430eb", "value": 1064448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679684787, "uuid": "2babeb97-6e63-4382-a365-4a204f7b59f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684787, "uuid": "1b8b6a92-f164-46b7-95ba-73d35b86b0cf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30607460-ca51-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679668557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668557, "uuid": "a7bad959-d86e-403a-9d09-13e066d40550", "comment": "Malware payload (Amadey)", "value": "b219137422b6149b11652c40aa870138", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668557, "uuid": "15ac6df4-9cb0-4f1c-88dc-9b95ccf91bd2", "comment": "Malware payload (Amadey)", "value": "9a6dfc53df71e5e73822b040fa752e434142a7adc7e36f37409d83cc25007797", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668557, "uuid": "5cc0a701-1e73-4d94-91c0-7c9b37a6be2d", "comment": "Malware payload (Amadey)", "value": "cb0c3fbffc9480faaa1ed113fede58dd938fd618", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668557, "uuid": "69f41551-bfaa-4a7b-a833-c6ba449eef7c", "comment": "Malware payload (Amadey)", "value": "d709173f28f34da292df3ce9d487b1799089a1c76333b503f4effe17a05bab3d1dac82149043289e92d8a0b99b199fcb", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668557, "uuid": "9c22b6d2-ec58-4d7c-b606-1aed26aed6ab", "value": "T16E252312E6D44122E6B11BB488FA1BE31F37BD850D7493AE2286E95D1D73A84E43077F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668557, "uuid": "d496f7a3-29d0-4ce1-9ba2-9e7c067e29bb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668557, "uuid": "45f7c7cc-f56b-4824-9688-36d73d4de847", "value": "24576:9yPoFFudGuas9Q3FJjpFmjSxSAneTTgSNPqrzMtC8:YPGFudsaQzwSxSAnipqN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679668557, "uuid": "59af808f-a46a-464a-b8b8-f6b2dc548557", "value": 1034752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679668557, "uuid": "fcfa27fa-1539-459f-8d62-487bebffe617", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668557, "uuid": "6bff5dd3-cd22-4d73-87c8-ee58f021b72c", "value": "b219137422b6149b11652c40aa870138.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fdf9927-c9e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679621070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621070, "uuid": "234c68e5-ab6e-4763-a01a-8880900442b5", "comment": "Malware payload (Stop)", "value": "048178649f5b0b8ec6bc2356a09df54f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621070, "uuid": "9bfe1af0-e4e8-486e-b6c7-39f1b5403e3a", "comment": "Malware payload (Stop)", "value": "9b4035690f4f987f5ec426086467dfec31a9f91cf0b23ffc13d45a25def1bdfe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621070, "uuid": "96319ef6-679e-49d1-81de-ec6c84f210e8", "comment": "Malware payload (Stop)", "value": "2a6128a3534b2ac836dc0f866275954a2d3bfd3a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621070, "uuid": "e95bef6e-950c-4781-b0d8-bf0e0a8edae7", "comment": "Malware payload (Stop)", "value": "c7ecd139aa409cb3ca2c5a6672d99e6756d8b7334b4b5ae7b56a32987e3a96e00172ea9d4a70d0e57cc8671c730233d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621070, "uuid": "8d928427-6e6d-4704-875f-e9858bdab051", "value": "T142F4120576F0D076C583A97209618FA47A7DBC3267A8C70F320B57BE6B317D1A934B86", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621070, "uuid": "8a56a99c-e711-4067-a5e3-0d38e9ec617a", "value": "8444e7fbc7fdb7e9f8131a6ae8e7a76e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621070, "uuid": "496282d9-5054-4818-9cc0-95fd08b9fefc", "value": "12288:hiuBGU5+7FxwNsRVKuP81KgqlFBVytpjE/UymdUVPJ+mUCbRzWd42Pvqo/G:sc70asVxP81kf/yttEMDeNPbRzsao/G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621070, "uuid": "0df3cfe2-7ebe-4386-9bf2-efb35a1bfe98", "value": 733696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621070, "uuid": "222032f9-5bd1-4e92-a2b7-9208c3cc1fda", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621070, "uuid": "8313e837-2a7a-4d87-a745-877cff6566d8", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e17093dd-ca1a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679645231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645231, "uuid": "9b5ddf4e-45b5-4fe5-92ae-98ae10bcf76f", "comment": "Malware payload (Gozi)", "value": "cb43dbcfaefce524a32208247383b7fd", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645231, "uuid": "fd15ff88-10a5-4d81-b459-3e6833f30b4b", "comment": "Malware payload (Gozi)", "value": "9b632250c30411b0d4f0b0a33cd28f5af52a0b5dd4513bdc4a564087fc1e6a43", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645231, "uuid": "6227a9e7-2537-492b-9fd8-265d2a71e496", "comment": "Malware payload (Gozi)", "value": "d1b98b702ff31da0fb357f44d4265bd24b38470f", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645231, "uuid": "11ed37e0-9a17-4ecb-91d6-914ae027d367", "comment": "Malware payload (Gozi)", "value": "efca8e7519233b084cd9104c186119a83d09972211e28c0b9b6e3912c2b74c1d371c62a169a87e61f0f9f501ac7799aa", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645231, "uuid": "980ea350-fdde-47e7-bbd9-82f064f5c458", "value": "T1FC15B42562D48136F0621E72FD379E5FD637BDE2A831C10F33C0164B19B59C199ABB2A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645231, "uuid": "103f844e-519c-4e09-bcd7-a135afba80a0", "value": "67b9baebd8cdaf92c83c479afccabd60", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645231, "uuid": "e27a1431-9726-428a-ac92-72a883476dc4", "value": "12288:PGOKnxw/No9EM8PPiMlU7gp2tdZmlJcsit5QJg7C:fKxw/NcEMXMlU7fdZmAWg7C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679645231, "uuid": "9f5f7c17-eb03-435f-80fc-f70b830f529a", "value": 927744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679645231, "uuid": "646753d3-bb26-434e-9c7c-f1c46327d3c8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645231, "uuid": "fd7e731e-0cac-42d1-ad71-6e2091acdac0", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67b4dacc-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679646316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646316, "uuid": "9aae9c28-38f4-4b66-aa52-a5eb00f1878e", "comment": "Malware payload (Heodo)", "value": "c87a21f09b3e18de1f0d481d8ffe6e22", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646316, "uuid": "8d1a65a4-17aa-461a-aaf8-4b5382adee7a", "comment": "Malware payload (Heodo)", "value": "9ba1b1bf9bccdf3cdd0e07616da28acea278e70f77dce249bc821c552a846aa8", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646316, "uuid": "8e846794-b4b8-4e50-a9cc-9df3c7c5fab0", "comment": "Malware payload (Heodo)", "value": "750739300f14ca35377f2e322cdeb190cbd18bb1", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646316, "uuid": "f69ee2bf-4713-45c4-a4fe-cc550d7177b8", "comment": "Malware payload (Heodo)", "value": "fdbd1d7cdc043738061d301af43a177769a1a6af88540b329f265be3aea41ef73ff5d61d974d46621c14dfb558f762f9", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646316, "uuid": "595a598b-6a7b-4525-a78b-03701c1f23de", "value": "T1EE44F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646316, "uuid": "708c9d7b-10ca-47f4-9376-0fc18e2f13c7", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWad:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuVq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646316, "uuid": "65a40ad4-a240-4fbc-8a3c-fb7bc0c3f1fb", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646316, "uuid": "4f43d3b5-aeb0-410d-80b0-50a8eb863433", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646316, "uuid": "e2ee7593-88b7-4ee9-8f3f-234426f18094", "value": "Opast Publishing Group.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1eead5e-ca61-11ed-88f6-42010a9c006e", "comment": "Malware payload (GandCrab)", "timestamp": 1679675619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675619, "uuid": "d949c0eb-c41f-45b9-a973-fbbdb3163f0e", "comment": "Malware payload (GandCrab)", "value": "cd5866f5118ae8712ad9cc66fba3df4f", "object_relation": "md5", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675619, "uuid": "7d1f0698-d104-498d-8fd6-1f9f6a343a12", "comment": "Malware payload (GandCrab)", "value": "9c1ac77f687ad2bfe197e4a8f2b969d7caf4f8ddb707177b9461d7e74879ae33", "object_relation": "sha256", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675619, "uuid": "1f730550-1f03-44ac-b1ad-8ae47c183268", "comment": "Malware payload (GandCrab)", "value": "6cf658ea474ee24a76ddac575842641f9eac17b4", "object_relation": "sha1", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675619, "uuid": "f808f22e-0ed5-491f-b631-8b1fec3476bd", "comment": "Malware payload (GandCrab)", "value": "cf49901f9e73bfcda6112f51a57f50612256521057f6eca95b65084a804b07ecdcff9551e513091ed8ed00823aada1e6", "object_relation": "sha3-384", "Tag": [ { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675619, "uuid": "53ccae15-e617-4228-82f2-abeb5b9b18ab", "value": "T197C35B0AB2D1A1A3E1E20679E67469F5456E7C50BF2487EB3893374E6C724F06C3A713", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675619, "uuid": "13f311f1-d6b2-4d78-a487-288b5e7e07f5", "value": "1839093d1fff859ea6647e5203f3ad35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675619, "uuid": "f67c16cf-f00b-453d-92c2-5bc2580dcb6a", "value": "1536:LZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHks:LBounVyFHFMqqDL2/LgHkc2oYvQd2a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675619, "uuid": "e0b2250f-0af8-473e-ba3d-d6153f39330f", "value": 129870, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675619, "uuid": "2ddf734e-b735-45f4-8910-27e247502ca6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675619, "uuid": "46538ce6-b6a6-4b74-b911-ed0f67af8d88", "value": "9c1ac77f687ad2bfe197e4a8f2b969d7caf4f8ddb707177b9461d7e74879ae33", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd729f8e-ca60-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679675263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675263, "uuid": "e6894960-6627-44ab-a3b9-e107d6eea405", "comment": "Malware payload (Smoke Loader)", "value": "0b1e12114b7fa58e98b6ee9d86501f8f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675263, "uuid": "00bec1fb-9d3b-4f77-a1ca-bd4594e22e76", "comment": "Malware payload (Smoke Loader)", "value": "9c470bd34351c82f46d2c97771c80ab511498b837ee61daa060596892b602855", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675263, "uuid": "09492511-157c-4336-ad92-e28857d6a0cf", "comment": "Malware payload (Smoke Loader)", "value": "a35efe89742d97658607245a3d84e6af5fee0ed3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675263, "uuid": "eb6c4a81-c2e0-4d5d-86d0-2201002a2964", "comment": "Malware payload (Smoke Loader)", "value": "6f74daa2b6f85d848a04fe3ef9b0dbef47ae0f16a3bffaf351a4454218bab6bf6f3af4e863b060bfb1e1d32fa6664deb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675263, "uuid": "0508e34a-f697-4d7b-950f-f9387d51aa9e", "value": "T1B9447E0273E0F960F51687328E1EC6FD6A3FB8E1DE55BF6E1209997F09702A1D662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675263, "uuid": "35ec89ba-d9c2-4e6e-812a-bcf724157ccb", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675263, "uuid": "0d325f11-44eb-44fb-9965-c3bc8d21ee37", "value": "3072:UjgG+9RqLdug5Kc+UJ5gnW8/XtSJur9yVZfEOxO2XcAWzzxTWN8aeDr:EJ+SERDkyxS8yVZf5EacHz5va", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675263, "uuid": "91357b0e-aac7-4f38-8702-0a253da60250", "value": 254464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675263, "uuid": "16af9e07-b153-4220-9ef6-33e4a90e8544", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675263, "uuid": "701a49d3-22b5-45ac-8620-4fcfb5c2a79d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4db450c5-ca11-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679641118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641118, "uuid": "ae95a897-3b8c-44a7-b870-2e4061dc84d6", "comment": "Malware payload (Gozi)", "value": "b25fa0c7c28bb4eabcfc4710cbceb3fd", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641118, "uuid": "52f3eb9f-4b3a-4139-92e6-071a3d6803d0", "comment": "Malware payload (Gozi)", "value": "9d6b413748da3fbfbf2b3b4f980673770f474c1ab1865c00272424455f47a362", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641118, "uuid": "78aedb45-c3d2-485b-93aa-107161b545ba", "comment": "Malware payload (Gozi)", "value": "b3284da7215ab5048bdff9286a7d37f6545cb20b", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641118, "uuid": "620e33c6-ccaf-45ab-b744-3c1d5f07e7a5", "comment": "Malware payload (Gozi)", "value": "d307c6e5cf0251a1a596d32ecba198af8d430f001cdda5542f99cd26f47ebd3bd6bef0de8f6b86587779a89754163331", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641118, "uuid": "fe48a936-7088-4b8e-9b14-0c236119036f", "value": "T19DF0AB078A74CC2EC606CB7EFA0D2131A3A2C40DA567A6F37A3D25A09E409CC8E130CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641118, "uuid": "9044ae8e-4a06-415b-95e1-555797456d61", "value": "12:5jGj8jLTfonbAj7pSP26Rg/2jlyyir6ljLT36Mxst:9honMZSPb4E7AM2t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679641118, "uuid": "4b8599af-feec-4ba3-8dab-3e7a924f5a96", "value": 476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679641118, "uuid": "2577b400-7386-49f5-b6af-c8353244cda1", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641118, "uuid": "90f7719e-4220-44eb-90bc-ebeb391a0712", "value": "Agenzia736.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "620cd164-ca5c-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679673364, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673364, "uuid": "9237663e-05c2-4dc0-8333-5e4d8f516735", "comment": "Malware payload (RedLineStealer)", "value": "ca83fd117ff78e8e40cab397b074fa36", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673364, "uuid": "9eee8a2d-da9c-4e8e-903b-7d391ca817cb", "comment": "Malware payload (RedLineStealer)", "value": "9e10cd72fd11418ab2c8c2957c0dfbb981a028d34bcfbaa90c671af4f0b92032", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673364, "uuid": "d4b04794-4bc2-4831-966a-244e7e72248a", "comment": "Malware payload (RedLineStealer)", "value": "8d4ed77add391b1f377dace1d6dd11de83cbf4bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673364, "uuid": "cb82f64e-f355-40cf-a2a0-ba946e159cfa", "comment": "Malware payload (RedLineStealer)", "value": "fbdb8ac514fc31e2d222bfca0d500e500388af09878de5f34137319e3c8c9be5c25e9f0059761a1e0dde9fc17379b76c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673364, "uuid": "feeb5a03-58ef-479a-9040-01771dd6a523", "value": "T1BC74AF1273E5B920F22287328E1EC3FD663EB8E0DE15BF5D26559E7F09702A1D622315", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673364, "uuid": "bd10b42e-4551-4bcf-9b1b-21a8bc749b8f", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673364, "uuid": "54ae1c04-45d6-487d-beb8-b77224422865", "value": "6144:ejeDmfF86gnwhqWp3Xf8KHexLRECe4mqtUfJILh4va:GeyfF8YgCBULRwTMUxIN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679673364, "uuid": "64ef4f1c-3212-4800-9308-9ffa9f8ae1fb", "value": 363520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679673364, "uuid": "3d459984-6261-4bd0-b641-0fa602219a3a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673364, "uuid": "b05cd327-b8cb-4266-a7b6-bc2c5e4092fa", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dc04ec3-ca4a-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679665546, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665546, "uuid": "48abc0c0-b3a5-4a17-bdcd-12f04a262fd6", "comment": "Malware payload (RedLineStealer)", "value": "ad2b8ac2e0d0a023ca6004d27711fe1a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665546, "uuid": "f8429c7c-7ce6-4c65-9c01-94ae4d63ed95", "comment": "Malware payload (RedLineStealer)", "value": "9fc2a0858f7a6cc44e72c22d5305fb13dec4c9ff0f78aaf1857c8434abdee2ba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665546, "uuid": "f7198c25-4446-4888-be3a-ca9d7aa01fac", "comment": "Malware payload (RedLineStealer)", "value": "a9e85569f6e0a7612706d3651cbe6b9a29a67d02", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665546, "uuid": "12284a69-b1d5-4ad2-b149-8f27e97fbb51", "comment": "Malware payload (RedLineStealer)", "value": "2a9e7ff310a833cf831c0a9ac493dd10a3fbb44c056d289d4900b44dc98d63216855ee25de8f5532b050d3c5cee8ea07", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665546, "uuid": "0b416ad9-8943-435f-bfc6-7eb2328d0e80", "value": "T19D74AE1273E4FD20F12286328E2EC3FD663EB8D1DE15BB5E26559E7F09702A1D662305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665546, "uuid": "a1df373e-faab-412c-9c29-ec0661012540", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665546, "uuid": "8c158c6b-eeca-420e-9ac3-3279c1fdf277", "value": "6144:Ajeu+jlc6bgFpH7PDnwDEnwSY5cGyFr6fwSb9zYj:YevjlcCgFpbjS5cLFmfwStA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679665546, "uuid": "04185d9a-8726-4111-be9e-f28a8dfa8842", "value": 360960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679665546, "uuid": "226dc7d3-e857-4cf8-bffa-0fe288819621", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665546, "uuid": "46be1baa-963d-45eb-8428-f0a329fe3b4a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3de614e-ca93-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679697205, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697205, "uuid": "bd4a04c0-17fe-422b-a46e-47e858d6b52a", "comment": "Malware payload", "value": "6983e17d3ef4bb332f5f18c08972639d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697205, "uuid": "aadc6b98-c0db-4893-af49-c0d4da587573", "comment": "Malware payload", "value": "a051296c2ad4583f33bdf6ae10f94fd0d0e85eaa8039c051ba6dec7e6b1370fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697205, "uuid": "5067053d-de35-4582-8a5a-9eaacdde2f79", "comment": "Malware payload", "value": "f5511a94de3dd4c206b528bb97e8aa6833bcee73", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679697205, "uuid": "203d3f35-7dd8-4e81-87ca-e15577751855", "comment": "Malware payload", "value": "150a7ee55b3af9d1893f3de838a564684de938f74aa52afa9c9d3ef70c892231a7f8beba44a26690bf8527b61eaea6f2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697205, "uuid": "d1b56b19-1a73-44f5-bb11-3ae36b9107e6", "value": "T1E5352213D2D88137DEB4577109FB16830A3A7C515E7983AE338AAA4E1CF39D15A3436B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697205, "uuid": "d1e854a2-22ef-4ad2-b613-fbb944fbae15", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697205, "uuid": "884eebd6-ab4b-4272-b881-dc67d39c8411", "value": "24576:Lyi5HJVyiSD97Y8Zv+XqR9+xASYJQlQ5B+m/sLaDi8:+i5HJVyiSD9YWvEqR9i5yK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679697205, "uuid": "046ce7fd-1299-4763-a4c7-377ef9fc6a98", "value": 1066496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679697205, "uuid": "f76bbc6d-8362-40da-99a2-424f2a448516", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679697205, "uuid": "447872fd-2523-4a17-87d1-a2e028d4a735", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2d4ec0c-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679660212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660212, "uuid": "30c95b21-bc74-4c5f-9399-c9d9f2d3bb0f", "comment": "Malware payload (Mirai)", "value": "7988c6edadc63cce654379ffbd0089f8", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660212, "uuid": "bd8947fe-81fa-4f29-9875-50d63791da7a", "comment": "Malware payload (Mirai)", "value": "a15bfa3f37d327c8d9fd12e9f4871dc5f4b271de6a01cdcc753ef4619ecce230", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660212, "uuid": "fcf805ce-312f-4018-afac-b2b65f6512e2", "comment": "Malware payload (Mirai)", "value": "6ea6577f8483296c2ac02df5006e5b9f09bff352", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660212, "uuid": "678e45cf-e00c-4cb0-8c38-5507c98b2212", "comment": "Malware payload (Mirai)", "value": "b902c8e6b951f8fc3fc96fc972aadea08a42343d3f891a1ecc6cab00ba30da5f087e5edd91d8e5263a5000fa0f28748e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660212, "uuid": "9d3f95a5-8652-4d8d-ab1f-0ce0d31d7c79", "value": "T11F83961D7E218FBDFAA9823447B74E21A75833D533E1D285E2ACE5011E7034E645FBA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660212, "uuid": "57614334-602c-40f0-999c-e07dad6088d7", "value": "768:gHpqEDz3z7R507TSpHpsgrOhl5LG8HBm/caXcF1sLCDdyg4xev0pi4/JwFpjIAj8:E3oX6abHMlXA45eMH/SFdV8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660212, "uuid": "2acd74ea-73de-430a-a47d-a8b5b3a4357a", "value": 84784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660212, "uuid": "73e77c54-40dc-4134-b8e2-cf55c11c80e4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660212, "uuid": "a6e38095-f2f4-4d2c-a685-9af1e0d2b15c", "value": "nigga.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cc51a4d-ca49-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679665088, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665088, "uuid": "214cd1d2-5160-4679-bc8c-a178fd5cb569", "comment": "Malware payload (njrat)", "value": "aa610acb565152e6b3f75b0c35bd73ba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665088, "uuid": "18a2bde8-7243-41fe-9fa6-9f05691b121a", "comment": "Malware payload (njrat)", "value": "a2cc22d374d193aaea58dea1df32ba72143cb0cbd54bffabef512c5990bef751", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665088, "uuid": "ec3e3d23-7de1-47b7-8e50-f8d639abad38", "comment": "Malware payload (njrat)", "value": "b0637feef8fe5de6c000a7ad2e42895ab3e51065", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679665088, "uuid": "89eefa23-b402-4e3a-8fb3-2271aba99a88", "comment": "Malware payload (njrat)", "value": "c6b05036231d973b1605a99f324f6d5a14f572a2c6bcab929c30fabaad0a353737adcada91f1cde5be726e4a68c1ff0c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665088, "uuid": "dc1a37b9-324b-4aa5-a664-08552df84d22", "value": "T1CEF6334418F13E51C497FC333A872AB1D515A66AD9E382C0F6F7E70217DFBE29521A82", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665088, "uuid": "bb6b8511-395b-4e6f-b6bc-ec9f7773f01b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665088, "uuid": "f790b953-e4d7-45d1-be5f-0e4991cba3e5", "value": "393216:y3nZqbAh5auifqqq6fYMc6IS0DtVFIhsFA6xkE6EKacEs:y3Zq8h5auifq8QMeXD9ISFXxkgC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679665088, "uuid": "49c93f64-f952-4be0-bbd8-64b093cec58e", "value": 16726016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679665088, "uuid": "fdac350e-ed3e-49d5-a8fc-842b63c60bb9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679665088, "uuid": "b9eb3c26-4633-4914-a9bf-319761b7659b", "value": "aa610acb565152e6b3f75b0c35bd73ba.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb8ec05b-ca0b-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679638725, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679638725, "uuid": "326a32f4-c233-4a77-aee9-f1b5d9426102", "comment": "Malware payload (AgentTesla)", "value": "994710490c5b4f385f6d9994365eb5f5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679638725, "uuid": "594e6153-3692-4778-a944-887c3823a311", "comment": "Malware payload (AgentTesla)", "value": "a382e6605e64a7b63612a39d71fbe4077b0ee2b41aec524e1184cbb01300d639", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679638725, "uuid": "ada64097-6d41-47f1-a516-d9d3469d08ee", "comment": "Malware payload (AgentTesla)", "value": "79ce5cc3bf976d3b9e641fc9e4ba5ea090affe8e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679638725, "uuid": "217522f1-4437-4d78-83c0-1c6f1b2a846a", "comment": "Malware payload (AgentTesla)", "value": "364e5673cce144095ed6f2e4e1bd56697bba5068267ab7164fbe501029dea95bd52bb2a1aae98180dd7cbed3178ad27c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679638725, "uuid": "67c8ed86-a243-45b3-b2a0-92e8b774e734", "value": "T1F4D57CF10283BF80E77F1E21845826404D149497D7BEE74CFDC526AB96A9F60EF88A71", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679638725, "uuid": "bcda3e23-6721-40db-a12b-26baaf3de396", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679638725, "uuid": "7a504e17-a14b-42b8-b7eb-aea2503a15e2", "value": "24576:YsSzxofprcAO+PNNTProUBCFe8LVQ1gw2ny/v/LtGZsYjot0X088UnWGQb+35DNj:uoFc/+P/TMZt0kQKDNRmL3YOZE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679638725, "uuid": "939c1a6d-c522-4087-8e6a-35f15fa01a01", "value": 2922496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679638725, "uuid": "cf0118f0-2943-4722-b76c-3702b4448ee8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679638725, "uuid": "6905ad44-0b75-4ada-90ea-07de8ce9a01e", "value": "New Prices List.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "380c63a0-c9e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679621754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621754, "uuid": "382ed7a4-7375-4216-89a2-9c6f07815639", "comment": "Malware payload (Stop)", "value": "c3bee1e929aabb22e791241eb556745d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621754, "uuid": "f49ec2c1-120b-43b9-a43c-bef58bc1d3cf", "comment": "Malware payload (Stop)", "value": "a5178d151f0c3056d631cc4d52dde49c19a08fdde23972a220869360d078fa76", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621754, "uuid": "bd3d42dd-6ad5-4ad4-8823-7d692aea1ab4", "comment": "Malware payload (Stop)", "value": "86504ae6613e7aa3af9ad5c6b266d0e369c487e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621754, "uuid": "b49998c3-585c-4ceb-97ad-951fbc31feee", "comment": "Malware payload (Stop)", "value": "122c74217952b15fd7f596ed36479bac661c31d31bdfe26ef87c52fb11f31435994fc7b2c2a9d14f71b53d52de259512", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621754, "uuid": "0aa7b36b-1b40-40a0-9e13-20205fb144bd", "value": "T1D9F41222B7E1D0B2E44B06718865F6B59A3B7C315B048ADF7B9453BD9E223D1CE72306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621754, "uuid": "2a7acf1d-6156-4d40-9102-82bd0ec58e97", "value": "d82b59d9ac38acfa112d084d606d9e02", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621754, "uuid": "6890f962-dd75-4c6e-a724-6d3fccc6386f", "value": "12288:uUthexTV5cfOL67Wm+JTHSjI3r94g79b8egKH0UKyG7qpwUIGxGBNMpsz4bi5VJL:P0V5cf77WjSUB4uNd5wSGQ+z4bi5Vq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621754, "uuid": "595cb262-f327-4775-bc3b-9ee758cb88b7", "value": 769536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621754, "uuid": "daa97e11-3749-42d4-b348-aa1477edbff6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621754, "uuid": "1b873232-dbdc-4c81-99f4-266e9abde592", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d39aaf3-ca5f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Tofsee)", "timestamp": 1679674591, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674591, "uuid": "8d743a89-6445-441b-801e-85d39793e76f", "comment": "Malware payload (Tofsee)", "value": "4fd73ee0baf62fb8e40c3ae143023df9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674591, "uuid": "0d28c6b4-8341-4518-aab4-a7ad37ef41ee", "comment": "Malware payload (Tofsee)", "value": "a5369a317da639715693251935ddb0e11ff0eebadbc533be7a27a86594891d3a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674591, "uuid": "36736496-1eba-4733-91a7-c672950a543e", "comment": "Malware payload (Tofsee)", "value": "094a939f7d2557db21e759dd993d3b8e13199164", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674591, "uuid": "38af57fa-24ef-4172-bd2a-28ea62b2d62e", "comment": "Malware payload (Tofsee)", "value": "a785ab7130a47bb0f4ece6b184826369db2f83a6e0956d4f77546ed3fc40b1fd59bc4720d028695be25198dc444705ad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674591, "uuid": "b733de42-1190-4944-bedb-e8fab513b638", "value": "T1EE447D1273E1B960F52387728E2EC6FD663EB8D1DE15BF6E1245DA3F0870262D662305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674591, "uuid": "320a34b6-ebbc-498e-ac84-6f2c4ae348d2", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674591, "uuid": "16c380c0-100b-4d26-9bf0-92286c3c4208", "value": "3072:51I6umRq0dljjKcYeJ5IFyL/XdrJ2g+CF5JdSWlWR8On7IzMqyCWN8aeDr:P1uxKqxGa0J2IGW50FqRva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679674591, "uuid": "cd9416be-6f34-41e4-9921-ff0413220194", "value": 254976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679674591, "uuid": "0a035a00-8a72-4e00-97b4-bcbac7563bd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674591, "uuid": "7a182031-234a-40f1-b273-797342e8f060", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35e3de33-ca60-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679675008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675008, "uuid": "0eefa44a-3eca-4bd7-8305-88e6b9abbdce", "comment": "Malware payload (Gafgyt)", "value": "3d597e27bbe06e5a48181aa3fd12af3c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675008, "uuid": "a3fc9d96-cb0e-4601-b643-97c1378bb145", "comment": "Malware payload (Gafgyt)", "value": "a55f1214585c8a8abc8deb12be6740fb7fe3e5ec4dca1c7b1238f4ff54e19b59", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675008, "uuid": "a4502456-7691-4988-a86d-2c54e9af6a41", "comment": "Malware payload (Gafgyt)", "value": "0e5be2e6574c3c1c559c312f396e6dec9fa983fb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675008, "uuid": "56239178-744a-49f6-bcdb-57bf72d43788", "comment": "Malware payload (Gafgyt)", "value": "0dc2fe65a3fa4a5fcf45505b0fdeabc6185c4ed8a3dfca003fb0637836366ebb75244ba30d406170b84477bf4193a12e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675008, "uuid": "eb18ff50-bacc-465f-978e-bfc2641357c1", "value": "T1DED3FA367A722763C0A7B33187F7033077B8D7941E69518395701C98AFB966C2862AFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675008, "uuid": "8dc5f27c-cff9-47bb-a689-6441cd41ec48", "value": "3072:8wkFUVEPItN8szphabuz9gkK/zOTF6/5bXkcve:8wzSk+kphabuzyn/zOTF6/5bXkcve", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675008, "uuid": "463440e2-22df-429e-96b7-2acd78cb1d8d", "value": 137645, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675008, "uuid": "c9721084-1cdc-453b-a054-6afdf20e582a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675008, "uuid": "d64b689a-8af6-4366-ab60-ab9dac4ca5db", "value": "3d597e27bbe06e5a48181aa3fd12af3c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37764555-ca45-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679663415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663415, "uuid": "999e9005-2f35-42e3-9b2b-19d2a90edc84", "comment": "Malware payload (Formbook)", "value": "6c38701adffd93212d6029444b59ccd6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663415, "uuid": "0069e5d7-81e2-494f-8dfd-f2304c8ba94e", "comment": "Malware payload (Formbook)", "value": "a5976236ba0b3e31a6dd09af3abe7d0121a4053bb22669869a874d1ba97bd495", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663415, "uuid": "cca7b789-174f-4d16-aff7-20ef036a9de0", "comment": "Malware payload (Formbook)", "value": "6cd4d0ee67d3c2dc4d3c27952fe03d21af301f5f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663415, "uuid": "773cc4da-9262-4b76-bac8-0ba23bc3dfa4", "comment": "Malware payload (Formbook)", "value": "bd10b7abe859d48574b8d0b78f9de1c881258983bb078ee4ea7d7e2a833194f6c296bf5dae7771c71e48092a12d65ade", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663415, "uuid": "cdb9bd5f-9ac2-4a7d-9393-896ec787f254", "value": "T148E439B91DA48A61F834EE788AF18162E1515FFB7F41B8145C8673098FB35E368DB01E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663415, "uuid": "7a33dbcd-0abe-4688-ac32-acac9500a8b4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663415, "uuid": "8c62bbf9-6141-4ed8-b6f3-89c2a476c7d2", "value": "12288:VOu8a0GY4jbPeeoVo8AL91kW9CUUCoStDH21X:JjbPJoV2L91CewB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679663415, "uuid": "3adacaaf-ac08-4a33-b58f-d01ac8866906", "value": 716800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679663415, "uuid": "85db90ee-3bf3-46c2-be59-ea39a64f85e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663415, "uuid": "62e33127-32fa-4c0d-93bc-ac3f4428cca2", "value": "rquotationorda.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7580e682-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679640326, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640326, "uuid": "62e30e41-c011-4708-96e8-2a32282d55ca", "comment": "Malware payload (Gozi)", "value": "12ab55fe1cf55591a4100f142619eaf7", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640326, "uuid": "e05a8916-7d9e-45cf-a61a-3b6edc418090", "comment": "Malware payload (Gozi)", "value": "a5a3fa96916e93c5a31de37ec675878fb192a969dad65e337e68b374db1dce89", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640326, "uuid": "e19da366-a05c-4bcb-affc-a17d43b41e49", "comment": "Malware payload (Gozi)", "value": "903852636c935d2411021ca200605ade183cacef", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640326, "uuid": "ca586dbe-d1b2-47f3-8de5-8f02d525755a", "comment": "Malware payload (Gozi)", "value": "df7a27c268cdac73df5f6ea1cb68c5a9689144dd04dce4b793eba1337b2ef0e2f7ac447378ce0fd0f999a976a054fcd9", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640326, "uuid": "d6e594f7-26f7-4d18-a9db-66026422c49c", "value": "T11D347E1273E1B960E52787328E2EC6FD263EF8E1DE15BF6E13559A7F0970261C662304", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640326, "uuid": "b8c6e7a7-eefd-4c4c-86a3-258e7176ab15", "value": "f074ca07d05b404f1800905e64acce35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640326, "uuid": "ca5e3787-fbaa-449f-b663-da00f06f843c", "value": "3072:dwSwyJDhPL2kxozPOIFtWuXDUjiyGU9ydevz12hMoCrSrVWNOb4q:5zcD7N+jtGUwo1RoCrSrVj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640326, "uuid": "46012668-c3c8-44f7-9e92-a059445c1a6d", "value": 252928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640326, "uuid": "513b69eb-b80e-41d1-9f23-a760c05a11a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640326, "uuid": "13aa83e6-5fbf-4a86-b2a7-51fee590f543", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdde5f3e-c9de-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679619429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619429, "uuid": "c11423d3-87ac-4e72-b404-9cf59905c8a3", "comment": "Malware payload (Stop)", "value": "5893629ae9f847c40070293d605b3f92", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619429, "uuid": "097d614f-83af-4967-a14f-2e8a001b8d97", "comment": "Malware payload (Stop)", "value": "a5bced2e4d51bfcbc4096302d56b663a05b599a7718f9ac84973b132893fcf09", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619429, "uuid": "6de71cf4-840b-4260-b46d-6b3342b8eebb", "comment": "Malware payload (Stop)", "value": "d43250eea467a76ad9a51dc57cf54cd0d439ec25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619429, "uuid": "eadef730-2b61-46cf-a7f0-fda673b30bb8", "comment": "Malware payload (Stop)", "value": "3426ea7b8e5ebd8e3018c26db3c00401f729a9bbb0fa2148422fb38b30c8738d8c07c3b6331aa5f3536495a76ac25f6a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619429, "uuid": "d24a7afb-3846-4236-9c40-6f6ec89dc8df", "value": "T1FCF41212B752DC72C9D245B48518CBB4697BB8328B5346CB73446E2E3E326C2EE7135B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619429, "uuid": "31b865b7-a48d-45fe-8bc5-ff5004b7f1fc", "value": "57a1d123edd8232af2119d11a9d551b0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619429, "uuid": "823eba66-06ce-458a-a52d-08dcd7856df4", "value": "12288:Kb78+Ct/RC/S5IEHDPtr6vHn/WfOSI3SGylYsikFPCttqnMRiBXDCON/E2p4mFp0:aiZAAjlbflsSGyl9iTiBOgqmXSn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679619429, "uuid": "1018402f-2034-4641-b961-eb0ff883613e", "value": 777216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679619429, "uuid": "704bf4af-8e2c-4cc3-b7fb-0cba3d0fc14c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619429, "uuid": "920d5ab8-e314-451e-8c9d-0bf19cbc8a89", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f16f1f9-ca4c-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679666434, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666434, "uuid": "a9387dbf-be76-457f-bf8c-0207cf7ed7c8", "comment": "Malware payload (GuLoader)", "value": "18bf4b85edb640846a9e601c2d8b5688", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666434, "uuid": "e3dd6660-d694-4028-99af-e1c69b61ddf3", "comment": "Malware payload (GuLoader)", "value": "a6368be57d33312df06d0d7ab0a825a5bd8b993ab5844b81761fb0622e5dedc2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666434, "uuid": "996be29e-02f4-45b4-87f1-676188548c23", "comment": "Malware payload (GuLoader)", "value": "d22da9acd92595db35909bf61f59b62811fe7a3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666434, "uuid": "3b6d5041-d144-48b2-9a50-7a1deca74bf0", "comment": "Malware payload (GuLoader)", "value": "0fc1bd7c73bee1f783659c5f86e8ba0deac5da88a41a5cc57cef82adcb423bd633b6a8ac1011cc43e8b42a299d120635", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666434, "uuid": "3a090b64-961d-4678-b2a5-8cf6de50365c", "value": "T16994C092F18048E9ED6617B18C36D8112293BE6DB8F5E90E527B76956BB33C30067D0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666434, "uuid": "96066784-45f5-4a17-96c2-6f74867fe018", "value": "7c2c71dfce9a27650634dc8b1ca03bf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666434, "uuid": "99b9658f-3d2f-489d-93cb-0f40b3773477", "value": "6144:SQLFhCzvJAySLSml0++8UNfoUUPU0LNNi430VYufBOkVlbT/8bTDJ:PFKAySLSml0+vUNfoUU8SNi4Eztlfs3J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666434, "uuid": "e1ed5838-7781-44a1-a4b0-f378f0879825", "value": 415868, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666434, "uuid": "b2ea10fd-3f0d-4aaf-9d47-89dff49869d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666434, "uuid": "9fd65ad6-0fb0-435e-a9bf-477b6ff38a38", "value": "INVENT_LIST.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0c41348-ca1c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679646089, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646089, "uuid": "86a56800-9467-41e7-b925-10f084d2ac17", "comment": "Malware payload", "value": "2078584ae2efa2de85c7973caee780cf", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646089, "uuid": "25db6e89-cd0f-4c12-91f8-c12a00cfb9b1", "comment": "Malware payload", "value": "a69f9c33f849dedd95803d455cb34470c497ccc0817ef1f1b53859fd320c9775", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646089, "uuid": "bbc92b54-5aac-4452-b02b-e0a540b0a03f", "comment": "Malware payload", "value": "f4c3b09a94a298d30d9b687fe9dd115c1e890d2b", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646089, "uuid": "8f72f434-3af9-4d04-8136-de6334270988", "comment": "Malware payload", "value": "8ace800214972023f870df88a48d96fc4893c925a3be6a062c09a629a87d220d31f946d6260c69bf30fac05cd01b2b56", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646089, "uuid": "cab9e9dc-ae6e-46e2-931e-fd1490d21c1d", "value": "T189F22A753095BAE41FAB147EE5CB64812D65611F06C88928FADCC1C9AFA1331DFB278C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646089, "uuid": "bfa2b8ed-b72a-4d3b-a589-008cd5a28605", "value": "768:awqSoShLSZqxu7vHRirs+9Oi+CrsVUeTl2Zv5AzX5:aj/cLSZqxUigkrsVUeTsE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646089, "uuid": "eaae070e-6fca-4138-b45e-2d0db7f8a9c3", "value": 37485, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646089, "uuid": "c58302ab-4583-40e9-9f38-cbf454c3685a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646089, "uuid": "7cc5f143-4bd1-40ae-8202-87915c69f337", "value": "backdoor.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17f6223e-ca18-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679644034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644034, "uuid": "046d2e79-e239-4bb1-afef-15069be3e561", "comment": "Malware payload (RedLineStealer)", "value": "562a9d80010a58ab0ce0a39caeeef5a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644034, "uuid": "2878bf0b-4258-4a98-a84f-7746bab50c58", "comment": "Malware payload (RedLineStealer)", "value": "a83205a714e50abb6f4aefef800f8da97239bdaf8b8331a6de3a498579f8fe6b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644034, "uuid": "3bf326c1-3511-4789-9a34-372f090ec872", "comment": "Malware payload (RedLineStealer)", "value": "b193bbdae0985ed6d3d5bb6321669cb44e08d0a6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644034, "uuid": "0e56e3b3-81b4-482a-ba5b-7208b1cc4e20", "comment": "Malware payload (RedLineStealer)", "value": "fee6c5b7d2cc966ba232cd7c358e4906b4511723edbf794458809dc57dd25e3ece29ee8bdefa37fbc3790b52764f51a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644034, "uuid": "eb06052e-e596-4ad2-bb1b-802891b4ed96", "value": "T1BC74D0127291C432E69201358939C3BA5A3FBC719B2556CB7B907B7A6E303D2EE31347", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644034, "uuid": "544c8939-fa19-4bbd-bbfc-21a4a5a2e6be", "value": "58071948c33b7dec9bea638ac45f94ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644034, "uuid": "04b2048b-c4cc-46a5-b742-79ec9362bd63", "value": "6144:SZZo2sL8q6JY46yv8CMSy8wRo2hz27YEVxuiGdLTIuLAWfkw2DAqF:Svo2sYq6JYQZMEL7tVxf8IuUTwd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679644034, "uuid": "176670d3-d1c7-4561-bce3-9739646ffb54", "value": 364032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679644034, "uuid": "36ac999b-27ad-417f-b7d9-9adeebc93895", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644034, "uuid": "97fbeccb-3bc5-4995-b5ea-748f0384e091", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78cbf0f2-ca73-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stealc)", "timestamp": 1679683281, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683281, "uuid": "27d75a91-fa1a-44bf-b912-fb7c602607ec", "comment": "Malware payload (Stealc)", "value": "acd76df109da634b19792adbae6d87ed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683281, "uuid": "1e21f0d4-8e0c-47a7-ac7f-ad0b1a9c4194", "comment": "Malware payload (Stealc)", "value": "a84eb505e211dbee4dbf7c7f7137f6bb06adfcf62e52545a0db1d381fa19d369", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683281, "uuid": "607564ad-7e5a-4b2a-8ebc-94e5849a7843", "comment": "Malware payload (Stealc)", "value": "192715a95afc4dd84f5227c4f2345062db60e6f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683281, "uuid": "43771ca7-5696-44b3-ab18-49ab77d24b2d", "comment": "Malware payload (Stealc)", "value": "fa61d10d29235e473e8d9f8cc194232e5aab33073fbeb78996a11014fd7f382e611124232215f28afafbed1690174cdc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683281, "uuid": "94c97238-f4c8-401b-96f2-3be54757e266", "value": "T1CC55127AB1C0C537C171097DAE96D3E6A4357B243E28654F79E90F9D8E3A062822D3C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683281, "uuid": "febc9203-83d0-4aa1-a6f6-94764a3f9438", "value": "baa5b88b6bb86e914d34b43be035dc81", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683281, "uuid": "83752ddd-5851-4109-a407-35ff1d5c2926", "value": "24576:4WmAFubSRUqxeOlXDQjLStrHvNZSEy4eZls3VaZy/le2VjUiN9J:U26qxewXDYLSt5UExeZSIZse2VjUi3J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683281, "uuid": "72281f52-951b-47fc-9493-ebc0c08f4730", "value": 1371960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683281, "uuid": "fb04abcf-95ac-4611-b722-93915c4a0233", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683281, "uuid": "a9dfb1e7-cab5-4ec9-9d6e-ca47c00e9718", "value": "acd76df109da634b19792adbae6d87ed.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e4edcbf-c9e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679622302, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622302, "uuid": "3b5c408c-f96f-41f2-af70-f889c46ecf58", "comment": "Malware payload (AsyncRAT)", "value": "b0c54754039e4c312c81cc1de388e1e6", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622302, "uuid": "220b523a-895c-43ee-b0c2-19f35ee34bab", "comment": "Malware payload (AsyncRAT)", "value": "aa199fbb289e048c5abaa334be3eb172175cf53e736d3a15ca32549086c99a8c", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622302, "uuid": "d1e31999-adb8-45ed-b6ec-edfd5a7ad630", "comment": "Malware payload (AsyncRAT)", "value": "c00e8d078f1224156e5f34720732891afe72d654", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622302, "uuid": "c5c73202-e89c-40c8-8c83-64b98926d0bf", "comment": "Malware payload (AsyncRAT)", "value": "68ae96674d6c6f21cb0bb902d65b675f5c9d5f2d0711f55423c5f0b0798172c26bf13d93beff46c5c7c241df1a340b08", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622302, "uuid": "c25a1ec2-e384-4837-aa23-8f779e661640", "value": "T1B0232B103BE8812BF2BE4FB89DF26145467AF2732503D64D2CC4519B5A13FC69A426FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622302, "uuid": "dbfce8bf-02a4-42d1-9dab-5f97fd1ae2c1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622302, "uuid": "7f4d639b-4cb5-455d-ad09-e5e29ab5c3f2", "value": "768:DuU2VTwkbBHWU7TZcFmo2qjLKjGKG6PIyzjbFgX3i0ZHPcZekvlaBDZDx:DuU2VTwAJM2aKYDy3bCXS0ZC+dDx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679622302, "uuid": "136f29dd-9a51-4e87-95ab-6e34ffc26840", "value": 46080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679622302, "uuid": "a054eca9-0f9d-424a-8f98-bde700768db4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622302, "uuid": "98626f10-4324-4256-83db-585b138cecde", "value": "shadow.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "038342e4-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679639705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639705, "uuid": "2dc6625a-371e-4873-bb7e-59597c3d4c70", "comment": "Malware payload (SnakeKeylogger)", "value": "5217497644ba5d8567c0907af0d6d8af", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639705, "uuid": "cd72c014-e3f0-4abe-8471-086481eb3810", "comment": "Malware payload (SnakeKeylogger)", "value": "aa6970ef8a146792e07218ad71bb318dc32a1feda9a4f4f3da55365f6bfcd25d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639705, "uuid": "7b54f247-f845-4d16-a19c-f38229e71b0b", "comment": "Malware payload (SnakeKeylogger)", "value": "9b882f304ec892c9f2309cdc796955b513ce769e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639705, "uuid": "ad706b84-bde9-45a1-9c1a-ae101f901387", "comment": "Malware payload (SnakeKeylogger)", "value": "5af252e8b92263d4834c48d428b3cc3dc8def62b89401629b8e2c6d2e3adb9bf934eed3ad59e9a2469cd122b1e724683", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639705, "uuid": "854f9cfa-a963-4faf-9106-391f681ed5cd", "value": "T1B254121C75F4D16FE8A102B11A394B0A26BEDF176871970F27A42F0CBA576C1E18F366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639705, "uuid": "94984785-1e78-4231-8d27-cd6d9b774be9", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639705, "uuid": "acdc781d-7352-4986-9f3a-f07839c2f0dc", "value": "6144:/Ya6oMikLSqwmmmt/1dM18o/Hrb6I56d33nY9nKdo7hR:/YWMikdemt8rAW99R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639705, "uuid": "f8374be3-98bb-45d2-ba40-3d3baba04bd9", "value": 283572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639705, "uuid": "22e64246-91df-4bae-9f52-9d983d2a55b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639705, "uuid": "ac169a34-f432-4746-9bc0-d6a2d3c5a808", "value": "5217497644ba5d8567c0907af0d6d8af.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db68eda4-ca51-11ed-88f6-42010a9c006e", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1679668844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668844, "uuid": "1638b570-82f2-4839-b9d1-146316ef0e75", "comment": "Malware payload (AveMariaRAT)", "value": "9e19382494ab766b05c90cad05588c9b", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668844, "uuid": "f9b8f2e8-ff93-4270-ba92-568d7f443751", "comment": "Malware payload (AveMariaRAT)", "value": "ab032688523c2d7c7d0c7e829a3761fe59797d0d9b24789c94b7d0a6e5e30c29", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668844, "uuid": "3d83d3cb-8c8f-4bd8-9756-bb5f04c0a65c", "comment": "Malware payload (AveMariaRAT)", "value": "6bd85f0c94574fa0f4d27e791c03871dc07776d6", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668844, "uuid": "a4d214e8-a77b-4451-8f3b-dc23f955532e", "comment": "Malware payload (AveMariaRAT)", "value": "d18e8b7d601d118735a92329081653b7aca02733276bfb370e6da20b8960bf6ccb0c7e52f32c252f26127f0924d54904", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668844, "uuid": "1695c5dd-7cd6-40f2-89a0-379ce796619f", "value": "T193F48E16F7F08C37D0675A789C0767AC6829BF602928E897B6E41B1C5F7D2C03829E57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668844, "uuid": "f560e61e-dd63-45ff-8377-57328fcecde5", "value": "a4caac61fb9aca2a88980f4a05120259", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668844, "uuid": "6466abd7-0c34-4755-bc6c-a367141a61ec", "value": "12288:JEkDmC7ekQVonF1Wp5j6cG7yXqMiHEVXhsdnfvkGUUmyyi8jXRy2Y36j:aUz4VoF1Wp8c8tMikVXhknfvSUmy4436", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679668844, "uuid": "51acbcb2-9e92-4bf5-baa2-a3541c4828c8", "value": 780288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679668844, "uuid": "46ed42ea-9551-4edc-bcdb-867ca2a16061", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668844, "uuid": "717cf41d-d62d-4c5b-99b9-3e1769f16f57", "value": "Quotation Request Reference Details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f6ec904-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679659482, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659482, "uuid": "b12aa149-a29d-40ec-9c0a-5900140d6987", "comment": "Malware payload", "value": "0d826fffa21aa502ecdc52b69a89d679", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659482, "uuid": "a84c7e02-1917-478b-9efb-8a80a1e72ea1", "comment": "Malware payload", "value": "acb6ad9fe1438e5d9993f25e1d140b7e876b91e131dba4c7f39faa53254c6e35", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659482, "uuid": "d6d75633-cdc1-449b-8c3e-18aaa97524aa", "comment": "Malware payload", "value": "7a05d103af506e0f0c743df8307aaf408fc51e94", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659482, "uuid": "a8be3324-6f8b-44b1-9b79-a027f87f02b0", "comment": "Malware payload", "value": "89bc995f488f0d6bda252ed0c0eaa0610c4e77bcf8a597c6e0a1cb95f8c812dfd3c26ead2f46f4acf57a6c1c10930b4b", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659482, "uuid": "2db77fbd-4da5-4120-9bec-f450c75b5497", "value": "T1CCF02B67875C54E5C7282531817E8B10F783BB54C7E51F07692024234C4B8580D8ED9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659482, "uuid": "35fcaa21-3a7c-439c-a1b0-9dce979194d1", "value": "6:BBkSlXe1oaXyK/V+gv/1pxR1aSmatp08kallMqDyGPXE:BBkWXqo8yk+gHZrtp08/zyAU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659482, "uuid": "8490ec84-87bd-42ff-a6ab-21056a8cdd27", "value": 476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659482, "uuid": "a82464c0-3378-4441-aabe-7ea273fce56d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659482, "uuid": "b2066c78-d20e-4165-8683-d3c5409325f5", "value": "acb6ad9fe1438e5d9993f25e1d140b7e876b91e131dba4c7f39faa53254c6e35", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44acfb99-ca0b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679638526, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679638526, "uuid": "c7731b9f-c1b5-4845-820c-c90d4c4577d7", "comment": "Malware payload (RedLineStealer)", "value": "7275be85fefccac07a264a7e5c927dfc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679638526, "uuid": "bfe86013-1278-4c9a-bb0b-84004ad07cf6", "comment": "Malware payload (RedLineStealer)", "value": "ada8c049774d371aef00c629fa9b5fb5a365d73ecedd8bffd01bd74093c96e10", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679638526, "uuid": "e7563991-452b-4a2d-8670-975fd7f0edf1", "comment": "Malware payload (RedLineStealer)", "value": "a3e7512c44935a36e94ae5eec74b3b0ad24fda40", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679638526, "uuid": "603087f6-091c-4dca-9768-bfb1dfb4ac7a", "comment": "Malware payload (RedLineStealer)", "value": "ec82c63b3bab8dc484aae547f8f2a9fccc8b452fb47728aef3d7396917c25b2f7b90902cb446ad3eaf93b1bb4edad65a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679638526, "uuid": "077da6ed-fab0-4720-be9a-16c38d5718e1", "value": "T157252362B7C54173EDA523B458F50B830B793DB1ECB8921B2785184A1DB36C97A3633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679638526, "uuid": "a8a3e103-fc1c-4498-a729-debc5c663512", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679638526, "uuid": "e9a0cb5e-ba0e-4499-b926-1f2bab430843", "value": "24576:Vy7AeAEN4gpVkbzG47+PKwz+OL/z58W8qFSuUwT:w7AcpM/7CKwz+2L58WIu3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679638526, "uuid": "582c9c85-fb65-4db2-85cd-62c6cb162520", "value": 1050112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679638526, "uuid": "9cf2c1f3-f153-4e3f-a166-d272a3ad3e9c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679638526, "uuid": "e2c1e7ab-78a3-4ea1-984d-8e8377ddd149", "value": "7275be85fefccac07a264a7e5c927dfc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65dbdd20-ca4c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679666499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666499, "uuid": "4851fd3c-58a0-4b1e-9eaf-d1cca09ae745", "comment": "Malware payload (Loki)", "value": "ce8af6a4d32b1ba2abac6051ce27530e", "object_relation": "md5", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666499, "uuid": "a2e99dcd-6406-4cb7-9a69-d15e7c3eccee", "comment": "Malware payload (Loki)", "value": "aef847ade3445c3bda6f511df986d0723bcffd38cdabf54f9584a4b90e311fa7", "object_relation": "sha256", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666499, "uuid": "4fd93626-25aa-40c6-ac68-d8fa5baee8b9", "comment": "Malware payload (Loki)", "value": "f9c17ced36cbcdc44db07ef2f41d9963bebbbb74", "object_relation": "sha1", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666499, "uuid": "501cf31a-a6b4-487c-9e69-9ca4f91a21bd", "comment": "Malware payload (Loki)", "value": "ec3910a1f78cb2b8ebb6d119f59e12dc724a8df08605e8ffae0b03bc93ae33b190738f8e09b85a7da57166c6ee280992", "object_relation": "sha3-384", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666499, "uuid": "f247c961-f8c2-4f8a-92b1-6c4f3f32823c", "value": "T1CFD4231829FF57BFE9C62240C421EFD906831D3956A609E983F466BAF34990BF5D0C9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666499, "uuid": "bb0edd78-da53-44b9-b0aa-138bcb4d062b", "value": "12288:Y3J59UP5NRbTMEIj2H1WWMCMBbsiD4EbCL6/1d1GKXsfL18Yo/GaJUXgXoCp:2r6T0Ec2H1WrCMlpD4N2/1d1GBfL+YqV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666499, "uuid": "64c6bfc0-60b4-48fd-b772-1a55abaf54b4", "value": 638677, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666499, "uuid": "7ee033d7-1a77-4ece-aa3d-70eb3ae8966b", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666499, "uuid": "1964d13d-0d0b-4675-bd4a-eefc38ab50e2", "value": "nFedEx Invoice Receipt.ace", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73fbaa3a-ca92-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679696587, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696587, "uuid": "25cf71cf-6bc7-4dde-b426-d74eb906b313", "comment": "Malware payload", "value": "a8848ec4eba9c6d04e8c20b140518212", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696587, "uuid": "4e978055-67bb-41d5-bcc1-3b9d20402864", "comment": "Malware payload", "value": "af1f30190ffe49275ef4c16a4c7e3e3c12cf8ae3a29cfea170f99ed9b2e5886e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696587, "uuid": "90e99d2b-1781-402c-be82-cf339910577b", "comment": "Malware payload", "value": "8b9c5c05a285c215df6de102173834de9cdc80f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679696587, "uuid": "7d06d6a1-14ab-4119-8a82-74a085e55b1e", "comment": "Malware payload", "value": "3b697c5dfb4422a3399fb658460880974116d1a9ae0ede0ab1187e46c2eeaf863ffad6b0ad2a7e1e7393e31c5e1ff3a7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696587, "uuid": "a3f8443a-1b2a-4c99-a1b9-5e34f5077b2a", "value": "T13A84BF1272E0B920E52387728E2EC7FD6E3EB8E1EE157B6916559D7F0D703A1C622305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696587, "uuid": "db7bf52e-d803-4ab6-99e7-3db9a940a57d", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696587, "uuid": "4bf1e8a3-386d-4083-a413-8c0a64df7fc5", "value": "6144:fuzDVPAMT7o0bqFT6hvxw9voGqgm2knlBRtQy3p+va:mzDVPA87oNukFqRBjQy5V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679696587, "uuid": "18bb3fe0-eba4-4e3a-b115-40fa654f5de6", "value": 392704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679696587, "uuid": "e3f510c2-0a3c-4e4c-9dac-e4ea3a86d0c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679696587, "uuid": "a1997f39-931b-43c3-bab3-f3bea9a01f50", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b61db449-c9ef-11ed-88f6-42010a9c006e", "comment": "Malware payload (zgRAT)", "timestamp": 1679626690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626690, "uuid": "bcc3b967-f4b1-4d2b-9b0f-a538769e8b88", "comment": "Malware payload (zgRAT)", "value": "f3f27539efc7350df9dc444676687f9b", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626690, "uuid": "af81cd15-1d4a-4d4e-a47c-db9ec49421e7", "comment": "Malware payload (zgRAT)", "value": "af6f64bdcb8dd561cda554933b57cf7d479c8079baf6a716be19ab03d359cbdb", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626690, "uuid": "5836f9bd-d96f-4c61-b272-8716964e9fa0", "comment": "Malware payload (zgRAT)", "value": "166f84a378a47f0d1d26dd1338404de9817c2e77", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626690, "uuid": "f9c7e324-eb7e-4b3e-a0e7-f5ced8700d24", "comment": "Malware payload (zgRAT)", "value": "d2339d434c04576ebf2de62009cad3d87979090ac78ab0c14a4a627454a09e3dfebe085c56205b464d30017557cb62ab", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626690, "uuid": "6b304b45-f8e5-40c2-a7b6-f5a099026cc0", "value": "T1FA5292811B8D98F1D3A5E573821A800E09FDF777346319E978CDA0863BBD60D89BD1B5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626690, "uuid": "9ec29d2d-722c-490b-bf03-3a0f60566f5d", "value": "384:ttEX+ms93zbOq9rI2rtzH+eD/pFXiSv9R1MuXByzj1NWepSs:xtziqqPeD/DXLPmuMzjPWw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679626690, "uuid": "c52929cf-7074-4361-9908-a33a68a17c9e", "value": 14095, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679626690, "uuid": "3d872b44-6a62-4fb4-af91-cca3d3e41457", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626690, "uuid": "0067a85f-6948-4142-b58c-1892a1d1f595", "value": "f3f27539efc7350df9dc444676687f9b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49088587-ca42-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679662156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662156, "uuid": "70f445da-e753-4574-b8d5-896c9dd5764a", "comment": "Malware payload (Heodo)", "value": "cde1a4983674221e32035465ff72c577", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662156, "uuid": "cda0aeb4-f291-440c-b780-a295284ebc91", "comment": "Malware payload (Heodo)", "value": "b030f4ef75c8ef13e944f87ec7b700799b5f2906f4f3cb262c0fb1daa3b41865", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662156, "uuid": "1378f7eb-480d-4cb4-86fb-31bf503829a1", "comment": "Malware payload (Heodo)", "value": "b25512e978cd4b0f700f655caff2923a4c77fdba", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662156, "uuid": "f1fe9233-88bd-4b0a-8f9b-6443eeb46591", "comment": "Malware payload (Heodo)", "value": "d527be30c541704ead3f3512a1f4e0fb1aba3d8da078cbfa4cd19b69fef21f0d767b5df7e34bd168cd94186db68f4429", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662156, "uuid": "4dab1bdc-2706-4f9d-a761-2fa5a184f8dd", "value": "T1332523E059F82941CD0E0C35F92A71BD92BC31666EDD15E633BC3CE5A90EF6C42122B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662156, "uuid": "e33df77d-9f2e-4665-b613-2ec82326060d", "value": "12288:6kf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4deI:pXzNdfKluvnRHthzfoYxJlR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679662156, "uuid": "61590e2b-8fd5-4253-a022-84a88f0f7429", "value": 981830, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679662156, "uuid": "585887ca-f3cf-400e-a42c-8737f82ae0cf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662156, "uuid": "d5584a00-eb67-4a75-826d-1a7838a1d9cd", "value": "uDXTYEs4Lx95sq9d8ACNEDJylh.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec8ce4c7-c9e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (NanoCore)", "timestamp": 1679622057, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622057, "uuid": "8a8e678b-6d25-4090-a998-83f9594bb2b6", "comment": "Malware payload (NanoCore)", "value": "a5024adbf456fb728d2acb0def071460", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622057, "uuid": "b6564330-9513-46fb-9ccb-2895527bded5", "comment": "Malware payload (NanoCore)", "value": "b0f0b4c3d5da49fced977a24b84dcb13b292a983c705c0b0f8fd4b1307c9ea47", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622057, "uuid": "82467df9-e97a-447c-82f2-4fbcc0f8d315", "comment": "Malware payload (NanoCore)", "value": "acda2fa3da707a7a1e7ab1246393380972584c58", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622057, "uuid": "97a198d0-83d3-45b5-b7f8-8c2b8e60de2f", "comment": "Malware payload (NanoCore)", "value": "c3a036842e5cbb43e875fb20dbf45e2ece9d34a874d0c4e6b7daaa9d61a669713ed39bf3d511fd0c263831bb11cfbfb5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622057, "uuid": "e72ac00b-8f4b-41e2-afb9-18dcffffc4c3", "value": "T1CEC4022A7BA58A2FE3DD86BD701205165378C2A39CC3FBDF58D410B74AA57E84A071D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622057, "uuid": "9d320d9b-fe75-455d-906a-51ce32330a0d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622057, "uuid": "6fddacff-1f79-4801-82b1-7cd6950a1651", "value": "12288:CLV6BtpmkIeY+4F7Ko4YKDbzsr0s2apK+85GY+xVncgIHQE2:gApfC74D4J38+RVnKHM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679622057, "uuid": "352d6181-7358-41e4-931b-67a6699f6b45", "value": 566272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679622057, "uuid": "f105c869-a66f-498a-afe1-72620f733cff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622057, "uuid": "6e7facee-f992-41f2-a428-392c95916cd4", "value": "Servo.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af237965-ca58-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679671776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671776, "uuid": "fd61a296-c2fa-45fd-ad95-f473d51723d7", "comment": "Malware payload", "value": "c6c4f3fd9a09db598811b5ebd5c0b3c3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671776, "uuid": "b988399b-9dd4-45e9-a930-612ee04676eb", "comment": "Malware payload", "value": "b108763f9ea5eeaca59513676fd75ab96d4b0a88be9aceaab661dc60a0d780ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671776, "uuid": "e7b8a976-d6c7-4ba1-9e1f-f9e660811555", "comment": "Malware payload", "value": "236f077cecbfae99952fbd5244afd2c14d867f52", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671776, "uuid": "158f97b9-bb78-4838-a089-6799f8c5b628", "comment": "Malware payload", "value": "c6c8edce42c63499e52a8e68da8eaf77aa1e8fa8e8349290cb872226931f00540af170bffae5a9b3eace01d2f0f0ff13", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671776, "uuid": "28005bb7-2724-461a-b63b-19dc3355c319", "value": "T1D2447B11B4D48432D57338324628D6B24E7EB9305E619B8F77C90D7A8F74681EB29B2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671776, "uuid": "d2318d00-211c-40bd-b3ab-0c83b845c54d", "value": "4ef1de9e4f4501143bde600f97030826", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671776, "uuid": "7fe3244c-30e3-4914-ae08-dc497dab080d", "value": "6144:4w9JuGhvd0RuEiPAPE6E0gBud4Ue25jhNGGCU4BKZ96U51C:x9JuGhd0RuEiPAPJE0gBxUe25N8GIBKd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679671776, "uuid": "263c7ef5-a455-401c-9dc2-8bf3714377f9", "value": 260608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679671776, "uuid": "7d5069a8-604c-46ac-b3ea-7b5d080c4376", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671776, "uuid": "34ca6fe6-9fa7-4d92-bccc-3cca6bdfdec4", "value": "SecuriteInfo.com.Trojan.Agent.GDTY.17387.8718", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c35668cb-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679660213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660213, "uuid": "58818cf3-6791-48a2-88c5-1b291ca30d25", "comment": "Malware payload (Mirai)", "value": "dc13ffb4a370329d18f99ccf382a6570", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660213, "uuid": "f632e1e4-d0d5-4a09-8c76-d635e74f8a15", "comment": "Malware payload (Mirai)", "value": "b2a6f75865d1ba17880028d002571e75b8baa0945eb9c83867d55c62fd49518f", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660213, "uuid": "da44d61f-0224-4016-8454-f917d9f66781", "comment": "Malware payload (Mirai)", "value": "15cb4c66ba67e53d190a133e8e8549f54a51059b", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660213, "uuid": "5ac41b7e-c370-48c9-8136-9eb7ffbd9190", "comment": "Malware payload (Mirai)", "value": "cf0c55bde14839d79e3933bc26ee8b6ef5b800c2619ae3454ae86be1d86b271ad137bd619068ba81dc72fe10eaf88823", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660213, "uuid": "8b4cc6a1-d309-4030-84fb-ed84df0f1f5f", "value": "T15E83C509BF614EB7ECABDD330AAD1B0534CC594722A93B357534D428B65B24B19E3CB4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660213, "uuid": "dd73646d-81f0-438c-918a-9388783d4b6d", "value": "1536:yQibqSNRQN8OF54vz/Qz+/zQPZdFOdPZknjFNOi:RibqS8aiBy/EP+ujzO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660213, "uuid": "2fe7757a-2a15-4e3b-9212-83458d56cae0", "value": 84784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660213, "uuid": "3de396ea-e770-4449-880a-0ff6cbc14243", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660213, "uuid": "d3ed4fa8-e122-453e-84db-dce306d9220a", "value": "nigga.mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "940b1045-ca75-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679684186, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684186, "uuid": "c55aa734-b60b-471d-85cd-fc5d53808802", "comment": "Malware payload (RedLineStealer)", "value": "bdecfa94b9cd9a5c2dbcb6200e8dc417", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684186, "uuid": "bb647325-5c09-4531-935b-07a8078e826b", "comment": "Malware payload (RedLineStealer)", "value": "b2ff9d9f164c1f1a7abaf61a78e5f42806794260dd25b122839d7538672cf319", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684186, "uuid": "13021390-affc-4131-9389-028de857f930", "comment": "Malware payload (RedLineStealer)", "value": "f33039f1cc8025d49cd178a5530524afe41600b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684186, "uuid": "fc6e3f88-d38e-4925-9e1a-278bb1fda99d", "comment": "Malware payload (RedLineStealer)", "value": "04505bc04022819c6c168edba9f3dbb65c13b839a52f93b58b7b58eb83dde2a0716320848d21040ad9aa924c33275087", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684186, "uuid": "5e0c0add-b383-47b7-b183-b6fded0a3231", "value": "T11FF4E10273D0B560F55787738E2EC6FD6A7EF4E0DE55BBAA1608993F09302A1C972709", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684186, "uuid": "c8a0488e-49ba-4ce0-b4e6-d47f9f38310e", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684186, "uuid": "af4e666b-7195-4c0a-a5b3-2da09eb6dc21", "value": "12288:GzfOxgdfLwGQzw+61sH4V3VreFV5KvdJigrMKZDD1hwABseUqhERaExy7GqB7K1o:GJdf9C01+qlemIKZDIABjER0B7K1opn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679684186, "uuid": "5c07bcf5-71a9-4551-947c-16c376c95407", "value": 742400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679684186, "uuid": "82b13522-fdb5-46c6-8042-3cd9a2e5ae25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684186, "uuid": "5d390abf-56ed-4703-8175-dbaa9ebd7472", "value": "bdecfa94b9cd9a5c2dbcb6200e8dc417.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2407bd8f-c9df-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679619573, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619573, "uuid": "5d063cce-478d-40c1-a2cc-ee9943ad1bc1", "comment": "Malware payload (Smoke Loader)", "value": "fae86954741e60a3e85ba7d7884c8478", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619573, "uuid": "5e328883-6bf8-4d02-a4dd-52061d1a53ce", "comment": "Malware payload (Smoke Loader)", "value": "b59a26cf9a84386e31f54cd6b18e44fba40b4716d9acf9c9ed6a85860105dbb2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619573, "uuid": "6da70eb3-fcc3-49d3-9b06-59b443cc8a94", "comment": "Malware payload (Smoke Loader)", "value": "5b5dae13db12d4acdc5d78782938588b6173256f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619573, "uuid": "fa7af006-6fe9-412f-a880-b7ca9d0656c0", "comment": "Malware payload (Smoke Loader)", "value": "15a4100cd9917d50859bb66fa897e385bbcc9178c2759dd9ecf76545666342696c13272b8641e25a1359890673fd01a8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619573, "uuid": "9698079f-78ae-4c12-ada1-842cf655a583", "value": "T16B44D0A2B3D1C473E55B41798911C7B06A3BB8708B1686CB7790267E5E303E2EE79347", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619573, "uuid": "ae72f1d1-2891-438b-a327-2b123396e784", "value": "f74196ae98b7afb3677d1c2066ccd5db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619573, "uuid": "7968d04c-a7f4-4093-b885-b2d3fc86c7bf", "value": "3072:AnH+6IjwpCVuLkTOeYDNI5WXSnHsz0dsJlE2WKXK5KTrNUTZsl5hWpz7bIyNCG:g+XVuLQ/YDiQXWM73G0Wh7b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679619573, "uuid": "0e00f552-3dc3-446f-916a-8cad92529813", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679619573, "uuid": "1a6d5f26-ec9b-4f6d-85e9-7b0e12e2ae71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619573, "uuid": "aafee402-6ecb-4d0e-83fd-618eb3684d08", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac07eaed-ca7a-11ed-88f6-42010a9c006e", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1679686373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686373, "uuid": "62c5e5c2-0954-4951-bdf3-6bf9ce7a8d20", "comment": "Malware payload (RaccoonStealer)", "value": "774bd5fa9e8e0a7f86c1c90a8fa36220", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686373, "uuid": "06ffc462-9733-4286-8bab-faa20c122083", "comment": "Malware payload (RaccoonStealer)", "value": "b6fbba05f1a32b2fe499818cf4f2e09b6d6110e715e19efd16274a644f338a0c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686373, "uuid": "64c1032a-d12c-4c66-a031-edc46c4183c6", "comment": "Malware payload (RaccoonStealer)", "value": "2a67e8f106e42800cfc2b8f7f54f30ca3e6f61d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686373, "uuid": "5d508415-5231-4005-aa40-edf6c723295d", "comment": "Malware payload (RaccoonStealer)", "value": "22f34f5b16b27825dcfea8f896aff82f1529621aaedb53d82a1e2465369428a131effdf45070c4e3f6acf7cd93d1cad0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686373, "uuid": "3d6ae1f8-c336-4b4b-a6ef-b2eed2e05fa9", "value": "T1DD66237113986415E7DACE708423BDAC30F1BE778E918EBC5699B5C53B71CB0B122A1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686373, "uuid": "e5c1e395-df46-416c-9a4e-af2b77cc1e12", "value": "42a4be2e16070c563b65000460421a66", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686373, "uuid": "5766242d-d84a-4756-8240-b30028986e63", "value": "98304:lZ+ThhzaCrJxJvCz9GR91J9W6B4Ucv6uimo3sQ4aUA1TbENOAIdNyghmPUf36L9i:z+TN9SBGRCLj44XA1kNQ8Amzn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686373, "uuid": "e3ce7236-a42d-477a-bd82-9e0756591628", "value": 6844928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686373, "uuid": "c5a5b2a4-3f51-470e-a2ac-28aea361e76f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686373, "uuid": "a05aa6b8-247a-4cd8-9ba9-8cb090ad6662", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c5479d7-ca25-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679649625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649625, "uuid": "53370e2f-c3ea-4792-b6ca-41901670459d", "comment": "Malware payload (AgentTesla)", "value": "9c73306b72bc27bd9b6af26d013927dc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649625, "uuid": "33a85094-a092-437f-8bb6-481f2f0b5559", "comment": "Malware payload (AgentTesla)", "value": "b76b3828f8eedb51968278454979e2c14d9738276f69c42aa7600fac148a471d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649625, "uuid": "99a742f4-d8f0-438d-8715-6abd2b223841", "comment": "Malware payload (AgentTesla)", "value": "e3220f7e8c05c00c4a94b81f574a4f5007ab18f4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649625, "uuid": "aa008068-8f37-45cf-8a8c-a4b05e553113", "comment": "Malware payload (AgentTesla)", "value": "68572dd30d0b15b8272cfd8e7d27435e294dffa0e851dcbfefbb5cde39fa57053654aaeb36102ebccfd94d71726bfce8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649625, "uuid": "7d7b841c-bfa7-49b6-a287-0839d8189edc", "value": "T10E0522103BAD0971D7BE237E44E6E0CD53B639135B90DA222C9595DDC9EEA109B223B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649625, "uuid": "db70d9e1-9eb4-4ccf-b4cf-2cea8927c325", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649625, "uuid": "22aad853-9676-454b-952a-21175f6f2a6c", "value": "24576:A+Ceb6vGeFqhzUqBya9+Bc1CcVkw7bp7kJinrQ:A+CeFeFqqvT0CcVF7N7sinrQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679649625, "uuid": "c1c1af24-1d4c-45b2-a325-88d96f17c4fd", "value": 815104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679649625, "uuid": "b139fd29-d7a7-4f4d-a1d3-942b9116c479", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649625, "uuid": "890d090e-3f9e-41c8-978b-1c5932b5d801", "value": "ESP15903YI0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33b054ce-ca57-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679671139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671139, "uuid": "19a29fb0-8d39-43f1-89e6-fea1809b9829", "comment": "Malware payload (AgentTesla)", "value": "8de26977cf5c1d3d7619ddfe812d7aa8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671139, "uuid": "4c87d086-7ec7-40c9-aa16-c0bba36781a7", "comment": "Malware payload (AgentTesla)", "value": "b886dcd7df287ad95fa271968317b41f55f61ea7140bc2f241446fb3df9a6561", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671139, "uuid": "42f89d82-030c-431d-940f-ba777024eb2b", "comment": "Malware payload (AgentTesla)", "value": "d6173fb85e59d3402ee95ddaeab5396559d9e200", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671139, "uuid": "b140e527-2a69-4353-a720-b25c7b7bb0f5", "comment": "Malware payload (AgentTesla)", "value": "ad63ecc13776dbd2dee76039a71dfce275a8f591c3019d1bef7ed32113d3b010804025f1da26d048465128d48e062238", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671139, "uuid": "d34e1eba-2573-4c32-a09f-4be1f8e34b80", "value": "T1300523902FBC4972D77E2BB912A6D0CE83B625269748DA711ED971CCD8CB3449211BF3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671139, "uuid": "bc4dd5dc-466a-448e-b6c5-fe79a6dcdd6d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671139, "uuid": "88cc0f1e-a35c-4f26-99b3-70699474155c", "value": "12288:IDA2SUvKZqHBvJMbAa6uqQX4S4k3qoszvQ+6pOLH+2obKMxQ+C+HY8Cm81I:n+/5JMEaZqQXJ6QvYLH+mMxncj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679671139, "uuid": "91d35dcb-b9d8-427c-a741-8a59087ba264", "value": 850432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679671139, "uuid": "e034bb4f-599b-4094-9170-9bc6f6b8060f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671139, "uuid": "242d5096-9b13-438e-b4fc-b5a4522e6d0e", "value": "invoice For Balance Payment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "825b0086-ca79-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679685874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685874, "uuid": "61980b80-6e67-44fc-b6b1-3c1b2e13b65a", "comment": "Malware payload (Amadey)", "value": "bbf1ad7a265522ec74752391dc461a7f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685874, "uuid": "6970bd31-71b1-43a6-aa89-884f304d2f4e", "comment": "Malware payload (Amadey)", "value": "b89981371e7ac4c1f9dfb4be56158d769a8b2d3dfeb7168df57b51e2d2e6df06", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685874, "uuid": "d00ed3c9-bee5-4daf-9474-fcde59973b89", "comment": "Malware payload (Amadey)", "value": "884822fed00eb47b86009d468536a48774f15151", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685874, "uuid": "5933ba2f-5dde-46ef-a9d8-3bafac40f78e", "comment": "Malware payload (Amadey)", "value": "498464b3529c00cfa9cda2dfdbd69ee1afdbf59256900eac1824ebb4e29f287e5fbb2355f32a650e98108687dd8dffc9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685874, "uuid": "df7fe09c-ff76-4515-abb3-2a2dc75ae84f", "value": "T176936B1030D2C471D57E55351878EAB68B3DB914CFE08EEF27551A7A8E702D1AE32E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685874, "uuid": "7a16533e-cf26-42d3-8ca1-ee74e143d525", "value": "52982bbab8b9d5eafbb4ec438626f86a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685874, "uuid": "ce981208-38e0-4a17-8554-ff5bb768e830", "value": "1536:6uON8V8ybtiqY2bpxLW9woUsScAbcauNhV2ZszsWuKcdJUaaI89p:6uhVZbtvbpxLHoUsYuNhV25LJUaaI89p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679685874, "uuid": "35cf921c-ce34-4a22-ae56-d1c6af8c22b6", "value": 91136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679685874, "uuid": "b6456b04-749e-4c5f-9ef6-461e4ef06ff5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685874, "uuid": "bebaf854-3d35-430c-b789-a8b42e0bb93b", "value": "bbf1ad7a265522ec74752391dc461a7f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "220481cc-ca1c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679645769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645769, "uuid": "2acb786b-3fc9-45c0-ad5a-19d558a957f0", "comment": "Malware payload (Gozi)", "value": "61459d22c6b9e2e36947813a76bcbb4f", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645769, "uuid": "2d219115-3280-45bf-8f22-921362215746", "comment": "Malware payload (Gozi)", "value": "ba3b41a3c6634411bdddd05c8327e482bea57e3c09c74d6d4394f58a85ebe453", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645769, "uuid": "5eb8fe28-d1b2-4337-bf07-959d6683696a", "comment": "Malware payload (Gozi)", "value": "cdbf5b1841eb6950d78508e0edaf35e7df17fc7c", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679645769, "uuid": "d96b1fa6-34ad-403e-999b-c58385ae153e", "comment": "Malware payload (Gozi)", "value": "66c147a2dfaeb2f03558cc0e1a1162a1791d0833e0aa8c9b352e35a812d5898b53a0fdaa261cc5598d80155849acc514", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645769, "uuid": "c47d99bf-53bb-433a-876c-edcce581573f", "value": "T1EFF02731EA73AB1FEF5BD7B9280B3252FA7200098858505206341698CE487E62A3198D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645769, "uuid": "688be67f-8126-4674-add4-aab994f74ae1", "value": "12:5j17Tz4M/861YPreHx1H0m5hGyyTHXAL7Zt4MjcVMxct:9pTz4MN1IeR155ky03AL7b4M4Mmt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679645769, "uuid": "2cb50cc1-c3ff-41fb-b0fd-b280d7c480e2", "value": 524, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679645769, "uuid": "1006547e-dba9-4ec7-854b-aaa96b0797d2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679645769, "uuid": "6cdbf6c5-4430-461e-83db-9083b045eddb", "value": "Amministrazione896.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20338405-ca58-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679671536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671536, "uuid": "a5949b52-90a0-4093-a244-a746a2da3a5f", "comment": "Malware payload (RedLineStealer)", "value": "d7d9ec7b9b4c82d37f36efff6f89dcb1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671536, "uuid": "f31b6281-77bf-4507-a0c9-d68447a749cc", "comment": "Malware payload (RedLineStealer)", "value": "ba99e0f9e490bec810ea7b51181dd99035c0ce835af9f0cacd707fdb1ea321c7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671536, "uuid": "fe0f3209-ea26-41a0-b226-22d3827a9c79", "comment": "Malware payload (RedLineStealer)", "value": "a52d9c4e54542ef4178daa8e1f096b33f5b50213", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671536, "uuid": "8a29adf9-f844-4be9-9ca4-e50611294cbc", "comment": "Malware payload (RedLineStealer)", "value": "6f59c9e9d3704e1dfaf97bdbc1cbdd397c48ebead95d3717ec101ad9802de09bf623133ff7b7c6cb277a5be2389fa822", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671536, "uuid": "4ef7c0ea-7234-438b-9d23-736f371495c1", "value": "T194C41212A7E840B6EDF557B164FB13830E357DA15A38536B2786E48F1CB36849132B2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671536, "uuid": "6b08ae81-e480-4571-831d-7d874baa6397", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671536, "uuid": "07244680-8918-4a5d-bdf9-d230b955e01b", "value": "12288:ZMryy90GCdxzM6hyiCuaa65oMytjjFAt8x4HpSQSPjXgF:jywVMvuafQhA8x46gF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679671536, "uuid": "72ab181e-e23a-4222-b139-c671eaeaf937", "value": 553984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679671536, "uuid": "3f15c04d-6d1f-41e2-8e13-d7e0ee2c21f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671536, "uuid": "93b38de5-73fc-4633-b758-3c795d6f834c", "value": "d7d9ec7b9b4c82d37f36efff6f89dcb1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aab13845-ca18-11ed-88f6-42010a9c006e", "comment": "Malware payload (Grandoreiro)", "timestamp": 1679644281, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644281, "uuid": "f74280b0-f4a9-448f-a700-f26ff32b77ff", "comment": "Malware payload (Grandoreiro)", "value": "dbedae2af7f0766d9abbd02c702af675", "object_relation": "md5", "Tag": [ { "name": "Grandoreiro", "colour": "#0BC132", "exportable": true, "hide_tag": false }, { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644281, "uuid": "dbf8950c-6167-4036-8a0b-a648ea58c35c", "comment": "Malware payload (Grandoreiro)", "value": "bcfc8fd1a0041b88d1fad9e2d4e981fe58945e507a4454f9c50aa9dcfe7fad2c", "object_relation": "sha256", "Tag": [ { "name": "Grandoreiro", "colour": "#0BC132", "exportable": true, "hide_tag": false }, { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644281, "uuid": "296f257f-86c2-4b05-b7ef-d8d15c02b591", "comment": "Malware payload (Grandoreiro)", "value": "35423c99056c23268cbfc6d052ec4f6df343d081", "object_relation": "sha1", "Tag": [ { "name": "Grandoreiro", "colour": "#0BC132", "exportable": true, "hide_tag": false }, { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644281, "uuid": "95efb5c6-7b97-41a1-8344-34737982b76b", "comment": "Malware payload (Grandoreiro)", "value": "043646dea2a4cfd6154aecdcdc021d2887eb91ff2a8a35f4176d18807422c512ae2864898e3f21e8b7e873ca7db5f4c9", "object_relation": "sha3-384", "Tag": [ { "name": "Grandoreiro", "colour": "#0BC132", "exportable": true, "hide_tag": false }, { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644281, "uuid": "ef1b42b6-fea3-44cf-bf82-efa339ac8ce0", "value": "T150D533136652BFFD38EA1358A87E6F09C57071661C56F940AA32B4C69DB3343EAFC421", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644281, "uuid": "f1677db8-30ec-47eb-979b-c9f1c02cbf99", "value": "49152:r9/nYdDm103IXZmfzvnZyUcC0FJZo/hy1HVq6sroL/SA+NimBF8+QJoKQZzTF:r9/YG9X0zvcUw9VhCNBVQiK2XF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679644281, "uuid": "3dfb4b44-e59e-4612-a7a7-e32640cf80b0", "value": 2869200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679644281, "uuid": "fb61c824-29de-446c-95fa-c43a22705f29", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644281, "uuid": "37d1de1c-6b1b-4b58-bfd1-73d225940095", "value": "ID-FACT.1679644216.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bc11107-ca60-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679675018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675018, "uuid": "af0f6d40-c1ec-4d03-af52-5054e14d5209", "comment": "Malware payload (Gafgyt)", "value": "470d3ec420a6def123eaa9fad260debb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675018, "uuid": "648ef1e0-10f8-434e-8144-fcd0629a3c94", "comment": "Malware payload (Gafgyt)", "value": "bd6ee9d1a302171ee9482c04055772f39b34b603f8ad962a2f7c26ebeb52eaa4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675018, "uuid": "c53afb79-8fa3-4b0b-8711-bcf802384ec3", "comment": "Malware payload (Gafgyt)", "value": "33d88584764af5631c43d6acc659aee2cc25f597", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675018, "uuid": "999a4acc-caa3-45c7-8745-be2fcc250184", "comment": "Malware payload (Gafgyt)", "value": "465cf016fa31a5af7e7326bc8b0d5ae27ea1d7bda2e35a3f612938d0af73d72ff28ee68f33329c1cff8a8ab4eb508b85", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675018, "uuid": "8a9fb0a5-163e-481e-a273-0b0400c9b5e4", "value": "T1DBD3C620F8A16367C1A37379DBBE42083739EB680B5B3243853459B16FF676D4D61878", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675018, "uuid": "3bc26b0e-29b6-4528-93d4-e955c4feb2b3", "value": "3072:JQWB5jbm5hPSP29+0YjEjjvmqQEDJCq8uXe:iW3vm5hPSPMjvmqQEDJCq8uXe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675018, "uuid": "7f9cd3fa-3001-4eb8-94b4-6ca7a5ecaf43", "value": 131561, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675018, "uuid": "5ca65041-4fcf-4d9a-b1fc-e3f975560754", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675018, "uuid": "01b3e0c8-1d31-44a4-82d0-69a422166c17", "value": "470d3ec420a6def123eaa9fad260debb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f690327-ca41-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679661629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661629, "uuid": "0f314a18-cd59-4014-a7d1-ba365b720a51", "comment": "Malware payload (RedLineStealer)", "value": "9fbbf5b28a627183b014a4f2c283160a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661629, "uuid": "8546f035-e23b-4508-897c-5c50a91df9f7", "comment": "Malware payload (RedLineStealer)", "value": "bd96620bcaa00e3398c1b7839dc063d56bdbdc1d0390a49efbf70e4569257e28", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661629, "uuid": "be2e59e6-3e63-49c8-ba2a-a509da17acb5", "comment": "Malware payload (RedLineStealer)", "value": "f66f94819ff85dc211684ad14c6630d4febc76f5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661629, "uuid": "2e822bc7-b213-4ae2-90f3-3f89d66ad8af", "comment": "Malware payload (RedLineStealer)", "value": "8376a83dcf5d77524697b57f4634afbf7325a933ee3c6e7b2cc453ebe549d8787758327971adc863ee8daf5b13648879", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661629, "uuid": "2a226a25-03be-4eb4-9d51-4a371c7bef57", "value": "T19C252303E7C941B6DEB1073158F7878307357C608EB426AE6389AC6B09B27D5AE31B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661629, "uuid": "faac9acf-21f8-4d04-a052-14df6047dcdf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661629, "uuid": "06b70a52-fc7e-4620-b833-c15535173617", "value": "24576:By4J5rKMbSpJ4hxhy1YUIQL3A07kpGXlZ6sEe5dXq1TyNI26r:0q26SpJC2YrQLD7zv69eT61T2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679661629, "uuid": "d07e3f71-3aee-41ca-9fb0-8ba3cf4a8190", "value": 1035264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679661629, "uuid": "e48827f6-789e-44de-b296-bb22927e2395", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661629, "uuid": "3404c1c2-69a0-411b-9be8-7fd6acbac322", "value": "9fbbf5b28a627183b014a4f2c283160a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "549f762f-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679659598, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659598, "uuid": "99d1a67e-c01b-4f52-acad-2ad1d344f4a9", "comment": "Malware payload (Formbook)", "value": "e8a3330c073fdf9c823f23eeb066e194", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659598, "uuid": "79b9c271-05ae-4611-9238-aea9eb8a53d3", "comment": "Malware payload (Formbook)", "value": "bde148cc492b003001b57f554c21cc8fea9cf4be56e25150b810a4b040a4e842", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659598, "uuid": "cbbb1226-c112-401f-8184-590a2b629f91", "comment": "Malware payload (Formbook)", "value": "ca809e57a8caf8cebb47fac3a645f4983947e73b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659598, "uuid": "63747255-20e2-4b02-b8ab-7fe38e3f90f8", "comment": "Malware payload (Formbook)", "value": "042ae46f841cb39778de0f0146bf26e64580075e4e3f9bd03618ab52ca93478efd5f914916bca7b3b55c94f0628eb0b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659598, "uuid": "bad44c96-efaf-4dda-bae1-15d89d72629c", "value": "T1F97422B0B2F1C8B7C7E60B312C391B263FEA6826557523571BA0571E7D71242890EFA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659598, "uuid": "e8d9fe80-5be3-4f67-80d9-ebf13511bdee", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659598, "uuid": "7b0294da-ff1e-4e25-92f4-50d659951afc", "value": "6144:TYa6Usu/Db1Ymej6fLXf0B0Mk2/9eTnWiVCiEkm6sj0SCID+E2DGen:TYasu/Db1YmScfzMk2/sTnWCCdkm9j0x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659598, "uuid": "03ccb6b0-6adb-4a42-be09-17414ac86c00", "value": 349497, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659598, "uuid": "a3b4ea80-9bff-4f90-92dd-3c3f22112a60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659598, "uuid": "fdb152ea-87ae-4a0a-a884-e5e07939149a", "value": "swift.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d01adcdb-ca5d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679673979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673979, "uuid": "cc83d9cc-75b6-42bd-bb23-8d725583d1d7", "comment": "Malware payload (Amadey)", "value": "9d42e0b24dc22b84b6892424d111f8fb", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673979, "uuid": "f937a4c1-2d26-418c-93e2-9092ffeb52b1", "comment": "Malware payload (Amadey)", "value": "be5bf2f44aa3686c00a4f1c337f4a605422bb1f6ac5b94180223ca0df4478273", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673979, "uuid": "e883f0a4-9a60-4f3f-a0bb-55dec45d7838", "comment": "Malware payload (Amadey)", "value": "eb00ab34d5b34c11fbd8cc7bd9359388183d6aa8", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679673979, "uuid": "4fe828e3-7541-4944-bfe7-6a5a081b5e0e", "comment": "Malware payload (Amadey)", "value": "6b21b0b56b2e80d9b21c6ef1fa0673d4317af1b35c41e2b3d291ba9f80a4d0744bf560e09078f15a2570f58149245078", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673979, "uuid": "f7f9e3ba-e500-43ac-89b7-fdc2a8eb07a8", "value": "T1D5252352ABE64036DEA5173154FB07A30B367DA10978833713C1ADDA88F3698B079777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673979, "uuid": "1b44d596-21e0-4db7-93b9-8639f6102403", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673979, "uuid": "5837589d-a456-4cf3-9e77-795814f4584b", "value": "24576:HyXNL6IPv4Uz3uOnxsjhUuR1la4VQ7XJ:SXF6I4Uz3u0xsjtRe77X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679673979, "uuid": "f8029a80-1609-4d02-ba0f-53061b5a5933", "value": 1035264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679673979, "uuid": "917555dd-f143-44fe-a733-508a1f19e0d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679673979, "uuid": "84ac4c8b-98c2-46e9-b0ca-59389299f023", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdd9585e-c9ef-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679626730, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626730, "uuid": "74f5bbf6-cf8a-4984-b8da-0f4accf7b01c", "comment": "Malware payload (AgentTesla)", "value": "3d64a167c2f313bac10c89b3d591be13", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626730, "uuid": "42f32354-1b37-41e7-a5c1-fd0884a6d93f", "comment": "Malware payload (AgentTesla)", "value": "becc292fb633a6d01d47ebf5cedcd0ca4ebe4ec3f7ec8feb64f244c6b3915a7a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626730, "uuid": "d66af20b-da5b-4956-af92-7109ff42f175", "comment": "Malware payload (AgentTesla)", "value": "ec84eed4dec520302e3085b5c2b47d049364d95f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626730, "uuid": "b12247c6-bb5e-4d63-add2-8557a13f4edd", "comment": "Malware payload (AgentTesla)", "value": "54c32b090caab899a7372967bf7121d862a35116fedce162ff453ca4cab435ead1a121dce910dc57f4bce14d0a5ac819", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626730, "uuid": "136f25a9-fdda-4a2a-93f8-79aaf4e4c8cf", "value": "T19C82B5815B8DA8F1D314F0338259900A49BEF16F33971AF8B48DD4953BBD60D5AFA2B1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626730, "uuid": "9ae2c77b-5bab-4005-926f-2b4c113e4055", "value": "384:apK6fVG6PX6h8/+bfzrLctdRK7HH5ttZZtBVhJoQKJiIEB/nJ:z6HvsIMzXcXU7n5tXZtBTiSBh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679626730, "uuid": "f4f589c5-cb99-4a46-9055-e4cc2edb9d70", "value": 18290, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679626730, "uuid": "0fb50e0b-b99b-4be4-af48-210abacb21b2", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626730, "uuid": "127cc333-c711-47ac-a6f7-a58e07a77521", "value": "3d64a167c2f313bac10c89b3d591be13", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3feeb708-ca2f-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679653980, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653980, "uuid": "d45c7e28-366d-46ee-82f2-9bc5e094d200", "comment": "Malware payload (CoinMiner)", "value": "dd3e5e2145c0e7ae338dae42570c1af8", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653980, "uuid": "605288d5-15dc-456e-9030-b01f12017ff4", "comment": "Malware payload (CoinMiner)", "value": "bf831e8844f5bfb73dcfa364c257c9bcf531e2aa385037a6566d7bc131179a33", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653980, "uuid": "57d0c61b-45d3-49eb-a84c-b27eeef4e6c6", "comment": "Malware payload (CoinMiner)", "value": "165c6e71db66bed053ffe142758991ace8e30a1b", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679653980, "uuid": "985b9539-e837-422d-b212-b1877ab2a744", "comment": "Malware payload (CoinMiner)", "value": "28207194576ae0b7caa3fdd3b07c495aad93630cd884e7b0453bee26e7f77fe7652c544075415b393febaa0013e53c28", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653980, "uuid": "eb56615a-4d59-4a20-8eef-c64b416f5a59", "value": "T131347D1273E1B960F52387328E6EC6FD663EF8E1DE55BB6E17459A3F0870261C662304", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653980, "uuid": "244770ac-6dca-4f52-a6c2-dea43fe0314f", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653980, "uuid": "93127681-a9b7-4223-924a-b2e56b9824b0", "value": "3072:URECzcarcPedI7cTkSIPuDEZM8bv4Rn/19i5paHZM1WNObVq:DpNIToM8b4t/1MaM1j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679653980, "uuid": "01772c7d-fe57-4d44-a310-63e73f74280e", "value": 251904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679653980, "uuid": "4c514f8f-a853-4d91-a142-7e78cff160ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679653980, "uuid": "b8239239-f2b2-4230-8ec5-6b41e10e16cd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c862915f-ca33-11ed-88f6-42010a9c006e", "comment": "Malware payload (RecordBreaker)", "timestamp": 1679655927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655927, "uuid": "9ed45d6c-beef-48af-a72f-9e36780912bc", "comment": "Malware payload (RecordBreaker)", "value": "a65947929551ab31ec85414981173d53", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655927, "uuid": "854e074e-c23b-4d53-b109-ce6659e4fddb", "comment": "Malware payload (RecordBreaker)", "value": "c036b74eeddde8e6777b1f7653b50fe663e208df6cdbfabcb43e5b0a2cd9fa73", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655927, "uuid": "dccd6f47-0f98-4653-9b0d-9cc621b6896c", "comment": "Malware payload (RecordBreaker)", "value": "96a622c30611df43266c7503b2be98fca3b13332", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679655927, "uuid": "fe16bec8-a543-4e7e-888e-c6a3756f22a1", "comment": "Malware payload (RecordBreaker)", "value": "e7abb83b243595c1133022cec3fddc21e958d930fa8d5111a5402862fd74513f3f1efafafccdf27c919b69835eb44f4f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655927, "uuid": "a623a9ef-552b-46e8-87cd-5d8f2e5f5f09", "value": "T10114C003F8014034D0E2A9B050F8E5E0577D69652BCED64F3B583EDA2A1B9D5DB2E36E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655927, "uuid": "0729c8d5-cb3a-40dc-93c8-28a15edcd65c", "value": "c183516cb1a3286c066b7bcc05a53470", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655927, "uuid": "46fd149d-cb64-456b-9ab1-4f35c318d1bf", "value": "3072:ZvvIgKZKl4TyRmgaJcs2TUVwCQawrAhOm80UiBce9StV5vmX4G:u+KAausGUVwCorjKBP9StV4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679655927, "uuid": "f58b4472-4f69-41f2-9ea5-6ba834bb5a39", "value": 193704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679655927, "uuid": "ff18851d-7271-4979-ba03-b58d8dfbe644", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679655927, "uuid": "e71c08e5-06b7-4232-bbc9-6d0d025e3d46", "value": "a65947929551ab31ec85414981173d53.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "451f977c-ca45-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679663437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663437, "uuid": "38b96525-d6b2-456d-81b5-0e8debf42f47", "comment": "Malware payload (njrat)", "value": "a99719555f7c534945c335b58133e6b5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663437, "uuid": "391f258a-d277-4c57-b372-f5cac7be178a", "comment": "Malware payload (njrat)", "value": "c0ed7ea003640afa9b3b58ff4e63fab5dae201942cc979fceffdc595ea8575a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663437, "uuid": "e5c6da3f-85e0-4a0e-af1d-cc8ba4aa2b72", "comment": "Malware payload (njrat)", "value": "e3c9905d7a34c4db183f3771e4ad13a80466e81d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663437, "uuid": "cba989b2-00d1-4de5-951e-713fb72dfc06", "comment": "Malware payload (njrat)", "value": "494180f6021a9465a484343b968c9cd5383e42920218fb4fea068998f8a0eafb3854e114e2c46fc43ab471280c8aef09", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663437, "uuid": "91d806b2-ef2f-4d6c-ba09-ccee8b039eff", "value": "T166A23889BBE4CA18D29D1AB14CB3631453B6E28B8581EB0E1DDD509A2F333D50985EFD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663437, "uuid": "1850b540-e958-4ee3-8450-42c3ca1d0a97", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663437, "uuid": "0b697e1d-bf6f-4172-8501-38cd36328b10", "value": "384:NWPYxupqa7MvUMBUlKsia7Eb0r2DRlN/+dcF//34LAZSTfM:N+YIIvUMSKsUxDTd7HqS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679663437, "uuid": "5242298b-b55f-45ca-936c-589a7dd7206e", "value": 22528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679663437, "uuid": "84b7bbd8-b170-4fe3-9480-898f304de80c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663437, "uuid": "35b08cc3-22cf-4f4a-982e-fd103558807c", "value": "a99719555f7c534945c335b58133e6b5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "434afe25-ca76-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679684480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684480, "uuid": "3b47782f-c805-4642-8d44-08a9922ed27b", "comment": "Malware payload (Smoke Loader)", "value": "6ed901b0e59acbcfb5cfb9e6c3d7a0c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684480, "uuid": "de3cb9c0-5b99-4537-8136-f656d2e1189a", "comment": "Malware payload (Smoke Loader)", "value": "c2144b448f2e84c79f768e9d28c6592afb6b793ccae7a317677f98d27198af35", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684480, "uuid": "7210bb27-2056-4be1-ad05-c7acd63503d6", "comment": "Malware payload (Smoke Loader)", "value": "7d00675a03d4e14cd42117c1ea89146d24c2dc2a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684480, "uuid": "d80f2661-cb57-4a67-9138-b8d0531817a0", "comment": "Malware payload (Smoke Loader)", "value": "5b7e49b73d076f75c6ff511398d5c232e35d4c46ccd0e10ab3bed38e573f3acc0a87d1b9699d2d58e85769ae9be099c0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684480, "uuid": "1c679de1-f333-47e5-8362-89346f988ae9", "value": "T16B548E1273E0B960E51747328E2AC6FD6A3EB8E1DE157B6E23589D3F0D703A1C662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684480, "uuid": "99648a37-d39b-4085-a945-9e68e03df9fb", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684480, "uuid": "50ea2fb1-47b6-400e-9ced-19974e92b72f", "value": "3072:moj7qF2BH1eq+2Cw50/IVGrXkZom3fv0As+kDUPTJ6utiIc0abC+JNQcCUXDWN8R:P/omunIVGofQ+9YHIkbX5CUTva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679684480, "uuid": "1e02a56a-80ec-4d3b-b65d-93ca628167ee", "value": 283136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679684480, "uuid": "e715af87-8189-4461-8e10-9bcf27cc05dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684480, "uuid": "22b023b6-7917-48b3-bf96-84b8c71e4a9e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72a4fb47-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (a310Logger)", "timestamp": 1679646334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646334, "uuid": "3a2dbf65-1aac-4e63-8ddd-1a97e496238e", "comment": "Malware payload (a310Logger)", "value": "761e246fbdde33f37a9bd68fcc8286e7", "object_relation": "md5", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646334, "uuid": "06d4fc5b-0a7d-49e0-b65c-060ad060b941", "comment": "Malware payload (a310Logger)", "value": "c376fe2391abf98b6da345abfa7ce5d51da5cbcd172423083da3dc83fbb9cdb1", "object_relation": "sha256", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646334, "uuid": "1ab2056a-df2b-468d-bcbe-94ba780bd614", "comment": "Malware payload (a310Logger)", "value": "571eea7e2618ab05cb19bef6e9337855321d775c", "object_relation": "sha1", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646334, "uuid": "47dca633-f9ac-433c-a07a-39bb31b51440", "comment": "Malware payload (a310Logger)", "value": "de38598bd393511ad0d53cecfa2337ba3df79c9166db6a58ac317e85bfd4774cf70d9b9431eeae7931cdddd8343721a9", "object_relation": "sha3-384", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646334, "uuid": "cf71a1b4-cb6e-4158-a880-8c72152d7911", "value": "T15445338A52918C23CDE02F355C785DEB767FAA0351E5D73B2B8983659CF21A085387C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646334, "uuid": "6568315a-0cd7-4a46-b0ca-e74ac89469cd", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646334, "uuid": "002af88c-42e3-43f7-b82a-3f9a0e26e228", "value": "24576:/YtQ7AZ1RnHQjI9A4/wsf3Iz39pnvgey2UNupVchQXPA3:A1n5e4/wmItpnyJNwV2L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646334, "uuid": "a491ba22-39bc-478c-9dff-a72a80e6a7d9", "value": 1171207, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646334, "uuid": "511258f3-2270-4d00-b003-a50d2a66d747", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646334, "uuid": "5bb3a3bb-f60f-4d09-803a-2a441d0b2a14", "value": "QUOTATION _RFQ# 1043999.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84d1507d-ca4e-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679667410, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667410, "uuid": "916f59cc-2f30-4cef-86d6-deabfdb77b2d", "comment": "Malware payload (RedLineStealer)", "value": "308d76f827d8624c5c933a5119569b5e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667410, "uuid": "bd5b3f15-6084-4b47-a9c8-e712042cca09", "comment": "Malware payload (RedLineStealer)", "value": "c42840af07ce02effd645b993cbee380d20e097ed2bd1e68468624766b0601b2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667410, "uuid": "114a1a03-0887-4490-9883-41017a1ad573", "comment": "Malware payload (RedLineStealer)", "value": "e896674ff83456092db4763c8b02537ec5f60296", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667410, "uuid": "c9d49f37-619a-40ec-9a96-478ef2eaa6f0", "comment": "Malware payload (RedLineStealer)", "value": "ecf99750346c09b3f679667974f7bc8569e96189b8ddae6c018c35f7788a60415ddbe9087e5ea17b59778fa354156029", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667410, "uuid": "47621860-ed79-4ac4-bb78-e3bb5edfc345", "value": "T1A0451203BDC6E9B2D51208331958AB51993DBE201FA58EEFB3D83B1DD6611D0E7313A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667410, "uuid": "c948eeb1-5243-4eac-856c-b2bb244d472c", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667410, "uuid": "aff6acad-ff38-4de6-b6fa-ba1f2d32b7e8", "value": "24576:KTbBv5rUlIpnVUovouyHWiyk9AGeC/v5ZsqD/:8BRplv5rkxvM0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679667410, "uuid": "4c2fe7d1-37e9-4b21-859f-225b0da0d10a", "value": 1180505, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679667410, "uuid": "a1e293f3-f8b6-44ac-aa24-df42760b9af1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667410, "uuid": "3c7c36dc-957c-4628-93f2-7bac47fe03d5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd0468e1-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679672229, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672229, "uuid": "222033c5-f49e-411c-a6ce-d2d92f4685df", "comment": "Malware payload (Mirai)", "value": "86cab4823317b05d2d4256dea88c4bea", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672229, "uuid": "27aa09ee-01ec-40d8-a9d6-749be9aff31d", "comment": "Malware payload (Mirai)", "value": "c525913aa7611ee2172904db7fa291422dcc722d6dc64ffb75b5c961c423b3f6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672229, "uuid": "4e485427-746f-4d1e-8e89-b100e71eaafb", "comment": "Malware payload (Mirai)", "value": "eca8b84e5d46105699a0a6fd99311ad6c0f7204d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672229, "uuid": "e7e804a3-dcc2-4c99-8f94-f83284712db5", "comment": "Malware payload (Mirai)", "value": "6b572fc33b7256c77874b6fffb6e6887dd451557c0e73483a8510c334b6d9d9cd155bc5856dff5e57df12334f4cd6f85", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672229, "uuid": "74c3304d-785f-41b2-8a45-bbfedafdcd0c", "value": "T1DDF2F15B79B701A8591C703959FB7B6D9A00933F7CA94BF6DFE0F161640678863302C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672229, "uuid": "55a0731b-ee68-4ab9-b07a-e19fd1a92633", "value": "768://hDE8oHf6xxI5tv9bqtQiv1dLHFZgnTHuphiy9QebEMOnbcuyD7UHQRjY:/1ENQelb1w1x/Zv9GLLnouy8HyM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679672229, "uuid": "25daee41-1d95-444f-bc2e-5a30f76ef35c", "value": 34964, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679672229, "uuid": "7fc5883c-ed84-41e0-a914-bcfa4767c70e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672229, "uuid": "6bd6bc20-28ce-466e-bcbf-6fafabe4f934", "value": "86cab4823317b05d2d4256dea88c4bea", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b024952-c9e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679620927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620927, "uuid": "2a617283-57d5-47e3-b4b1-50209fd192c6", "comment": "Malware payload (Stop)", "value": "b9d1129b10cb7833fc7ce9030a421b4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620927, "uuid": "21892e4e-8c17-43db-8b43-5bb11fd1fd2b", "comment": "Malware payload (Stop)", "value": "c5cbb1cab733c0ea594d67991586f12e7fa8396e68a7067b26da469be0ab6ed1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620927, "uuid": "91f0a2bc-2741-4c5c-9b23-b1bc7e673948", "comment": "Malware payload (Stop)", "value": "15eba569d6ea0136016b6b728a1678f922fb3008", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620927, "uuid": "e05eb64a-1270-46ef-bdbd-b015b6b62098", "comment": "Malware payload (Stop)", "value": "d547882b34159f2c82729d76dbb7b7bdfa5254a92b4ce577b89854158d476b3ad74e2cc10f25cf76a8502d4b17369d35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620927, "uuid": "69bd8bd9-5f64-42e6-81db-ac8ebf2b8edf", "value": "T1EAF41230BB63C133E54795708960EBA43A3A783246629497E7380B7E5E703D1E73976B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620927, "uuid": "59759143-db50-465a-9322-c892c25155df", "value": "8444e7fbc7fdb7e9f8131a6ae8e7a76e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620927, "uuid": "868b6800-4fb9-4c7f-94d7-4bcaa49a150a", "value": "12288:si0psrwjmw+Q/6PrgR5plm3H6bezkaZ5a6wBZZm6kxMYeHvqN5:dSnyQ/6PERIKbeztZ5azFnkx3eHQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620927, "uuid": "4aa81220-6b24-445b-9056-106b7a1c054a", "value": 733184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620927, "uuid": "86b3dce2-225b-4eb6-a157-4c50a813df63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620927, "uuid": "5f49b29f-3d8c-4b42-8090-6e8ca47d8435", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb24795f-ca7a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679686399, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686399, "uuid": "a13d9614-94a0-413a-89b8-a9e6ebef4864", "comment": "Malware payload (Mirai)", "value": "eb52186e0f89e619b6bc5d8acd9ab36c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686399, "uuid": "8f25b205-8567-40b9-917d-94f417470c70", "comment": "Malware payload (Mirai)", "value": "c6100c33b39ad1623d7acef89eea378901dc7f7672e61ff27ff9ae0944b95472", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686399, "uuid": "72e08de1-6094-41c7-92af-9492f420135b", "comment": "Malware payload (Mirai)", "value": "e60756e7a0514224f089c9bc05f541d23d4bb11b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686399, "uuid": "def06f7a-1a06-4572-9d2c-1c6258fb5acd", "comment": "Malware payload (Mirai)", "value": "7777d6ed97277194577831a8b7b1e801426f8df71bd52d8f80db0ffc2d6ad79e1a6111f5ce5f03f7caecff858458561c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686399, "uuid": "6e0f57f1-6e0a-493a-8448-de7e461835d5", "value": "T1A513F1428349363776E079738F3C54C1233353B8976E7CFA2A12971875E119C21F46AB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686399, "uuid": "c67238d1-ec0a-4bad-b013-2241a83dbe08", "value": "768:IbS9on/6csVvbDyeG4VJTT4vfRrzhbiWx6TEFjGaq4QDOwhpvs3UozY:79W/6caGuTT4HRpV6TEFiZ8zY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686399, "uuid": "e3065fde-76b3-4a31-8042-d43e23683c6f", "value": 41436, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686399, "uuid": "1b732ef9-02cb-482a-bf0f-c6ace73f3347", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686399, "uuid": "fe4ee73c-2921-4d5b-bc7f-fe7b627f3e7d", "value": "eb52186e0f89e619b6bc5d8acd9ab36c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2d7f2fc-ca5f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679674896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674896, "uuid": "aa4f80ed-c362-44f1-8447-4fbf892c83ce", "comment": "Malware payload (RedLineStealer)", "value": "0424c627aeaaa7f8aab5b07b9677d8d5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674896, "uuid": "992d6998-d2ad-4406-99d7-0fba6d8b5cc2", "comment": "Malware payload (RedLineStealer)", "value": "c6e190b0a1ed440d08f1b58a64af613b5b31fec58af7d9ae385607422b3cb7b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674896, "uuid": "99f92c56-47ad-4191-9c7a-a1a3a031e05d", "comment": "Malware payload (RedLineStealer)", "value": "401148a21f89f7df9baee0aeae5cf8a155fc950a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674896, "uuid": "e7127bb5-89b3-4b64-aeb1-0c0768e15841", "comment": "Malware payload (RedLineStealer)", "value": "3bbf84df29f895d14daacbaf2756b34749fb458930b8f56c0eba828c77132a8756bd760d79ee21bfc579fb5e43864eef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674896, "uuid": "1a428fea-ab25-419b-b4b7-53e5584df69b", "value": "T1A074AF1273E1FD20F12387328E1AC6FD663EF8E0DE55BE6D26459A7F09742A1D662304", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674896, "uuid": "82fa368f-5235-4255-9be6-6ab5799582b9", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674896, "uuid": "08caf6f4-6378-4c1b-b488-5b3c970c41a7", "value": "6144:+p2slou9aKucEY3SNy0N96ynwoJloQd60XRZDGsva:82Cou95N+/j/wGlrE0hMn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679674896, "uuid": "44d14821-2292-4dc6-b885-c17ad7a97606", "value": 362496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679674896, "uuid": "64ec1aea-0122-4dce-89fc-6a8d2485774a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674896, "uuid": "83cfed0a-0ed2-473a-9d1a-97f16e63723c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b2af146-ca4c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679666427, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666427, "uuid": "ee5378e8-77ce-4790-8600-b3c364b13989", "comment": "Malware payload (AgentTesla)", "value": "89e7c69e9a5b5ea0aaa6406c5af832e5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666427, "uuid": "4753aadb-cb05-416c-81be-c90ba04dfb4d", "comment": "Malware payload (AgentTesla)", "value": "c73581d13c758630ecf0b89187179cf15977b77c908f2ee051fb428c09730860", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666427, "uuid": "f9f63570-8c29-448b-8603-42f3adc4c02d", "comment": "Malware payload (AgentTesla)", "value": "f0dfc75c50e9964b4cfd138b6180bc3180905811", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666427, "uuid": "fbcfaa77-098d-4266-a824-d7ac39acbb7e", "comment": "Malware payload (AgentTesla)", "value": "c9f8204df686d753cc99c83ee0ab07fb259494238d580230109b8a54daade3ec5b4db808474662c534a1616e7a15b89a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666427, "uuid": "ba09436d-b90a-4233-8414-fc3b3e26db2c", "value": "T1BC954BB25193FEC5E72F2E58D0042A409C102C9796BCD69CFCC9359BA2E5564EF6CBB0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666427, "uuid": "59677a2e-860d-47a5-ae3a-070f3449c465", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666427, "uuid": "eaba0416-1e34-4bd1-beaa-3d2488eb7a10", "value": "24576:XtkfqX5Zx2ny/v/LtGZsYjot0MRzefnGod393nUweKGOpTPIvrDs8q7Z598gsEAH:qpkjr2eEGsNSz7C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666427, "uuid": "a1512264-e48b-4748-8ddd-b7dbd2c9b424", "value": 1933824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666427, "uuid": "56d14ccc-bbc0-46d7-8dbb-40a98accf6e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666427, "uuid": "6c8898b2-39a9-424a-b7f1-d9d3d3315e42", "value": "EX771623605317,pdf.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e83ccc9-ca87-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679691934, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691934, "uuid": "61082d1b-a65e-4a79-99db-74e822a2a8cb", "comment": "Malware payload (Formbook)", "value": "af33da62be2190f751fca32f3929f0ac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691934, "uuid": "84440705-4785-462d-9f5f-33584a90ae18", "comment": "Malware payload (Formbook)", "value": "c7720dcabf680a642e1b2301d938f0be590669238878109b7ca8f55e13e26a4b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691934, "uuid": "68518838-2b12-4e82-b234-03efb1b67ff5", "comment": "Malware payload (Formbook)", "value": "c469c6395f9c3fbb1030abe6517f95b286e62418", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691934, "uuid": "5b08ad92-1dd0-49cb-84da-6ec4ff0444a8", "comment": "Malware payload (Formbook)", "value": "abbce58592433fbe3586250f36deb409bcb59d87eed5f2675f31f2f5ce960a8e9717101797d743bfdc866f030ae5155e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691934, "uuid": "960e9135-f8c1-4ef7-93d6-c0855375b528", "value": "T144041288F6ACD6FBE53606355E190A8A5E414B71CF5440D6613BF39FA0209FF862B31D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691934, "uuid": "149be5e9-a535-484a-99f9-fa5c2ea8e83f", "value": "3072:N2QP1bWRK3wRl0B44bnSkoMH4zaKj3sffBR4rMbknAcOoKGqCUuVX9Ixye+LRWRG:rAQ3wRl06MY2h8r4knAcOoKDCTxUye+1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679691934, "uuid": "efa8cc09-15f0-496d-acae-96eb24b23a28", "value": 189952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679691934, "uuid": "7af65be9-a201-42bb-acad-9e26bc9ffc6a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691934, "uuid": "1f9e5cea-cdf9-425b-ac7a-a73f6a50c0af", "value": "load_4.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "302cf8de-c9e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679620882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620882, "uuid": "e1c9a8d5-6ccd-4834-b134-4360bcc483a2", "comment": "Malware payload (AgentTesla)", "value": "fb91a19e6ee422743ae18ad783ffae32", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620882, "uuid": "074decef-bc0a-4b0c-baee-2353fc1cb8f8", "comment": "Malware payload (AgentTesla)", "value": "c80d074df0566106360853eddcb32776a0b0a930cbd2524959512ca9bb5ba8ef", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620882, "uuid": "b542edbd-132f-4a57-a647-10fb2b883f68", "comment": "Malware payload (AgentTesla)", "value": "b89ec788fd9446ff696333ba58f4e4b15af33c2f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620882, "uuid": "10eec9b4-ca33-4fc1-a12d-8475fc256634", "comment": "Malware payload (AgentTesla)", "value": "50ffdb7a5b0b66b0a408addd87022a774ec33ccc7e05c7e00bb7aea0cf4c1ee0442ade410c75b7383e5d5d1fb0f44eb9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620882, "uuid": "a71a8866-e84d-4053-978a-a661b876555e", "value": "T1BF126251178D98F2D259E537421A850E4CFCE37B38862AE8B8CDA19137FD60D49F92F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620882, "uuid": "6571e9c6-63be-4329-970e-9d6d5607051c", "value": "192:jDH6IkOLDs3t1+jSLAMjEH3gR7eOuDdFITZYx2BtcE4byRJYsRP:jDaIqtUjtMkQR7PuDHITyxyab0JYsRP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620882, "uuid": "effd331e-c4ac-46a4-988a-e9fa0349e6d9", "value": 9898, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620882, "uuid": "cdce0876-ab1b-4f5f-a0a1-5d6c12f7c78e", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620882, "uuid": "58169743-8b94-4dd6-b45d-54115ae6b139", "value": "fb91a19e6ee422743ae18ad783ffae32", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d425f542-ca1f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679647357, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679647357, "uuid": "64e13bab-5911-45ab-baee-aa76ad0dc40b", "comment": "Malware payload (Formbook)", "value": "0b21432118ee771920b7ea1ab0291a6b", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679647357, "uuid": "4a9afcee-b93b-479d-b243-c0e3e9725646", "comment": "Malware payload (Formbook)", "value": "c8381037a439cb72f8927b7f13c5007d8ac1e7964d9f7c98540227e5aae68805", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679647357, "uuid": "f372ad2c-c31d-41a4-8408-9fa0c4a10397", "comment": "Malware payload (Formbook)", "value": "ab7fbfe7ac70726729f2ee75468833f5a3eaff5a", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679647357, "uuid": "2d92199a-4c25-4ee7-9848-d0d1047ee106", "comment": "Malware payload (Formbook)", "value": "6bb3ac9a893eb3419935897d1d3ebf30b8bc383e3f026149ac3bef468b2450cf5fb651ffffec61b20c2c9c2b563031bc", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679647357, "uuid": "1aca1670-71c6-4663-bf07-e681a9c6cef6", "value": "T1BB0533C400A4B3E8D6AB303585ED647A5A8C735A9B5E70BB3AD0756940FECCB97E5303", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679647357, "uuid": "3a191871-24f5-4ef8-a4cf-e57f1dd56012", "value": "24576:pIBPVq4EkeVLJvDgIOxTWSv7Z0XVLFKd6+88qkmKt:p44X5eTL6Fh+88qkmKt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679647357, "uuid": "03274fd8-3c9b-4c48-a41d-c7273e2833ff", "value": 834022, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679647357, "uuid": "63b47806-46fd-4bdf-a007-0fdfe5b7db0d", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679647357, "uuid": "28e00b26-b1e4-4732-8bca-3f5532730d2b", "value": "Doc23.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fd6df4e-ca3e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679660449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660449, "uuid": "818df78e-b9a1-4b95-8136-15e82c374e39", "comment": "Malware payload (Formbook)", "value": "eeba4afea86164cdd1421e6b36477248", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660449, "uuid": "407635d0-6247-4777-88c3-400c49ab36cd", "comment": "Malware payload (Formbook)", "value": "c883e6286eeb6bf200ac5bf790b70ba5547f49d0fdc2b2626dccec7727fa7b70", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660449, "uuid": "31804b83-7171-4bcc-9511-05b0f8f25440", "comment": "Malware payload (Formbook)", "value": "e21d13b3704da10e7871a4dbd0c0ea865f1d83a3", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660449, "uuid": "f29887fe-47a5-48bf-af2e-62f42d9634f9", "comment": "Malware payload (Formbook)", "value": "963ccda3275415a799fc0054334bf6d72d0e6f4e6a6d35962badd6163c48edc6a39d6abb67d3a8f14e811c1f855dae2b", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660449, "uuid": "46637e7e-48ac-4ec6-bd04-edb887b048e4", "value": "T15C05E040DE3A4E75F4E9D7B41090173A0768BBA11472E6488BB96CCA3DEBF6309D194F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660449, "uuid": "03e8b507-e552-4a3c-a270-ac8064589a2c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660449, "uuid": "4d68aab6-80d2-4e9b-8dc2-85d05920993c", "value": "24576:I1hyipzZjFz2GXw7PLlL8thVdhfJy+ZG:I1hyipzTzBg7PehV1vZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660449, "uuid": "60d51676-c731-4111-8e2a-136b95cc0a6c", "value": 811008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660449, "uuid": "f6d9311b-9ad7-4f81-825b-b2a6c1f4647f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660449, "uuid": "b5154702-fbfd-4113-aa55-23c36c82c7f9", "value": "Shipping_documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cf95f56-ca4f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679667719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667719, "uuid": "12c901bb-7bc3-47de-8901-1b1a6c8b27b8", "comment": "Malware payload (RedLineStealer)", "value": "bc1be6e3709e94deaa4e1f6bcd14c5ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667719, "uuid": "24541d9e-731e-4bda-b434-bf2b98de6e9d", "comment": "Malware payload (RedLineStealer)", "value": "c95ae9e2c701968971fde1dcb126e09a16ddaf492fd03ae6aa4e971ba9f45a61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667719, "uuid": "48c66a05-adbe-402f-89a9-da62e14485b9", "comment": "Malware payload (RedLineStealer)", "value": "1c1ac30bc1016ad04d0a7cf62ef413466f6a72ab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679667719, "uuid": "30c175d0-9465-46e9-80c3-578c0caf46c0", "comment": "Malware payload (RedLineStealer)", "value": "19a2a400011c044c93e0345d9e278d2393018ee796646475b43d1b90c5643679ac62b2559698caa368fa45a0bca49ab4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667719, "uuid": "bf77b609-5a48-4554-9cae-9050eae633af", "value": "T1FA442AA71E8C12A5E40F80F9529FEDDBC23FD421371959188A0823765BA335B4F52B7E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667719, "uuid": "1ed4bae4-472c-4a0c-9d8b-05c97a2cdb52", "value": "e8d1c822bb1493104fac7c5466a244d9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667719, "uuid": "adad319e-5625-4d27-9ac0-748ae3b9ddc6", "value": "3072:zhpnwP47zHKy33Iv++MFdWTc1DOqYuBmawznw7wN32kfY1a5p:zhpd3kW+TTe9fYnt3HF7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679667719, "uuid": "4622f8d4-f205-4a8e-8fee-b73162200b1f", "value": 264272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679667719, "uuid": "8c7ae4c3-b449-4618-bcb5-10110a60b102", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679667719, "uuid": "84406aee-3823-41b8-97b2-4084847d1962", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2a6dbe5-ca16-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679643542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643542, "uuid": "6ca17009-8114-4d3f-8117-d331e084b1e7", "comment": "Malware payload (Formbook)", "value": "0b27578b9d4dcac099786e0018af101f", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643542, "uuid": "e6dac770-21b6-4740-84f8-580c7809e230", "comment": "Malware payload (Formbook)", "value": "ca0509fa76c36ebde7f059f872329178eb2b1307971424c5b3cb33e3242a2e6f", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643542, "uuid": "d140d06e-a1e6-4ad8-a040-bb6e070a4fca", "comment": "Malware payload (Formbook)", "value": "395b9a06056a52e45a45af8bcb61bdaabca4f7d0", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643542, "uuid": "38106781-2749-4563-b75b-d86ed2e84c9f", "comment": "Malware payload (Formbook)", "value": "a6d6bb3cee40e70decde81511a077fb10bd966498c8cc79a18c110c5cf4cd505c87a84da6924f54f53d19d8271f59d02", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643542, "uuid": "39ecb478-2cdd-4fa3-b53e-c99ab44c9dd2", "value": "T1D1F423B0B7C3B06BFE2C4D9C1626CE2EAFEC5DD764B8360395C589D745B58E98AD0102", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643542, "uuid": "63391a2a-135a-4781-af0b-6cf6667b1f02", "value": "12288:U+T2jY4C393wTRWnjna6rBrrzFs1bRoBvGDg0cwtXq0AzQgvztDX+U67avx6KYp:U+T2j7YjBrBH61qBv103U5SEwp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679643542, "uuid": "7da8e23f-95b4-4158-9c74-2043323d5370", "value": 731983, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679643542, "uuid": "9e0fd0a8-faf4-4486-aa06-da508ca84a7e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643542, "uuid": "b38a693e-d207-4ae3-86a3-2d3688004832", "value": "RFQ-003451980.XZ", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1d41a7d-ca25-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679649930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649930, "uuid": "69a81421-7a5d-4a22-8d49-dde3959f7d36", "comment": "Malware payload", "value": "cede456ee20df8f97faae5dffc855386", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Patchwork", "colour": "#4DDC96", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649930, "uuid": "61308e12-4a1c-499f-b0f6-46b6c4d9202d", "comment": "Malware payload", "value": "cb0fe57e84a705a6e6d5d40f621c60095aaf73ba87c424029d2e2813210e09b9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Patchwork", "colour": "#4DDC96", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649930, "uuid": "035dfc6f-17b0-4573-8462-36dc6d9d05dc", "comment": "Malware payload", "value": "89d3c0f6472e9bc374316de0875207607a3d3d68", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Patchwork", "colour": "#4DDC96", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649930, "uuid": "71f77235-9a2e-4f01-ad9e-507ed32f1613", "comment": "Malware payload", "value": "4b2b9df10cfaee21fa5a713ed01ded4fd66b92eb27894400cf2aaf70da107e8f7d114944354091289a99eeb2fa7c5163", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Patchwork", "colour": "#4DDC96", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649930, "uuid": "cff8c1e1-2253-4aa0-8203-2b7016a7bdb0", "value": "T16BC48D617672E531D8A180F04E38BE97A42DBC250F255EE7B3D42A3D5D301D16F32ABA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649930, "uuid": "549ce58a-e000-4fcd-8e4c-b2bc0549e177", "value": "679d135cd7604298d108b1621766efa0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649930, "uuid": "b7f896c2-2e31-4d06-881e-1e26217a1e68", "value": "12288:uduvUWA5/xsGqfLvxce+OeO+OeNhBBhhBBlBMrO6L33urT11qw+d2H5suLhRQ9sI:uduw0vxa+HQkw+cYgE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679649930, "uuid": "6c913829-76f8-4b09-8ec6-5d56faaecc71", "value": 562056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679649930, "uuid": "4b0e0128-361b-4acd-91ea-4a75b2a0a741", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649930, "uuid": "ba57da9b-14e6-436b-9ded-7e11a2553c35", "value": "cb0fe57e84a705a6e6d5d40f621c60095aaf73ba87c424029d2e2813210e09b9(triptrans.info,2023-03-23 170121)", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c103be55-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679660209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660209, "uuid": "288d999c-3697-4e6e-a00b-e312c0b18528", "comment": "Malware payload (Mirai)", "value": "4f31c66f1c4a34595b3e8bf652c6c0d7", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660209, "uuid": "e9b5f5c8-b63d-496d-89f5-87d67d23dc5c", "comment": "Malware payload (Mirai)", "value": "cb6c1bd5f56690dddfc74e446e188ec17ab6b6e109d4968b53ecd9dc4957ccc7", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660209, "uuid": "86bb978f-f7a6-4ed1-9835-5d944af7bcd2", "comment": "Malware payload (Mirai)", "value": "ef0996d4da04e847ca687b442ba3aebadb4f261a", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660209, "uuid": "d28b7fa5-55fb-4dc6-a378-5b78472bcfdb", "comment": "Malware payload (Mirai)", "value": "fb35396167cf3f50bf521c25602c6e4e95ec01f74a1263b813ee9fa97826b369466881e7f137a4d37c85b14de0d1ee9c", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660209, "uuid": "2abc1bc6-fe9c-4139-b859-0be6b1737b3e", "value": "T1CA03F555F8828A1BC1D50376BB6E8B8C373273E8E3DA3317DE545760798A92F0D62E41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660209, "uuid": "fbaf58c0-c3c3-4159-9a47-cec06f4dd137", "value": "768:sSS6kLb4sG5YSvFO5lK1U04cS0dYwnrBrp3hs2RsKug71P8ldvzMILml1MsEcwFp:yFbnG5YKIS3lrlUrBLKlWF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660209, "uuid": "fa7c40a6-ec26-4a11-ad06-c631152f5b76", "value": 38144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660209, "uuid": "ddbc8b20-d677-4b0c-8448-f73c63ff5bfa", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660209, "uuid": "dc40fa11-32d3-47d5-ad3e-629a068ac21c", "value": "nigga.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d52cec23-ca46-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679664109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664109, "uuid": "a30c6085-c2fa-4ce9-bea9-591689eaf95a", "comment": "Malware payload (AgentTesla)", "value": "07238415efc8916c567717844d49ec45", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664109, "uuid": "521baf52-f520-481f-be8b-e3cc9e817bbd", "comment": "Malware payload (AgentTesla)", "value": "cbe0dc996a8c24ff1ab808160b0d34005857f58b60d622578df56b4867960a1e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664109, "uuid": "0b5011dc-9500-432f-b551-772c23dddad7", "comment": "Malware payload (AgentTesla)", "value": "379b3c79f72cda24aaec851fc4c98bd4f3e9353f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679664109, "uuid": "24dc4c96-2fb0-41a8-ad8f-d2599f112c73", "comment": "Malware payload (AgentTesla)", "value": "8b1d50fba90e0502ba06188377227f8501db4b50e041d4caf5ce6c8e5dfc47c9b21eb37b885f3f77dea7a1054ad9f0a8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664109, "uuid": "130587a1-a79e-4f21-b3ff-947daebd7455", "value": "T14F1522443F6D4722D7B827BD16E6D4CE93B13C27D7A8DDA61E8A219CC4DA34082217B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664109, "uuid": "6f9939ac-7f9b-45ae-b3a5-8a052e7b723d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664109, "uuid": "9dc667e3-0efd-40c6-908e-8503e68a88fd", "value": "24576:H+wigv3P/JUt6xSOri9cNPazU46X655JM4:H+wiYJQWSrOPazU486r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679664109, "uuid": "a3b08fe5-5de9-4f4f-b5ef-8d5d719ecdcf", "value": 878080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679664109, "uuid": "8a5d996f-7bb7-45d6-867a-9f762b89a594", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679664109, "uuid": "1ebe8800-a234-47da-9864-459384f73815", "value": "damianozx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9708d02a-c9df-11ed-88f6-42010a9c006e", "comment": "Malware payload (TeamBot)", "timestamp": 1679619766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619766, "uuid": "ae5c1301-5102-4104-9867-d0dfcfc813b9", "comment": "Malware payload (TeamBot)", "value": "05554979322c3f5e1cb18cac8dd25d71", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619766, "uuid": "bf29d417-f9df-4b5e-9ef1-760b83e349f1", "comment": "Malware payload (TeamBot)", "value": "cbf870e75a16ff74448548661a52f881fcd99aa65a1b49c6371bad46ce56b3a3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619766, "uuid": "39047376-5174-426e-a799-3ccc8d1ad416", "comment": "Malware payload (TeamBot)", "value": "8e48f2fed93da9ed9efd0b1b5cfe6128874f4f2a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619766, "uuid": "1bec699a-729d-440a-914c-841dc1315861", "comment": "Malware payload (TeamBot)", "value": "d1eaa678f72c8235bbdce852d5cf57ca5d94a35bd8f2573dd71649a850c715cc1d7131f69c448f1473820a8a991e2c2f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619766, "uuid": "649fdc30-75c0-4725-9f09-9ee9dc4daf57", "value": "T13644BF2273A1C872E85B05794421CBB46A3BB8F0DF6D86CB7784567D0E317D1DA3934A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619766, "uuid": "734f2c02-d629-4f3c-8d28-6f38b9854bbc", "value": "f74196ae98b7afb3677d1c2066ccd5db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619766, "uuid": "ad5e05d0-e562-406d-be88-95b35aff8dd1", "value": "3072:73y1Q05p2CVDLgvO+yNHPwZUVBfIXa9MiqpRP43WReKQEtsl5h/RrNCA:W1tVDLw3y8UL9qpRP43YdoJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679619766, "uuid": "951d9a02-9966-4ce5-b1e1-665fc690422d", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679619766, "uuid": "86cd047f-eaf5-4e68-803d-73b7763280ff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619766, "uuid": "0c03e66a-6e4d-4170-87b9-6d7fac58c138", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a4c44da-ca4c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679666479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666479, "uuid": "f2ad3155-f0af-4468-8055-0a1973e058bc", "comment": "Malware payload (Amadey)", "value": "7a362693a7fd29bb53f036599a9ff2ab", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666479, "uuid": "6d46b865-5fbe-4258-8c9b-aed661cad637", "comment": "Malware payload (Amadey)", "value": "cbf89ed4206fadff9393f1894a454b43b8ea86ede26e4e69943ce60896025665", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666479, "uuid": "55de939b-99f9-4729-a1a0-ee1abf5c498b", "comment": "Malware payload (Amadey)", "value": "f58c9898ae66befed0ae49b34af5da619f2a518a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666479, "uuid": "f0450832-ee63-416a-ab62-0f9be2668cc0", "comment": "Malware payload (Amadey)", "value": "4e0b2766fde114886f23efe60f3e9c12276a3f6d8920732b0e35ad163e6dcb22269b5dedc7f0c8ef40daac2a27d03893", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666479, "uuid": "11595189-150c-4845-9920-4cbe0fcbb3f1", "value": "T1A1347D1273E1F960F11387328E2EC6FD663EB8E1EE15BE7E22455A7F0970261C662714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666479, "uuid": "b6800de0-42bd-4fcb-9037-65143af81566", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666479, "uuid": "d31d39ae-8b38-4944-86bc-b2cb98fc0d60", "value": "3072:Kx4aOVRqfF8IXKcoCx5QBiB/X2ZrHRElk4B0sqIsJcfARIlYkWNObhr:kdO6K7Z6CXRHdco2lYkj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666479, "uuid": "213f2f42-fbbd-42eb-bd3d-1086d0ef4ebb", "value": 251392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666479, "uuid": "cec469e5-2c75-4c4b-9bca-52c36d48833b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666479, "uuid": "d5cb0fda-b4b9-4d4f-8267-62500b36963f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4de33f97-ca29-11ed-88f6-42010a9c006e", "comment": "Malware payload (WSHRAT)", "timestamp": 1679651426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679651426, "uuid": "fab98cbc-e51d-479a-8c2f-df49f3865a76", "comment": "Malware payload (WSHRAT)", "value": "0875cd01ee57dd5fba16320955e4648c", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679651426, "uuid": "0d42f13d-1f3f-44f9-bcbe-abef3928388c", "comment": "Malware payload (WSHRAT)", "value": "cc713bdad89d5d83126d19ee04c522847a2ed08d81333305aca0985f7807ace9", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679651426, "uuid": "5a608c48-4d92-49ee-9bb3-2752ce0cd62f", "comment": "Malware payload (WSHRAT)", "value": "a53bafd2d577bc908bf8badf8dfda4694ac2e152", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679651426, "uuid": "897053d4-8dcf-4cd4-a416-1b0dc3ab1b52", "comment": "Malware payload (WSHRAT)", "value": "b28717d997392c23894772bec421a33bf9cb165874823da47636be1ea8eee7a4aa29ce39aad8133ae527336cb672655b", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679651426, "uuid": "f71f8b42-52a8-4f08-911b-378557739dbf", "value": "T1BC355A8A06BA5F1607B3E5608342E6738C35E8E327D7A5D5BC857BCA3077C845C1EA6C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679651426, "uuid": "41111488-65d0-497f-995c-793d2bd690ba", "value": "6144:W7VL0/x7Z9F8xEIhvy5qThM7868wp7nGNnpFbkOyJO0AAdvMqseXxQQVNB8Wdpah:i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679651426, "uuid": "6a16aac4-bb06-4f52-a5aa-1af93c49d593", "value": 1136901, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679651426, "uuid": "f947f0a0-bd62-4379-be15-5ab5a77280a2", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679651426, "uuid": "a1205f9b-aec7-42d3-8b21-cdc2c462c8f3", "value": "Scan005.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4458ddb8-ca42-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679662148, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662148, "uuid": "1ffe8a93-bb67-4b24-973d-a3383ebd0ad2", "comment": "Malware payload (Heodo)", "value": "5aa10c455bf80876a73d570f679ec37f", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662148, "uuid": "dc82e4b7-42ed-4cb3-a5fa-775451b84dcb", "comment": "Malware payload (Heodo)", "value": "ce6f43df2fa759f3c94bbd45b78c3d1bf55ac8dcbefa613643f2768adb3f411a", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662148, "uuid": "0da38365-5b41-4609-9f94-16e16429bd38", "comment": "Malware payload (Heodo)", "value": "77a21b3c59ca952f59db2a5dfb38b1bcd5cb9a54", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662148, "uuid": "a13a1ac7-5705-45a6-8e59-73eaafbb727a", "comment": "Malware payload (Heodo)", "value": "b273020df1c6dc2014a517ef48bb73d49a23b373ce03f6532ebabe0b4969a6154d29fbd722e3a14c80e49847045a3ed6", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662148, "uuid": "164e831b-5645-4aba-847c-1807f0f080d8", "value": "T1FF2523E059E82941CD0E0C35E92B71BD92BC31666EDD15E633BC3CE5A90EF6C42126B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662148, "uuid": "09c850c1-b58c-4a12-8c28-8f8aad03e3d8", "value": "12288:Akf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4deO:zXzNdfKluvnRHthzfoYxJld", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679662148, "uuid": "86e23f43-8c5e-4e82-b5d9-8bb0e91fd75e", "value": 985860, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679662148, "uuid": "c361b6a0-7778-4ad1-8f54-cfeae3ad72f4", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662148, "uuid": "5c03384a-8fa5-4857-bae2-57e38a4f60c3", "value": "sVPPIR2.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1029bff7-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679659483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659483, "uuid": "c08bad49-c626-4532-ae20-b461dab9aff1", "comment": "Malware payload", "value": "11ab271ed84ade960f9f11b15e4ba880", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659483, "uuid": "a5f5f1ac-7ec3-47d4-808d-deea0514df7f", "comment": "Malware payload", "value": "d056573abb3a5e676e638d8c298530ef5e73bc3828bb9ac1fb2e440bd66eed09", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659483, "uuid": "ef322f7d-aac3-450c-b5ac-c80c9109c487", "comment": "Malware payload", "value": "f8284aacd708ab45fe56c0e6c24427050fa827b3", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659483, "uuid": "feab6818-6ca3-4af4-a7bb-6adb80081c6f", "comment": "Malware payload", "value": "ac66c3a7329c87109a06dee0b1013619d0d78254b2f3e33936d6aaba0778901c3ea27eca0cfa71170ef0e98083746ac1", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659483, "uuid": "ef224fb4-7458-4fdd-b3db-e46c997211d6", "value": "T101F02B67875C64E5C7242130016A8750B743BB68C7A61F076A2124234D0B8580D8ED5C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659483, "uuid": "a2b48e45-90f3-47ea-bb58-32429444866b", "value": "6:BBkSlXe1oaXyK/V+gv/1pxR1aSmatp08kdqDyGPXE:BBkWXqo8yk+gHZrtp0WyAU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659483, "uuid": "f30fe6e5-a4bb-4ea4-a3f1-47e1a627d0b7", "value": 476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659483, "uuid": "4341acba-f813-48e6-ad11-ee4e1538a892", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659483, "uuid": "2407bc9e-73b9-4f09-a730-3372483a04f1", "value": "d056573abb3a5e676e638d8c298530ef5e73bc3828bb9ac1fb2e440bd66eed09", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c47dfae0-c9ef-11ed-88f6-42010a9c006e", "comment": "Malware payload (EternityStealer)", "timestamp": 1679626714, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626714, "uuid": "fa0159b1-040b-45bc-95c3-5276a9db9eae", "comment": "Malware payload (EternityStealer)", "value": "9ce5895cf7087cd578519a76e9eadb7c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626714, "uuid": "f3a74c55-0561-4d21-b2af-2c153d856788", "comment": "Malware payload (EternityStealer)", "value": "d07f46238c95ae64bb95021846ae77c20bf7c8e4a6e4f02357f6d18382965989", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626714, "uuid": "f13c9024-6bc7-4fbb-9a48-966c3fcfce00", "comment": "Malware payload (EternityStealer)", "value": "43b4d21c0386158c18aa931ce35e99634be7f2e5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626714, "uuid": "7b96d79e-0ba3-480f-8bae-09a059e545e0", "comment": "Malware payload (EternityStealer)", "value": "3e3ecf99254d4b86258635b43f7c4ffc02a7b5c279d12425c150cd567eb8833f849316788c3b2ce3a81c12f65e592545", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "EternityStealer", "colour": "#9DE6D3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626714, "uuid": "3173608b-8774-41ec-9a43-cc21e719e69d", "value": "T1DC558EBD71A38573F00C493B4F1C8D132B3DE9A59C83C9AB4289E9EE9F2548351D6693", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626714, "uuid": "55ad6593-eb14-40cd-a05f-24a42c43f219", "value": "41ad56f07b124d80f945c6cb685f87da", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626714, "uuid": "42776f7e-ea8f-471a-bfc0-99166c78f502", "value": "12288:UmZH9f1IgJFbALOi5QGiPqcY4A8nMRUg27h606C:z9NXDGmYT8Pt6T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679626714, "uuid": "820fd7ed-29a8-449e-81d3-37c2ac231d1f", "value": 1331200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679626714, "uuid": "bbb0ab75-1a4c-453f-aaa5-03bd1d4ae3d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626714, "uuid": "991aac60-80e8-4d80-ad3d-797051244249", "value": "9ce5895cf7087cd578519a76e9eadb7c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1e08227-ca0d-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679639675, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639675, "uuid": "76d8e7c5-98bd-43fe-85c4-59b7289e8b54", "comment": "Malware payload (SnakeKeylogger)", "value": "454e21a6926710200d75b2416c970ce4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639675, "uuid": "2dc6b01c-b70a-4494-9bf6-3389c3029eb4", "comment": "Malware payload (SnakeKeylogger)", "value": "d0a101d03dba528a94c83f78c965018dee7fbc198ebfa5c251ad788672b7a127", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639675, "uuid": "0eb7cc50-d742-4c19-95c9-e9e89832142a", "comment": "Malware payload (SnakeKeylogger)", "value": "82396439ba85e9fcd1463df08accba342238efd4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639675, "uuid": "4ed207b9-3db1-46f0-8ad2-5e0ffaeb34e7", "comment": "Malware payload (SnakeKeylogger)", "value": "f6511246e6cab90ffdb3d21e91060b48caef6615d682b832a267ddb5b2a43c7c2f291a295965391602f0c3cc30d01276", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639675, "uuid": "7d5bcf19-1beb-47eb-a06a-1958cb9a892d", "value": "T1B4157C00E9E189E9F8B483F40CB073AD0A6C7A7514618DC67FB4398979FBA2315BD54E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639675, "uuid": "8ce8dd03-4751-4694-94ab-96d47e4dcc32", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639675, "uuid": "ceca9481-58c7-40f1-9a4f-b54ad98cac22", "value": "24576:J3ukqohZ7C3WWwQb4eyFnbzKL1dit7+ZG:JZhZ7OwQ0eQnbz0KKZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639675, "uuid": "1230ca86-5c25-426c-9715-7560b88af454", "value": 916480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639675, "uuid": "a783c26e-6a68-4d7b-bc15-ff602720065a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639675, "uuid": "86f8b596-6677-436e-97ef-60a5ea6dfa20", "value": "Inv.06564545.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87494a5c-ca5e-11ed-88f6-42010a9c006e", "comment": "Malware payload (TeamBot)", "timestamp": 1679674286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674286, "uuid": "1fce3b96-6fd6-4c20-925f-3deeeb916088", "comment": "Malware payload (TeamBot)", "value": "966165e4becd35b65cd6b4c79816241d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674286, "uuid": "77bbc289-23d3-4963-81a2-af0c65e1bf55", "comment": "Malware payload (TeamBot)", "value": "d1727fd2dcec34bff84d6c3e2c40faaae48778c63e667d1bc4ba3f5e9551dbfd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674286, "uuid": "5330bae1-1dff-470e-a4af-d73b9db11305", "comment": "Malware payload (TeamBot)", "value": "66d5cbcde976c5ca6f7c02fbefca031d267cd752", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679674286, "uuid": "8e20e90a-24d4-4acd-956f-c6cc3e1f79b0", "comment": "Malware payload (TeamBot)", "value": "8fb0310f3a0c432786367de67efa35531eed5f93c8f5c32b21cc78837196dac4a3c42cd9754ea4d921f260fb8c718846", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674286, "uuid": "13c819f1-e8b0-4317-af6b-c34bd6b3b73b", "value": "T175448E1273E1B960F52287328E2EC6FD2A3FB8E1DE15BF5E12459A7F0970261D662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674286, "uuid": "d28c201b-09c0-46b7-91da-a87c518cda85", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674286, "uuid": "9121d54b-a84f-44f8-93c3-d3e40f14ee28", "value": "3072:/ny6OeRqqd7TDKc8+J5Iq/3/Xwzm7OfEJN3IQSP+mIytUOAzkrWN8aeDr:/LO5i61ma1iOxV4yO1yva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679674286, "uuid": "1596214a-3803-4092-90a6-0667eb48e45a", "value": 254976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679674286, "uuid": "07f7e729-b136-4e12-963e-596a5d1a2346", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679674286, "uuid": "7173580f-2566-4825-a269-91346cad7a2e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4895818b-ca60-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679675040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675040, "uuid": "0d32f99a-39db-4288-acdf-0c182bcc020a", "comment": "Malware payload (Gafgyt)", "value": "61f0f089e64dc49c81f36c3765295798", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675040, "uuid": "be126c33-9ace-4c8e-820f-41ff757f53b1", "comment": "Malware payload (Gafgyt)", "value": "d19868450fa290924c1f1c53c0843b98ccb33c90c83439ba2bb623d6b870d27c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675040, "uuid": "f4c5b4a6-4edb-4ae4-b411-4f4d06fd1adb", "comment": "Malware payload (Gafgyt)", "value": "2faecfe735fcf82fc2aa9f3d65ae9218fd0725cc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675040, "uuid": "070d16bc-eabc-40b5-a8bc-ad1fce7ad2dd", "comment": "Malware payload (Gafgyt)", "value": "3b6cee06ef4cd25a547afc8778598d1b87ae3d0038c76f64fd850a4bebc3213885d46405cd4afe5c413858f0bf28083f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675040, "uuid": "77cd2cf8-7acf-4018-ab4a-9caefbd2ebfd", "value": "T1E6E3B8267A615FB7C42FFF764BBA410013ACE6550B586B9BB230C458EBB651F08E3C58", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675040, "uuid": "d7aa4cd4-1d9c-473e-ba6e-1e216ab95d19", "value": "1536:VveTEaqPFvpANUoMBa1ZYylww/0ezOQllv5hFZdMyl1h7dwwUF91xf1zlwe:VFz7o11NvKO5hFvl1h7dwwUF91x9zlwe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675040, "uuid": "572a97e9-db3a-48ca-98ea-2168b4882240", "value": 155932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675040, "uuid": "9662b856-12a7-4e49-bffc-dbf4935c06a6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675040, "uuid": "8da4ef4d-7b11-4d98-a71d-2e5d957f5e28", "value": "61f0f089e64dc49c81f36c3765295798", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5070ec2-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679672188, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672188, "uuid": "26b9eb60-261b-4900-8b39-5fd661b32477", "comment": "Malware payload (Mirai)", "value": "495df769d93e9f1f876d2a3c33153328", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672188, "uuid": "8e84105e-2534-4221-82ec-8c049777adc6", "comment": "Malware payload (Mirai)", "value": "d19b51309192401a2dc6f5ef07118037f0bc8da0efa09abc9fef5b8b18165242", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672188, "uuid": "0336ba26-1801-439f-b9df-32bb6de181b4", "comment": "Malware payload (Mirai)", "value": "4e4ad2b3507a60e98945b88a88579a836dd4ad57", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672188, "uuid": "c37c3670-1751-4676-9d17-98f3544fca4d", "comment": "Malware payload (Mirai)", "value": "339b056f0116beb25c148c18d233c616a550d6bfd14ad12e971b811bb03ba5aaa36657cf19aae916a81719041602d340", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672188, "uuid": "efe64310-30e9-43b8-819f-9b7d73b511e6", "value": "T1F7431261D5832DB698187433DC84CD40774EAAB0F6672C5F3BB9D8301DEA8C395AC71A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672188, "uuid": "db1a483e-df56-4180-b48a-5ffe059138cb", "value": "1536:R/NkUKSizhnP3l+Dj4wMew3gMPjULxyZJE4CmxI2:R/rsnt+D9M9QMALVEf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679672188, "uuid": "643e8df0-44fd-4cab-aeb8-4e8f132887d0", "value": 59668, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679672188, "uuid": "6db8dcc2-8ec9-4dbb-8852-f7e0fc8420ea", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672188, "uuid": "057089ff-8000-419f-9087-8ab931da63df", "value": "495df769d93e9f1f876d2a3c33153328", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e14ead6-c9df-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679619617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619617, "uuid": "4490ac3d-d636-4afc-bcb3-eee98fc47e8f", "comment": "Malware payload (Stop)", "value": "dd47e8acc1a1b632a715c95c110a92f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619617, "uuid": "f6386fd8-87b8-4ad0-a647-f6d0f6c65452", "comment": "Malware payload (Stop)", "value": "d21afc25b1e3c40194e0197a14b179210ed01e5a1fc481b540de3d46fd04b1a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619617, "uuid": "88cff517-0c29-47aa-9aa8-0ef12fd74c67", "comment": "Malware payload (Stop)", "value": "65ed675bc02bb404326dcc98503b5398a49ec671", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619617, "uuid": "a837cf7d-6349-4998-9bec-0da398ac0049", "comment": "Malware payload (Stop)", "value": "4df70c7a50f668ec1bc9334ee79f618dcf291deb97c337bee298706119084176777b05698eba2c9759e55bdf0f68e5ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619617, "uuid": "b6fcd96e-5e1e-47f7-854c-65fa98696e81", "value": "T12AF412027BA9D1B3E7A7053649A0D5745C7AB87007A54ACBB78047BE0E38FD24E72787", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619617, "uuid": "e37abcae-e527-4562-bc73-d7710c671385", "value": "57a1d123edd8232af2119d11a9d551b0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619617, "uuid": "4bbcf125-bc80-420f-b2e6-9f0cce889c5b", "value": "12288:EbYOOYO/4431o8lw7nQNPKo8LWjhL3ZdDEpFHigzswIWCCYDOPEgLrA1rUm93+4j:IKwE1LdRCWjhL3HAfA3UYyEgL8Amys5/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679619617, "uuid": "e709ec91-202c-460d-8111-0fa3bd509af0", "value": 768000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679619617, "uuid": "29310d2c-5920-4aa8-9107-8921430eb19d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619617, "uuid": "d7436e85-1f01-44d7-90f5-cd3f223faad6", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d482d7ee-ca86-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679691595, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691595, "uuid": "d0085c09-cde2-4d07-bdc6-7f2ba2226d56", "comment": "Malware payload", "value": "6e7107d8136cb017b0327b95ce833338", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691595, "uuid": "b06ec5e0-0ba9-4e47-88d9-d69152237d64", "comment": "Malware payload", "value": "d28dc0c2a9fa1af27fbe35fe46e0ff84a79b55f11ce99c4a268159a70d104b8c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691595, "uuid": "74fd5efc-2f68-44b1-aa2d-79d255b13f67", "comment": "Malware payload", "value": "04e53d8fa6d1bb682ac8f18b6edcedf15979e78b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679691595, "uuid": "68a1460b-c40d-4067-99f0-69103c672197", "comment": "Malware payload", "value": "450db5e4569bbbc7ff0f71ec016caa61d93264bebb348fae37658f7289fc99f2c977c5fb1999294cb0f9fcb27c0cf813", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691595, "uuid": "a40f4ecd-a1a2-423c-89f1-ccba0aff2930", "value": "T1B884BF1273E0F960F22346328E2EC6FD6A3EB8D1DE15BB5E16555D3F0D702A2D622709", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691595, "uuid": "09c1d817-9826-429a-a363-a201c10628ec", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691595, "uuid": "d306e7a3-7b5b-460f-9a6a-9c0e348d33e5", "value": "6144:Uvz5zYoLBbre+kalykET/Gvsv92HhiNqejdpVva:Sz5zY0BP3jyk9qIeb8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679691595, "uuid": "2df145ef-8c3b-4acd-ac30-649888752fd4", "value": 392192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679691595, "uuid": "a626c384-c811-4616-8616-ae24a244a64c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679691595, "uuid": "e60c9bc3-318e-476a-931a-2294ab03bb5e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63587c67-ca2c-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679652751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652751, "uuid": "b78a3601-6ee7-4318-93b4-de877657bf50", "comment": "Malware payload (RedLineStealer)", "value": "61c80a69fffd0c0edd2e1bc2b2684ea5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652751, "uuid": "ce489e47-cea9-4724-9584-09cbdc6c7b74", "comment": "Malware payload (RedLineStealer)", "value": "d28e4334d33820fbdf5779c3b0ccaf6252ae4324a21d6a54692541992c46cc56", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652751, "uuid": "614034ef-8e15-45be-8b74-c3bd23ae0f77", "comment": "Malware payload (RedLineStealer)", "value": "7d87efb42c20223822fc59fb4451ab6bd4ad22cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652751, "uuid": "e2e29687-0b9a-4d24-afa0-474d0df97de2", "comment": "Malware payload (RedLineStealer)", "value": "2ec72c228fd66f4dab54acb3fd0d0addbb34426677b84a80f26b15b91d06dd59d832eb7b6aa0ba97bdfa647fadfd9bc6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652751, "uuid": "ec9a49f3-e782-413e-9958-d8824b315988", "value": "T1D374AF1273E0F920F52286328E2EC3FD273EB8E1DE65BF5D16459A3F09702A1D662715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652751, "uuid": "e1a90155-7434-4a68-8fbe-d7947b596eb8", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652751, "uuid": "a1dccf13-cd83-484a-91b6-bc3fccb5e406", "value": "3072:rqH1z4N37y1dd8ATtYD0uDsSEz47LFOl9gyyS7D29OfODJIp+Ai+rkhWHVdi4eqo:VwNPiCZk/F0f7/bo2Hne+dom6mj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679652751, "uuid": "6a1aa4ff-7955-4477-897f-e86132ca61b1", "value": 360960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679652751, "uuid": "8eb539c5-a990-4810-bce9-8bc847379488", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652751, "uuid": "2ba3910f-dcb6-46e3-859c-b85ca354cce4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "112c7be9-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679659485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659485, "uuid": "ce5afa89-1775-4b2e-8bb9-c80ac18864b2", "comment": "Malware payload", "value": "22f2c4df2ea0c5ba4d6469a82ed2884f", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659485, "uuid": "4a81eceb-aa95-44ab-b924-b46045584a71", "comment": "Malware payload", "value": "d2bb04e1207af0026a6db842da74d3b73388fffcc9ff61fe3e3920067fbc6d61", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659485, "uuid": "bae56480-d1e6-40ae-bcb1-c4ee44868065", "comment": "Malware payload", "value": "b1cc8a2777407241097b83569f75cc3821197572", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659485, "uuid": "af9dde06-744e-44af-8e2d-4b6acea05817", "comment": "Malware payload", "value": "1c4d46a261a938930c2e76f637b36762322063b056180c25f6ed36f53acffcb9f4429578cd4b926ce1324d395a8b298a", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659485, "uuid": "08acf172-71ab-4b7f-9933-7f2bab019fb3", "value": "T1F8C633ABFAD124FAD4F86D30B954C438747B72875B5535DA391C3E0045BAA3438BAA33", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659485, "uuid": "8d069a96-8781-44c1-b1d5-5263651d0836", "value": "196608:T6qVPhXfjBPfgJwuQSA/tYJcb3voiEM/AyKqTAtFrVH+7kXG+4UvZHEMjn7wRUqx:eqVPhXp4HA/db3vVT8/rVHR9FvZH5UZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659485, "uuid": "6a0466ef-ce0e-4171-ba2f-a8045613f251", "value": 12445784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659485, "uuid": "b07529cb-bd2c-4146-a813-0ed5e8a09940", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659485, "uuid": "9129c420-cee0-4649-9399-7fbda062232a", "value": "d2bb04e1207af0026a6db842da74d3b73388fffcc9ff61fe3e3920067fbc6d61", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ff2aee5-c9e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (DCRat)", "timestamp": 1679622170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622170, "uuid": "b19076a8-dbc4-44dc-a023-bff275e3319e", "comment": "Malware payload (DCRat)", "value": "fc1382653001e36943a5a487aa04083e", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622170, "uuid": "9767a882-ae2e-479e-9a4a-a03164128875", "comment": "Malware payload (DCRat)", "value": "d2e73b6112b25f6d4aac7ab6fbebecddbe4042cbad85f3926dc298c871c017e2", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622170, "uuid": "cc9866f9-3795-4b52-a72b-d52b62079280", "comment": "Malware payload (DCRat)", "value": "48e471cccc1894f6581d7a19daaf46ac9c219995", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679622170, "uuid": "0c817723-9dd7-48dd-8c48-6c89c402a2e0", "comment": "Malware payload (DCRat)", "value": "2f8e1a886fd46bfd28318a05881203f65e6e68d5b820279f04b7a0943fc5657aec93cdddfde765d393e34b2149cdde45", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622170, "uuid": "a53e7066-6db1-4789-9552-22eba8979d31", "value": "T1B0455A01BE44CA11F0991A33D3FF46444BB4AC116AA6E31B7EB9376D56123937C2DACB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622170, "uuid": "cd922c3f-52ca-4d8b-8ada-bb85f2ef45b9", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622170, "uuid": "e01c1208-797a-46df-abbe-da4142140caa", "value": "24576:U2G/nvxW3Ww0tRCSZnPWLTNL6sHH6Jr3W2QGJqE+s:UbA30RCcGNT6JTW9c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679622170, "uuid": "c8650bd6-45ae-47dc-a596-d5f038979408", "value": 1164871, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679622170, "uuid": "c0b225f8-ba6e-46b6-bfad-7e4a12665bbe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679622170, "uuid": "9c075a70-f8fb-434b-8fc8-70d2a5e8b1ee", "value": "DCRawwwftBuild.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94a6067e-c9e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679621480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621480, "uuid": "ffccefd7-0821-44a7-82d7-cf187d953a3a", "comment": "Malware payload (Smoke Loader)", "value": "d4e1cefa2d72a17fb1c23f8a60f9c18a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621480, "uuid": "9bebbdf2-6cf1-43df-8ad5-cf1cef946826", "comment": "Malware payload (Smoke Loader)", "value": "d4086ded3564c67c1af876d694c086f76d870b9c71b6fdb729c29f8f3c25b71f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621480, "uuid": "31927776-82db-4c15-a5c6-b268a3870af5", "comment": "Malware payload (Smoke Loader)", "value": "18c0bc20e8fe66fee19dcd559ae3a8bf802d9954", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621480, "uuid": "9d279442-3c49-4dfd-9f33-2055d6bbfc9a", "comment": "Malware payload (Smoke Loader)", "value": "1d745c7d485eef03f2833df3599a9b80993bec0290dd281997b61118cd612ec832b16813cc2ac6679066a106285aeec3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621480, "uuid": "1c72ecd8-e477-49e4-a12d-4a8b1e275d53", "value": "T1E344CE227391C472E65B40794819DBB06A3BF8708B558ADB7B84D67E4E303D1DF3A34A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621480, "uuid": "99d188ee-b391-41ed-84c4-baca5a344cf1", "value": "82f9a3111ed4dfd5fb803f88f46422ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621480, "uuid": "dae5ecfb-dec1-44c0-88a6-0407bc1f0da4", "value": "3072:EOcf7c06aVdL+NCiSwsQ/JWPvqDvDT64q2UjqNs09sCkZzoJ5RUTFi3:Q/VdLgnJsQQnqDbT6F/qNL9sCkUoF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621480, "uuid": "4c5ffbcc-ed2b-4c5a-8075-bb5c77d7ffc3", "value": 256512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621480, "uuid": "797bfccb-3f4a-465a-abb5-cb4ed2b52f10", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621480, "uuid": "6b331fb9-b31e-4325-a6fa-c5077bd839d5", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f78dbbff-ca4c-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679666743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666743, "uuid": "f4061d87-8a3d-4acc-8072-e06e70765b7e", "comment": "Malware payload (AgentTesla)", "value": "f7cb9f4f99405fea3fd1ede411bb87d1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666743, "uuid": "9b51dcc5-50d6-4773-921e-76637e500416", "comment": "Malware payload (AgentTesla)", "value": "d4696e1f4451b83adea7ee01be8cef6807343d3cf031cd913f6902f3fb789db9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666743, "uuid": "c9be6677-cd85-45e6-b5b3-18075be71f8c", "comment": "Malware payload (AgentTesla)", "value": "a13e68ad292d9aef8184555aff6091b2fcf70134", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666743, "uuid": "db1e8508-256b-4fc1-b9ff-267ad44490bc", "comment": "Malware payload (AgentTesla)", "value": "80adfabdc93390e5e341c899838e170025568291664a54affb8183a6c9fca465ebee2df35dac3c2968faa2dd726ef8e1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666743, "uuid": "e6abaa52-ec4d-412c-be8e-27fbcb94a4ff", "value": "T11905EF00FD7A4973F8EAD7B41060233A03B4BBA15061E6998EF968993CDBF6741D161F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666743, "uuid": "12a067bf-019d-462d-b890-fc30f84bac6c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666743, "uuid": "a451fcdd-75c8-4f43-84a5-4edd8c11fc9f", "value": "24576:18QQxUZGSrOO8PvlUr1y115WfTfYvjgBT:SQQKZr8PkouTgj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666743, "uuid": "dff10c6e-17b3-4df3-a2b1-a5d843750786", "value": 836096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666743, "uuid": "fb02a5c5-b791-46ea-8a57-75fd52b994cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666743, "uuid": "1323d449-de8b-4bd2-8ee4-aa420f581008", "value": "r0034ASD09.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "127772b4-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679659487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659487, "uuid": "262ff55b-11d0-4927-a0dd-2cbfb405a020", "comment": "Malware payload", "value": "1dda39cd78b31f7afc2efb349b1bf9ee", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659487, "uuid": "52072b0c-7030-49e1-8ab8-1120ff6f21b9", "comment": "Malware payload", "value": "d51745b025294e10d608102ba877b7fa5336453cdb7f6a72388f4d1fc75e2115", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659487, "uuid": "413fc0f3-ccce-411d-a2b0-a76dad719bd3", "comment": "Malware payload", "value": "89eaaf0cace31ecc8914773583bc9452959b9a3f", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659487, "uuid": "e27910a3-64ef-4d5e-b531-56b15bb02037", "comment": "Malware payload", "value": "07737c581b684dd888ba72fbb1b2f8915620b6f9087ee6376da9ba96bd3c08a06badf3a585fb084a7cf54f3a239955dc", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659487, "uuid": "9f1a8d43-711b-4ec4-80a8-1235bc7980ef", "value": "T13CB5E857E49590E4C0EEE174C726A213BEA13499073437E36FA19BF11B26FE4A6BC314", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659487, "uuid": "41f645f7-1f7f-42a9-97e6-be9b71b9b65a", "value": "49152:c8nxDgC7g9rb/TBvO90dL3BmAFd4A64nsfJ7QQzjFHWkMNRCdQqzB0dSyGW:cqYUQuVDt0X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659487, "uuid": "2ae78222-3c92-4492-8833-da5332fa7c36", "value": 2457600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659487, "uuid": "77674179-48fe-4a0b-bf28-67fa5b6e8035", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659487, "uuid": "a7e94e6b-7cd8-4d10-aa1d-4390a6f96c6d", "value": "d51745b025294e10d608102ba877b7fa5336453cdb7f6a72388f4d1fc75e2115", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "652fa276-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679646311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646311, "uuid": "3828e772-2b50-46f4-9912-fe7895c76d42", "comment": "Malware payload (Heodo)", "value": "b1cee5a9adebbed7cf54c7f298c9a67a", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646311, "uuid": "edde6336-be83-4470-8f5b-582f3b8dc352", "comment": "Malware payload (Heodo)", "value": "d6187151e5cecc616ab816a2acb25ac7f67255f1f2647903e05b0c87c12b7dd5", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646311, "uuid": "6420adac-3af0-4081-a618-a9c80290cb50", "comment": "Malware payload (Heodo)", "value": "a1df4fe6c78b65892616a2500fe41bc4bf50e7f8", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646311, "uuid": "8a13f561-9cc8-4702-b78e-453696930467", "comment": "Malware payload (Heodo)", "value": "b0c35094e0459c172fe401313ad657989c5d69a8b9b372eba58810298f893dfec989ea20ad0166d83b2b05de199e42b8", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "one", "colour": "#E3D54A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646311, "uuid": "071f0f99-c8a2-4695-a756-9d0f4bd42ee6", "value": "T1AB44F9CA6B97548CC060A3FE300476E6433947E3E970ED34E4959C2E8D66F8E61F4A9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646311, "uuid": "652e5a01-4919-4c8b-9e48-f6fe080d861f", "value": "3072:kNjcvQx377FjDDRX4UzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWa5:kmvQp1DRXKXm5ZGa3vRXm5ZGa3vuVy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646311, "uuid": "366f3c50-674a-4ecb-b903-dced032dcc67", "value": 268308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646311, "uuid": "be4f4d6e-f835-4d29-b284-75f63d8ceeeb", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646311, "uuid": "023aa9cc-e73b-4bfd-92ac-aa01c7a836e4", "value": "OPAST GROUP LLC.one", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c186a588-ca30-11ed-88f6-42010a9c006e", "comment": "Malware payload (PrivateLoader)", "timestamp": 1679654627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654627, "uuid": "02eb09e9-46e0-4c07-b975-68fe80cbc525", "comment": "Malware payload (PrivateLoader)", "value": "481b8a9908d54fc23ba2dda67b1071a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654627, "uuid": "09f30c08-97a2-4a15-abd8-50cdd3d92b72", "comment": "Malware payload (PrivateLoader)", "value": "d63069101832890712e5c2331af362d16737e667bac89c0e0476495f4cf81e9f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654627, "uuid": "9182fdc0-bb9b-4cbe-8493-1a97992494c7", "comment": "Malware payload (PrivateLoader)", "value": "c4f4df97cbedf2a0ac69c0c4421457c520d8f9df", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654627, "uuid": "7395fe26-90b4-46eb-a4a8-ea41ad7a563a", "comment": "Malware payload (PrivateLoader)", "value": "258f04d72054f98fdef4a377e29289d4cd28b9e8b6ca68f27fef744de4bb42d1c0f466b2447199a43552a91b9ab75b79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654627, "uuid": "47660f60-f47a-4a5e-b94f-909113087c07", "value": "T1EAF59D12EA809035F4A301F697BE1A7A5E7CBF31231054D3D3C8689C9B654E1BB36B5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654627, "uuid": "5533c0c2-7576-422d-a614-a4a4848d0a8a", "value": "ff6db230b8655004abd62c30d0163534", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654627, "uuid": "321a748d-49b7-4a72-b5f1-6d8b42a3270c", "value": "98304:BhdvvtSdd0zlR0AxzQi5C6//u+TDIPGjiIKwLDrG9ke7P7CbM5zD6sILTjblMS0u:u6//pqGjLKEUxi4osI3jhMSN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679654627, "uuid": "7dfabe57-3fb0-406d-bd2f-2da84774de16", "value": 3640832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679654627, "uuid": "17b7f52c-c55e-4c59-a572-7115f5149df6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654627, "uuid": "32743224-c06d-42e3-b90b-d0943391b03b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "809bf4d5-ca73-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stealc)", "timestamp": 1679683294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683294, "uuid": "a2a37e60-36ed-4f3b-8f6a-36a454476abd", "comment": "Malware payload (Stealc)", "value": "1797d9504e975e78660f67f3f6a3d89b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683294, "uuid": "ae496ae5-ff62-4a7b-ae51-6f59406d8b35", "comment": "Malware payload (Stealc)", "value": "d650c339b5d54ae7d87c0a173b07bd86e6490b3c0ea4d2521d2b4e2dbfdd4c83", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683294, "uuid": "4b1500a6-b348-4e47-ba5c-f6b60c9c8968", "comment": "Malware payload (Stealc)", "value": "2e15e7918c730d139dfe98e98edeeb12f5e1e209", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679683294, "uuid": "51a43dda-15bb-4582-81fe-a58b1954886b", "comment": "Malware payload (Stealc)", "value": "dbb4709b3a042754cae7f3ada5bf1609018a6eafc2890427792343900abd908c0a265be5d5092531f606baa7264caab8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683294, "uuid": "52ab89b9-9a55-4286-9ad5-08631b37fe3d", "value": "T1E9549E1273E0F921E51787328E2EC6FD2A3EB8E1DE15BB6E1754993F0D702A1D662305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683294, "uuid": "d6734df4-50b4-4306-a327-9b34d1b5318f", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683294, "uuid": "ceddbf0d-b19f-4573-9ec2-0e8d1ca595ea", "value": "3072:qoy7Va2BP1+qaWCwe0/IVmrykZ41CxHEs/IVvgjUVc98JtEv2FWN8aeDr:jCgSq2IVm01OEsmIje5/mEva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679683294, "uuid": "cb68edde-be1f-46c8-9aa5-7d3184d13794", "value": 283136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679683294, "uuid": "41fed14a-4268-4e48-8e61-14ad3a31c9bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679683294, "uuid": "1ad55d95-5155-4273-ad56-9f59a883a43a", "value": "1797d9504e975e78660f67f3f6a3d89b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4da19153-ca60-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679675048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675048, "uuid": "1d59881c-7d68-4538-92c7-b77fa62c8fba", "comment": "Malware payload (Gafgyt)", "value": "14ee5ff8f0fcd533a27396a917f49a5f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675048, "uuid": "7f803a9e-d430-43de-bc56-4691fc5fb6aa", "comment": "Malware payload (Gafgyt)", "value": "d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675048, "uuid": "f5685409-0f9b-40d7-ae0f-4ca719a7911d", "comment": "Malware payload (Gafgyt)", "value": "a596a90ea8cc68771340d2518c2f8101f5e9c0e0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679675048, "uuid": "2c60b2b0-0487-4100-a543-9d30f59ecd75", "comment": "Malware payload (Gafgyt)", "value": "cf034ee47187abcc717c8bf96a50aa0d8282fbaeb607ac83b9257a6f3179139d34f27c53ae391ee813bc6cb5837e29bf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675048, "uuid": "89133e8e-2975-4131-8371-3e285ed664e5", "value": "T15CE3E725E4A16397C0A37379DBBE42083336EBA80B5B7343813469B46FF576E0D75868", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675048, "uuid": "d1a91871-3424-4161-ae62-be1f8da8d965", "value": "3072:kd2za4YR7r2yOQIg0U5h8MDygyqmyGQUYT7XS/n:Y2a4YR7Z0U5h8MD3myGQUYTLS/n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679675048, "uuid": "738d12d5-05e6-4ef8-a7b2-dc258f793145", "value": 152521, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679675048, "uuid": "6df02257-bd07-400f-88ad-e26aa7deec71", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679675048, "uuid": "57ad3aa3-e192-4ada-98bc-224d65c98670", "value": "14ee5ff8f0fcd533a27396a917f49a5f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abc92c43-ca38-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679658026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658026, "uuid": "850df3bd-1eb0-4e94-9b1a-1b6df3269a30", "comment": "Malware payload (Gozi)", "value": "1136732c6ff884b7c8c49c5a7a24b9a0", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658026, "uuid": "9024fa7c-797c-44e8-92af-747075ba041b", "comment": "Malware payload (Gozi)", "value": "d766c3ab3c12c580b4bbf32ed2e33d17e7084704a1e61b933ba8e71c95f002dd", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658026, "uuid": "5f6ea19c-7792-411a-be57-b51d7af4466a", "comment": "Malware payload (Gozi)", "value": "639f4d44e4a71d30b91f6e4858d612856e1e049d", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679658026, "uuid": "430fb8e6-449d-4c58-8f42-8f73a404c901", "comment": "Malware payload (Gozi)", "value": "937d1755e6ce55ecfb0fa4bffab62e2cab139e0456ec675f02d58a6a3c52ad3e18a7bda6b08a0d549f4d8686dfcbe4a7", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658026, "uuid": "6559ccd2-44c3-46d5-9680-b5f97f99d0b0", "value": "T12D347D1273E1F960F52286328E2EC3FD263EF8E0DE55BF6E1649993F0970261D662714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658026, "uuid": "b374e7b5-261e-4749-bc0b-b3dbdc631c6e", "value": "4fc712efe0d5d011b63626c597ebe2a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658026, "uuid": "7940bf2a-a1c9-45ea-a818-1058d124eed9", "value": "3072:VYmAzyhXVAodfTgTWHNWDwSdXXjaXCtG5uSYLQ0CT1b+ZnZqSIAskW1WNObVr:3sY0UyBPtGASHZb+hZqSukW1j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679658026, "uuid": "ff5e1d7e-1d41-4e5d-95eb-1eb1ca7da6a5", "value": 252928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679658026, "uuid": "7f15b74f-cbe9-4da6-ba60-04f57a08fd6a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679658026, "uuid": "9a397556-f24d-40de-be87-3c17ff606d73", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f865e78-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679672179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672179, "uuid": "7e496251-ac41-4066-9ae8-855e717fbabd", "comment": "Malware payload (Mirai)", "value": "b6e4c3062b89634b85238ec735303211", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672179, "uuid": "fdcdfd24-d8a0-43a1-a60c-a1f6e0a9ab98", "comment": "Malware payload (Mirai)", "value": "d8aacb82ab976ff1446c2381d83b4878602f5b46af5530c25d74c6b31b85fa5c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672179, "uuid": "8bdd6628-a632-49e7-af08-074f8b1a7365", "comment": "Malware payload (Mirai)", "value": "b9f736224a83d4b5643b08ab29a8e9582ac9cf1d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672179, "uuid": "7677bb07-b349-411d-8eca-23e30d5278aa", "comment": "Malware payload (Mirai)", "value": "f8ab993318c8fcffc089687b58dc5cbf996c61ff4d3fad08a10d44c463a6c4127e58b3ddb64b66f38c667e42c9294036", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672179, "uuid": "26cc02ac-e4da-41f9-a3f7-5a358000cc41", "value": "T16ED2F1B2F4367331F1A48434A636CB41A1DE05FAC0F1B1979862D9EC712928EA6FD437", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672179, "uuid": "00dd42b0-0887-49fd-a3df-3c294c2f7ea0", "value": "768:m8a8eV3Gp4CrecU1n5Pln3Lvd3gVv/3/7KY3b5s3Uoza3:mb3GyC4XnbFSfTBEzS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679672179, "uuid": "271df37d-c9ab-4111-8f2e-ff7371d228cf", "value": 31068, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679672179, "uuid": "f970af32-aa6c-4224-ac1c-9df54cd388c5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672179, "uuid": "5dfc1c43-81b1-46e2-9759-0c2f620ab198", "value": "b6e4c3062b89634b85238ec735303211", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a50f57ef-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679640406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640406, "uuid": "75dfd68a-0e81-4718-871b-360c42fe569e", "comment": "Malware payload (AgentTesla)", "value": "52960f977b511bb88664a0177320a26a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640406, "uuid": "673f0025-f45a-446e-964a-b1f68090b379", "comment": "Malware payload (AgentTesla)", "value": "d8c4477971a15461d08f74725d2922f5e2400d857f539648a3b4f9ea940a8ab8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640406, "uuid": "526dc616-327a-482e-81ed-5fb971a7c28c", "comment": "Malware payload (AgentTesla)", "value": "d8b54f60fa927e1bcb8a2f1aa789b8fcff425245", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640406, "uuid": "1815101f-428d-4ab2-8c16-1ed60cfad21a", "comment": "Malware payload (AgentTesla)", "value": "0a2ef5225a09fe2893915bd2ffdd5c284be07b972ce5027a10a77f5b133d9dfea995cc88fd3b073a19806881f26c9a7b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640406, "uuid": "57bdf97e-e36c-489a-aa20-2d4331f72d18", "value": "T11705D004BD260D36F4FBD2B05050233A0B65FB655421EA998AFB689E6CEBFE301D055F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640406, "uuid": "5d4d02fd-b5a3-484f-8a7a-0595f4967b63", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640406, "uuid": "71ea7bc4-6c8e-4233-bb58-5e9de276e9fd", "value": "24576:A8Q2EUZGsr81JwXMTdnYMTg0HgB7C3/XmSeoyglFt:RQ2zZOsMTdds9B7CvNl/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640406, "uuid": "7b00409f-4e07-44ab-9a1d-c6418b3782b4", "value": 866816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640406, "uuid": "506ecc07-09de-4d61-a2f0-8ccf2859727b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640406, "uuid": "fa4c702e-974b-4bdf-a9ae-8ad6c86ddd89", "value": "52960f977b511bb88664a0177320a26a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fd77c31-ca1a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679644960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644960, "uuid": "4829fac0-e670-47a0-9f6b-9e1469276b8f", "comment": "Malware payload (Smoke Loader)", "value": "f69b6795b8ded347fa1138c68d3ed69f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644960, "uuid": "e77fe4af-b273-4436-90aa-d0ba77fad9a5", "comment": "Malware payload (Smoke Loader)", "value": "d9120b7128669cadb3d5352dbec578f94f34108ca6b317d00aec52411fc45a42", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644960, "uuid": "3a4f9d05-e13b-4501-a365-590fcb5da822", "comment": "Malware payload (Smoke Loader)", "value": "fd26c583c287216c90684e09745ff86650a1f6ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644960, "uuid": "81630463-d064-4aa7-b361-b50b07baf10b", "comment": "Malware payload (Smoke Loader)", "value": "c07b53e1dad6f3578d2a49388aa0cdc3cf14d2e6b9ff44c419783ac24c52e740238cdfa657c2756729e214b09b6a15e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644960, "uuid": "f915ebf0-06a3-4897-8d91-1c87097bd36e", "value": "T16E347E0273E1F960F52287328E2EC6FD663EB8E1DE15BFAE1345997F0970261C662714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644960, "uuid": "9d51efe5-5d7a-4957-aa8b-612ca1a635c2", "value": "f074ca07d05b404f1800905e64acce35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644960, "uuid": "01863c6e-c39d-49e6-a9de-56a873072636", "value": "3072:Qny9/JahzrPSxdQDOaZtauXacBko7wTGyH+QU88BSYx+PlRxWNOb4q:Vi5Qi/QYkIc28qx+Plvj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679644960, "uuid": "395fb8a8-2268-4f6e-a960-6b6903557fad", "value": 252416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679644960, "uuid": "0c7c772d-edb9-4eef-aa05-974dbf49b712", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644960, "uuid": "0a729e81-2ab7-4d0e-94a0-3d48209b1752", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1aa0814e-c9e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679621705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621705, "uuid": "98ee883a-7079-4dd5-a315-41839d8a63e3", "comment": "Malware payload (Stop)", "value": "1a8dfc07b5d73a85776b45e4b8eb2aa8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621705, "uuid": "edfef4f0-2adb-4dd6-9c1d-2059a0ad10d3", "comment": "Malware payload (Stop)", "value": "d935d3deb9f86f85e9eb8ac73c617a4d0eac4c9bbe54e97522c02f79a34685e7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621705, "uuid": "6463c468-a032-4c6f-a267-cbcdecab603d", "comment": "Malware payload (Stop)", "value": "9b7fe7964616a012c09f74a54f641db63da144d0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621705, "uuid": "ea187f52-3c75-4525-bff6-4c687288d2c9", "comment": "Malware payload (Stop)", "value": "09791cea437d80caf8ab6413028488fbb6e81b84ae22e32748c8d7d5875c91250ade80efaac57d1f715243f1c59118a0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621705, "uuid": "63fba4e9-8585-44af-a175-81b8efbca002", "value": "T152F412723B82E0B6E886497549A2D7F05A7ABC726F554EC72B88337E4E317D18E70305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621705, "uuid": "829b31a5-57e8-4e57-8806-1d3d590abe9a", "value": "d82b59d9ac38acfa112d084d606d9e02", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621705, "uuid": "ce5241e4-99cb-4fd9-80dd-3e86a07cda9b", "value": "12288:Ghev/g8qJpGa02PmZvHa0IusMPrrwP6uamtDuTHsvLX5Y1:w6g8mU72PmZvaGZHtAt6TWr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621705, "uuid": "5f8e1a76-cf6f-463d-a72e-2cb1328fabb3", "value": 769536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621705, "uuid": "95e94e07-540b-45fc-ab1e-b0406ce07485", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621705, "uuid": "25b44b15-6be9-4807-a132-ef647452aec0", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30435df5-ca58-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679671563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671563, "uuid": "ac622fee-3cc8-4edb-b639-34d6d5a5e34d", "comment": "Malware payload (Mirai)", "value": "fc6b30aab56170705d357677369a5c20", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671563, "uuid": "44a0d758-d39b-42f7-bb19-fdfb4030bdff", "comment": "Malware payload (Mirai)", "value": "d9963d1d329c370d8c616fb8f8892548d95f04a490ade89ae2e8320be1bfaa4c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671563, "uuid": "e87426ec-63c0-411d-8590-42834d4623dd", "comment": "Malware payload (Mirai)", "value": "f6b8ebd8b86a8fabe4f5ede6b99edaf71f8db6fa", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679671563, "uuid": "dcd1cf9b-4eb5-4a5b-9c9b-56b81e43a3df", "comment": "Malware payload (Mirai)", "value": "a8502e5d265083f7018bceb4c0968add6b62d65fef604bd672b35dcfbea216eaaa9a310c59d1b6836f9321d04caca144", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671563, "uuid": "8d04c0dd-e2b4-45df-af4f-3b009529e9ac", "value": "T14C03D05BF01051DECF4FE8F5DA195BF19904E1843B9BBFCC63208C94EB2AA9DB2150A0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671563, "uuid": "73e901ec-28c8-41b8-b9f4-024db6b7c7c1", "value": "768:TVDvvr1c8GZLM0j7/zFO0h/zKVzLv5HxlXfp4BhzjyA9oQWf:FvD1c8G9M0j7///2VHvHlXfpERI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679671563, "uuid": "472dad65-13c5-4fbf-8c88-5f42cafe9321", "value": 37892, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679671563, "uuid": "e6e64ad1-bfe3-4d5e-a934-ffbd0974f76f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679671563, "uuid": "84f94c3e-0820-4688-bbf2-80175a8d3ac6", "value": "fc6b30aab56170705d357677369a5c20", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea73a4c3-ca79-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679686049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686049, "uuid": "5f5d998e-d593-4c41-9b64-00b295faa6e1", "comment": "Malware payload", "value": "3c51f29fdd795df6875625363b080227", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686049, "uuid": "a206875a-a376-4712-8c2b-588d102855bd", "comment": "Malware payload", "value": "d9f7c8bc340ccc50d37db11f2d02fd647076f0f1deb670af2eba13b5b1354643", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686049, "uuid": "3945fcab-1232-4e02-9b98-dc3b1bde3167", "comment": "Malware payload", "value": "24686d3b3191614cd7e3b9a5d7cd66f3e7c4e563", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686049, "uuid": "2da4d784-5465-46c4-9323-9969708d1eec", "comment": "Malware payload", "value": "dc3b0e9a049095732b9f29660c7df04a560e287079cf5de41ce332b09ba610253824cb27bd581db7d9c40249741100d6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686049, "uuid": "25b90588-c208-4070-b352-f83da72dcf52", "value": "T17D4590EBFCBD4E2DC4AE0E380EB17AD2C53D5A98CD9F5826924E09360BB0C72C25555D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686049, "uuid": "95a847b3-fecd-4321-8eef-34eaabaedd34", "value": "2ad0bbe7b488ccd9b02faf0349f3e503", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686049, "uuid": "f4db9d54-fc9a-4fd3-890a-a75a06925e8e", "value": "6144:8V6RgSwhl2ZgD4TAemkAOmATjoR1BwUdkIqBQAMUIEM0MBaUsksE/VX47jp6tiwl:8V6RgSX2icA4kgVX4/pthmF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686049, "uuid": "019c10cb-7ff1-4eef-b57e-c5bafc08f5f4", "value": 1260960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686049, "uuid": "e08f40e5-1290-4c8e-91f2-77e530d94380", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686049, "uuid": "c605e69d-6329-45a4-9025-3631c35e0bca", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4a9ef5f-c9e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679621534, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621534, "uuid": "36717cca-610f-493d-992b-99f99ef983ad", "comment": "Malware payload (Stop)", "value": "d4c246f1ee4e36d912907f0bf639f735", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621534, "uuid": "636c971c-43ae-4fe5-a431-6e762d71ae25", "comment": "Malware payload (Stop)", "value": "da7cbbf56f929fa425250a13156cc82ab540353716578558acd23f7ee6f5406f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621534, "uuid": "7a9bb8d4-e61d-4c74-80f5-7c827623e270", "comment": "Malware payload (Stop)", "value": "707b27dc0ff68ce7cf26ca680f7dc4ab54f510a0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621534, "uuid": "e9f92ba1-a8ed-4968-86f3-c429c3c6d9bc", "comment": "Malware payload (Stop)", "value": "7df2b42a7d1946f73aa7a64150ebe74995fdfa4015a91c54ecc6f6ddb4e4c3a8167320f7ae114d6c3a19252df69d8d9f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621534, "uuid": "416587c0-c452-425b-80a6-a97525959609", "value": "T189F412223B90F4B3C94B89748418D7A1693E3D321BA5865B332C137E5E3C7D5DA6A327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621534, "uuid": "af4e9fbe-a505-4576-bd0b-79a897cd586c", "value": "8d9508e89d467f2b8f17cb75c34b216a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621534, "uuid": "5c36444c-ae02-4116-856a-59d5766654e2", "value": "12288:Ufvdq8mi7ZdL3im+p27nm3DH3uAvYwVXTlEAFyfu1GX9QS5Zp4Wb:EWY827nMAwVXTlETjxZpn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621534, "uuid": "4add5f4d-47de-41ef-a9d6-eea6142a82ae", "value": 731648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621534, "uuid": "7719cb07-96ab-4dc6-a4da-4b626ec4b320", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621534, "uuid": "accc397c-360d-42e7-9c51-eb5d6ccffb8c", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a1a3bbb-ca11-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679641139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641139, "uuid": "549c8de0-b0a9-4877-8b4b-c7f7e7849085", "comment": "Malware payload (GuLoader)", "value": "cce0aa14e8227e83caa9b9c730cba2d9", "object_relation": "md5", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641139, "uuid": "5cb0b5e5-0cb0-4937-bfab-d891e43b50ae", "comment": "Malware payload (GuLoader)", "value": "da952bbd985a09dab1f0ee805950d89ed19f56e0383856b89ba622474008b642", "object_relation": "sha256", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641139, "uuid": "68ee5725-78fb-4682-88a7-444dc5d08026", "comment": "Malware payload (GuLoader)", "value": "27f88cda5c1b7ff2c5288a65a126c59f007586ee", "object_relation": "sha1", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641139, "uuid": "9e160a01-c84e-419e-b3a3-50b5d61c5303", "comment": "Malware payload (GuLoader)", "value": "9f89bf172558b5bd59330516cc09851398bf42c3193e88c08fda97e5c462db569fc20567c060bdd46434b6c3b86c32c8", "object_relation": "sha3-384", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641139, "uuid": "fe3a2f6e-5f71-46f3-a9c9-2fb5122932ba", "value": "T14B4528111A588543F218BC33D430EE7E62149D9C637A84E7A7D57FEB22387938B6D12B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641139, "uuid": "a06ac8d4-a68d-4d3e-bfa0-ae0e9a119f9a", "value": "6144:IiucV6Y4sLhaUs2ImxynpGjpgHxJ3eb66/Dgu2nyqoOBG2PGi6Mr:IiuiwUsGk8lgm2OS0irr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679641139, "uuid": "aa2ae0df-ee49-475e-8e7a-57535634e141", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679641139, "uuid": "3d5e299c-5dc9-4d48-ae57-f99900ceda08", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641139, "uuid": "1b7ebbed-99e7-488b-81c3-086dbe3671c2", "value": "Tr order of Rupali Bank Limited.ISO", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a80eb06-ca3e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679660440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660440, "uuid": "1a9f4cbb-c7a4-4278-afd2-e0fff731c805", "comment": "Malware payload (Formbook)", "value": "361037cfc4e2e7cdbe2d56cd3f4953d7", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660440, "uuid": "4817c018-673b-44ca-a8af-c88286a8b84b", "comment": "Malware payload (Formbook)", "value": "db46f88e3cc4ab2d66eae7da6ff9863a9eacc7fc03113f7b88719af00c047bc1", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660440, "uuid": "dbdb19ba-c24c-4a6a-b9b5-99977e9dcf90", "comment": "Malware payload (Formbook)", "value": "c881552688dbbde009237f92c7de2ac7ea07fcb2", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660440, "uuid": "f1b2c410-a6af-4199-aefe-014e36b49521", "comment": "Malware payload (Formbook)", "value": "6c56bf9958fc0d5e8f16efce6d19dd95be693b9152ff560f10aa3005a23effe2f4043a205a4c10d663bff84aedcd9864", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660440, "uuid": "4083734d-c943-4dc2-9d40-a99149b68a4b", "value": "T1F7F4330833B14F9EA096EED08E91F4417C943D771EC2753B87691AA90CDDAD0265ACFB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660440, "uuid": "7c26e33d-62b4-4c1f-8d4b-8b69939be092", "value": "12288:UiCYoQ2Hp0rX8pLBrIIuyzM0uK+qcBWs+djnrpFA/SXviiAkzpvMKrpv69P2Zeon:I6LaZP+LBYZAc35pMk6FSeM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660440, "uuid": "605c375b-702c-4474-a360-0cbf01ecb902", "value": 732409, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660440, "uuid": "c2210a01-020f-45f3-bd28-4fe66746195d", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660440, "uuid": "2319b3a2-e8c0-43bd-92a8-0c2471c884bd", "value": "Shipping_documents.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5e5a733-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679672217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672217, "uuid": "ea4cb7db-787d-4c7c-bbeb-b510d36b48ce", "comment": "Malware payload (Mirai)", "value": "8a7e20e11ab64ba19b1c6d556cbb7c72", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672217, "uuid": "3444d56a-8d8b-499c-a434-5ea4cb3d9c6b", "comment": "Malware payload (Mirai)", "value": "db6af85fa820157f033df134a4ce9d04a48ff4389ffd5d8acdaf1bd997e0a1fb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672217, "uuid": "2264263a-8c6e-44b5-92d3-58a28572c46d", "comment": "Malware payload (Mirai)", "value": "a0826587190504c761cb20928075ad7a28222d8f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672217, "uuid": "f2352ca5-7361-4e58-ba43-bcd035f5c674", "comment": "Malware payload (Mirai)", "value": "040fb4330e698286f085e7014678782e0e733eaa4c415a26778ae82709d79967114fc338127e177be4f9654f91bf0543", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672217, "uuid": "4607a6d7-c394-4cde-a6b6-096f41d3e814", "value": "T1AD03E110F0221FF3F15669BDEF92D08B565E8EB8D5FE200D7968BB084DC754926B8287", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672217, "uuid": "3f45b37f-bb2b-4f01-9cbc-705e5308af03", "value": "768:gL6uRxIkP4ZM2E4TxDtqOaH7Q7Z0iyszSZKyEl92f79ighV9q3UELJG+:gVJx4Txg00OzS0y89MQghoLc+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679672217, "uuid": "54669dc4-8305-470c-b700-e44d12658a52", "value": 39672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679672217, "uuid": "89eca5ce-6a55-44a7-a446-1e05ac897a0c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672217, "uuid": "27c11a08-cabc-4584-9211-d8c5d83e4ec2", "value": "8a7e20e11ab64ba19b1c6d556cbb7c72", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a57d1c90-ca2a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679652003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652003, "uuid": "fe578b1b-216d-4d4e-b05f-16f7b1dbe87d", "comment": "Malware payload (Formbook)", "value": "c1b465d96c0541a5dc8e95a7bfd96e15", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652003, "uuid": "8dbac8ce-fdf9-4541-a3b3-919bc7eb329b", "comment": "Malware payload (Formbook)", "value": "db70988416dd0d9af06715f9f9c6cf77be3f6bf629cba4bed9be82ea4fbf46c1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652003, "uuid": "440892c1-0a82-40d8-b269-d0b3cc449269", "comment": "Malware payload (Formbook)", "value": "9971ee23a2b802c3b1a03a3a8df686aab28e263c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652003, "uuid": "29324381-9dcb-466c-8cc7-258b2d40072d", "comment": "Malware payload (Formbook)", "value": "6431b29cf33e753c9c4e963a371224f1bbb5cd654bf7f4c48841c4629e5243d98fe21d3fb7a03a6026885af964778427", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652003, "uuid": "7901463e-c232-4565-a6fa-5e8ff5d880a3", "value": "T12B441204BBDCD43FC8435BB239BA5357AEF6AA210479125B1F501B887C37692990FF92", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652003, "uuid": "fad718cc-5352-435f-a406-d9cd083396cd", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652003, "uuid": "91406381-a2cd-43b2-abd8-30fc3cfeeb43", "value": "6144:/Ya6uOn/kwfhxmhDcnV6/VMBob43AsvyPggixmLTOG:/YQOMwOWI/VMmbavhmXb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679652003, "uuid": "c3a88618-f6d1-4818-80b2-003efb9d8d2e", "value": 272532, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679652003, "uuid": "ef6cbf97-b0ca-4231-b002-496ad8b3557c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652003, "uuid": "848a7c3c-10cd-47ac-a1ec-266710471e6c", "value": "c1b465d96c0541a5dc8e95a7bfd96e15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99df1f40-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679672170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672170, "uuid": "d18ae230-7b03-4e45-9d12-43a75596da6c", "comment": "Malware payload (Mirai)", "value": "e521f0731bd62f953898e9a5614d01eb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672170, "uuid": "b9121312-85ba-4d5f-a5da-57043fc784f6", "comment": "Malware payload (Mirai)", "value": "dcaa798d2ebaa6d35cfd0ada1fa67271f87975ed1b85fb7ac3239b4d96c8c72c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672170, "uuid": "29893e67-9bc1-4f7c-9eef-b9cf25785e67", "comment": "Malware payload (Mirai)", "value": "2decbd11e6ba175313c3df84b238b2f1afc0d40b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672170, "uuid": "6df18dce-2a4e-4597-b747-ec9802442527", "comment": "Malware payload (Mirai)", "value": "8ecb202bd0df54021ffbe2651ffa184918b702f9a5baccd14bc74fbc9d387a5cd4a81f5b6d8fd1271bd56fff792e38c3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672170, "uuid": "d610117a-8738-4fcc-9cd4-0514ffe75d55", "value": "T146A34C14BC791E12C0E4A17E12FBCA56B1F5328E21A4D59E3D720F8FFF516C0AA06A75", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672170, "uuid": "44441d76-825c-44eb-b4fb-0fdd1e2f9702", "value": "1536:VLmFmdSzM30cEwEO2qbQfSqnqcbAv47SHantLk9iEr:tHSeQ9Spv4WHantQ9iEr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679672170, "uuid": "8a03db6b-e741-4283-9968-2e7d8376cdc7", "value": 99648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679672170, "uuid": "3f29f75c-a7d2-4c4b-93da-146e0fb9dd06", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672170, "uuid": "4f3a4a7e-a58a-44ee-94ff-389bdef4cfd7", "value": "e521f0731bd62f953898e9a5614d01eb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d43e6038-ca43-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679662819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662819, "uuid": "10e00031-a342-44ff-9ded-a83f10062cab", "comment": "Malware payload (AgentTesla)", "value": "c8c8c9b72e8f5d1042d31cb99483d60e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662819, "uuid": "025d2a1a-13fe-48be-8d8d-4867583658ae", "comment": "Malware payload (AgentTesla)", "value": "ddb409c4e8db5fa5347ce84e51c8000206e6df1107c5a7c544fa87a5343ed9de", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662819, "uuid": "8f0bbadb-ba87-4bce-a2c4-d83cb6fc1f87", "comment": "Malware payload (AgentTesla)", "value": "1b1e8a5d8ca42bdeaecdda49cc7aff1429d30a75", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662819, "uuid": "7fe2f608-2e15-4b81-9398-5d85679477fb", "comment": "Malware payload (AgentTesla)", "value": "c6e15d2bdbf67f858205fc2ae580703c49a0f5816d3377e86c039f828e0b723b43f13ac0b815d8cab6a432e9cad7fbbd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662819, "uuid": "e196a0f6-e241-4981-a378-756e0bbe4719", "value": "T18DF4EF44ED364E36F8E9D3B40120137A0768BBA51032D6598BF968CA3EDFB6305D199F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662819, "uuid": "ec955982-8f62-4b01-a849-8bd35bde946e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662819, "uuid": "9508dc5f-9e52-4e5c-963d-189efac08445", "value": "12288:qtDNAx/5mCtMrQMtzzPwwtCYTJKXbYtdSDhRjUJ0DsAUE98z+Zwd:+WsrQMZzYwtnJKUtID/Q0DT98z+ZG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679662819, "uuid": "7f5ebea6-1433-472c-b659-6ae4291e67d4", "value": 787968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679662819, "uuid": "bde5418d-cb9d-4693-98a5-23a7c3ffab15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662819, "uuid": "4fa02a66-3f9a-4851-9b5c-f2878c73e998", "value": "Agent Pre-Alert - DSV Air And Sea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1ab0022-ca50-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679668317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668317, "uuid": "8575dd1f-8a08-4962-8c7b-897a5131aea8", "comment": "Malware payload (RedLineStealer)", "value": "5dc9ff7a05885f885758816663d0d414", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668317, "uuid": "2fa79b40-f871-4190-8581-783ddde6637e", "comment": "Malware payload (RedLineStealer)", "value": "de0deb264fa6ae49e89815bad5a063b8636f06b994dd1ea1612b51408ba98b92", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668317, "uuid": "fb75404b-97e4-4582-8915-f7102a3cc56f", "comment": "Malware payload (RedLineStealer)", "value": "97e5969a2ec8c27888c14eaa52d8c4c23c4d26fc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679668317, "uuid": "1a9255a3-81b0-4611-b2e9-356907f59ba7", "comment": "Malware payload (RedLineStealer)", "value": "0bafe7d42a9bf3390fe8c0fd9ddf5a765ea6d40159deeb9dc48b61d42577138cc2ba9dbbc9b62365b6a5776cc463070e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668317, "uuid": "c2f32bf7-11d5-457d-84fa-6f2b0b19fe8f", "value": "T1B274BF1273E1B921E52687328E2EC6FD663EF8D1DE15BF6E23459A3F0970261C762314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668317, "uuid": "c4f4d26c-d657-404b-8ba1-38840b04f373", "value": "80d951d4a8ff80b46e178f72a4b74c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668317, "uuid": "0691a549-62f6-4fcd-b30b-36c28df0f2b2", "value": "6144:n5eHpoF86mDzIZRl7QjM5XSqmoTqED28bF5zva:5eJoF8vkRFQQ5XSqmoO78bFM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679668317, "uuid": "f561af70-2ab9-49f6-9953-72d3fc3a36bc", "value": 363520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679668317, "uuid": "49ef2465-f7e7-4245-a505-a62b15e8b13f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679668317, "uuid": "234ad4b5-c0c5-4b8a-98f5-f07957499635", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f9a40da-ca2f-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679654113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654113, "uuid": "91ff98c7-098e-4bbb-9563-a7bab44be0ee", "comment": "Malware payload (njrat)", "value": "a549c283f037a106a34b39c3dcd663e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654113, "uuid": "d0ea2bf2-e2f5-4535-a17a-c488993f5179", "comment": "Malware payload (njrat)", "value": "de4cd2e5d0d0969ef21f93c4f33dad620c8383b24d2dd8c361403d69b20178f0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654113, "uuid": "dd6e92b6-d9a0-4aaa-bfa6-7e82d26fde52", "comment": "Malware payload (njrat)", "value": "f23a8401ae8c8cdbc0cd57d70b4f1afb277c881e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679654113, "uuid": "c074892c-4f6d-4f1d-b931-063111683be2", "comment": "Malware payload (njrat)", "value": "65654ce79e575ab0a0275b19f54b6c57ab68d4d5be10e5158856f182fb453b80bab146d6bdd3bcbf4597581c48d477ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654113, "uuid": "934419ba-abf3-4fc5-96e8-54906dbd7a45", "value": "T14364B022B9C1C471D46618350AE5D7B27B3CBD301B264ED797582F2E9F341E0AA357A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654113, "uuid": "123134dd-b1ce-4be0-ba79-0feff3b23fcb", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654113, "uuid": "e4b160a8-a469-4ece-b5de-d4ccbafb64e8", "value": "6144:XdL2uWkVLRR1wOe85TjsugzAgT+tkE98Dr0lAylgQL:NLllHPwOl7gT+tkE98Dr02ylgQL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679654113, "uuid": "b8fded93-2edd-4789-be3f-c025d001083e", "value": 320908, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679654113, "uuid": "1af34dca-07cb-43e6-ba36-67dcecf0168e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679654113, "uuid": "5eb542b9-1364-47a0-8399-ef889ad3f4e3", "value": "a549c283f037a106a34b39c3dcd663e6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1330e19e-c9e0-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679619975, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619975, "uuid": "54d268c0-636c-4875-ab6d-7e242e7b046a", "comment": "Malware payload (RedLineStealer)", "value": "8e7ec9167dd8c5b9444e4ba17e849fdc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619975, "uuid": "ac32e4bb-7940-4b6c-8f7b-41411acf1306", "comment": "Malware payload (RedLineStealer)", "value": "de4edb6770bea10c70233c9b9d32780a3030e1d650fb2333ebb6cf03f14480fa", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619975, "uuid": "df5fa760-d9a6-4f73-8876-0147694f9cbc", "comment": "Malware payload (RedLineStealer)", "value": "cf1e1727ac45958eaab7c8fcc665a3b7fe49469d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619975, "uuid": "1b742772-2a67-45aa-b23d-add74568a273", "comment": "Malware payload (RedLineStealer)", "value": "c3b364d65fc509ff99348d98c7c614a38cb552272620bb07ff0f8ef77f3a3fb055db29d20991e8883eee6249e05e3a3e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619975, "uuid": "7f40e291-44d6-4212-9eef-d2dbee4e6f8e", "value": "T1CF15F827A7A1AEA6CB9D0B36C0DBC4108324BC40574FDE17B6C63AD7B9433529D2B653", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619975, "uuid": "83ad658d-844e-4102-932a-913f16c3851d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619975, "uuid": "678eed93-0665-4211-acfe-aaac7693fca4", "value": "12288:sn2Ky3TXbfjnrvz3KeEoQgvhcPeS1zeQjeaJLfM0jzRJq1T77nQBo2lAG6WDvbwa:sDeEoQg22BvpDROdqu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679619975, "uuid": "f38869f4-427a-41cf-b3e8-51d7d0968e36", "value": 918016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679619975, "uuid": "f8bdd90b-da2c-4e32-b890-ebae0d541bc5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619975, "uuid": "33dcf1f3-38e0-4c3e-9e1e-372514b0fe03", "value": "8e7ec9167dd8c5b9444e4ba17e849fdc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69000c92-ca13-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679642023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679642023, "uuid": "e01f8b62-8b1b-4c00-894d-978adaaeca83", "comment": "Malware payload", "value": "0ca7e417daa654296347f1b99d12754c", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679642023, "uuid": "210c0a98-af57-4947-9429-bd5e89f1444d", "comment": "Malware payload", "value": "e01accb0fb67cfc0eda7ecec8c1a032cf8d28578a1b4120900212ff0c19639a2", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679642023, "uuid": "53faa79f-2f0d-434a-8f0d-0a7c536681d1", "comment": "Malware payload", "value": "ab8492111e220757f1f39467c7d6ae4e9506baa5", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679642023, "uuid": "025ef314-9ca5-4c2a-a4a1-d07bd2656c81", "comment": "Malware payload", "value": "54f53463937b1d9aea05866bcdf9417016b6b6db752fc5c4ea9fba132c3b14906280ea6936f29154931aaaa733dd307a", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679642023, "uuid": "602f16e2-5fe3-41b8-96bb-4c6cb41062ca", "value": "T188533AD3AD023208094B16EB9C4944B0C5BE90FB566704B5AD4EF3AD690375CBAFE71B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679642023, "uuid": "ebc9a927-212f-446b-a551-c1dfdd274872", "value": "1536:cl5Fo5T2NkE1Zw/tGGt2IdXntdi6Z2sa+J9R9:cRocNk2Zw/4a2ytdi6w6f9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679642023, "uuid": "81ba472a-5288-43c8-a21c-671e8a4c1701", "value": 65738, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679642023, "uuid": "75d238a4-d5e8-4662-af57-a8c5b41dd176", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679642023, "uuid": "4ea3d1b5-2fbf-4edd-9804-06b3c9417db6", "value": "gunewgorilla.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b57c7b5c-ca23-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679649023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649023, "uuid": "fd71f433-8929-452a-9610-66221a168434", "comment": "Malware payload (njrat)", "value": "a0ab90b4490216516636d325d1a1d6ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649023, "uuid": "700b3582-f19b-470c-8e85-100a1abbe8e9", "comment": "Malware payload (njrat)", "value": "e0c20f5a29873f39946092bb1a3a8c4be9b0dcf8a642e05bfc96e317cb19c7bc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649023, "uuid": "305d6724-cd10-4898-99af-dc4284fbf2cc", "comment": "Malware payload (njrat)", "value": "794c4e7e7fbb9623995b71f9adb3d8c2b1b2a3df", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679649023, "uuid": "f95c1fe3-2a07-463c-9595-ea99841208a3", "comment": "Malware payload (njrat)", "value": "2e29c4d8f90cfddd7c858dc810cf3c30d1da8163317ea826a046893945688308a8a9aab6c11f707de610409000fe9454", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649023, "uuid": "3504181a-1af9-474c-b378-d49574fc0738", "value": "T197033A4D7FE181A8C5FD067B05B2D412077AE04B6E23DD0E8EF564AA37636C18B54AF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649023, "uuid": "c936ec06-e389-4f85-9906-6f8f9597f41e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649023, "uuid": "12f84d3a-603a-4d95-859e-f9110bde48e2", "value": "384:R286WIiejtCVLO309Qmykrt4QdqMjf+vWEWYrAF+rMRTyN/0L+EcoinblneHQM3/:1HdGdkrOGb+eE7rM+rMRa8NuDIt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679649023, "uuid": "c12b5f45-5ca9-4709-93ef-703ac41cf484", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679649023, "uuid": "f023c091-d167-4b5b-b50f-8adec4fbabd1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679649023, "uuid": "57fd8468-ee06-48d8-8edf-eadcf3fa2ae3", "value": "a0ab90b4490216516636d325d1a1d6ff.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7d61b4e-ca16-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679643551, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643551, "uuid": "c1517cd4-c4c9-4aea-8740-0431a0c9a360", "comment": "Malware payload (Formbook)", "value": "0cd67eb934ba91045650fee0b4ffed72", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643551, "uuid": "deac7182-342a-4097-8fb1-841389ff474d", "comment": "Malware payload (Formbook)", "value": "e1803249e33265318c9f806db079934571ee55c2554e001cee050bea59e06037", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643551, "uuid": "1ffa9580-7f78-4888-99f3-9c704e477b83", "comment": "Malware payload (Formbook)", "value": "e6243aee5180c010464fefb9adba2f6369a3d345", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643551, "uuid": "f27a4291-af72-4450-8cc8-dbf201fc4e8e", "comment": "Malware payload (Formbook)", "value": "5a10d0c010633b40ca4bd177be4ef64e0eaa46944e6c5be5fb623ffccd50358135eca627a57c15fb0bacc1ba1ad57480", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643551, "uuid": "fcb417a7-01e7-4935-b10f-5fe08e0d4444", "value": "T1F005E044DE664E36F8D5E7B41060277A07A8B7A11072C6488BF968DA3DDFF630AD094F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643551, "uuid": "02c11c81-4df6-46ab-91a6-af252d65f2b8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643551, "uuid": "69213d3c-5fd1-43ad-b095-2dce1e67f8b7", "value": "24576:oE1BQcmeV91Es5UFKl+8GaxFOz0W5s5RMOZG6:owmeL1lcd/o7RTZb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679643551, "uuid": "417cc653-c79c-4836-ab7d-2fa1fba59123", "value": 810496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679643551, "uuid": "d47b5af1-1370-4167-aa91-dbf74df30d00", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643551, "uuid": "e7c15cd3-705e-4f43-84a7-296fd4136510", "value": "RFQ-003451980.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0b42c75-c9d7-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679616481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616481, "uuid": "ea4b4501-9fe9-4d7f-8632-6ba4d8899ad7", "comment": "Malware payload (LummaStealer)", "value": "bf273070d5e0094508b264d4584fda35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616481, "uuid": "401b8703-684e-4c7e-8782-d564cf76ab20", "comment": "Malware payload (LummaStealer)", "value": "e28c0abc3cb3519a57cde51c2020f114a7dc59a1b6930ce79d08f7a8516c328f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616481, "uuid": "0124d4e6-5072-47d7-9b2d-795635d3b8a1", "comment": "Malware payload (LummaStealer)", "value": "60b9698aae6c636c39a04ca5d70d1535544541c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616481, "uuid": "6c2cd973-23f6-4792-840f-8e7c26e85a2c", "comment": "Malware payload (LummaStealer)", "value": "a1a442b9114336fdcb6a6e9f7c321aeaba9ea963b4ce11c3538b8a86acc120a01a72551170b464c2a0d5da1488fd855a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616481, "uuid": "28cdb063-de32-4c37-9396-cc7c45986ce0", "value": "T19A44BF127B90C872D5A6C5358825DBF8E93ABC714B5986DB3780673E1E303D2AE3D346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616481, "uuid": "68d907f5-97d0-42df-9f0c-67975b9adcb3", "value": "f74196ae98b7afb3677d1c2066ccd5db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616481, "uuid": "f8023a63-1a8d-4382-a4fd-96d8ec6efe18", "value": "3072:kMe0zjeueCVULIfOa1XULK1gin8fRUFUAbS7RxOWqwE5O7rSmA2ocl5hcSqNCe:c0zVULoTQKx8ZUCb77nEiAJCc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679616481, "uuid": "58520dbd-96d0-4089-9ab5-5f6814ff12fb", "value": 265216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679616481, "uuid": "0b67e0da-ac9e-404e-a2a4-33bde588e24f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616481, "uuid": "e537d137-577d-4065-a0fd-c858cefdc0de", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b9fe099-ca4b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679666160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666160, "uuid": "8d924002-a56b-4c0e-bd2d-e2401eff4ae2", "comment": "Malware payload (RedLineStealer)", "value": "a78d136179ebe29c0a411c3f1e58f9a0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666160, "uuid": "e03ee58f-ef99-47c4-8815-01b4ceebf8a4", "comment": "Malware payload (RedLineStealer)", "value": "e29acd346eeb6f9452e6eea2e54f9ac86850ad5b4c9203fd0ff66f29278364e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666160, "uuid": "f88ef837-59cb-4220-a76a-4944dfbfec4c", "comment": "Malware payload (RedLineStealer)", "value": "d5e4debe68fee78db083fec92bb3685f736b047e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666160, "uuid": "795c6391-9f06-40da-b9f1-5601b61f8b0d", "comment": "Malware payload (RedLineStealer)", "value": "ce4e5f82d9bf338546104333e283953370d94627dbc45912507a74f09624bd08d237913831df25c129a6437d6bdbe377", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666160, "uuid": "e3880b2f-fadd-4959-97ac-8cfc124b0b3f", "value": "T1932523469AE8C4B2D9F52B7805F71A530F323DA00C78CA633249BA5E0D727E4D93136B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666160, "uuid": "5ad4de8b-d088-4161-bd5c-af11a5d276b8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666160, "uuid": "598f284e-9f8c-4686-9fdf-f08c02c4bc10", "value": "24576:nyU3n350NjYcB/Jop5CJ2axE75Kg/iVPpH1pGS:yg3SNjuZ7izH1p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666160, "uuid": "239c1e0a-25af-4f40-83b9-b9e6fe179d38", "value": 1034240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666160, "uuid": "637b2f5d-be3c-464c-a85e-e160d05cc997", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666160, "uuid": "5368132c-c00b-4728-ae79-7cab2c8eb86d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76fc1117-ca44-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679663092, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663092, "uuid": "9cea7561-a82d-4a30-b941-10cd83e77522", "comment": "Malware payload (AgentTesla)", "value": "c789f5c4733f0c0f2913db13fa4d4b1c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663092, "uuid": "c9b9dc1c-d2ab-4c7f-a58a-abf581fc97d8", "comment": "Malware payload (AgentTesla)", "value": "e373bb53bb3a7709c5d1e0427ba8020ecf13af7061e7f32a13dfb8179b26b4f5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663092, "uuid": "2238abcd-d69d-4024-b9d6-be2d271c7b26", "comment": "Malware payload (AgentTesla)", "value": "c1bc92fddbd933f197e4dfbe289509e54b141071", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663092, "uuid": "4e114e6b-856f-4c76-814e-6a27e4b99442", "comment": "Malware payload (AgentTesla)", "value": "ba7c6ea307552a55fc8239c0664e5a0a804c37922008ffbc29fb7f4a7ed11f2fe0bb0428ef2c68f3e31a94dab1b1e795", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663092, "uuid": "be5b7230-1372-49c2-90ce-dc586794ace9", "value": "T109F4E055ED7A083BF9EAD2B04051573A03A8BBA250A2D5C98BF96C883CDFB7305D145F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663092, "uuid": "d90204eb-eb21-4c1f-a9d5-1d30d3fbb4e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663092, "uuid": "cdce8149-72b2-4d5d-b265-bdc19d18a86e", "value": "12288:jNDP6g/ZSKCXd0BIMz0iD5uJmIYQRy5leBAB9KoRlLHbR+ahugvcL4ZwdX:FP6SZKN0z5uJmHtl4ABU0lLtFfvrZGX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679663092, "uuid": "d12f6bb8-2efa-40b3-8c92-ae316cc263d5", "value": 782848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679663092, "uuid": "4712ab5c-23b5-42d0-8a69-08736f4351bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663092, "uuid": "6d4a42fe-b79c-47e0-901c-bc0f68208a2e", "value": "Order 4039740410170.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98fb3b13-ca2b-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679652411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652411, "uuid": "905364be-ab5f-48c2-8af1-c1f588a07bf5", "comment": "Malware payload (GCleaner)", "value": "1b25ebb15febf3df865119a5cfbc6ec0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652411, "uuid": "6ed66ce0-6e41-43bb-9212-46d628be65e9", "comment": "Malware payload (GCleaner)", "value": "e3f43693acaca6abb1b0bb8de4a504c52f1e50e08b039d59ffe273696bd69021", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652411, "uuid": "8ab71afc-9385-49bc-9f09-89af3c40753b", "comment": "Malware payload (GCleaner)", "value": "bcdd463ee2870d82efc590c2ed1a50ae587f60fb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679652411, "uuid": "b0d2db3c-a2cd-4b69-b210-fa53f31e965f", "comment": "Malware payload (GCleaner)", "value": "17901a192d1902706972e58964edb1d0ba73bcb2847475f0e554048774de1b99520c7723e559b5d15fdd104b9f2c50fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652411, "uuid": "30aff396-c7a0-4280-8762-0aa15433c2ea", "value": "T12E953304C6D6DCFBE063DA309EA8AE09D516D972197D751E38F86DCC9F720818DB6382", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652411, "uuid": "849889a3-135a-4f6d-8f68-aaf83cdfc753", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652411, "uuid": "702e0641-9809-44c3-b20d-0f25ab0429af", "value": "49152:EGlJfs0pdlpjtFmpcE2gbHQ9U+MxkkCTcZh5RmpUDO5dlLYp:5bpjtMcWbH6Yx7HHXm2YPYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679652411, "uuid": "93745a0a-227a-4eb6-98db-cf2668a1a6ce", "value": 1999572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679652411, "uuid": "1c1506bf-2be6-4feb-9ef2-e1e0397cee67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679652411, "uuid": "e32dff69-8ad3-4768-9f8d-76ddbc1045a3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "936c44b6-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679672159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672159, "uuid": "46249249-69ab-473d-8cfc-ec84f90ba7c7", "comment": "Malware payload (Mirai)", "value": "db34a7298b78655dc1fa357725d81f6e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672159, "uuid": "a9568601-35a1-4c00-806f-12baee161160", "comment": "Malware payload (Mirai)", "value": "e4e3f01515ee3a682606033f481de60a81ce1b8604729e73fec2c0a69a298b0f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672159, "uuid": "ade7e94b-d6c6-422e-b495-a998314aeb26", "comment": "Malware payload (Mirai)", "value": "ee9e3bc724e33ea50151e608f264489c88f1e419", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672159, "uuid": "76692487-1c73-4aa8-9d8b-da390d5ca0fc", "comment": "Malware payload (Mirai)", "value": "37417c778698b9b5ec665b3ec5503cd82438ae73d2ed946350d07a54346501159fa419341f9d9660cd955985124153a9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672159, "uuid": "84938a48-7b0f-4931-9e26-f8bcf787f658", "value": "T1DC839D78D0A89DE1C2514130B6ECDD358F12E280B7833EF745968E6900979EDBA4AFF5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672159, "uuid": "83e9a451-f54f-48ef-9e39-396f26055cec", "value": "1536:2aitK22VX/GLai+Y5YwVNw8MCfFS2xofs3uGJ26NEjTeoMSQCfM:2FtJ2VX+fTYwVNwo5if+uMwyoMSQ5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679672159, "uuid": "e8852e10-261d-496b-83ba-4c79386516bb", "value": 87576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679672159, "uuid": "4f002c04-e986-41ec-b71e-8232a1a2c61a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672159, "uuid": "6c374e7f-d44f-484c-8cf2-75770d158995", "value": "db34a7298b78655dc1fa357725d81f6e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b5a6a8b-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (zgRAT)", "timestamp": 1679640389, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640389, "uuid": "62164e6f-77b0-4985-bce1-eae6b591c917", "comment": "Malware payload (zgRAT)", "value": "1651e40eaf343b2e9ceaea5f1aef2fae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640389, "uuid": "d2b3124e-a682-4b74-98a7-e59afb5683f5", "comment": "Malware payload (zgRAT)", "value": "e4ea5b2871c32f3d25689785ff260ae5e75e7117ed478dc2f9e8edd1c01030f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640389, "uuid": "a37f5fe9-06ec-4d87-894b-ef90126f572a", "comment": "Malware payload (zgRAT)", "value": "45f37f33441740a9b02186ee687ab999c62a4964", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640389, "uuid": "38924b44-4b6a-4d7b-ba63-1e7f18089c11", "comment": "Malware payload (zgRAT)", "value": "81f43bbf6f2e452286378519f48e01aec96f04887eecc053b87aecc415e94b1ffe92503f616cc2b2259251177574d550", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640389, "uuid": "9b6e8fca-9624-4d7b-b73e-02c7e87576db", "value": "T1E406BEB21283BEC5E77F1D21C06036B04D109467ABBDE38DBDC9259B92D5B60DF486B2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640389, "uuid": "b7e66280-aa5e-4559-a7bc-e2ef7d9eb17d", "value": "49152:DU1ZTuEPA1jnjmFr6HeKJA3J/lU7PJRIjIP:D4ZTx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640389, "uuid": "bdcf5ba9-6756-4595-b570-67ffeb6b632f", "value": 3675136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640389, "uuid": "1f3156b8-a918-49e3-a432-0af4715cd9a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640389, "uuid": "80c42aa5-8cf3-4c47-8514-af74a82c1a59", "value": "1651e40eaf343b2e9ceaea5f1aef2fae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5899322-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679660217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660217, "uuid": "e1721f16-9826-45b5-9490-8b82d453b9c0", "comment": "Malware payload (Mirai)", "value": "2c20c416be6ce77c0a87c800b959fe2b", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660217, "uuid": "bd35e040-5872-425e-92bd-6b4e14b3e0a6", "comment": "Malware payload (Mirai)", "value": "e613aaf7653b7a27c502ad8c5f30256c77e07418f8dcd0d4bf2a83726c8b046a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660217, "uuid": "fc520386-f718-4966-8899-5ee48fc45a3a", "comment": "Malware payload (Mirai)", "value": "538dee17c9f151e7fad5cd6f3ccadeb99c147c0c", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660217, "uuid": "af6a6acd-d2ad-4afd-a286-7cd23c4502fd", "comment": "Malware payload (Mirai)", "value": "9f886fc9d67a00dc59e72eaa7b94d960a21944ad4999bfae55ebd5fd93dc7b478ca85b22035fa46c01286ad71438357b", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660217, "uuid": "22e9a8b5-e904-49a3-981e-205c3ef290b2", "value": "T1C4534B07B94180FEC45AD078177E7A3ADA3374FD0378B2AA67E4FA222C95D612E1DD44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660217, "uuid": "1764633a-6fa0-4295-b324-5d614542fb8e", "value": "1536:SVX3h6erFcopoT44g/XEmMmc3zcwjiZJe:i3hRTP/zMmc34MiZJe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660217, "uuid": "97c8cebd-1d8c-422b-b7f8-8a35d8537a88", "value": 63296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660217, "uuid": "ab69fd90-a29d-4617-8273-dc160d99ea88", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660217, "uuid": "86dfc7c3-e2f1-4f9d-8bfe-ad2e157f5f38", "value": "nigga.x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69564e9d-ca78-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679685403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685403, "uuid": "eed5788f-1c4c-4fc0-8699-f33836d40bce", "comment": "Malware payload", "value": "514e720bfa28efa66c8097e5240a5065", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685403, "uuid": "3011a5b3-f1e6-4067-9237-9599eece832d", "comment": "Malware payload", "value": "e71a0b1dc02ef56ce34fc20ab78ca14eeb04c691b37401064c91d51ffa801f2e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685403, "uuid": "e9c7931e-80a7-452d-a05f-2d966ea04e38", "comment": "Malware payload", "value": "392c6c93eab2d1b61fba744f1509588c1f55e9a4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685403, "uuid": "0663acb4-2d84-4b89-bb47-b2a598493e5d", "comment": "Malware payload", "value": "97c5e2f24fb6b2c16f41d5b816831bef299d85611be5d87e2628a6e6aa9a304976eb0025dba064848edc09cadcd1444c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685403, "uuid": "55ebe4fd-733e-45d3-a603-a039b6adfe4f", "value": "T178548E1273E1FA60E55747328E2EC2FC2A3EB8E1DE15BB6E1754593F0D702A1C662709", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685403, "uuid": "f0fe8398-1c75-4e63-bac5-1d1b0494935b", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685403, "uuid": "8def17fb-cfca-4c73-adb3-5f1a4f1e8413", "value": "3072:loPPDm2lpzHkhqBRCUs81gPtv1kZBB8r3E3JeJVjJ75D3AZeFUVcvL+WN8aeDr:qHamzHL1gPtkOwUr7R6VcvL+va", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679685403, "uuid": "ec3247ab-15b4-434b-b1b8-5eb8d892cef2", "value": 284160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679685403, "uuid": "c95a81e8-47a7-4f39-842a-fab498fc1d53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685403, "uuid": "b6dc9e03-40d8-4c70-bc67-8948ee553292", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94b2d1b7-ca44-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679663141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663141, "uuid": "93fccb04-5e9b-478a-88f3-6e74dac3f6a0", "comment": "Malware payload (Amadey)", "value": "41756f3a209fdfdd003c71a806236f4a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663141, "uuid": "0361c969-a612-4fec-9051-c43ce3c3f8d0", "comment": "Malware payload (Amadey)", "value": "e72ecda6e6a8c4b3fab29655f6c4f6d94412ef01a4c9f4ecdb002c6d0e10a46b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663141, "uuid": "50e6fc40-f10c-425c-8a01-4fc080e4847f", "comment": "Malware payload (Amadey)", "value": "8166d213db74203781fcae31fb3717dd8d832684", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663141, "uuid": "f0da925b-1998-4403-b4c8-c9fabe42c78b", "comment": "Malware payload (Amadey)", "value": "13395ea3abe760a843515a0f1b1a10d56a1f6ce26d6a1e028867151e421358d2fbc7d70d5865337da0ec73946e7d11b8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663141, "uuid": "5eb16dd9-2e93-421c-aa0b-d853cadf6ce3", "value": "T1B7252346ABD00437E97427B458F703831B3A7DE44EB4936627C8A89F5C721D1A6F0B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663141, "uuid": "f2cc53df-c241-44d1-815b-e49ebf2c6245", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663141, "uuid": "79fcb497-3f62-47ef-84be-e10c6e7bc935", "value": "24576:ayJDFtRVjj8xxFWJh9/uTpG/slmRhB7QmNGI5PONWL64:hJDF9j8xxoDMI/wmPuSGSPONW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679663141, "uuid": "88441897-7cc9-4a56-939a-9473fec8c093", "value": 1034752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679663141, "uuid": "5003c1dd-71b8-421f-937c-626af074632c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663141, "uuid": "973f1f4a-c3ee-44e9-b91a-2024708f6ad5", "value": "41756f3a209fdfdd003c71a806236f4a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c38d39d7-ca41-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679661932, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661932, "uuid": "ab7a2f86-a014-40db-bc26-d34c994a03d5", "comment": "Malware payload (Loki)", "value": "a8f373252503ebaed16d585ca66fd2ed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661932, "uuid": "76add05d-a2ca-4d8f-a08a-1f373be85a69", "comment": "Malware payload (Loki)", "value": "e9137ef56c94fd93fe772f5bb63237ddda2d77a83584819c7fa8f3fcc1117992", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661932, "uuid": "49850927-176f-4eb0-ab1b-d4babdff4492", "comment": "Malware payload (Loki)", "value": "9ca125fe29f99d584b319be22d7a424fa21c9df9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661932, "uuid": "71ea8c1f-72ee-4409-831a-2fa18d8ddeb7", "comment": "Malware payload (Loki)", "value": "b5ac4003c0301287ecd71c324f08032472f955d824c53c588620b787a17ddb3317d4a2162ce7772a9f9ad9683b464625", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661932, "uuid": "54640a78-669a-49a4-a79e-a5641443575f", "value": "T1C415120C727A2721C93D37BB9090245853B5FD60AB55F35E2EC554E70EE2BCAD602E8B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661932, "uuid": "a86f2799-7348-49b6-8598-3de3e1b12018", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661932, "uuid": "08a61b7d-6177-4ff4-9090-3ff7ef8f5394", "value": "24576:fM2JTtnT+N+1zCCoYYpDITKHrMyCnOxP:flFt6MF5LYprHV+6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679661932, "uuid": "65573ef8-a00d-4933-a48e-1ed162da9ab8", "value": 884736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679661932, "uuid": "0174f221-19ac-42a1-80f8-dde2d0ffb4bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661932, "uuid": "bb42033d-5966-48a3-bd8b-50e20767b414", "value": "a8f373252503ebaed16d585ca66fd2ed.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55e553ba-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679639843, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639843, "uuid": "86bd3ba7-7675-4440-b362-ffc70f73e1c9", "comment": "Malware payload", "value": "2c27d6fe88c0546e5de604ce50e3a83c", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639843, "uuid": "b628edb3-c2ae-4b18-baba-4744dbbec728", "comment": "Malware payload", "value": "e95ba35b4f674a525cbe1a09935db84ea766bad5257486c5ace7dc892e7e9baa", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639843, "uuid": "4adf1295-3366-47f1-a316-298fdaeef1da", "comment": "Malware payload", "value": "3a68164d3171b661f4ed5dafbcd5e73812fd42fc", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639843, "uuid": "37bc8a7d-3487-4038-a2e0-da49a81635d5", "comment": "Malware payload", "value": "3976449e7b4be7d23ccf78c8086d09ead337bec62787a966a6735c5c450214ede8a117fb580e95da7d430d7bd329e8f4", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639843, "uuid": "4f19812e-e93c-469f-a4c8-3ddac4a03c8b", "value": "T1FA652351BDD78B43CA9AA7389EC3D21762BAFC013AA6C5077208731D9932EF18E5531D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639843, "uuid": "553b530d-0e0b-4491-8e51-3239538cdcc2", "value": "24576:52Tbq8KPsUGRoG1t6EWOEMhpaMNzl8raUtGCn113y4RzuCr2izm/EcUAbFNLGeue:Ev5K/G3v6EWxNMNzlMRtGCn113y4RaCY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639843, "uuid": "af78f422-5fe7-4822-8eaf-c407fab75619", "value": 1533952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639843, "uuid": "25a78f0f-6c2b-418e-95df-1f07b052a2fd", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639843, "uuid": "4c3ca525-ac74-4b5e-853f-d15f59ac5631", "value": "PURCHASEORDER....xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c88c5e0-ca45-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679663504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663504, "uuid": "59369aa4-9711-48fc-b511-2fb545901ffa", "comment": "Malware payload", "value": "715cf946b6cc67d4e6b8a473e3ea2cd4", "object_relation": "md5", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663504, "uuid": "637a048e-79c6-4c60-86e1-5564f14d2826", "comment": "Malware payload", "value": "e9907ac5fb8cbf78d3f77a353b77842d2c672622068d4460a159c7a3c4b5370f", "object_relation": "sha256", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663504, "uuid": "d31171d7-102b-4069-96f1-817dddd68ba4", "comment": "Malware payload", "value": "1ae29b4d714fd636ad5f2422bceaabc6ce8d860b", "object_relation": "sha1", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663504, "uuid": "7effa8d7-8381-464b-9ce4-490117cf1f26", "comment": "Malware payload", "value": "504dd6042526d514f2bfb592d11d313c0041a2ea4e558624e293ed02165790e5a2caa64d892c92486bf277dcb1f1c5e9", "object_relation": "sha3-384", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663504, "uuid": "8a292543-66e2-473f-8147-27fd8674e00d", "value": "T190055DA88E225F13D17E473CB713A6800EA4DD3B6910EB44EEC8B09A6D75FE4D45BD60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663504, "uuid": "e6662b82-6fa0-441f-8f2d-199c889453d5", "value": "12288:TEgZvdomf3JlrB/BmOHfGNXmRhywCQm9u14e7EJ3L41HcNSBokYgP:TvZvdf5lrRtHeaSQCuCDgR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679663504, "uuid": "427b79b5-7e68-42dc-b9df-603c49897cf3", "value": 849920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679663504, "uuid": "cc84885e-1529-4a72-9435-19162f52a1db", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663504, "uuid": "5809bdd2-2ead-4582-b319-90762d4d161b", "value": "nPO-106068.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1432ddbe-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679659490, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659490, "uuid": "0da10c09-4bb0-4fd4-961a-e7fcb3cd892e", "comment": "Malware payload", "value": "19adca794b12683cbd6daf2aad8ba586", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659490, "uuid": "969c45f4-8947-431d-bb99-0ec8859711e1", "comment": "Malware payload", "value": "e9c4e87f5ce1eb707e29428315c60cfde36d84ec844870a733b9fe29b8e8e3c0", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659490, "uuid": "85598ddc-ab44-4b9e-805a-d7dcfe9aa303", "comment": "Malware payload", "value": "649f2288f393cee113233b2975f772a3adeda901", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659490, "uuid": "856340c3-7b0a-4e42-a15e-452f8f2da1e8", "comment": "Malware payload", "value": "c4159e9723776b9b6bfbbda3ce28c0634d9a891fbeeae595ffd5f34179fa7ad8558a5317bf3ca26b8ca4704480ebaa42", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659490, "uuid": "4bfdbabb-6cdf-4682-b958-429031a819e3", "value": "T138F02EAB675C6DE7E9B82BF8080F33787793E512130253CB520A21228C93EC00FA2840", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659490, "uuid": "8c5cdf94-364b-4220-9112-9770b39593c9", "value": "6:Btk/tKP2Sl/4lXYls1wzFkrc0BMZzaqnMDD9BfhOlrVEqDUGPselM:BX7toXIs1lY0OzOffovLUAs6M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659490, "uuid": "836d7a8e-81ca-4f18-b425-3a58d01a8537", "value": 476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659490, "uuid": "c6c15407-a679-42a9-893c-3fc4a18732be", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659490, "uuid": "a4595854-f890-40f7-ba2c-3532e1e6d8e8", "value": "e9c4e87f5ce1eb707e29428315c60cfde36d84ec844870a733b9fe29b8e8e3c0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1586108a-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Panchan)", "timestamp": 1679659492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659492, "uuid": "afba8063-d3d8-441b-943a-2c7b34a2ed83", "comment": "Malware payload (Panchan)", "value": "6515c9b284698a5bfe63d974df9a92e6", "object_relation": "md5", "Tag": [ { "name": "Panchan", "colour": "#6E9401", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659492, "uuid": "aa88af0b-9308-425a-91df-1974c0dd98df", "comment": "Malware payload (Panchan)", "value": "e9dc17a1b4d611f2872112d4257554408fc0acb803674f4e29f46d2643d6a539", "object_relation": "sha256", "Tag": [ { "name": "Panchan", "colour": "#6E9401", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659492, "uuid": "83e00c2f-ca57-4c35-b06f-3093a942e9fc", "comment": "Malware payload (Panchan)", "value": "d083b71d3fffa0f9a950bf5f90fc63661a43d06f", "object_relation": "sha1", "Tag": [ { "name": "Panchan", "colour": "#6E9401", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659492, "uuid": "a6fe7328-f047-4602-8824-b2291ae0d0b0", "comment": "Malware payload (Panchan)", "value": "2f0773647e6001e35a69de5fec7ab3ea6b524e50a824e329d718e8cb16dac1f44f11a27624417b5a001bf30da8b1ce80", "object_relation": "sha3-384", "Tag": [ { "name": "Panchan", "colour": "#6E9401", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659492, "uuid": "5ca05eb3-5b9d-4ba1-8694-b159bbf61763", "value": "T17C37CF73910738E9E5A98DB4D01425426DAC38875738A3C7BAC871F667EA7E48E3D730", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659492, "uuid": "cd5c1e77-bae0-4898-b81a-35f7eb8a3d6d", "value": "49152:cSk1vGE1pFrb/T/vO90dL3BmAFd4A64nsfJvWSIsWWKbeJMJpn14PE9Z7rYPVnal:sXyWSpV+Wu7rI3JEH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659492, "uuid": "ae84e5d5-34b1-4046-a40f-e6864198af57", "value": 23756800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659492, "uuid": "c20c4835-0e54-4a9a-80af-ecece0247e11", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659492, "uuid": "46bcbe61-b027-43c5-bf5b-1e1459688edd", "value": "e9dc17a1b4d611f2872112d4257554408fc0acb803674f4e29f46d2643d6a539", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb94f01c-ca7a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679686426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686426, "uuid": "926959b5-6b69-4759-b010-38411129c0d6", "comment": "Malware payload (Mirai)", "value": "d2d9474828f5bc1fcdc70516d3c38d20", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686426, "uuid": "f5d640cf-64f6-4346-8cff-d088d117ee22", "comment": "Malware payload (Mirai)", "value": "ea36a0dd3a68aa1c4146ab9e44efd4a8854ff40c2de6f03d31b77429c9392798", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686426, "uuid": "01ee7f88-e2d6-4e6c-8d9a-a1e70c5d6d75", "comment": "Malware payload (Mirai)", "value": "a14d860f3d6ceb51991d93d1c18ebc1611aed26e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679686426, "uuid": "cbc55460-553d-41f9-b48f-78871e5b3d15", "comment": "Malware payload (Mirai)", "value": "d9b33668c225922046fba86ff5e4aea288fe4b0088ddf5626e4d9f97d3aa0f2257c776a8aea321506419014a7fe958a9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686426, "uuid": "e1fd8a38-3ff9-4753-9f77-b967d459f016", "value": "T159631279900CBD75C239EB36E9F0217B9495537CEAE6F40B06D32179340CA91F53B89A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686426, "uuid": "e76d33e3-480b-43c1-a23c-4d2c9cbc7a02", "value": "1536:O3sVP3SoWLDq/EXR7HQPoVLjTE06Kr5Cwpm:Ys5SowDq/ExQkLjT96Ogqm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679686426, "uuid": "eba63a5b-76f2-4b06-84f7-75b73c0bba78", "value": 68196, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679686426, "uuid": "394e2d12-68f7-434d-b933-850dcc6f4056", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679686426, "uuid": "b2783f1f-bfce-4cbf-9841-adb777d4176d", "value": "d2d9474828f5bc1fcdc70516d3c38d20", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba87972c-ca64-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679676949, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679676949, "uuid": "8fcd4809-93fb-484d-ac56-b4cec5f1d6d4", "comment": "Malware payload", "value": "fe2da3b9e433aff9b23f4deeba25cb52", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679676949, "uuid": "e9bdad07-5c39-4aaf-9230-ad74a2748b46", "comment": "Malware payload", "value": "ea835c4644b0679fefe64f67a24ec9c582f055a17b555ffe6114bf89e7aba017", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679676949, "uuid": "02466133-b98b-42f2-b607-118a8e5df731", "comment": "Malware payload", "value": "194902c9656ac006d9a5460d67d0470d385ee75f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679676949, "uuid": "ccab8575-0f82-4970-b1db-1434e84c9093", "comment": "Malware payload", "value": "bcdc9a86a74befffd327ccf98e70ca3cf331df1725f254d7ce9f8279617a7495091e93465069eae54d682714b3b50a5d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679676949, "uuid": "58d09c0c-01e2-47f9-91b3-141ad88e050f", "value": "T123547D09B2A40DB6EE76813C8A639946D6B27C210371DABF1375522ADF3F3C0A53E751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679676949, "uuid": "88063659-3487-4625-ad12-9faf4b6ad332", "value": "d01b20922607222b0ab8e614c7076141", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679676949, "uuid": "766e4ae4-6904-468f-8687-e5efec492f1f", "value": "6144:EkjwV2s45WBNj8W0ZjiSkr15L09qFrvohPX3AXnV7:EKF5WBNjKeSkB5LBvo4V7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679676949, "uuid": "0e2fe77b-2dfd-4154-a3d4-81af176d3121", "value": 287232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679676949, "uuid": "51085008-5121-46d2-a33a-adc5e51ac2e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679676949, "uuid": "00fba231-4403-4312-ba30-dc48a848a4f0", "value": "ea835c4644b0679fefe64f67a24ec9c582f055a17b555ffe6114bf89e7aba017", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7521d312-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679639896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639896, "uuid": "eb971ede-9bd4-47f1-9929-96409b15c85e", "comment": "Malware payload (AgentTesla)", "value": "ce799150af794b8188a7c547660e5f6a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639896, "uuid": "67c782a2-3da6-45b6-b0b5-6b10bc8fbca9", "comment": "Malware payload (AgentTesla)", "value": "eabfebdbacab5478437bda6bb709be1cd7ec5649c6ef81ef4a06b6d29b56a58b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639896, "uuid": "0f5d273c-ce53-4115-a928-6bc77744218d", "comment": "Malware payload (AgentTesla)", "value": "7dbe23db99cbafe43853a69985182eb68230e745", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639896, "uuid": "c4e9d28b-9e2d-446a-b8cd-6254c02993bf", "comment": "Malware payload (AgentTesla)", "value": "d3906eaf4acbc5dfba4d010c0c36281228e5d505870a153ec0f360fb3b71be4c71427075a132c035809dfb9534c37833", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639896, "uuid": "7c2ad793-665f-4de4-ba45-c4ab0de20605", "value": "T1FD256A43BB1506E2FC95DFF0885017FA32D7BE922421D15C4EA5B4F52AB7ABF0990C4A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639896, "uuid": "bb681210-fcb7-40c8-829c-411dfd920235", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639896, "uuid": "dd2933f5-7bda-4870-a3b8-da7759caf661", "value": "24576:PCHLr91y04G4X1SYZcwGyF/Dz/bgbgZG:qH/91y0b21vZ3F/jgbgZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639896, "uuid": "8224dbec-f6ba-48bd-a5be-acc0123a745a", "value": 963584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639896, "uuid": "f450de9d-cf07-4c6d-ac03-9c62e82ff4aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639896, "uuid": "000c3049-81ed-434a-9a44-782562a24d01", "value": "Halkbank_Ekstre_20230324_075616.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16278b9e-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679659493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659493, "uuid": "0ae13230-f28b-4d1d-b543-ad2469f10fd2", "comment": "Malware payload", "value": "0390eb5f6f8ff2beef4656a40908809a", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659493, "uuid": "75aed864-917d-40af-80f3-3d4ae536feed", "comment": "Malware payload", "value": "eb9f52919308e79c674be9c404ff8eaa27b284d96c380067522a18fb0ac49176", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659493, "uuid": "e35b2699-2f61-4d65-a241-84a7e8c5b193", "comment": "Malware payload", "value": "7fea9b78f47bd3ebaacc06c1fef14874be207218", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659493, "uuid": "06890f06-063c-48dd-88fa-e47b87722bd9", "comment": "Malware payload", "value": "07c167bb1990dd05b3dcd483cbdeb4411e283304fdb8b4a6f6d09b6e9f81f69be1f0a6e7f8a19dd30e5d5cfcd7493ec4", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659493, "uuid": "1ed3aad6-2c98-4fd5-b31d-12c3fa0a926a", "value": "T1EDF02BA7875C98F5C7282130456A8721B743BB54C7A91F07692024234D0B8580D8ED5C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659493, "uuid": "d05132b8-fe64-4ede-89be-e1aff2eada8d", "value": "6:BBkSlXe1oaXyK/V+gv/1pxR1aSmatp08kHrqDyGPXE:BBkWXqo8yk+gHZrtp0xCyAU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659493, "uuid": "accc3440-a392-404b-a8a2-ace13b2daa75", "value": 476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659493, "uuid": "8bef49fa-110e-4a9b-b5da-fc213a495910", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659493, "uuid": "c2ff7ee3-8256-45df-8ce2-eeb5ed3f6b64", "value": "eb9f52919308e79c674be9c404ff8eaa27b284d96c380067522a18fb0ac49176", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5151177e-ca17-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679643701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643701, "uuid": "87152765-05b2-45b9-a4dc-469d77196869", "comment": "Malware payload (GCleaner)", "value": "49d0209dd20f273e8e8a2f80c40c5621", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643701, "uuid": "ad448f65-f66e-479f-ba76-78b8b35c8000", "comment": "Malware payload (GCleaner)", "value": "ec570f852dd3ba384ca3c3c23a514fb34a78c586ca957dd64300e8e3737e1ef0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643701, "uuid": "948fe1dd-ef0d-4ded-9f0f-2d0f6a05dc84", "comment": "Malware payload (GCleaner)", "value": "7c7f05b3f05a6d05be43ea4535d7ac1f15fd80ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679643701, "uuid": "9423f864-f550-4423-97e9-c0e11244e54d", "comment": "Malware payload (GCleaner)", "value": "1f445baed65f36023d96f9f5222ee9f8b7497d446b1ef3db9db73e992dddab06a991b262bd82aa5d3afbf1fae1340bad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643701, "uuid": "9f21985e-44bb-4b4e-801e-740bc283ba0b", "value": "T105A533D3A1DA8871F187CE719E644B84D94ABF491D7C04A932ECEC9E5B178438C5D38B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643701, "uuid": "4b212bb6-27d9-48ba-9dda-9896831df2b0", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643701, "uuid": "c0e4355c-ee2b-4c3d-a63a-8d5e393f4dae", "value": "49152:EGlJfs8TODimEqX8FmF9PjSkzKGIGj0tDR5F8qESbgta+jPLj5dlLYp:5jTGimZ2W9bfKG7j0DD8qu99PYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679643701, "uuid": "6d4e18b6-ed8c-4b90-9bf0-e16e4e281ecc", "value": 2191715, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679643701, "uuid": "fae68ca4-ed43-4dea-8310-5836f39c115f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679643701, "uuid": "4c3bd81a-8559-44bf-b67c-ab953c7014f6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1084da5d-ca41-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679661631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661631, "uuid": "4db975af-a4c3-45c6-b8e4-80696bf2fff0", "comment": "Malware payload (RedLineStealer)", "value": "3e5b2526887a6b5dca6e0e34c796ab77", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661631, "uuid": "e95c31da-0e90-444b-a3f4-0884b7b3a836", "comment": "Malware payload (RedLineStealer)", "value": "ec91b5c3178654b86496af10f17af63be1587c13a02f683107f7cec1ed7de0a0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661631, "uuid": "8c5d940a-bfb9-46c7-aa56-a3a51eba2f76", "comment": "Malware payload (RedLineStealer)", "value": "e547cbda384dc752acdc16db087a849d54487786", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679661631, "uuid": "864bcd1b-e708-4d19-8fc6-bed47b9474fb", "comment": "Malware payload (RedLineStealer)", "value": "379c2f57ea72026b1696923b110d54589c9d65ce9e62d8793fc662fb808cc35b784ab97842c13ee9d4d47f04c7deaac7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661631, "uuid": "2b3a3879-616f-4bc9-b473-2b0f3ff78fbf", "value": "T1FB252307F7D9A037DCB52B701DF712831F3ABAA18974835B17A5AD0A5CB2544A270B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661631, "uuid": "4771d17a-48f0-4d12-a926-0d588d0aff0e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661631, "uuid": "8b97fe0d-b124-49a5-b80a-e67859675fcd", "value": "24576:TyhrKaIO98YWzg/J04Y9qK0+z7uewXhsbgalp9FvGw:mVKw8YWzg/J0LMVhCg+HF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679661631, "uuid": "d538ca94-a806-45ea-a8ea-b8fb9ab80f42", "value": 1035776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679661631, "uuid": "c3d78be5-fd1f-4c85-87e2-75b2ebb65b85", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679661631, "uuid": "e005aa20-5614-4ef7-b405-9db04c44613b", "value": "3e5b2526887a6b5dca6e0e34c796ab77.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "129b2069-ca29-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679651327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679651327, "uuid": "9c451a24-b116-4298-9cea-98d953b7c99a", "comment": "Malware payload (Gozi)", "value": "1bea9be945857a23b4103c397c98525f", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679651327, "uuid": "eff16046-5e5f-4437-819c-fc9e7fb489b7", "comment": "Malware payload (Gozi)", "value": "ecfe68b783dbdaddac6583ad328fcffc376ce6d8dfa7a40ed7ff27a5ef65cd4d", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679651327, "uuid": "59315e5a-4a69-4c4d-8d2d-66044cbe17b8", "comment": "Malware payload (Gozi)", "value": "eaaae21cad6b0470a56c9c1d631c68557dc5a430", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679651327, "uuid": "a66b8fe0-3a46-49ca-a9ff-353d33acc3ef", "comment": "Malware payload (Gozi)", "value": "b195954ec95b3799bba48ecaddf3d44eff4218331501b93e4372495fc5a85286ea23242e3f3557383bd402b369137f0e", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679651327, "uuid": "984b76b5-c2b1-4ada-b4f0-8c8de6d7d470", "value": "T163347D0273E1B961F62786328E2EC7FD263EB4E1DE15BF6E13459A3F0970261D662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679651327, "uuid": "b78d2399-84e2-4507-a93f-9373e338907c", "value": "7b85b4007e97101d5d345ff9023ba03d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679651327, "uuid": "a637605c-a05c-4372-99f6-d412b10db83b", "value": "6144:Bhg0NRMT+pBn3paIikHh6TLPbY1k5dm5uj:vg0NRXpXGkHUT4O5Qw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679651327, "uuid": "adb60d89-9ad4-481e-861e-9968ab5d3481", "value": 252928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679651327, "uuid": "5376d20f-bce1-4101-b0e7-3d309991954e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679651327, "uuid": "11738ef3-577c-4a5e-87ee-5c5090204681", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7490886-ca0d-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679639685, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639685, "uuid": "bb76f669-2a00-48d6-b75c-d727bb5322ac", "comment": "Malware payload (SnakeKeylogger)", "value": "b937cfc610976f5aed6dfd7aba0763c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639685, "uuid": "1447f8f6-6848-4fec-8e86-e282576b9f07", "comment": "Malware payload (SnakeKeylogger)", "value": "ed8a2741526c390d94d57de34aad4e3d533ab02beb98f6dfe428c281ec37d279", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639685, "uuid": "63d9975c-9233-4167-b0c3-ac7019041c56", "comment": "Malware payload (SnakeKeylogger)", "value": "0df6374148b77143dde73e89ac0cfc485a7a2922", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639685, "uuid": "f4063703-3487-47e3-9620-672f8cc44a32", "comment": "Malware payload (SnakeKeylogger)", "value": "34cc4f74b88ca902ed0a5a9263e2505d4959594e9577f4b0db86036223b998ad914bb192ed39b9426a3af1ea8f19ae88", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639685, "uuid": "56c1d8ec-6c16-428a-a5ea-3aea18e281aa", "value": "T10AF4DF11AEB64B31F5E5C3F81920237A07A477A61061D2488EFA68DE3DDBF6305D0A5F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639685, "uuid": "cd694173-485d-47cc-a2c3-86097eb95320", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639685, "uuid": "46b3b8ff-a47c-4fb5-95ed-be4cce488f54", "value": "12288:S7ZwdNNAUmugqIkPLtxj4iO4zqSmuQ2Nm1ndbs9a7frhB3mGjPzXRbrQyQpytTfB:WZGNKUPlIELb4bETQAYboa7DvXRPvfA8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639685, "uuid": "1baf9aa1-d0a7-49cf-b327-1094e30905af", "value": 786432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639685, "uuid": "a7a2d363-86fc-4628-8dea-6210f9da2678", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639685, "uuid": "472a2ee1-944b-420a-a36e-dc08ec69ba02", "value": "b937cfc610976f5aed6dfd7aba0763c7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88e3f236-ca79-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679685885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685885, "uuid": "8e7cd83a-b205-4ca1-95c6-9ddc7ce566b6", "comment": "Malware payload", "value": "9328c4d5cb866807b9dc37ac77c07507", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685885, "uuid": "e56ff3e1-fbb6-4599-8832-7b1008a0c98e", "comment": "Malware payload", "value": "edf4eeeda837f602de4610bdd2880f04e98164e2029993b411215125f38a5208", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685885, "uuid": "1b36809e-beb7-4bdc-b7dd-1ee6cd6b727a", "comment": "Malware payload", "value": "873e7da03a3665156e455e43140ef2b76d931b80", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679685885, "uuid": "48c351fe-7cd9-49c3-969f-1e62756a8788", "comment": "Malware payload", "value": "827801c5828c58301346468d8724b4374689886208ac9e20b2a7d6e132bbc4656deddb8e77b1574ccab8e0ee4c150ad2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685885, "uuid": "a373c463-a895-4bf7-8a86-6f913a1ed446", "value": "T1C0548D1273E0F960E11787328E1AC7FC2A3EB8E0DE55BB6E1649997F1D703A1C662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685885, "uuid": "4b179b6e-bb2b-4bb7-8a8c-994a141537f3", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685885, "uuid": "c87080f0-14dd-4d2e-8d20-77e0a564d689", "value": "3072:HoLvVW2lhwh3qvLCUqEt83/rRkZuu1NiJPdiVhIj3nj0WbaoMiWN8aeDr:I70gw2N83/TfVMh2T0WbaoMiva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679685885, "uuid": "c334952e-0943-44a3-a5a3-afb3e07d2b72", "value": 283648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679685885, "uuid": "ed1b265b-4094-409f-a7bf-1214cf104d16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679685885, "uuid": "66318970-6b1b-4d7a-a019-06f32e40347e", "value": "9328c4d5cb866807b9dc37ac77c07507", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87eebe39-ca75-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679684165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684165, "uuid": "df43a010-74fa-48ad-bdd6-781b92ae23be", "comment": "Malware payload (RedLineStealer)", "value": "df8ee0fe60f0e72074fdf09e64bb17af", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684165, "uuid": "929b788d-660e-43b1-aae5-f29eecbf5c1c", "comment": "Malware payload (RedLineStealer)", "value": "ee0c8f35ddfb625293a07937b1684a98b466882c671b7a31f507d13cc9e06719", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684165, "uuid": "80e7166b-a99d-452b-abcc-c54121ac6eec", "comment": "Malware payload (RedLineStealer)", "value": "2c1b6a67d09e920d0d56c7ad832a4d8d6c8629b0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679684165, "uuid": "7cf162e0-98b0-46d0-9e63-bc0ff978d6a4", "comment": "Malware payload (RedLineStealer)", "value": "105abc888937dfebc28bfb6d81dbb97d40f803905b4aeb09922ba8909af4f36f7eed74f97b7983a34c010f5582707615", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684165, "uuid": "3ccbad3f-350c-4f17-ab4c-0c6542aafa5a", "value": "T1C2F4F11273E0F960F61747328E2EC6FDAA3EB8A0DE157B6A1349597F0E702A1C721715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684165, "uuid": "e6c895ed-80c9-48c4-b32a-de39b5251699", "value": "b9ea2fbd7b1608d4be045f292e7e7dd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684165, "uuid": "53e62de3-bf21-4a43-bce1-252468351baf", "value": "12288:3utvNcCqg/Wwnldm8skIVWfmAbUQxMYgAhRkWMstIJsWSwPSMUKuZvVX6yDQxl6V:3mLqiWwldm9XWfBzxM3Ozk5S/MuZvVXn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679684165, "uuid": "cb87c2a3-22fb-483d-b0a8-3fca43360780", "value": 730112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679684165, "uuid": "22b5e4eb-91ae-40b6-935b-51a4345add94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679684165, "uuid": "ff40b5e9-df4c-41e5-86ee-830a9c9791b6", "value": "df8ee0fe60f0e72074fdf09e64bb17af.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f34d9ff-ca11-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679641147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641147, "uuid": "73146f8f-a24c-45fc-8a93-0debad61a69a", "comment": "Malware payload (GuLoader)", "value": "8df506d8fd08be5f97f4fd22057a5a14", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641147, "uuid": "7610e790-9eca-4a5b-ad76-6f66356d77e6", "comment": "Malware payload (GuLoader)", "value": "ef5ad5f8567227f273f2105b502dc48451b4a80613045cff2a6e3be788d1a4e7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641147, "uuid": "80d360ca-53e7-4623-bed8-a6d7111f72fc", "comment": "Malware payload (GuLoader)", "value": "abc331ca9bc99efc2650f5f7027d047701bd3b1d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679641147, "uuid": "a8cad51a-89fa-4997-844d-bcde16b6c9aa", "comment": "Malware payload (GuLoader)", "value": "5310ed38cc39a33e4a4e1d4a19e4d6098c6457972aafdc1c31703ff12e412ceb9677412081b1e138b9a8b5132a7cebf0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641147, "uuid": "4d7cd2eb-eace-471f-a4c7-4f7df2727d8b", "value": "T15ED428111A588543F218BC33D431EE7E62149D9C637A84E7A7D17FEB21387938B6D12B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641147, "uuid": "afcfe615-fc79-451b-b3d9-838570c1d730", "value": "17b7d61bda0f7478e36d9ce3d4170680", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641147, "uuid": "f6cafc00-30fd-438c-8d06-1194fe4eca20", "value": "6144:kiucV6Y4sLhaUs2ImxynpGjpgHxJ3eb66/Dgu2nyqoOBG2PGi6Mrj:kiuiwUsGk8lgm2OS0irrj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679641147, "uuid": "bde4a2e0-16da-4f2d-b5b9-c0c9c5775507", "value": 656192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679641147, "uuid": "d222e33c-ac55-4b07-9bd3-36fb9570e5e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679641147, "uuid": "99e88cb9-77b1-4070-b33a-34fd666c7ac2", "value": "TR_ORDER.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb3d3cae-ca4c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679666749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666749, "uuid": "d85d1fb2-ca13-4c3a-ac06-119d623a0de2", "comment": "Malware payload (Amadey)", "value": "53e9a8f23ca6c6a974eee45ae8b0e651", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666749, "uuid": "c5bfca91-e289-48a7-add3-c0da5e8a345d", "comment": "Malware payload (Amadey)", "value": "f15b30a7c883a9b483cbb47322a7c2b5cdc6d7a0a8db279c92ecf66f186c65fc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666749, "uuid": "d1d54f52-30df-4b5c-aae5-4300eee67304", "comment": "Malware payload (Amadey)", "value": "96b8c650ba39e629b9d6561d31a8110d2af00e94", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679666749, "uuid": "f39e2cec-0426-4a78-8a09-490d0b22d3d8", "comment": "Malware payload (Amadey)", "value": "84d364286d06a23b7cf2e5fe124e2205d50cc6ba731c3f6ad952ef8db287fc3037f4f3ab4690a30a03816ff232416a2a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666749, "uuid": "12baaacf-2815-460f-931e-33a3cece5480", "value": "T15C252381DBD89132E9E50BF54AFD4F830A397CD10D6856BA2395992F0D73681A1B833F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666749, "uuid": "a99007e9-23e8-49de-bfe4-d349a746dae8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666749, "uuid": "8b4d14b3-920b-4796-8eb9-dee6697aa83d", "value": "24576:KyGl8fwEUUMvd+MYvri7hzUOMk1yc9Ew:RGlIwEULvwPkQOMO9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679666749, "uuid": "a09351ce-1cf4-4b2d-a31b-bcbca7a359a0", "value": 1038336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679666749, "uuid": "91ebb9ec-1fae-4599-9cdc-691c3a10563f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679666749, "uuid": "adf3412f-17bc-4ab0-a72c-9d815ef1cd1e", "value": "53e9a8f23ca6c6a974eee45ae8b0e651.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c733716-ca42-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679662161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662161, "uuid": "39162230-5880-4420-b71e-7526b5e12149", "comment": "Malware payload (Heodo)", "value": "057400162794c713a5410df154cbb640", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662161, "uuid": "400d9cc2-4971-4161-acdf-cbe5946a4ad5", "comment": "Malware payload (Heodo)", "value": "f1d287e238876914dddde78d0d17d575b8dd22931913534c6f8eef81e8111455", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662161, "uuid": "ec1b6b40-3403-4419-bf18-123118e07f06", "comment": "Malware payload (Heodo)", "value": "f1a9c661e7988689b0e2cb9cab66fd0de0a1edd7", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679662161, "uuid": "7683fd9e-fc58-4a2c-8af5-1ac883f1da21", "comment": "Malware payload (Heodo)", "value": "1bd0e5b21e54b5394c5bcab3385c55eb183fb211d78e1166d5a4dc1df4522092b5e28f796e6742ecea20442f9ee7ea43", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662161, "uuid": "4093d4ee-653d-4375-a723-19b63f99ce54", "value": "T1B62523E059F82941CD0E0C35F92A71BD92BC31666EDD15E633BC3CE5A90EF6C42122B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662161, "uuid": "999ceaaf-a6c5-46a2-bd0c-283e3f4776d1", "value": "12288:7kf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4de/:4XzNdfKluvnRHthzfoYxJlG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679662161, "uuid": "47125466-6572-4cc4-b3f7-fd14c10e30d2", "value": 979783, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679662161, "uuid": "6a55854d-365c-451a-9716-72941a220c26", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679662161, "uuid": "bfe53fe8-40bb-4843-a560-524409ee27a1", "value": "wmftebeHOYnmNd6X.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad408e45-ca18-11ed-88f6-42010a9c006e", "comment": "Malware payload (Grandoreiro)", "timestamp": 1679644285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644285, "uuid": "e8e8e72f-b759-455d-93cf-0d1af2579852", "comment": "Malware payload (Grandoreiro)", "value": "8af6bd1f91a3a8113cbe2d7b4288388e", "object_relation": "md5", "Tag": [ { "name": "Grandoreiro", "colour": "#0BC132", "exportable": true, "hide_tag": false }, { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644285, "uuid": "5f8fc8af-d16e-4d9a-aa31-1bc3d2bc8772", "comment": "Malware payload (Grandoreiro)", "value": "f20a2ab3855d717bb5cd763fc4d09037cab25ec9a97d602734f634338ea6dbdf", "object_relation": "sha256", "Tag": [ { "name": "Grandoreiro", "colour": "#0BC132", "exportable": true, "hide_tag": false }, { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644285, "uuid": "0e716cc8-50a3-49ab-906f-71277658033a", "comment": "Malware payload (Grandoreiro)", "value": "e88733223ab2eaeaa365e46c05aa066d797f4faa", "object_relation": "sha1", "Tag": [ { "name": "Grandoreiro", "colour": "#0BC132", "exportable": true, "hide_tag": false }, { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679644285, "uuid": "0af0911d-2a97-4a9b-827b-dc3b39ab8542", "comment": "Malware payload (Grandoreiro)", "value": "2013f87c3adebd834fc3102679ac29a4bcd81669adbce672e954dd846cb87d26de1f579eebf6cb7e05b2ab509b937084", "object_relation": "sha3-384", "Tag": [ { "name": "Grandoreiro", "colour": "#0BC132", "exportable": true, "hide_tag": false }, { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644285, "uuid": "409b66a1-4f2d-4267-9236-3e6e11830248", "value": "T1F5E52312B6C6CA37C46E05B0252E8B5B4539BD744BF2C4EB13C86D1E2E735C193B6E92", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644285, "uuid": "15d89efb-44dc-4290-ab9a-f5261c76c19d", "value": "49152:aHzYdDybQ3cFBKfJtXZyUms0P7BMhhy7lL48MJGj/SW+B+mdteWwjY+NitjVqoAQ:vyDFgJtIUk5LJeBhtwjYVtMHA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679644285, "uuid": "b0a6ef6a-0c4d-479f-be08-26223ed43b55", "value": 3193856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679644285, "uuid": "1bbc5265-a959-4f63-ac9f-75c7b4d8dde2", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679644285, "uuid": "ea39dd1e-5840-4f4f-b7fc-1398918c9748", "value": "FACT641d5.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be554ba9-c9ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679626704, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626704, "uuid": "46374e6b-8fca-4657-8619-eab04bf81443", "comment": "Malware payload", "value": "50e9958bb2a5b6ae6ed8da1b1d97a5bb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626704, "uuid": "d6e1effe-6f55-47e2-8c76-5b2305771d39", "comment": "Malware payload", "value": "f24438de391eac0b538c0f2f19697daeace979bf8657a8bcc74db6cb4ecb52c5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626704, "uuid": "d0a446ad-ffc9-477a-aafa-cdcd76ff7566", "comment": "Malware payload", "value": "afd7485b1313cc54c321cc18c4b1c19e5ae415af", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679626704, "uuid": "279ea4d8-a958-40a2-ac22-31be002e33e6", "comment": "Malware payload", "value": "7271234c0293b5567b35df849e71e40ef6c736b4d717d5836b7cb6421ac85f4f2905f5da5cd99edb3ff3caf74658c125", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626704, "uuid": "9147163e-b1d6-4e4d-ac99-9f4e6b2e6592", "value": "T18EE37D1575C0C0B3E56719314870EBB56E7EF8300F246D9F63990A7A9F306C19A3AA7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626704, "uuid": "a488dfa4-b635-49a7-ae62-5ed9395f7866", "value": "74e5927a780c3f10f31d5185179b2079", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626704, "uuid": "7161f94d-74ad-4e7f-96ca-d191c0f14c71", "value": "3072:ca+7cuLPeNoqEcBwokMUHb8uwX6SVjfLq3fNh9kPfe3:ca0vL2HEcmokbzEVzeVgfe3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679626704, "uuid": "66a6ce9b-dcb7-487c-9881-d21f5d4a8504", "value": 144896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679626704, "uuid": "4e16ab05-d1e4-498e-bf9f-d888f68c5afe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679626704, "uuid": "4114be91-0c9f-4f57-92d0-8e2e8c26488e", "value": "50e9958bb2a5b6ae6ed8da1b1d97a5bb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c6b9a52-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (AZORult)", "timestamp": 1679646324, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646324, "uuid": "aa352d63-d1ab-481a-bd27-41655d5f1523", "comment": "Malware payload (AZORult)", "value": "99ad8a1311a9383d02cf2d12641cfe88", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646324, "uuid": "0aa85b32-0780-4459-b0b5-7e2e1e7added", "comment": "Malware payload (AZORult)", "value": "f323712babedfe8df9d62d85d38b3f5307c7b0fa8fa70baddf7e6e7ba8aed5c3", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646324, "uuid": "0597c80d-7a36-4951-8009-98b5a9c26607", "comment": "Malware payload (AZORult)", "value": "88f887dd77936560b411a731a91224d618fcd139", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646324, "uuid": "5700a5ec-c98e-4320-bc2f-b1f3b87302c1", "comment": "Malware payload (AZORult)", "value": "13e49a43bbd00ed4914c43dc40a2ba643694cd6318b1c7da70d00e4219db7602c024d12137689746de67f47e4659caaa", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646324, "uuid": "d44c40d5-4f85-4ddd-b7d6-94334c0c10cf", "value": "T16644236F5B9E84818B5E23D83ACE5F04864F490F7C7571742C31EE59FE8619128AB2EC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646324, "uuid": "72d5f16a-1aee-4a05-8552-2448415feb7b", "value": "6144:yio/58sDnRWURkZRKMsVrgglxudSBc7u6K7luYCCGe2R2SvN:yioGERW2kZ8MsVvHudULyoa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646324, "uuid": "e0255224-4cb4-4bd3-8cf6-cef160cbaca0", "value": 277085, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646324, "uuid": "43a741cf-ed40-4196-a43f-9b4321613baf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646324, "uuid": "12f2f320-3b02-4a01-a2b8-699d104345b8", "value": "PO & DATASHEET_5.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ac9a45f-ca46-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679663850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663850, "uuid": "51f7d33f-bfb5-4046-96b6-a9f0a72239e6", "comment": "Malware payload (AgentTesla)", "value": "aa62c0b05410c45497eb9bf5197df6e9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663850, "uuid": "7290eeca-5c0e-46f7-87ae-755645b8bbbd", "comment": "Malware payload (AgentTesla)", "value": "f3424ac427ed5b40cc9c83da5caa42f12e2868fad4baa2184ae1d84fc626e523", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663850, "uuid": "f054ce3b-722e-40f5-bd86-8b9a77fb1170", "comment": "Malware payload (AgentTesla)", "value": "f74f69400b7c724acc9023aeb2dbb4e3e83520d7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679663850, "uuid": "dd72a74d-32a6-4d26-835d-fffb8280898e", "comment": "Malware payload (AgentTesla)", "value": "2793c43a4140438adad34fa3b4ab1ac781e9e4930faefbd3a7f009b89669de84eec8991fe3da79e5d8407ef7b190289b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663850, "uuid": "0327bc80-69e8-4c21-8a77-a55f5afd656a", "value": "T1E60522183FBC0E21D368137A26A7E1CE53B26D27ABD4CDA529DA80DDC5D63414A437F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663850, "uuid": "814c9d6b-bfe3-459a-9291-720c62d4f958", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663850, "uuid": "6df5805d-5de7-4b1d-9fb8-b8b8a6d15472", "value": "12288:evN2SUvKK17WrGn1bfTEEH3vVR2z9tgrpu+l/PIKfcSodM4sdH004Ig6MRi:O+5QGn1bbFH3vVQ7auUESyM4kUpIgjg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679663850, "uuid": "b8d888f6-c283-4773-b02f-75fea3de7ce8", "value": 871424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679663850, "uuid": "14419bb7-248b-4e87-90a4-b2f477673af0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679663850, "uuid": "6b56fc26-0111-462a-96cf-895c6b23a610", "value": "Quote #8039651.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1765f572-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Panchan)", "timestamp": 1679659495, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659495, "uuid": "64c17c75-cb84-4945-8294-82134cc27e54", "comment": "Malware payload (Panchan)", "value": "54618937b0beab05a4a327863d181d4c", "object_relation": "md5", "Tag": [ { "name": "Panchan", "colour": "#6E9401", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659495, "uuid": "ed5ac898-ed97-415e-be48-b0d9f20f056d", "comment": "Malware payload (Panchan)", "value": "f3d14e5a2dc9eee5e0b42dbddd168f097ac5ba5dfdd8357e0853d2d9dc40beb9", "object_relation": "sha256", "Tag": [ { "name": "Panchan", "colour": "#6E9401", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659495, "uuid": "fd7b0022-fb44-48b4-a0e5-5936c52ef2df", "comment": "Malware payload (Panchan)", "value": "d110b6cccc4704808d041cf11f58d38afcdea875", "object_relation": "sha1", "Tag": [ { "name": "Panchan", "colour": "#6E9401", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659495, "uuid": "d273642d-664f-4e2e-8206-5e6fec666d11", "comment": "Malware payload (Panchan)", "value": "603ad6058de5727cdec2a39f31789cd4860ba262f3bbc1cdbc9b8e08fd6b3678aa59f9ebba5b0b2ea4e60508e8f8dd92", "object_relation": "sha3-384", "Tag": [ { "name": "Panchan", "colour": "#6E9401", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659495, "uuid": "7768a89b-b72f-4a2e-85c0-ac5b0be83804", "value": "T1E437CF73910738E9E5B98DB4D01425426DAC38875738A3C7BAC871F667EA6E48E3D730", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659495, "uuid": "dbefc679-6bbc-465f-bfae-b36e5a2f4454", "value": "49152:cSk1vGE1pFrb/T/vO90dL3BmAFd4A64nsfJvWSIsWWKbeJMJpn14PE9Z7rYPVnan:sXyWSpV+Wu7rI3JE5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659495, "uuid": "2cb46fbd-34b1-47b5-a9c9-69443f26dac1", "value": 23429120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659495, "uuid": "0daf3626-bb09-44b5-a9b7-163e100b2094", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659495, "uuid": "1808e07f-e3d9-430b-a161-0bb89dae2cad", "value": "f3d14e5a2dc9eee5e0b42dbddd168f097ac5ba5dfdd8357e0853d2d9dc40beb9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da73584d-ca0d-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679639636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639636, "uuid": "31e5f365-a18e-40af-aec0-c5f9d4aa63a7", "comment": "Malware payload (SnakeKeylogger)", "value": "a4034642fdf50c39430da2b814733ee6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639636, "uuid": "4c19e35b-32e6-4086-8bed-b14809756454", "comment": "Malware payload (SnakeKeylogger)", "value": "f3f560dddb5b80bbe688cc8bae8f2160f91b8bb494a9795246af42d7b2d19b2b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639636, "uuid": "ac2e2133-98f3-46e2-8bfc-afd3e9fd4500", "comment": "Malware payload (SnakeKeylogger)", "value": "3d1e99755b15975217f77fd3c499816480703013", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639636, "uuid": "88ad9612-fda9-460d-b154-0b4c30ae413c", "comment": "Malware payload (SnakeKeylogger)", "value": "7ca35cb99d1a803df5e366cef1d580248c5eef099f6758b34c6bc2cff45d1ead75ea7976843f24e11c1143185547296b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639636, "uuid": "5861f78f-940e-4af5-9a7d-f26e3249d6f9", "value": "T1633501459E765E79F8E8E3B40460177A03A8B7A10062D2098BF86CCA7DDFF6309D194F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639636, "uuid": "7254739c-3c1c-4c34-9f9b-ab6f040465b7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639636, "uuid": "dd697a70-87af-41bf-89fe-3d782fa5a5c2", "value": "24576:x2iwyrJ+MNxsLRrTVXXPUYeEKN2R6jcgQJPS9ZG:oiwyrpNWR5XcYvKoscPJa9Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639636, "uuid": "3b2180fc-8883-4044-bf7c-f1e5f08258f3", "value": 1124864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639636, "uuid": "105e3045-afc2-4565-aebd-83721c145c37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639636, "uuid": "d91929dc-4513-46c0-b67a-2df766cc6236", "value": "Signed po_000165.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "860252ca-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679640353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640353, "uuid": "c617be0f-71b7-4f22-9847-f12452074dd9", "comment": "Malware payload", "value": "3951f8ad7e0e7682fc0d9d13c9a503c5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640353, "uuid": "fbbc93f1-e148-4a06-be2c-0ddab2bebfd4", "comment": "Malware payload", "value": "f40dd6641748b834786cd41cbe281266218d3e5ff56257a30dcafc9c90cee1bf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640353, "uuid": "c5604e3b-87d6-48fb-bfc0-74f1e1c75751", "comment": "Malware payload", "value": "875986300a36f384a5dbcce9d8e15d432dc87912", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640353, "uuid": "89cc2e7b-c26e-4317-ac22-fa0371a24d0b", "comment": "Malware payload", "value": "5ca7f3a050a7a0bd29eb34f3a7bdc2462bd2dbd61fd2700badb7ef8366f5b9ec09e682cdd6f700213f4e45a240249142", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640353, "uuid": "ecf9325f-014a-4e95-bad3-1f58b562e79f", "value": "T14C953356A7E04466C2B60370C9F381CA0D313D737B7552BF9751E5BA4E33781AAB23A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640353, "uuid": "c5521fd1-fb5e-4952-bb00-1ede02a2179a", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640353, "uuid": "bba2d6cd-8601-421c-b63b-e5ba5c1f1650", "value": "49152:crQCvSTb40i4oH2gyBw1ne0a60Os+nEm3oI2FNMy:IlSDI2fQe0ls+EtM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640353, "uuid": "2315346f-b1bf-4756-b238-3a782eb69959", "value": 2019328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640353, "uuid": "1f2684bc-bb5e-44b0-a952-10dc21bc975b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640353, "uuid": "b510c448-cea0-4cb0-a999-64f961f16d60", "value": "3951f8ad7e0e7682fc0d9d13c9a503c5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2067489a-c9e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679621285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621285, "uuid": "9a852c80-a85a-41dd-af16-f8a8ffb9246d", "comment": "Malware payload (Stop)", "value": "df86ed0d4fe5aee1895aa1a539144cdd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621285, "uuid": "f76b1752-10fc-43a0-983b-a67f2eab21ad", "comment": "Malware payload (Stop)", "value": "f440e684a6b70b84437dc0a5becbecc67f8bf8239d86a3c47f0bf60a18b69154", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621285, "uuid": "2e2f56e3-0c67-4b2a-899d-ce95eaf5cd36", "comment": "Malware payload (Stop)", "value": "2a5d5253a1a9dc7ba54e261c4efe87492596e81e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621285, "uuid": "622e0568-840e-4ff5-aaaf-dfd6095ddd04", "comment": "Malware payload (Stop)", "value": "e306b6dbc0eb450d575dc3a870a076225971d3170b2ea25c192b0490ffb8a90a71ae242f3fd2288651c16fca3479a1db", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621285, "uuid": "5b03ad63-01b4-46d5-865b-92d7f71ea35d", "value": "T15EF42212B8F1C0B2E48794744625C3E2BE3E7832AA52CD8773391FFE1D74391666539A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621285, "uuid": "95cd7bcc-b6c6-4ee3-bef9-7c36b762c631", "value": "8444e7fbc7fdb7e9f8131a6ae8e7a76e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621285, "uuid": "f5fd41cf-68a2-48f4-bd52-4304f511eea1", "value": "12288:EiSbd1n1950q6+A7XMSDUpsqVGjaK9myrEaMr91mFG8dyhIBAYkq816btw3bmCSx:lmfP50j+AMaDaVyryx1mlALqGitwiCSx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621285, "uuid": "ce9c624f-3c1a-4cac-922c-4b4f90416cf7", "value": 732160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621285, "uuid": "dff4c918-ceea-4929-92b1-4257faf1d3be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621285, "uuid": "40259bd3-14e5-491e-900e-e321bcf277c3", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61a223bc-c9df-11ed-88f6-42010a9c006e", "comment": "Malware payload (TeamBot)", "timestamp": 1679619677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619677, "uuid": "f61f6a55-90c0-4c09-9cf8-e9d7028e06e5", "comment": "Malware payload (TeamBot)", "value": "32586ab4bd56647b428e9d35da60d5ee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619677, "uuid": "8dee2cbf-1193-423c-9f86-47385ae63a25", "comment": "Malware payload (TeamBot)", "value": "f470607204e84fa606ac7d37b59c646e1ece99380093a95ff79ab66289c47f40", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619677, "uuid": "73accff2-e2ef-4d03-9698-c065f3e6c291", "comment": "Malware payload (TeamBot)", "value": "4a6ed846185571dea0366f07e40c033e07463622", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679619677, "uuid": "e3977046-684b-4bec-ba10-e6ed6f9eb3b3", "comment": "Malware payload (TeamBot)", "value": "a64ebac0a3947b036d32184718d28988e627b8430e6563aaca58cf31c3db6642e3351437a5f7cfbfbae52f44644db59e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619677, "uuid": "9c7a2a2e-3d83-4952-b9bc-a83568f116c7", "value": "T191F412213AA1E077E44B057D8425C6B4BD7EBC318B628EC72F88466D0E356D1CF76B1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619677, "uuid": "e6f24ca9-05b9-43b9-896d-90d802fc1c2b", "value": "57a1d123edd8232af2119d11a9d551b0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619677, "uuid": "f44ab2ef-f58d-4e14-85ee-99b80a3699e1", "value": "12288:lbxgBLD/cUgv+6J6xOLyMk9uS1+WNKrZohTYKbDrLRBv5mccphZGFA6n6ycY+V:VmkU0++6UyMkAS+WNKNVK7LRlA/jZGF6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679619677, "uuid": "41799460-0440-4b5b-bc62-4ba566c891db", "value": 768000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679619677, "uuid": "eddf35b3-2194-44e1-ac81-f1ce186c0389", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679619677, "uuid": "f2944f6a-89cb-4e13-98c7-9e07a100dde2", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36600e5a-c9d7-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679616168, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616168, "uuid": "1fbb8b94-2590-4390-bb89-7822d857a7e2", "comment": "Malware payload (Amadey)", "value": "86151ee681b56bdc3e29a799acc7b823", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616168, "uuid": "472d88df-5086-4560-8753-5b637a7ae867", "comment": "Malware payload (Amadey)", "value": "f632742f0632fdb86e7f126a27c18d8aa710e33728d3e85a97cbdb6c2117f5b0", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616168, "uuid": "d3c65407-5ffe-473e-896e-3958ccc074b0", "comment": "Malware payload (Amadey)", "value": "6cf54e602342cf8265afa666853196fd735c966a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679616168, "uuid": "33e80ff2-f4c2-4502-a81c-76f1ab6e0b5a", "comment": "Malware payload (Amadey)", "value": "41c9f76861327fd150d704e34c5c2358c66aac61bc5b55d74068d2347523ef3ba21559fec4339b132e58f520817f2075", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616168, "uuid": "968b23b8-2a91-4629-b5ef-92c396efce65", "value": "T1E7252307B7E81172E8FA2B7068F613C32A3E7D4290B5826F27468D650C72AD5B57533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616168, "uuid": "44c7fb02-d0a0-47c8-a761-ffe5f940a5e0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616168, "uuid": "36f1dc7f-04a7-4d99-b0f6-9847b03c5885", "value": "24576:2yaamKFJVkX2UvgEyOiV8bBqdLs481sOxfPXI/hPMULn5:FaZYoGUYwiV8bILM1sOxHXIJPDLn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679616168, "uuid": "ad2f8899-2802-4c24-9dbf-0d98687bec0d", "value": 1050112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679616168, "uuid": "a8286a41-fbae-4a42-8a17-87509b9e49c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679616168, "uuid": "f15dd4c6-c003-42b7-8348-ea784cde045a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe2b4360-ca96-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679698537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698537, "uuid": "7a3a60ca-259f-4ab3-97ba-562c4e17843c", "comment": "Malware payload", "value": "f68d4c3d2fa8f2ad3982a14612768f67", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698537, "uuid": "0fddd761-dc77-4961-bbdb-eca8faa64618", "comment": "Malware payload", "value": "f7d5ba31a01492a8f04c8f43369d3cbd2ce4c31c4ced5fd6fec50fbfa44d64e0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698537, "uuid": "c5668523-1063-4a1e-b622-64af0b282a1e", "comment": "Malware payload", "value": "1fb79e286fc36b1b11aad98ef4a522b2ad2e86d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679698537, "uuid": "a39434a7-c30a-49b3-9996-9d6055a6d27c", "comment": "Malware payload", "value": "72a66efd81ec1e34cb6f02270dd5cfc2e8685235adb1789468009550f7102ddfda4ac832eadbc77e7ff133ba0c03fd45", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698537, "uuid": "3d854820-fd21-4f56-bde3-2b5c341c003b", "value": "T159547D1273E1F961E11387728E2AC7FC6A3EB8E0DE157A6E1659993F0D703A1C762704", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698537, "uuid": "b8c808c0-da89-482d-b55a-efb12ff74cfb", "value": "a1305c8588ad78686efb12226f3191f9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698537, "uuid": "ec2ff6da-cc1d-497f-826e-cd60bae17984", "value": "3072:kxdfoi2x/gYCed5kxUlfCDmMdZWXTBB8nSvIhgsRuUrPSjRnxsMQdWN8aeeL:IlVCd/fCDOySvIhdRuQPSjRnxXgva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679698537, "uuid": "03187abb-2485-480c-afb8-005220613eab", "value": 283136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679698537, "uuid": "8fb5ed0e-3091-4898-a503-3de387e647af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679698537, "uuid": "79688ebd-eee2-4043-bc5c-ae0580f458b4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70a08c59-ca1d-11ed-88f6-42010a9c006e", "comment": "Malware payload (a310Logger)", "timestamp": 1679646331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646331, "uuid": "66ad896e-a1cd-475a-bd67-a86013012c6e", "comment": "Malware payload (a310Logger)", "value": "a6c11b79e3183fbb73bd380983118d76", "object_relation": "md5", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646331, "uuid": "fe7e0627-99e2-47b8-ada5-afdd57bd4442", "comment": "Malware payload (a310Logger)", "value": "f872704702aaa23b690683769f1411a648e35e001277371a5b509d2966990ae0", "object_relation": "sha256", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646331, "uuid": "bbd19f1a-f963-4215-a185-da31bed47b9e", "comment": "Malware payload (a310Logger)", "value": "dcb76c7c0be55747c859e5f9fd6599b3efa025b6", "object_relation": "sha1", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679646331, "uuid": "a40dc6d2-8c72-43b7-acab-f71dc24ca267", "comment": "Malware payload (a310Logger)", "value": "bf56061f18e2831e5c1f2716cdfa0c2f40d34d3f17173a331eafd0e31c73a4cd549c695dea85c9f81a7da7c46135e6e0", "object_relation": "sha3-384", "Tag": [ { "name": "a310logger", "colour": "#64A82D", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646331, "uuid": "6a6255bb-a258-4b73-893a-274932195fbf", "value": "T1ED353347E6F624CD7C6396D3A2CF72F76BC95DD7A914EC1020AE3D0310DA8661AA06F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646331, "uuid": "fc8cead8-c2c4-45d1-8d45-18a972b30813", "value": "24576:tWZjEFI5QAJ/o/gHUdXHoS5Yf5LfeWtop5DsF+TFno8FioqLiAubR:ta5Jg/VBV5YJfe+opq8h1/KV0R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679646331, "uuid": "a515c530-abca-4f14-bf2f-205dac5572d3", "value": 1158002, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679646331, "uuid": "67a5a10b-f0f7-4def-a1b0-4a3057103cc7", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679646331, "uuid": "267ddb86-5ea6-4b96-a855-43f7679c16db", "value": "QUOTATION _RFQ# 1043999_1.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7884092d-ca0e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679639901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639901, "uuid": "20684013-05e9-4060-a4ee-29b999c5b6ec", "comment": "Malware payload (Formbook)", "value": "fc2daecf5cf886d5dee2355482cc5d2d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639901, "uuid": "bbd5d426-4e5d-4c9e-96af-36187fdf5d8f", "comment": "Malware payload (Formbook)", "value": "f87ffcf023d6faf89bdd6b5f035b2a65f2a46d81a5a88b337691c5678fa6e7dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639901, "uuid": "a5782297-4a28-4bf7-afc1-34794a92ab89", "comment": "Malware payload (Formbook)", "value": "e1fbbcd7990a97ccafea900f6d23455e435b119a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679639901, "uuid": "cef0ccc1-0291-42ee-abfe-131f533037b3", "comment": "Malware payload (Formbook)", "value": "f9511997887d9e4ab64c5df8ef4b9531a128dbeeed850042b3db8cc1aad8ecfe528afb36660fc918f44c86274171df5b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639901, "uuid": "5f9f063f-12c5-4ed4-8614-4127d41a8f5f", "value": "T152B4BEE0E710D9E4F86652F69033EC3226578E2DA4B9552F047C7161AAB33830DB7D9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639901, "uuid": "75addee1-431c-47ea-a8fb-2dc84d00d99b", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639901, "uuid": "e6b259c9-c5f4-4563-afe6-7e09579ee03b", "value": "6144:OYa67tseYlNrGwbgnj1TZy413Oq1QrV+rvmhQzUlOwr04Os/zUAhgj5+S6TT2V/P:OYcKwbgj1TZ/xVXGesBA+H/A/P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679639901, "uuid": "c1c7cfdd-dfd9-41df-a189-5516c1a7c4dd", "value": 510895, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679639901, "uuid": "11dcaa54-a61c-49b3-9872-0c5182e905ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679639901, "uuid": "68d577c5-1273-4e9c-9eb9-32caac40efce", "value": "TNT Invoice_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72cb0536-c9e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679621423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621423, "uuid": "abd1e7c3-58b3-43ba-8816-b2a7a2cbe42d", "comment": "Malware payload (Stop)", "value": "f1e9a40fa34c735d152ad1a276def9ec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621423, "uuid": "bdcb3e86-ecc7-4b59-9f7e-419fbefe3433", "comment": "Malware payload (Stop)", "value": "f8aff7f6db8e4ccef61761b993280d3a889853e30a060aa16298aa6b69cab165", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621423, "uuid": "ed9b15e7-ba4e-43f3-9db2-eef43cf1e350", "comment": "Malware payload (Stop)", "value": "d5f5ed2012c5bcaabd34966d372fa67495a26bd9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679621423, "uuid": "cd16019e-7606-4c91-ac91-01bc6ba4d405", "comment": "Malware payload (Stop)", "value": "b653cb361663211328fcf46a7a2952f6cb335f8d17ae4965544a1228a2f7ed80f5023b6951bf7966a8f9870fbec2a840", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621423, "uuid": "6f2e8b77-4e90-4a5f-8420-ff138819efa0", "value": "T101F412603AD39033EA475675E422DF60BABE6B3256A785873318233E1FB17C05A1935E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621423, "uuid": "4fd39701-758d-4c02-9e5d-579ffb833a16", "value": "8d9508e89d467f2b8f17cb75c34b216a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621423, "uuid": "5886a028-1abf-488c-872d-4ca77a7ef8e8", "value": "12288:riF5UEaD0Dfqb2v4bXGREAyPVDUZguyx1MIsQM0T64UpGFgrGh2S:WXOgTqFbqE9lYDyxyIsQDb2d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679621423, "uuid": "46d3ceeb-67cb-481d-b56c-d4e7d2e83f57", "value": 731136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679621423, "uuid": "343c6caa-d8b4-4aac-be46-83d37960217b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679621423, "uuid": "a7b691a6-3d6b-4435-9da5-a9b7b4726ac3", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76fb4451-c9e1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679620571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620571, "uuid": "e0c6ea16-b598-47ca-a384-e3fd40fb1e65", "comment": "Malware payload (Formbook)", "value": "f5672b8f33b37682573f37a197ef1c19", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620571, "uuid": "da7eed21-4802-4f73-9197-3f4a81fa71a9", "comment": "Malware payload (Formbook)", "value": "f9aca991af8ac33fee207fee13a29f070930ea35a4f375ebd3300604510bfd23", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620571, "uuid": "e8a974e4-b5ea-4c78-8011-bd0cca1ff24b", "comment": "Malware payload (Formbook)", "value": "0517ec9f5cb34d0c2568e3c2cd1a0509a1baeb43", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679620571, "uuid": "a7062b3f-f6b1-4e4c-9732-b61a986abee9", "comment": "Malware payload (Formbook)", "value": "f0e2ea0a3c6cecc184b6a4dbd2078c74d5e34feede9a149be8a3f15de379aa1af52ba0b011e8790a62682e984f8d1403", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620571, "uuid": "2f1c2310-8b88-4604-9ec7-8ec187d48634", "value": "T123256C40EFAA6560F12044B9216B7D1FCD51A88D98EDFB6E190FEF31F5E221D1D82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620571, "uuid": "640c6d77-1066-481d-a31d-b2913bdd5a01", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620571, "uuid": "2fd67d9c-7c58-4a36-861e-6d578bc74d67", "value": "12288:sQoyPF2JA83DPaCTFhFlnT8jcZf8hesy5SHu5CZPpVDmrdJ1aOIOb9utEcbN2lfR:sQo4I+8TiY3Zf5tjrDhb9sEc8Ni", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679620571, "uuid": "7757f100-513c-4af8-a710-f3975d53b534", "value": 986112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679620571, "uuid": "de6cd1b8-a512-4dae-94a8-fb306c9a403a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679620571, "uuid": "ccda225e-697f-42f6-9dde-ba16ad1a09c5", "value": "f5672b8f33b37682573f37a197ef1c19", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4578d91-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679660215, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660215, "uuid": "2efa5e66-6b14-43de-9d2d-472f6c2b5d2a", "comment": "Malware payload (Mirai)", "value": "7ce7c83ef2fba44335624fc39c115001", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660215, "uuid": "92756b6e-a2ae-4d3d-8ceb-828bb102c17a", "comment": "Malware payload (Mirai)", "value": "fa93a1bc673897cd698240fdbb0f990b580b7dd4b1d82f98ea26c8435f4e3bbe", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660215, "uuid": "4cdba56f-d710-4a7a-a1a6-3fccc48b21c0", "comment": "Malware payload (Mirai)", "value": "2966d744f5f39646d4d16455c9d4d80b09cd4051", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679660215, "uuid": "bd4158c1-45e4-4c62-87d9-04632857dafd", "comment": "Malware payload (Mirai)", "value": "8222b3219fdf6590fbf652810ab7842ef7155778261d84defb774ead63961a6934f493ddc2c7bd7c3c353001176aa6a0", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660215, "uuid": "3cd3ffc7-6eab-419f-8811-95a170b45f42", "value": "T178634C21F976092BC4D4A57A25E78729B6F142CA21ECC70E3E710E9DBF21A807653DF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660215, "uuid": "0455f61f-04d7-4f0d-9d13-3364d62d6276", "value": "768:ReohftY/WpKa1yjqQrWM9SQWcZt6O+75VBOYyn0Dd1t1w2rIu:Re2VY+pKA4qQnlW75rjtO2r9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679660215, "uuid": "0743bf21-a1b9-43d8-82dc-38c3c98275e0", "value": 66888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679660215, "uuid": "9fa03862-1a1c-4e83-b797-058cfb7df112", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679660215, "uuid": "81ae0deb-2540-45c3-8415-61698fcc00f0", "value": "nigga.spc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37e497be-ca3d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679659979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659979, "uuid": "363204f4-d212-4d60-b93f-707d67082976", "comment": "Malware payload (Gozi)", "value": "62c6ed30422b5876110ee6ab6660223e", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659979, "uuid": "614e9535-dd1b-4ec9-81b4-0240752a64e6", "comment": "Malware payload (Gozi)", "value": "fbb595a285f1126d4bfe09240e40b1a8a66ac5024f90b5e64860bb872e05a248", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659979, "uuid": "478884d3-ef9d-4e1c-b3f5-89e5649d52c9", "comment": "Malware payload (Gozi)", "value": "60e1a1c26d35c9d90fb163364e3a4deec1d4016a", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659979, "uuid": "03cbbcfa-56fe-46ac-ba8d-7f165558152a", "comment": "Malware payload (Gozi)", "value": "175905f32eb1aeaedfe9b22bea14472bef64b247473a85b90dfb0eb30a8efffbad1315aacca8e7ea7a19cb57f6de0317", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659979, "uuid": "5ccc6799-1b31-472c-bb33-9c2375b3ec25", "value": "T154347C1273E1F960F52686328E1EC7FD6A3EB8E1DE55BF6E17449A3F0870261C662314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659979, "uuid": "e39a39e3-fd59-44e1-bb0f-e97d461ce701", "value": "4fc712efe0d5d011b63626c597ebe2a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659979, "uuid": "f7830a3f-ddb5-468c-a75f-7ee04b872f62", "value": "3072:VRESzcarU/edI7cTsSsuDwTHDXbtMJzWVCkeoQ0LTZ2eB25UWNObVr:eRNILMbJeW92eBoUj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659979, "uuid": "441662ee-6278-4b85-b6ee-f6dcc5571da1", "value": 251904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659979, "uuid": "510e25ff-80cd-4959-a6fb-82b0ee56a384", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659979, "uuid": "0d268ece-5f3d-4da2-bc7e-67bbc99decff", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f608d37-ca0f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Nitol)", "timestamp": 1679640289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640289, "uuid": "19e262d3-0ce3-4d37-ad91-c189a024fbc0", "comment": "Malware payload (Nitol)", "value": "11eacb8e421fbc90070634853b734c26", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640289, "uuid": "0c1fd765-587e-4833-9d3e-e800efcd6de9", "comment": "Malware payload (Nitol)", "value": "fcbf0434298b9bac4e986835686ae0af18231736c4fe218cd4ef75ebe3e68c8f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640289, "uuid": "3201e968-8a01-459c-be0b-f802bca62d66", "comment": "Malware payload (Nitol)", "value": "285fc883e56317aeb1200a63f11535495ed7c04d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679640289, "uuid": "a4c1ef7e-e38c-4a0a-a5ee-79b74390e7b1", "comment": "Malware payload (Nitol)", "value": "62e4a4974fdda2463b04e881694d41000fc5840ba9144cb24cafa87aea4da6f808e58f126c840452a32102926e8fe417", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nitol", "colour": "#2681EE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640289, "uuid": "340c27ee-39b6-4a76-9a12-7ace40b3e07c", "value": "T138F42375589B20B2CA74B7BCDE8F880DB4276C5F90CB23774283760B8E56695F960C78", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640289, "uuid": "03cea590-f04c-44d5-bf06-dfa1769b8540", "value": "79ed9f41ab6f5496281c016df50c4da1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640289, "uuid": "35914bcc-7a54-416b-a441-218ea049dd12", "value": "12288:UgEAT7WiE9oDAGh9KvcX7wu1CgtIjvQuFv2UTpcEfZ6IKbfynbF+h3s6BOZ1m+Zb:J3m9s99L7wu1tsvz2UeQZ6IKWZ+doW+o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679640289, "uuid": "5878b631-c896-4b15-acb6-ac4a07ae8887", "value": 786432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679640289, "uuid": "124465e5-2295-41fa-b6b0-2f752a478fc5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679640289, "uuid": "fcbc1efc-cb88-4afe-983a-82ec58090829", "value": "11eacb8e421fbc90070634853b734c26.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "188e103e-ca3c-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679659497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659497, "uuid": "45d4f81a-ffa2-461a-88d9-a8a911f72f87", "comment": "Malware payload", "value": "ee67f42561ecc25bb427fced0cea04c7", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659497, "uuid": "69b8a24a-ec6d-4b9c-aa90-00eafd750f64", "comment": "Malware payload", "value": "ff085d66003ec24a924cd1efac8a1c92c6aadb54cc4a3959955760a0dbaa8aae", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659497, "uuid": "d21b8a0f-a840-488a-b7a0-cf26cae77f33", "comment": "Malware payload", "value": "62ea9cb85ce6e45f0251ce05441e0b4855fa6157", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679659497, "uuid": "50ddfd58-89a6-474e-82e3-8fb87643f170", "comment": "Malware payload", "value": "2d3c84c58f3aaa9714371eac9308bdde8db44b9340c5943f6e6b2921a439e4dd035e27e49e3a1f5b0fd2cdc1bb410b30", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659497, "uuid": "d97ec69c-8679-4d9d-8afb-dce15745c111", "value": "T104F02B5B675D6DE7EA7C27F4084F33787793E413120153CB120621224D93FC10F52840", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659497, "uuid": "971213fc-e38b-484a-946e-abc73a422941", "value": "6:Btk/tKP2Sl/4lXYls1wzFkrc0BMZzaqnMDD9BfhOlrwiqDUGPselM:BX7toXIs1lY0OzOffomUAs6M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679659497, "uuid": "fec721a9-a1ee-4d52-ade7-af4656ac0465", "value": 476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679659497, "uuid": "cf9536c1-721d-4b82-94d5-702529bb7afe", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679659497, "uuid": "e55a2cfa-955b-4ceb-b8ee-7b71ea337d27", "value": "ff085d66003ec24a924cd1efac8a1c92c6aadb54cc4a3959955760a0dbaa8aae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5cdf7ff-ca59-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679672243, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672243, "uuid": "0b3e2ea2-a8de-48fe-ba63-a87a481c29fd", "comment": "Malware payload (Mirai)", "value": "0c21ee1d303a4e87d560d2e3f6a9c213", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672243, "uuid": "d70b0b20-4748-4aa0-9d11-46143f57e9af", "comment": "Malware payload (Mirai)", "value": "ffa8b813f0c51f19e71064b8cb051cde593552cbfb7dce5cb16f8a0cee702601", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672243, "uuid": "892fa6a0-4bf3-45f4-bc87-8d491c3f3561", "comment": "Malware payload (Mirai)", "value": "f0c908f2fe814db864af0dab99014128d09bc7e6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679672243, "uuid": "f608a67f-c851-4252-9c9c-243dc051093d", "comment": "Malware payload (Mirai)", "value": "b45c43ae82d078d0cc23b0a3a4b378d193a558011574171c50dbc39569ffa93de7d609dff1d252242b57c37ce67df60d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672243, "uuid": "44af60c9-4726-451f-8606-778e3f7f747f", "value": "T14F932AD9B4019EEDF48BD9F500274E0EF9205281AA630A277B77FDA33DA31A59D03D49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672243, "uuid": "c7a29d06-363c-4d4e-9ce3-9f856ea3f560", "value": "1536:nY/FfFs5xg6PaD50D/28R2dFSd0Fafu8ViM48yz0F8xMx37mcFVKWo:nYNi57sgxfu8s8y4T8c3KWo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679672243, "uuid": "03ae63b5-5f0b-4998-915d-9c56a96b32b0", "value": 90128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679672243, "uuid": "c711ed26-1a1e-4dc0-a1ac-22d9843be504", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679672243, "uuid": "a5f89272-0b6e-47f1-b83d-fd20ae61d513", "value": "0c21ee1d303a4e87d560d2e3f6a9c213", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }